User Story:

As an OSCAL tool developer, in order to allow my tools to show that different stakeholders from the organization authoring the information system's security documentation (SSP, SAP, SAR, and/or POA&M), I want to add metadata to show the responsible parties for approval and dates of these approvals.

Goals:

@david-waltermire-nist and I had found a way to effectively encode only the responsible party for these approvals, but current use of additional props, existing OSCAL generic metadata structures, and/or specific structures for particular OSCAL models cannot effectively encode and map an approval date for each responsible party. There is a strong likelihood there will be more than one approval party and approval date in most cases.

• Develop a concrete example based on the Metaschema in PR Add actions assembly to encode an action (i.e. approval) and its role, party, and approval date. #1052.
• Socialize this during an OSCAL model review. [RFC] Adding Actions to the OSCAL Metadata Assembly #1429
• Collect feedback, and identify any follow-on work if needed.

See GSA/fedramp-automation#162 for more context.

Dependencies:

N/A

Acceptance Criteria

• All OSCAL website and readme documentation affected by the changes in this issue have been updated. Changes to the OSCAL website can be made in the docs/content directory of your branch.
• A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
• The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.

{The items above are general acceptance criteria for all User Stories. Please describe anything else that must be completed for this issue to be considered resolved.}