Update examples of actions in SSPs.

usnistgov · Sep 7, 2022 · 6bb77d9 · 6bb77d9
1 parent 882b7d1
commit 6bb77d9
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 4 deletions.
diff --git a/src/examples/ssp/xml/actions/example-approval-ssp.xml b/src/examples/ssp/xml/actions/example-approval-ssp.xml
@@ -119,10 +119,10 @@
                 <function-performed>maintain deploy system in environment</function-performed>
             </authorized-privilege>
         </user>
-        <component uuid="60568123-4128-4bbf-b8b0-3966d4279f9d" type="this-system">
+        <component uuid="1e3aaf69-258b-4e19-a4cc-0289049ceb7c" type="this-system">
             <title>The Example System Core Component</title>
             <description>
-                <p></p>
+                <p>Example System, like other BigCorp information systems, uses security controls from a variety of frameworks, but is especially focused on NIST SP 800-53 controls.</p>
             </description>
             <status state="under-development" />
             <remarks>
@@ -134,7 +134,21 @@
         <description>
             <p></p>
         </description>
-        <implemented-requirement uuid="e7d0fd18-0bc6-4583-9eb2-66e77956a96d" control-id=""></implemented-requirement>
+        <implemented-requirement uuid="e7d0fd18-0bc6-4583-9eb2-66e77956a96d" control-id="at-1">
+            <responsible-role role-id="issm"/>
+            <by-component component-uuid="1e3aaf69-258b-4e19-a4cc-0289049ceb7c" uuid="e188a871-6d0e-47c0-a5a8-9939114979d6">
+                <description>
+                    <p>The ISSM ensures staff developing and operating this system handle security awareness and training pretty well. The ISSM commits staff to operational guidelines and procedures based on BigCorp's Security Awareness and Training Policy. What is done by system staff in this description is much clearer and better than before.</p>
+                </description>
+            </by-component>
+        </implemented-requirement>
+        <implemented-requirement uuid="1e3aaf69-258b-4e19-a4cc-0289049ceb7c" control-id="ra-1">
+            <by-component component-uuid="1e3aaf69-258b-4e19-a4cc-0289049ceb7c" uuid="d1f3ad99-670f-4db9-a849-b24a6e4bac69">
+                <description>
+                    <p>The ISSM ensures staff developing and operating this system handle vulnerability management pretty well. The ISSM commits staff to operational guidelines and procedures based on BigCorp's Vulnerability Management Program Policy and Threat Intelligence Program Policy. What is done by system staff in this description is much clearer and better than before.</p>
+                </description>
+            </by-component>
+        </implemented-requirement>
     </control-implementation>
     <back-matter>
         <resource uuid="9aa67a14-d18e-461f-8eee-d7b661703a9f">

diff --git a/src/examples/ssp/xml/actions/example-request-changes-ssp.xml b/src/examples/ssp/xml/actions/example-request-changes-ssp.xml
@@ -116,7 +116,7 @@
     </system-implementation>
     <control-implementation>
         <description>
-            <p></p>
+            <p>Example System, like other BigCorp information systems, uses security controls from a variety of frameworks. Example System is especially focused on NIST SP 800-53 controls.</p>
         </description>
         <implemented-requirement uuid="e7d0fd18-0bc6-4583-9eb2-66e77956a96d" control-id="at-1">
             <responsible-role role-id="issm"/>