Self Assessment: Populate Actors #104
Description
Objectives
Document independently functioning components that can interact. In the template, this is broken down into sections for compliance-trestle and compliance-to-policy because interaction between those two main components is limited to exchanging information asynchronously through OSCAL.
Guidance from Tag Security below:
“These are the individual parts of your system that interact to provide the desired functionality. Actors only need to be separate if they are isolated in some way. For example, if a service has a database and a front-end API, but a vulnerability in either one would compromise the other, then the distinction between the database and front-end is not relevant.
The means by which actors are isolated should also be described, as this is often what prevents an attacker from moving laterally after a compromise.”
Resources
See #105
Example text
### compliance-to-policy
1. C2P CLI that executes and manages plugins
2. C2P plugins that are executed in independent processes