Profile Model - acceptance of response-point for selection

[Telos-sa]

User Story:

As an organization defining use case for existing OSCAL catalogs, I want to leverage the prop[@name] = "response-point" as a means of visually tailoring the control catalog and identify scoping, even when multiple organizations are piggy-backing off of the same requirements

Goals:

Recommend providing guidance /training on how to utilize a solution, similar to how FedRAMP builds their baseline profile, where the organization can defined their now NS, to capture which elements are required.

This way an SSP for a CSP with different organizational requirements could leverage the same profile model, with response points to identify which controls are meeting requirements from their different organizations.

Dependencies:

Include the response point as guidance in the Profile model on the NIST OSCAL site, and describe the use case through the different layers including statements, objectives, and parameters.

Acceptance Criteria

• [ X ] All readme documentation affected by the changes in this issue have been updated.
• [ X ] A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
• The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.

[iMichaela]

@Telos-sa - Developing best practices requires community's involvement and should not be, in our opinion, prescriptive, unless a consensus is achieved. Please provide a proposal that can seed the conversation with the community. We would appreciate it if the Telos team would lead this effort and engage the community.