Broken links in profiles #534
Comments
|
I spun off a small Schematron to perform simple link checking from calls on controls from profiles. @brianrufgsa this is what I see when I apply it to the FedRAMP baselines:
Indeed, when I look at the catalogs cited by FedRAMP HIGH and MODERATE, they do not have the I will make a PR with the Schematron in it and report back. Meanwhile these can be repaired easily enough. |
|
@wendellpiez This is very helpful! For what it's worth, the fedramp catalog has ac-8.fr (dot, not dash) under an empty ac-8, as a way of inserting it as a child control to AC-8. (If there is a more appropriate way to do this, please let me know.) The problem is there are dashes in the profiles instead of dots. (ac-8-fr should be ac-8.fr) |
|
PR #539 implements a link checker that needs to be implemented in the CI/CD pipeline. @wendellpiez is writing an issue to integrate this into the CI/CD pipeline. |
Describe the bug
As observed by one of our workshop participants, at least one call to a control from a profile is broken. (I can report more on where it is.)
Who is the bug affecting?
Anyone who tries to use one of the broken profiles.
Expected behavior (i.e. solution)
No links in published profiles should be broken.
Other Comments
This bug could be banished forever with a validation check (under CI/CD) that would detect broken references to controls from profiles. An old Schematron is in the repo and could be refitted to current models and tested (although note that profile resolution or at least its selection logic is a dependency for a comprehensive solution).
The text was updated successfully, but these errors were encountered: