Skip to content
This repository has been archived by the owner on Dec 12, 2023. It is now read-only.

Checks for Additional PoCs #311

Open
18 tasks
ohsh6o opened this issue Oct 13, 2021 · 0 comments
Open
18 tasks

Checks for Additional PoCs #311

ohsh6o opened this issue Oct 13, 2021 · 0 comments
Labels
g: rules development Goal: Implement all the automatable rules (the 60%) GSA To be transitioned to GSA Backlog o: ssp OSCAL Type: System Security story

Comments

@ohsh6o
Copy link

ohsh6o commented Oct 13, 2021

Extended Description
As a FedRAMP reviewer, in order to easily determine what other people I may need to reach out to for clarifications on details of a FedRAMP package or the systems' implementations, I want a check to know additional points of contact for responsible parties have been added beyond those that are minimally required.

Preconditions

Acceptance Criteria

  • A check that highlights the additional PoCs added beyond those required (as currently defined in checks added for Check Role Mappings #51)

Story Tasks

  • Tasks...

Definition of Done

  • Acceptance criteria met - Each user story should meet the acceptance criteria in the description
  • Unit test coverage of our code > 90% (from QASP) this may be fuzzy and hard to prove
  • Code quality checks passed (from QASP)
  • Accessibility: (from QASP) as we create guidance or documentation and reports (semantic tagging including aria tags): demonstrate with 0 errors reported for WCAG 2.1 AA standards using an automated scanner and 0 errors reported in manual testing
  • Code reviewed - Code reviewed by at least one other team members (or developed by a pair)
  • Source code merged - Code that’s demoed must be in source control and merged
  • Code must successfully build and deploy into staging environment (from QASP): this may evolve from xslt sh pipline into something more
  • Security reviewed and reported - Conduct vulnerability and compliance scanning. threat modeling?
  • Code submitted must be free of medium- and high-level static and dynamic security vulnerabilities (from QASP)
  • Usability tests passed - Each user story should be easy to use by target users (development community? FedRAMP FART team)
  • Usability testing and other user research methods must be conducted at regular intervals throughout the development process (not just at the beginning or end). (from QASP)
  • Code refactored for clarity - Code must be clean, self-documenting
  • No local design debt
  • Load/performance tests passed - test data needed - saxon instrumentation
  • Documentation generated - update readme or contributing markdown as necessary.
  • Architectural Decision Record completed as necessary for significant design choices
@ohsh6o ohsh6o added story g: rules development Goal: Implement all the automatable rules (the 60%) o: ssp OSCAL Type: System Security labels Oct 13, 2021
@delnaweil delnaweil added the GSA To be transitioned to GSA Backlog label Aug 30, 2022
@danielnaab danielnaab mentioned this issue Oct 25, 2022
Closed
18 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
g: rules development Goal: Implement all the automatable rules (the 60%) GSA To be transitioned to GSA Backlog o: ssp OSCAL Type: System Security story
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ohsh6o @delnaweil