Inconsistent naming convention between NIST OSCAL Requirements and FedRAMP Requirements #103

Telos-sa · 2023-04-25T19:26:36Z

Describe the bug

FedRAMP naming convention of parts within terms-and-conditions deviates from the requirement found in NIST.

Who is the bug affecting?

Anyone following nist guidelines for 1.0.4 trying to validate in fedramp validation tool for AP.

What version of OSCAL are you using?

1.0.4

What is affected by this bug?

fedRAMP Validator.

When does this occur?

When validating parts for terms and conditions. The assessment-inclusions from NIST is named included-activities in FedRAMP validator, the assessment-exclusions is named excluded-activities, and the liability-limitations is not defined by NIST at all.

Expected behavior (i.e. solution)

Naming convention needs to be standardized between the FedRAMP use-case and the NIST required naming convention.

Other Comments

Telos-sa · 2023-04-25T19:27:28Z

Telos-sa added the bug Something isn't working label Apr 25, 2023

Telos-sa assigned volpet2014 Apr 25, 2023

volpet2014 assigned dimitri-zhurkin-vitg Apr 25, 2023

david-waltermire unassigned volpet2014 and dimitri-zhurkin-vitg Dec 1, 2023

aj-stein-gsa transferred this issue from GSA/fedramp-automation Nov 4, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Inconsistent naming convention between NIST OSCAL Requirements and FedRAMP Requirements #103

Inconsistent naming convention between NIST OSCAL Requirements and FedRAMP Requirements #103

Telos-sa commented Apr 25, 2023

Telos-sa commented Apr 25, 2023