You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 12, 2023. It is now read-only.
Extended Description
As a FedRAMP representative, to understand this software meets security engineer requirements of GSA and FedRAMP, I want clear explanation of FedRAMP security engineering standards.
Preconditions
Defined standards endorsed from FedRAMP: be it GSA, or TTS, or standards of their own endorsed by the PMO.
Acceptance Critera
Acceptance criteria...
Story Tasks
Tasks...
Definition of Done
Acceptance criteria met - Each user story should meet the acceptance criteria in the description
Unit test coverage of our code > 90% (from QASP) this may be fuzzy and hard to prove
Code quality checks passed - Enable html tidy with XML code standards as part of the build (from QASP)
Accessibility: (from QASP) as we create guidance or documentation and reports (semantic tagging including aria tags): demonstrate with 0 errors reported for WCAG 2.1 AA standards using an automated scanner and 0 errors reported in manual testing
Code reviewed - Code reviewed by at least one other team members (or developed by a pair)
Source code merged - Code that’s demoed must be in source control and merged
Code must successfully build and deploy into staging environment (from QASP): this may evolve from xslt sh pipline into something more
Security reviewed and reported - Conduct vulnerability and compliance scanning. threat modeling?
Code submitted must be free of medium- and high-level static and dynamic security vulnerabilities (from QASP)
Usability tests passed - Each user story should be easy to use by target users (development community? FedRAMP FART team)
Usability testing and other user research methods must be conducted at regular intervals throughout the development process (not just at the beginning or end). (from QASP)
Code refactored for clarity - Code must be clean, self-documenting
No local design debt
Load/performance tests passed - test data needed - saxon instrumentation
Documentation generated - update readme or contributing markdown as necessary.
Architectural Decision Record completed as necessary for significant design choices
The text was updated successfully, but these errors were encountered:
ohsh6o
changed the title
As a FedRAMP representative, to understand this software meets security engineer requirements of GSA and FedRAMP, I want clear explanation of FedRAMP security engineering standards.
GSA and FedRAMP Standards to Clarify DoD
Jun 15, 2021
Extended Description
As a FedRAMP representative, to understand this software meets security engineer requirements of GSA and FedRAMP, I want clear explanation of FedRAMP security engineering standards.
Preconditions
Acceptance Critera
Story Tasks
Definition of Done
The text was updated successfully, but these errors were encountered: