Be consistent on which controls have caveat inputs for documented exceptions #39

wdower · 2024-05-07T20:51:40Z

Some controls (see controls/SV-257803.rb) have caveats in the check text for ISSO waivers for a package being present or not present.

We should determine if this language indicates that a control should have an explicit input for that package being a documented requirement, and if it does, update all controls that include one of the caveats.

ejaronne · 2024-05-23T17:32:51Z

Yes, but each case should be considered carefully
But, for any of the "documented with the ISSO as an operational requirement" of which I saw 48 in v1r3.

create a sensible T/F logic input like "core_dumps_documented_by_ISSO_as_operational_requirement"

If set to True, set Impact to zero (which will calculate to be Not Applicable), and set a skip message like: "This requirement is not applicable since it is documented by the ISSO as an operational requirement"

AND run the tests anyway for situational awareness.

wdower self-assigned this May 7, 2024

wdower mentioned this issue May 7, 2024

V1r2 #37

Merged

kemley76 mentioned this issue May 24, 2024

added inputs to allow indication of operational requirements documented with ISSO #45

Merged

wdower closed this as completed Jun 13, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Be consistent on which controls have caveat inputs for documented exceptions #39

Be consistent on which controls have caveat inputs for documented exceptions #39

wdower commented May 7, 2024

ejaronne commented May 23, 2024

Be consistent on which controls have caveat inputs for documented exceptions #39

Be consistent on which controls have caveat inputs for documented exceptions #39

Comments

wdower commented May 7, 2024

ejaronne commented May 23, 2024