Skip to content

[design] Refine the applicabilty concept in Layer 4 #143

New issue
New issue
Open
Open
[design] Refine the applicabilty concept in Layer 4#143
@jpower432

Description

@jpower432
jpower432
opened on Sep 17, 2025

Objective

Define or refine when applicabilty is introduced in Layer 4

  • It exists in the Layer 4 results: We agreed only applicable AssessmentLogs should be in the Results

Key Questions

  • Do plans need to define applicabilty or would plans be created based on applicabilty?
  • Is applicabilty selection defined in Layer 3 or selected through used of a Gemara-based tools?
  • Should applicabilty support Assessment Procedure selection?

Original

the results should only contain the applicable results when a consumer runs Evaluate

agreed!

maybe it makes sense to add applicabilty to the Assessment Plan so that layer3 would not need to be referenced explicity and an engine could just execute the plan

To me, the process of producing the plan would consider applicability and only add AssessmentPlans for controls and Assessments for requirements that are applicable.

However, this can be resolved in a follow-on and we need not block these other changes.

Originally posted by @trumant in #117 (comment)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions