You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
IF SSP of PROVIDER PROJECT is NOT provided - can the receiving system still leverage fully inherited controls?
If statement is fully required, is the description of inherited required? (OVERVIEW says yes, ppt says no)
If fully inherited, where does the implementation-state come from? (Provider or receiver?)
how often should the true-up be for accepting risk? (IE if provider project no longer fully provides, or is providing a risk)
If inheriting a control that is fully inherited, are you allowed to provide that control as well, even as fully inherited or does the source project need to be referenced for inheritance?
USE CASE 1: STATEMENT IS FULLY INHERITED: LOCAL - SYSTEM CONTROL ONLY
<implemented-requirement uuid="uuid" control-id="control ID from catalog">
<statement statement-id="statement ID from Control Catalog uuid="generated from system, and statement ID"
<by-component component-uuid="UUID OF THIS SYSTEM" uuid="tracking of this ssystem, statementID, and implementation statement text">
<description>
<p>Private Implementation Statement</p>
</description>
<implementation-status
state="implementation state from 'this-system'"></implementation-status>
</by-component>
</statement>
</implemented-requirement>
USE CASE 2: Provider Project is Within xacta - Fully Inherited - from multiple projects
<implemented-requirement uuid="uuid" control-id="control ID from catalog">
<statement statement-id="statement ID from Control Catalog uuid="generated from system, and statement ID"
<by-component component-uuid="UUID OF THIS SYSTEM" uuid="tracking of this ssystem, statementID, and implementation statement text">
<description>
<p>Pub Statement from Project 1 and Pub statement from Project 2 Implementation statement from provider project</p>
<p>THAT THIS IS A FULLY INHERITED CONTROL</p>
<p>IS THIS REQUIRED if statement coming from inherited description?</p>
</description>
<implementation-status
state="implementation state from 'this-system'"></implementation-status>
<inherited uuid="Target - uuid referncing the provided UUID and Provided Statement"
provided-uuid="tracking of provider project, statementID, Public implementation of provider">
<description>
<p>IMP from Provider Project</p>
</description>
</inherited>
<inherited uuid="Target - uuid referncing the provided UUID and Provided Statement"
provided-uuid="tracking of provider project, statementID, Public implementation of provider">
<description>
<p>IMP from Provider Project</p>
</description>
</inherited>
</by-component>
</statement>
</implemented-requirement>
USE CASE 3: Provider is External To Xacta - Fully Inherited**
<implemented-requirement uuid="uuid" control-id="control ID from catalog">
<statement statement-id="statement ID from Control Catalog uuid="generated from system, and statement ID"
<by-component component-uuid="UUID OF THIS SYSTEM" uuid="method 4">
<description>
<p>Fully Inherited, Please see Provider Project ATO Package</p>
</description>
<implementation-status
state="Implemented"></implementation-status>
<inherited uuid="Method 4"
provided-uuid="Method 5 from provider Project Name">
<description>
<p>Fully Inherited, Please see Provider Project ATO Package</p>
</description>
</inherited>
</by-component>
</statement>
</implemented-requirement>
USE CASE 3: Provider is External To Xacta - Shared from external Project, and Provided from "this-system"
<implemented-requirement uuid="uuid" control-id="control ID from catalog">
<statement statement-id="statement ID from Control Catalog uuid="generated from system, and statement ID"
<by-component component-uuid="UUID OF THIS SYSTEM" uuid="method 4">
<description>
<p>Fully Inherited, Please see Provider Project ATO Package</p>
</description>
<implementation-status
state="Implemented"></implementation-status>
<export uuid= "Method 5, Tracking Number of Local Project, statementID, Public Implementation">
<description>
<p>public implementation statement</p>
</description>
</export>
<inherited uuid="Method 4"
provided-uuid="Method 5 from provider Project Name">
<description>
<p>Fully Inherited, Please see Provider Project ATO Package</p>
</description>
</inherited>
</by-component>
</statement>
</implemented-requirement>
USE CASE 4: Provider is Internal To Xacta - and Provided from "this-system"
<implemented-requirement uuid="uuid" control-id="control ID from catalog">
<statement statement-id="statement ID from Control Catalog uuid="generated from system, and statement ID"
<by-component component-uuid="UUID OF THIS SYSTEM" uuid="method 4">
<description>
<p>IMP from Provider Project</p>
</description>
<implementation-status
state="Implemented"></implementation-status>
<export uuid= "Method 5, Tracking Number of Local Project, statementID, Public Implementation">
<description>
<p>public implementation statement</p>
</description>
</export>
<inherited uuid="Target - uuid referncing the provided UUID and Provided Statement"
provided-uuid="tracking of provider project, statementID, Public implementation of provider">
<description>
<p>IMP from Provider Project</p>
</description>
</inherited>
</by-component>
</statement>
</implemented-requirement>
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
QUESTIONS:
IF SSP of PROVIDER PROJECT is NOT provided - can the receiving system still leverage fully inherited controls?
If statement is fully required, is the description of inherited required? (OVERVIEW says yes, ppt says no)
If fully inherited, where does the implementation-state come from? (Provider or receiver?)
If inheriting a control that is fully inherited, are you allowed to provide that control as well, even as fully inherited or does the source project need to be referenced for inheritance?
USE CASE 1: STATEMENT IS FULLY INHERITED: LOCAL - SYSTEM CONTROL ONLY
USE CASE 2: Provider Project is Within xacta - Fully Inherited - from multiple projects
USE CASE 3: Provider is External To Xacta - Fully Inherited**
USE CASE 3: Provider is External To Xacta - Shared from external Project, and Provided from "this-system"
USE CASE 4: Provider is Internal To Xacta - and Provided from "this-system"
Beta Was this translation helpful? Give feedback.
All reactions