Skip to main content

August 7th, 2020

Slides

  • Using Leveraged Authorizations in OSCAL (PDF) presented by Brian Ruf.

Agenda

  • Review the proposed approach for leveraging existing authorizations and composing systems.
  • Open discussion.

Notes

  • Brian Ruf presented the slides

  • May need to add a property to identify the authorization period

  • May need to support multiple authorizations in a single SSP. FedRAMP authorizations start with an initial agency authorization.

  • Need to figure out how a leveraged authorization would point to either a leveraged SSP (existing) or a leveraged CRM (new). This would avoid the need to duplicate component information in the leveraging SSP.

  • Inheritance of control implementation

    1. Don't propagate
    2. Propagate fully
    3. Propagate partially

  • What is the default model for propagation? Always propagate if not addressed or never propagate.

This page was last updated on June 28, 2023.