List view
Close our Django admin 508 OWASP Epic Resubmission UX ACF AMS
Due by October 12, 2021- Due by October 26, 2021
Goals: Close our Django admin 508 OWASP Epic Resubmission UX
Due by September 28, 2021Finish TDP Permissions Epic work Start ACF/AMS integration ticket work Other misc engineer related to preproduction work Gain current status with OCIO Security + Compliance teams on our status + next steps to production.
Due by September 14, 2021•32/32 issues closedDev: Continue TDP Permissions Epic build items Work on Production Readiness Tickets for V1 UX: - Access Request Research + UX/UI design - Finalize Error research and design UX/UI
Due by August 31, 2021•8/8 issues closedBegin TDP Permissions Epic build items Work on Production Readiness Tickets for V1 UX: 1. Access Request UX/UI 2. Continue Error UX/UI
Due by August 17, 2021•8/8 issues closedFinish up Secret Key Leakage Mitigation Present recommendation re: authentication Continue work on Production readiness UX Test Error Communication for Parsing Blockers + Authentication Request Workflow
Due by August 3, 2021•11/11 issues closedFinish closing ATO functionality tickets Focus on Secret Key Leakage Mitigation Epic
Due by July 21, 2021•16/16 issues closedContinue work from Sprint 23... Finish up ATO Functionality - Finish up file download & storage (#416, #818, #833, #834) - Wrap up OWASP Scan tickets (#879, #865) Make decisions on upcoming releases - Cron Job options for release 2 (#1011) - NextGen XMS direction for release 1 (Epic #902, #638) - Document feasibility and high level estimated tasks that would be needed for ACF/AMS + Next Gen (Blocked) implementation. ...Then Attend to Permissions for OFA Admins epic and then.... Work on DevOPs work for Production readiness
Due by July 6, 2021•8/8 issues closed06/09/2021-06/22/2021 #### Finish up ATO Functionality - Finish up file download & storage (#416, #818, #833, #834) - Wrap up OWASP Scan tickets (#879, #865) #### Make decisions on upcoming releases - Cron Job options for release 2 (#1011) - NextGen XMS direction for release 1 (Epic #902, #638) #### UX Planning sprint (#993)
Due by June 22, 2021•10/10 issues closed#### ATO Follow-ups (#962) * Finish out action items from our ATO Debrief (Update SSP with Andrew's contact info, CMP) * Github updates as needed (Evidence for AU-02, etc) #### Staging and the Dev environments set up (#609, #847, #848) #### Secret Key documentation #### Begin prep work and research for security awareness training requirements #953 #### Evil User Journey Workshops (Prioritization and RPG)
Due by June 8, 202105/12/21-05/25/2021 #### ATO * OWASP ZAP Report Fixes * O&M Manual * Whatever else OCIO needs for ATO #### Unblock Release 1 Work #### Secret Keys * Review potential solutions with the dev team
Due by May 25, 202104/28/2021-5/11/2021 Note: Moving the PRR date to 5/20/21 to provide more flexibility around ATO requirements - Continue working on what we need for ATO - Features (Download & Inactive user) - Documentation (Appendix X comments, SSP, CMP) - Environments (Vendor staging > Staging, Additional dev environments) - And whatever else comes up as part of SCA - UX - DIGIT Team Meeting - Data analysis as prep for Roadmap Workshop Pt 2 Tech Lead Transition Investigate options to improve how we work with secret keys
Due by May 11, 20214/13/2021-4/27/2021 - Review process & experience: - Moving vendor-staging to regular staging - Adding new dev environments (sandbox, raft-review, qasp-review, a11y) - Continue work needed for ATO (2 sprints left!) - One inactive user task for UX - UX to plan round 6 (sprints 20-22) and synthesize past sprint research (sprints 16-18) round 5
Due by April 27, 2021Sprint Goals: - ATO Documentation -- Unblock AU-02 (#762, #767) -- IRP (#759), Contingency Plan (#760) -- ADR for Anti-virus (#699) -- ADR for Signed URLs (#771) - ATO Features and Dev work -- Privacy policy link (#511), header bug (#773) -- Upload feature work (#430, #530, #738, #486) merged -- Buildpack work (#735, #781) -- Start on download front end (#416) - Spikes -- Plan for integrating ACF AMS (#751) - UX Focus -- Next step in the Unauthorized User Journey (#799) -- ~~Tribal clickable prototype (#803)~~ Deprioritized for Sprint 18, until we get more information from OFA needs -- Update user type documentation (#804)
Due by April 13, 2021•2/2 issues closed03/17/21-3/30/21 - Design sprint for the Tribal MVP #764 - Continue enhancing developer experience (Ability to run on windows #673, FE Hot Reload, Removing dependency packages that are no longer used) - Infrastructure Priorities -- Continue moving to buildpacks (front end ticket) - Implement Logging (#762, #767) - Continuing upload work #429, #430, starting #530 - Continuing progress on security control documentation
Due by March 29, 2021•3/3 issues closed3/3/2021-3/16/2021 - Infrastructure priorities -- Continue work moving away from docker hub - Developer experience -- Simplifying deployments to development site -- Open API documentation (Swagger) -- Hot reloading for front end - Continue landing the plane (clearing out the pipeline) - UX priorities -- Deliver clickable prototype -- Round 5 research plan -- Begin conversations around the evil user journey map - Upload/download story breakdown
Due by March 16, 2021•7/7 issues closedSprint 15 2/17/2021-3/2/2021 - Prioritize finishing out work -- Merge in remaining backend upload PR (431-4) and PRs for #517, #519, the rest of #510 - Prioritize infrastructure -- Complete staging site login.gov integration (excluded from this goal is auto-deploy to staging) -- Decide on how to replace DockerHub - Security Controls reviewed and approved by ACF OCIO - Conduct another round of OFA Testing for language and user flow - Synthesize round 4 and plan round 5 research
Due by March 2, 2021•5/5 issues closed02/03/2021-02/16/2021 - Finish [#518](https://github.com/raft-tech/TANF-app/issues/518) and [#519](https://github.com/raft-tech/TANF-app/issues/519) to complete security fix for 309 - Finish staging site - Continue working on security control implementation statements - ST workshop on 2/12 - Finish upload feature - Begin download feature - Infrastructure research - Refine OFA MVP scope - Explore additional functionality for uploading by section & quarter - Explore options for limited release to users - Kick-off OFA MVP user testing
Due by February 16, 2021•2/2 issues closed- Complete security fixes from [PR for 309](https://github.com/HHS/TANF-app/pull/121) - [#517](https://github.com/raft-tech/TANF-app/issues/517), [#518](https://github.com/raft-tech/TANF-app/issues/518), and [#519](https://github.com/raft-tech/TANF-app/issues/519) - Continue building upload TANF report feature - Revisit 'how we work' and better distinguish between delivered and accepted for QASP review - Prepare to run round 4 research - Security Control documentation plan - Build staging environment - Get clarity on NextGen XMS vs. login.gov
Due by February 3, 2021•10/10 issues closed- Deliver user roles and permission management - Continue building upload TANF report feature - Complete round 4 research planning - Continue updating docs with accepted issues and ADR, update readme, and archive prototype. - Get clarity on NextGen XMS vs. login.gov in advance of Critical Design Review (1/21) - Demo product roadmap during standup - Demo updated security controls documentation with OCIO security and SCA as necessary
Due by January 19, 2021•9/9 issues closed- Continue building upload TANF report feature and start on the download feature - Demo updated security controls documentation with OCIO security and SCA as necessary - Start round 4 research planning - Demo product roadmap during standup
Due by January 5, 2021•6/6 issues closed- Finalizing and ship user roles and continue to develop upload feature and - Create user personas and journey maps to identify knowledge gaps and document open questions - Document security controls in docs on each PR - Work with OCIO security team and security control assessment team on reviewing security related features that are submitted for QASP review - Shared clarity on whether, when, and how to integrate NextGen XMS with TDRS/TDP - Shared clarity on which account management features will need a user interface and which will not (with logging, scripts, documentation, etc.)
Due by December 22, 2020•7/7 issues closed* Continue to review XMS NextGen capability and assess what other access management features need to be build * Start work on feature to upload flat files * Share round 3 research findings * Prepare for Section 4 & 5 of System Design Document for upcoming TRB (Dec 10)
Due by December 8, 2020•8/8 issues closed- Getting shared clarity on the remaining sprints to deliver on OFA MVP - Prepare for next Technical Review Board (TRB) - Draft System Design Document, Config Management Plan, Combined brief - Mapping security controls to next few sprints - Continue on session and permission management - Start research synthesis for round 3
Due by November 24, 2020•5/5 issues closed- Finalize OFA MVP milestone path and get consensus with product team - Get clarity on Login.gov access and start session management, roles and permission management - Complete user interviews and begin to synthesize and apply findings
Due by November 10, 2020•6/6 issues closed- Finalize the frontend architecture and have clear sense of path forward - Layout the milestone path to OFA MVP for dev and design on items we need to accomplish in the next 6 sprints. - Decide on minimum set of features we need for ATO#1 for OFA MVP - Completing STT scheduling and starting interviews for Round 3
Due by October 27, 2020•11/11 issues closed- Continue with STT research Round 3 planning - Integrating Alex and Ryan - OCIO deadlines - Shared clarity on MVP (dumpster fire) scope
Due by October 13, 2020•9/9 issues closed- Align more on processes - OCIO and ATO deadlines - Info download before Laura's and Christine's departure - STT research Round 3
Due by September 29, 2020•13/13 issues closed- Due by September 15, 2020•13/13 issues closed
- Due by September 1, 2020•12/12 issues closed
- Due by August 18, 2020•20/20 issues closed
-User authentication -User registration
Due by August 4, 2020•4/4 issues closed