Skip to content

Commit

Permalink
Added system-characteristi has-security constraints and tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@Gabeblis
Gabeblis committed Sep 10, 2024
1 parent 89f6c35 commit 6cf0446
Show file tree
Hide file tree
Showing 13 changed files with 132 additions and 8 deletions.
15 changes: 15 additions & 0 deletions features/fedramp_extensions.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,16 @@ Examples:
| control-implementation-status-PASS.yaml |
| deployment-mode-FAIL.yaml |
| deployment-mode-PASS.yaml |
| has-security-impact-level-FAIL.yaml |
| has-security-impact-level-PASS.yaml |
| has-security-objective-availability-FAIL.yaml |
| has-security-objective-availability-PASS.yaml |
| has-security-objective-confidentiality-FAIL.yaml |
| has-security-objective-confidentiality-PASS.yaml |
| has-security-objective-integrity-FAIL.yaml |
| has-security-objective-integrity-PASS.yaml |
| has-security-sensitivity-level-FAIL.yaml |
| has-security-sensitivity-level-PASS.yaml |
| information-type-system-FAIL.yaml |
| information-type-system-PASS.yaml |
| interconnection-direction-FAIL.yaml |
Expand Down Expand Up @@ -65,6 +75,11 @@ Examples:
| component-type |
| control-implementation-status |
| deployment-model |
| has-security-impact-level |
| has-security-objective-availability |
| has-security-objective-confidentiality |
| has-security-objective-integrity |
| has-security-sensitivity-level |
| information-type-system |
| interconnection-direction |
| interconnection-security |
Expand Down
13 changes: 5 additions & 8 deletions src/validations/constraints/content/ssp-all-INVALID.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@
<prop name='cloud-service-model' value='unsupported-model' ns="https://fedramp.gov/ns/oscal"/>
<prop name='cloud-deployment-model' value='unsupported-value' ns="https://fedramp.gov/ns/oscal"/>
<prop name='authorization-type' value='unsupported-value' ns="https://fedramp.gov/ns/oscal"/>
<security-sensitivity-level>moderate</security-sensitivity-level>
<!-- security-sensitivity-level was removed to ensure that test fails correctly. -->
<system-information>
<information-type uuid="33333333-0000-4000-9000-000000000003">
<title>Financial Information</title>
Expand All @@ -80,13 +80,10 @@
</availability-impact>
</information-type>
</system-information>

<security-impact-level>
<security-objective-confidentiality>moderate</security-objective-confidentiality>
<security-objective-integrity>moderate</security-objective-integrity>
<security-objective-availability>moderate</security-objective-availability>
</security-impact-level>

<!-- security-impact-level was removed to ensure that test fails correctly. -->
<!-- security-objective-confidentiality was removed to ensure that test fails correctly. -->
<!-- security-objective-integrity was removed to ensure that test fails correctly. -->
<!-- security-objective-availability was removed to ensure that test fails correctly. -->
<status state="operational"/>

<authorization-boundary>
Expand Down
22 changes: 22 additions & 0 deletions src/validations/constraints/fedramp-external-constraints.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,26 @@
</remarks>
</constraints>
</context>

<context>
<metapath target="/system-security-plan"/>

<constraints>
<expect id="has-security-sensitivity-level" target="//system-characteristics" test="security-sensitivity-level" level="ERROR">
<message>An OSCAL SSP document must specify a FIPS 199 categorization.</message>
</expect>
<expect id="has-security-impact-level" target="//system-characteristics" test="security-impact-level" level="ERROR">
<message>An OSCAL SSP document must specify a security impact level.</message>
</expect>
<expect id="has-security-objective-confidentiality" target="//system-characteristics" test="security-impact-level/security-objective-confidentiality" level="ERROR">
<message>An OSCAL SSP must specify a confidentiality security objective.</message>
</expect>
<expect id="has-security-objective-integrity" target="//system-characteristics" test="security-impact-level/security-objective-integrity" level="ERROR">
<message>An OSCAL SSP must specify an integrity security objective.</message>
</expect>
<expect id="has-security-objective-availability" target="//system-characteristics" test="security-impact-level/security-objective-availability" level="ERROR">
<message>An OSCAL SSP must specify an availability security objective.</message>
</expect>
</constraints>
</context>
</metaschema-meta-constraints>
9 changes: 9 additions & 0 deletions src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Negative Test for has-security-impact-level
description: >-
This test case validates the behavior of constraint
has-security-impact-level
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-security-impact-level
result: fail
9 changes: 9 additions & 0 deletions src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Positive Test for has-security-impact-level
description: >-
This test case validates the behavior of constraint
has-security-impact-level
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-security-impact-level
result: pass
9 changes: 9 additions & 0 deletions src/validations/constraints/unit-tests/has-security-objective-availability-FAIL.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Negative Test for has-security-objective-availability
description: >-
This test case validates the behavior of constraint
has-security-objective-availability
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-security-objective-availability
result: fail
9 changes: 9 additions & 0 deletions src/validations/constraints/unit-tests/has-security-objective-availability-PASS.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Positive Test for has-security-objective-availability
description: >-
This test case validates the behavior of constraint
has-security-objective-availability
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-security-objective-availability
result: pass
9 changes: 9 additions & 0 deletions src/validations/constraints/unit-tests/has-security-objective-confidentiality-FAIL.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Negative Test for has-security-objective-confidentiality
description: >-
This test case validates the behavior of constraint
has-security-objective-confidentiality
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-security-objective-confidentiality
result: fail
9 changes: 9 additions & 0 deletions src/validations/constraints/unit-tests/has-security-objective-confidentiality-PASS.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Positive Test for has-security-objective-confidentiality
description: >-
This test case validates the behavior of constraint
has-security-objective-confidentiality
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-security-objective-confidentiality
result: pass
9 changes: 9 additions & 0 deletions src/validations/constraints/unit-tests/has-security-objective-integrity-FAIL.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Negative Test for has-security-objective-integrity
description: >-
This test case validates the behavior of constraint
has-security-objective-integrity
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-security-objective-integrity
result: fail
9 changes: 9 additions & 0 deletions src/validations/constraints/unit-tests/has-security-objective-integrity-PASS.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Positive Test for has-security-objective-integrity
description: >-
This test case validates the behavior of constraint
has-security-objective-integrity
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-security-objective-integrity
result: pass
9 changes: 9 additions & 0 deletions src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Negative Test for has-security-sensitivity-level
description: >-
This test case validates the behavior of constraint
has-security-sensitivity-level
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-security-sensitivity-level
result: fail
9 changes: 9 additions & 0 deletions src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Positive Test for has-security-sensitivity-level
description: >-
This test case validates the behavior of constraint
has-security-sensitivity-level
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-security-sensitivity-level
result: pass

0 comments on commit 6cf0446

Please sign in to comment.