6 on hand, half dozen the other--personally prefer not to duplicate info 

Also I think the IA conrtol validation procedures should be a full tab, not a sub tab in the scorecard. The validation procedures should pull from the implementation plan as well, that way you have validation steps and can score based on results.

The report header should be somewhat customizable, maybe pull the header from a config file (xml or http), place to put logo, and place to put classification marking (confidentiality statement, which can be modified for government classification markings).

If not you, then who!

v3.1 BETA has the SIP to ScoreCard feed

Will look into Control procedures having their own window

Report Header--will look into .XML pull for values. v3.1 BETA alows classification marking--will look into logo. 

Thanks

Question/Comment - We're testing the Toolset v3.0 and noticed that the default on the DIACAP Scorecard is set to 'C' for Compliant.  Wouldn't it be more appropriate, from a IA security standpoint, to have everything 'NC' to ensure that all the IA controls were individually verified/validated?  Sort of a 'fail safe' so as not to overlook a specific IA control.

Thanks for the opportunity to comment. 

The format of the SIP does not follow the format listed in the DODI 8510.1, instead of excel format can we see word as a project that I am working on has a 7 page system description with diagrams that do not fit well in a box.

Lifecycle Phase - does not list the viable selection from 8510.1

System Operations lists two selection and an other, 8510.1 lists 4 selections.

Accreditation Vehicle should be pre-filled to DODI 8500.2

User Representative (UR)

PIA, CP and E-Authentication should have and explanation to justify a Yes or No answer.

Classified should be a default to "DRAFT", users should change prior to signatures.

Tiles and Roles should point to the CP Point of Contacts List for IA Personnel for the entire system support group as everyone has a hand in the process not a select few.