POAM JSON Outline: Risk > Remediation or Response? #1766
Comments
|
Hi @rachkim00, thanks for submitting this bug report. This appears to be a potential duplicate of #1618. We will discuss in the team's weekly issue triage and backlog refinement and update with notes in a follow-on comment. |
|
Please be sure to follow updates on #1618 for further updates on whether a change proposed here will be performed in the near-term or long-term. Thanks for this report. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
In the POAM JSON Outline, under 'Risk', instead of 'Response', it uses the term 'Remediations.' This section is the only part where it mentions 'Remediations' and it is confusing for the users whether remediation is another data type or the same as the response referred in 'Risk-log' > 'Related-response'.
XML outline only uses terminology 'response'.
Unless it was intended to have POAM JSON to have different taxonomy by having separate 'Remediation' and 'Response', I suggest to update the 'Remediation' with 'Response'.
Who is the bug affecting
CSPs creating/implementing OSCAL POAM process.
What is affected by this bug
OSCAL Content, Metaschema, Modeling
How do we replicate this issue
Expected behavior (i.e. solution)
Term remediation is updated with 'response' in JSON outline
Other comments
No response
Revisions
No response
The text was updated successfully, but these errors were encountered: