Support for exporting customer responsibility data in a Component Definition instance.

[iMichaela]

User Story:

As an OSCAL user (as system owner or vendor providing security configurations of my products, I would like to be able to identify and export in a Component Definition, the customer responsibility data.

Goals:

When generating a Component Definition, often it is important to identify that are the security configurations or the security controls the component provides and what are the customers' responsibilities. For example, a MongoDB would provide encryption for the communication, but the customer is responsible for configuring/enabling it.

Dependencies:

none

Acceptance Criteria

• All OSCAL website and readme documentation affected by the changes in this issue have been updated. Changes to the OSCAL website can be made in the docs/content directory of your branch.
• A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
• The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.

{The items above are general acceptance criteria for all User Stories. Please describe anything else that must be completed for this issue to be considered resolved.}

[david-waltermire]

This is dependent on making progress on #722 and should be follow-on work.

[aj-stein-nist]

Updating status to DEFINE Research Needed as it is already labelled as such and is part of ongoing CRM research priorities.