Due 2/18: Clarify FISMA System Boundary for Data.gov API (OIG Q8)

### User Story
In order to respond to OIG follow-up question #8, the Data.gov team wants to clarify and document which FISMA system boundary covers Data.gov's API (Q-Data vs. Q-API_Data).

### Background
Source: OIG follow-up question #8, received after 2/6/26 GSA response.
OIG wants to understand the authorization boundary for Data.gov's API. There are two potentially relevant FISMA systems:
- Data.gov (Q-Data) - the main Data.gov system
- api.data.gov (Q-API_Data) - the GSA-wide API management proxy layer

The answer likely depends on whether Data.gov's catalog API routes through the api.data.gov proxy or is served directly from the catalog application. This distinction matters for understanding which ATO covers the API and which security controls apply.

OIG Requirement: Clarify system boundary.

Provide to Sue by 2/18



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Due 2/18: Clarify FISMA System Boundary for Data.gov API (OIG Q8) #5712

User Story

Background

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Due 2/18: Clarify FISMA System Boundary for Data.gov API (OIG Q8) #5712

Description

User Story

Background

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions