From 1336395845c01aa88215d9ccefd3593bddb56c55 Mon Sep 17 00:00:00 2001 From: Gabeblis Date: Tue, 10 Sep 2024 00:42:09 +0000 Subject: [PATCH] Added system-characteristi has-security constraints and tests --- features/fedramp_extensions.feature | 15 +++++++++++++ .../constraints/content/ssp-all-INVALID.xml | 13 +++++------ .../fedramp-external-constraints.xml | 22 +++++++++++++++++++ .../has-security-impact-level-FAIL.yaml | 9 ++++++++ .../has-security-impact-level-PASS.yaml | 9 ++++++++ ...-security-objective-availability-FAIL.yaml | 9 ++++++++ ...-security-objective-availability-PASS.yaml | 9 ++++++++ ...curity-objective-confidentiality-FAIL.yaml | 9 ++++++++ ...curity-objective-confidentiality-PASS.yaml | 9 ++++++++ ...has-security-objective-integrity-FAIL.yaml | 9 ++++++++ ...has-security-objective-integrity-PASS.yaml | 9 ++++++++ .../has-security-sensitivity-level-FAIL.yaml | 9 ++++++++ .../has-security-sensitivity-level-PASS.yaml | 9 ++++++++ 13 files changed, 132 insertions(+), 8 deletions(-) create mode 100644 src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-objective-availability-FAIL.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-objective-availability-PASS.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-objective-confidentiality-FAIL.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-objective-confidentiality-PASS.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-objective-integrity-FAIL.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-objective-integrity-PASS.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature index ad786a87a..ae708c504 100644 --- a/features/fedramp_extensions.feature +++ b/features/fedramp_extensions.feature @@ -29,6 +29,16 @@ Examples: | control-implementation-status-PASS.yaml | | deployment-mode-FAIL.yaml | | deployment-mode-PASS.yaml | + | has-security-impact-level-FAIL.yaml | + | has-security-impact-level-PASS.yaml | + | has-security-objective-availability-FAIL.yaml | + | has-security-objective-availability-PASS.yaml | + | has-security-objective-confidentiality-FAIL.yaml | + | has-security-objective-confidentiality-PASS.yaml | + | has-security-objective-integrity-FAIL.yaml | + | has-security-objective-integrity-PASS.yaml | + | has-security-sensitivity-level-FAIL.yaml | + | has-security-sensitivity-level-PASS.yaml | | information-type-system-FAIL.yaml | | information-type-system-PASS.yaml | | interconnection-direction-FAIL.yaml | @@ -65,6 +75,11 @@ Examples: | component-type | | control-implementation-status | | deployment-model | + | has-security-impact-level | + | has-security-objective-availability | + | has-security-objective-confidentiality | + | has-security-objective-integrity | + | has-security-sensitivity-level | | information-type-system | | interconnection-direction | | interconnection-security | diff --git a/src/validations/constraints/content/ssp-all-INVALID.xml b/src/validations/constraints/content/ssp-all-INVALID.xml index f02dfc1dd..fad641cb0 100644 --- a/src/validations/constraints/content/ssp-all-INVALID.xml +++ b/src/validations/constraints/content/ssp-all-INVALID.xml @@ -59,7 +59,7 @@ - moderate + Financial Information @@ -80,13 +80,10 @@ - - - moderate - moderate - moderate - - + + + + diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml index f8a7babf9..e7ba18eae 100644 --- a/src/validations/constraints/fedramp-external-constraints.xml +++ b/src/validations/constraints/fedramp-external-constraints.xml @@ -19,4 +19,26 @@ + + + + + + + An OSCAL SSP document must specify a FIPS 199 categorization. + + + An OSCAL SSP document must specify a security impact level. + + + An OSCAL SSP must specify a confidentiality security objective. + + + An OSCAL SSP must specify an integrity security objective. + + + An OSCAL SSP must specify an availability security objective. + + + diff --git a/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml new file mode 100644 index 000000000..d4554c2a0 --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml @@ -0,0 +1,9 @@ +test-case: + name: Negative Test for has-security-impact-level + description: >- + This test case validates the behavior of constraint + has-security-impact-level + content: ../content/ssp-all-INVALID.xml + expectations: + - constraint-id: has-security-impact-level + result: fail diff --git a/src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml b/src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml new file mode 100644 index 000000000..dd112dba4 --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml @@ -0,0 +1,9 @@ +test-case: + name: Positive Test for has-security-impact-level + description: >- + This test case validates the behavior of constraint + has-security-impact-level + content: ../content/ssp-all-VALID.xml + expectations: + - constraint-id: has-security-impact-level + result: pass diff --git a/src/validations/constraints/unit-tests/has-security-objective-availability-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-objective-availability-FAIL.yaml new file mode 100644 index 000000000..3d2cbe5b6 --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-objective-availability-FAIL.yaml @@ -0,0 +1,9 @@ +test-case: + name: Negative Test for has-security-objective-availability + description: >- + This test case validates the behavior of constraint + has-security-objective-availability + content: ../content/ssp-all-INVALID.xml + expectations: + - constraint-id: has-security-objective-availability + result: fail diff --git a/src/validations/constraints/unit-tests/has-security-objective-availability-PASS.yaml b/src/validations/constraints/unit-tests/has-security-objective-availability-PASS.yaml new file mode 100644 index 000000000..44c596ae1 --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-objective-availability-PASS.yaml @@ -0,0 +1,9 @@ +test-case: + name: Positive Test for has-security-objective-availability + description: >- + This test case validates the behavior of constraint + has-security-objective-availability + content: ../content/ssp-all-VALID.xml + expectations: + - constraint-id: has-security-objective-availability + result: pass diff --git a/src/validations/constraints/unit-tests/has-security-objective-confidentiality-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-objective-confidentiality-FAIL.yaml new file mode 100644 index 000000000..eece5be1b --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-objective-confidentiality-FAIL.yaml @@ -0,0 +1,9 @@ +test-case: + name: Negative Test for has-security-objective-confidentiality + description: >- + This test case validates the behavior of constraint + has-security-objective-confidentiality + content: ../content/ssp-all-INVALID.xml + expectations: + - constraint-id: has-security-objective-confidentiality + result: fail diff --git a/src/validations/constraints/unit-tests/has-security-objective-confidentiality-PASS.yaml b/src/validations/constraints/unit-tests/has-security-objective-confidentiality-PASS.yaml new file mode 100644 index 000000000..67bacc8f8 --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-objective-confidentiality-PASS.yaml @@ -0,0 +1,9 @@ +test-case: + name: Positive Test for has-security-objective-confidentiality + description: >- + This test case validates the behavior of constraint + has-security-objective-confidentiality + content: ../content/ssp-all-VALID.xml + expectations: + - constraint-id: has-security-objective-confidentiality + result: pass diff --git a/src/validations/constraints/unit-tests/has-security-objective-integrity-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-objective-integrity-FAIL.yaml new file mode 100644 index 000000000..cdbc8be6d --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-objective-integrity-FAIL.yaml @@ -0,0 +1,9 @@ +test-case: + name: Negative Test for has-security-objective-integrity + description: >- + This test case validates the behavior of constraint + has-security-objective-integrity + content: ../content/ssp-all-INVALID.xml + expectations: + - constraint-id: has-security-objective-integrity + result: fail diff --git a/src/validations/constraints/unit-tests/has-security-objective-integrity-PASS.yaml b/src/validations/constraints/unit-tests/has-security-objective-integrity-PASS.yaml new file mode 100644 index 000000000..c509dc75c --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-objective-integrity-PASS.yaml @@ -0,0 +1,9 @@ +test-case: + name: Positive Test for has-security-objective-integrity + description: >- + This test case validates the behavior of constraint + has-security-objective-integrity + content: ../content/ssp-all-VALID.xml + expectations: + - constraint-id: has-security-objective-integrity + result: pass diff --git a/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml new file mode 100644 index 000000000..756fc8bdb --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml @@ -0,0 +1,9 @@ +test-case: + name: Negative Test for has-security-sensitivity-level + description: >- + This test case validates the behavior of constraint + has-security-sensitivity-level + content: ../content/ssp-all-INVALID.xml + expectations: + - constraint-id: has-security-sensitivity-level + result: fail diff --git a/src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml b/src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml new file mode 100644 index 000000000..be4216b92 --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml @@ -0,0 +1,9 @@ +test-case: + name: Positive Test for has-security-sensitivity-level + description: >- + This test case validates the behavior of constraint + has-security-sensitivity-level + content: ../content/ssp-all-VALID.xml + expectations: + - constraint-id: has-security-sensitivity-level + result: pass