Justin notified us that a CMDB entry is necessary for sippy. Capturing slack message:

An entry in the CMDB necessitates a series of assessments (unrelated to IBM): ESS, PIA, and SIA.
ESS - Fairly straight-forward practices for secure software development / deployment.
PIA - Privacy Impact Assessment. Since we don't store PII and should only be using the SSO, this shouldn't be an issue.
SIA - Service Impact Assessment. How much a temporary outage will impact RH.
If an STI affects the product pipeline, it also requires regular attestations to maintain Security Operating Approval (SOA) - I'm hoping we avoid this

https://redhat-internal.slack.com/archives/C02K89U2EV8/p1733513594925739