Sprint 13 Summary

1/20/2021 - 02/02/2021

Sprint Goals

Complete security fixes from PR for 309 - #517, #518, and #519
Continue building upload TANF report feature
Revist 'how we work' and better distuingish between delivered and accepted for QASP review
Start scheduling ST for round 4
Create security control documentation plan
Build staging environment
Get clarity on NextGen XMS vs. login.gov

Completed security one of the fixes from PR for 309 - #517
Completed work on Environment Variables #510 remediation
Submitted remaining backend work on the upload feature #431
Established security control documentation process with OCIO
Delivered first security control implementation statement following that process
Finalized research & design pathway
Completed next iteration of journey maps and persona cards
Completed email template and privacy and ethics policy for upcoming ST workshop

[Backend] Add endpoint for creating new file meta data
As a user, I want to know what architectural decisions were made
Complete security fix from PR for 309 - #517
As a developer, I want a more coherent solution to handle environment variables
[Security Control Documentation] AC-02(05): Account Management | Activity Logout
[Security Control Documentation] AC-03: Access Enforcement
[Security Control Documentation] AC-06: Least Privilege
[Security Control Documentation] AC-05: Separation of Duties
As a Tadpole, I want to know what the Research Strategy is for this project
[Design] Refine Journey Mapping artifacts to support Round 4 research

Finish #518 and #519 to complete security fix for 309
Finish staging site
Continue working on security control implementation statements
ST workshop on 2/12
Begin download feature
Refine OFA MVP scope
- Explore additional functionality for uploading by section & quarter
- Explore options for limited release to users
- Kick-off OFA MVP user testing