Add UKSSCOP reference-ids and claims to OSPS-GV.yaml (#430)

SecurityCRob · web-flow · commit 179951ebbb15 · 2025-11-22T10:07:26.000-05:00
* Add UKSSCOP reference-ids and claims to OSPS-GV.yaml Added UKSSCOP reference IDs and claims to multiple sections. Dependent upon merge of #426 GV mappings to UKSSCOP framework Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com> * Update reference-id in OSPS-GV.yaml Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com> * Fix typo in reference-id from UKSSCP to UKSSCOP Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com> --------- Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
diff --git a/baseline/OSPS-GV.yaml b/baseline/OSPS-GV.yaml
@@ -56,6 +56,9 @@ controls:
           - reference-id: PL-1
           - reference-id: PL-4
           - reference-id: PM-30          
+      - reference-id: UKSSCOP
+        entries:
+          - reference-id: Claim 2.1.1 
     assessment-requirements:
       - id: OSPS-GV-01.01
         text: |
@@ -168,6 +171,9 @@ controls:
           - reference-id: AC-3
           - reference-id: AC-20
           - reference-id: PL-1          
+      - reference-id: UKSSCOP
+        entries:
+          - reference-id: Claim 2.1.1
     assessment-requirements:
       - id: OSPS-GV-03.01
         text: |
@@ -270,4 +276,4 @@ controls:
           granted escalated permissions to sensitive resources, such as merge
           approval or access to secrets. It is recommended that vetting includes
           establishing a justifiable lineage of identity such as confirming the
-          contributor's association with a known trusted organization.
+          contributor's association with a known trusted organization.
