From ab5e50e327f1e307fe687f44da35c411d18ee43a Mon Sep 17 00:00:00 2001 From: Gabeblis Date: Wed, 11 Sep 2024 16:09:32 +0000 Subject: [PATCH 1/9] Added system-characteristics has-security constraints and tests --- features/fedramp_extensions.feature | 15 +++++++ .../ssp-has-network-architecture-INVALID.xml | 40 +++++++++++++++++++ .../fedramp-external-constraints.xml | 16 +++++++- .../has-security-impact-level-FAIL.yaml | 9 +++++ .../has-security-impact-level-PASS.yaml | 9 +++++ ...-security-objective-availability-FAIL.yaml | 9 +++++ ...-security-objective-availability-PASS.yaml | 9 +++++ ...curity-objective-confidentiality-FAIL.yaml | 9 +++++ ...curity-objective-confidentiality-PASS.yaml | 9 +++++ ...has-security-objective-integrity-FAIL.yaml | 9 +++++ ...has-security-objective-integrity-PASS.yaml | 9 +++++ .../has-security-sensitivity-level-FAIL.yaml | 9 +++++ .../has-security-sensitivity-level-PASS.yaml | 9 +++++ 13 files changed, 160 insertions(+), 1 deletion(-) create mode 100644 src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-objective-availability-FAIL.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-objective-availability-PASS.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-objective-confidentiality-FAIL.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-objective-confidentiality-PASS.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-objective-integrity-FAIL.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-objective-integrity-PASS.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml create mode 100644 src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature index f593d98d1..3027cf064 100644 --- a/features/fedramp_extensions.feature +++ b/features/fedramp_extensions.feature @@ -103,6 +103,16 @@ Examples: | has-network-architecture-diagram-link-rel-allowed-value-PASS.yaml | | has-rules-of-behavior-FAIL.yaml | | has-rules-of-behavior-PASS.yaml | + | has-security-impact-level-FAIL.yaml | + | has-security-impact-level-PASS.yaml | + | has-security-objective-availability-FAIL.yaml | + | has-security-objective-availability-PASS.yaml | + | has-security-objective-confidentiality-FAIL.yaml | + | has-security-objective-confidentiality-PASS.yaml | + | has-security-objective-integrity-FAIL.yaml | + | has-security-objective-integrity-PASS.yaml | + | has-security-sensitivity-level-FAIL.yaml | + | has-security-sensitivity-level-PASS.yaml | | has-separation-of-duties-matrix-FAIL.yaml | | has-separation-of-duties-matrix-PASS.yaml | | has-system-id-FAIL.yaml | @@ -212,6 +222,11 @@ Examples: | has-network-architecture-diagram-link-rel | | has-network-architecture-diagram-link-rel-allowed-value | | has-rules-of-behavior | + | has-security-impact-level | + | has-security-objective-availability | + | has-security-objective-confidentiality | + | has-security-objective-integrity | + | has-security-sensitivity-level | | has-separation-of-duties-matrix | | has-system-id | | has-user-guide | diff --git a/src/validations/constraints/content/ssp-has-network-architecture-INVALID.xml b/src/validations/constraints/content/ssp-has-network-architecture-INVALID.xml index 25cbe3dbe..9008b56cc 100644 --- a/src/validations/constraints/content/ssp-has-network-architecture-INVALID.xml +++ b/src/validations/constraints/content/ssp-has-network-architecture-INVALID.xml @@ -4,5 +4,45 @@ xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd" uuid="12345678-1234-4321-8765-123456789012"> + F00000001 + Enhanced Example System + +

This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.

+ + + + + + + + Financial Information + +

Contains sensitive financial data related to organizational operations.

+ + + + + + high + + + moderate + + + low + + + + + + + + + + + +

The authorization boundary includes all components within the main data center and the disaster recovery site.

+ + diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml index 7a2288d53..196497e48 100644 --- a/src/validations/constraints/fedramp-external-constraints.xml +++ b/src/validations/constraints/fedramp-external-constraints.xml @@ -157,6 +157,20 @@ Each FedRAMP SSP data flow diagram must have a link rel attribute with the value "diagram". + + An OSCAL SSP document must specify a FIPS 199 categorization. + + + An OSCAL SSP document must specify a security impact level. + + + An OSCAL SSP must specify a confidentiality security objective. + + + An OSCAL SSP must specify an integrity security objective. + + + An OSCAL SSP must specify an availability security objective. @@ -220,4 +234,4 @@ - + \ No newline at end of file diff --git a/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml new file mode 100644 index 000000000..d4554c2a0 --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml @@ -0,0 +1,9 @@ +test-case: + name: Negative Test for has-security-impact-level + description: >- + This test case validates the behavior of constraint + has-security-impact-level + content: ../content/ssp-all-INVALID.xml + expectations: + - constraint-id: has-security-impact-level + result: fail diff --git a/src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml b/src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml new file mode 100644 index 000000000..dd112dba4 --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml @@ -0,0 +1,9 @@ +test-case: + name: Positive Test for has-security-impact-level + description: >- + This test case validates the behavior of constraint + has-security-impact-level + content: ../content/ssp-all-VALID.xml + expectations: + - constraint-id: has-security-impact-level + result: pass diff --git a/src/validations/constraints/unit-tests/has-security-objective-availability-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-objective-availability-FAIL.yaml new file mode 100644 index 000000000..3d2cbe5b6 --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-objective-availability-FAIL.yaml @@ -0,0 +1,9 @@ +test-case: + name: Negative Test for has-security-objective-availability + description: >- + This test case validates the behavior of constraint + has-security-objective-availability + content: ../content/ssp-all-INVALID.xml + expectations: + - constraint-id: has-security-objective-availability + result: fail diff --git a/src/validations/constraints/unit-tests/has-security-objective-availability-PASS.yaml b/src/validations/constraints/unit-tests/has-security-objective-availability-PASS.yaml new file mode 100644 index 000000000..44c596ae1 --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-objective-availability-PASS.yaml @@ -0,0 +1,9 @@ +test-case: + name: Positive Test for has-security-objective-availability + description: >- + This test case validates the behavior of constraint + has-security-objective-availability + content: ../content/ssp-all-VALID.xml + expectations: + - constraint-id: has-security-objective-availability + result: pass diff --git a/src/validations/constraints/unit-tests/has-security-objective-confidentiality-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-objective-confidentiality-FAIL.yaml new file mode 100644 index 000000000..eece5be1b --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-objective-confidentiality-FAIL.yaml @@ -0,0 +1,9 @@ +test-case: + name: Negative Test for has-security-objective-confidentiality + description: >- + This test case validates the behavior of constraint + has-security-objective-confidentiality + content: ../content/ssp-all-INVALID.xml + expectations: + - constraint-id: has-security-objective-confidentiality + result: fail diff --git a/src/validations/constraints/unit-tests/has-security-objective-confidentiality-PASS.yaml b/src/validations/constraints/unit-tests/has-security-objective-confidentiality-PASS.yaml new file mode 100644 index 000000000..67bacc8f8 --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-objective-confidentiality-PASS.yaml @@ -0,0 +1,9 @@ +test-case: + name: Positive Test for has-security-objective-confidentiality + description: >- + This test case validates the behavior of constraint + has-security-objective-confidentiality + content: ../content/ssp-all-VALID.xml + expectations: + - constraint-id: has-security-objective-confidentiality + result: pass diff --git a/src/validations/constraints/unit-tests/has-security-objective-integrity-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-objective-integrity-FAIL.yaml new file mode 100644 index 000000000..cdbc8be6d --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-objective-integrity-FAIL.yaml @@ -0,0 +1,9 @@ +test-case: + name: Negative Test for has-security-objective-integrity + description: >- + This test case validates the behavior of constraint + has-security-objective-integrity + content: ../content/ssp-all-INVALID.xml + expectations: + - constraint-id: has-security-objective-integrity + result: fail diff --git a/src/validations/constraints/unit-tests/has-security-objective-integrity-PASS.yaml b/src/validations/constraints/unit-tests/has-security-objective-integrity-PASS.yaml new file mode 100644 index 000000000..c509dc75c --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-objective-integrity-PASS.yaml @@ -0,0 +1,9 @@ +test-case: + name: Positive Test for has-security-objective-integrity + description: >- + This test case validates the behavior of constraint + has-security-objective-integrity + content: ../content/ssp-all-VALID.xml + expectations: + - constraint-id: has-security-objective-integrity + result: pass diff --git a/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml new file mode 100644 index 000000000..756fc8bdb --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml @@ -0,0 +1,9 @@ +test-case: + name: Negative Test for has-security-sensitivity-level + description: >- + This test case validates the behavior of constraint + has-security-sensitivity-level + content: ../content/ssp-all-INVALID.xml + expectations: + - constraint-id: has-security-sensitivity-level + result: fail diff --git a/src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml b/src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml new file mode 100644 index 000000000..be4216b92 --- /dev/null +++ b/src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml @@ -0,0 +1,9 @@ +test-case: + name: Positive Test for has-security-sensitivity-level + description: >- + This test case validates the behavior of constraint + has-security-sensitivity-level + content: ../content/ssp-all-VALID.xml + expectations: + - constraint-id: has-security-sensitivity-level + result: pass From dbc54435c650297dacd0654b45a4b4c3e2ec31ae Mon Sep 17 00:00:00 2001 From: Gabeblis Date: Fri, 20 Sep 2024 18:47:08 +0000 Subject: [PATCH 2/9] Removed 3 constraints that are handled by the schema, and cleaned up targets --- features/fedramp_extensions.feature | 9 --------- .../ssp-has-network-architecture-INVALID.xml | 3 --- .../constraints/fedramp-external-constraints.xml | 13 ++----------- .../has-security-objective-availability-FAIL.yaml | 9 --------- .../has-security-objective-availability-PASS.yaml | 9 --------- ...has-security-objective-confidentiality-FAIL.yaml | 9 --------- ...has-security-objective-confidentiality-PASS.yaml | 9 --------- .../has-security-objective-integrity-FAIL.yaml | 9 --------- .../has-security-objective-integrity-PASS.yaml | 9 --------- 9 files changed, 2 insertions(+), 77 deletions(-) delete mode 100644 src/validations/constraints/unit-tests/has-security-objective-availability-FAIL.yaml delete mode 100644 src/validations/constraints/unit-tests/has-security-objective-availability-PASS.yaml delete mode 100644 src/validations/constraints/unit-tests/has-security-objective-confidentiality-FAIL.yaml delete mode 100644 src/validations/constraints/unit-tests/has-security-objective-confidentiality-PASS.yaml delete mode 100644 src/validations/constraints/unit-tests/has-security-objective-integrity-FAIL.yaml delete mode 100644 src/validations/constraints/unit-tests/has-security-objective-integrity-PASS.yaml diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature index 3027cf064..f1b51cafe 100644 --- a/features/fedramp_extensions.feature +++ b/features/fedramp_extensions.feature @@ -105,12 +105,6 @@ Examples: | has-rules-of-behavior-PASS.yaml | | has-security-impact-level-FAIL.yaml | | has-security-impact-level-PASS.yaml | - | has-security-objective-availability-FAIL.yaml | - | has-security-objective-availability-PASS.yaml | - | has-security-objective-confidentiality-FAIL.yaml | - | has-security-objective-confidentiality-PASS.yaml | - | has-security-objective-integrity-FAIL.yaml | - | has-security-objective-integrity-PASS.yaml | | has-security-sensitivity-level-FAIL.yaml | | has-security-sensitivity-level-PASS.yaml | | has-separation-of-duties-matrix-FAIL.yaml | @@ -223,9 +217,6 @@ Examples: | has-network-architecture-diagram-link-rel-allowed-value | | has-rules-of-behavior | | has-security-impact-level | - | has-security-objective-availability | - | has-security-objective-confidentiality | - | has-security-objective-integrity | | has-security-sensitivity-level | | has-separation-of-duties-matrix | | has-system-id | diff --git a/src/validations/constraints/content/ssp-has-network-architecture-INVALID.xml b/src/validations/constraints/content/ssp-has-network-architecture-INVALID.xml index 9008b56cc..2cd39496d 100644 --- a/src/validations/constraints/content/ssp-has-network-architecture-INVALID.xml +++ b/src/validations/constraints/content/ssp-has-network-architecture-INVALID.xml @@ -34,9 +34,6 @@ - - - diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml index 196497e48..735ff9445 100644 --- a/src/validations/constraints/fedramp-external-constraints.xml +++ b/src/validations/constraints/fedramp-external-constraints.xml @@ -157,21 +157,12 @@ Each FedRAMP SSP data flow diagram must have a link rel attribute with the value "diagram". - + An OSCAL SSP document must specify a FIPS 199 categorization. - + An OSCAL SSP document must specify a security impact level. - - An OSCAL SSP must specify a confidentiality security objective. - - - An OSCAL SSP must specify an integrity security objective. - - - An OSCAL SSP must specify an availability security objective. - A FedRAMP SSP must have a FedRAMP system identifier. diff --git a/src/validations/constraints/unit-tests/has-security-objective-availability-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-objective-availability-FAIL.yaml deleted file mode 100644 index 3d2cbe5b6..000000000 --- a/src/validations/constraints/unit-tests/has-security-objective-availability-FAIL.yaml +++ /dev/null @@ -1,9 +0,0 @@ -test-case: - name: Negative Test for has-security-objective-availability - description: >- - This test case validates the behavior of constraint - has-security-objective-availability - content: ../content/ssp-all-INVALID.xml - expectations: - - constraint-id: has-security-objective-availability - result: fail diff --git a/src/validations/constraints/unit-tests/has-security-objective-availability-PASS.yaml b/src/validations/constraints/unit-tests/has-security-objective-availability-PASS.yaml deleted file mode 100644 index 44c596ae1..000000000 --- a/src/validations/constraints/unit-tests/has-security-objective-availability-PASS.yaml +++ /dev/null @@ -1,9 +0,0 @@ -test-case: - name: Positive Test for has-security-objective-availability - description: >- - This test case validates the behavior of constraint - has-security-objective-availability - content: ../content/ssp-all-VALID.xml - expectations: - - constraint-id: has-security-objective-availability - result: pass diff --git a/src/validations/constraints/unit-tests/has-security-objective-confidentiality-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-objective-confidentiality-FAIL.yaml deleted file mode 100644 index eece5be1b..000000000 --- a/src/validations/constraints/unit-tests/has-security-objective-confidentiality-FAIL.yaml +++ /dev/null @@ -1,9 +0,0 @@ -test-case: - name: Negative Test for has-security-objective-confidentiality - description: >- - This test case validates the behavior of constraint - has-security-objective-confidentiality - content: ../content/ssp-all-INVALID.xml - expectations: - - constraint-id: has-security-objective-confidentiality - result: fail diff --git a/src/validations/constraints/unit-tests/has-security-objective-confidentiality-PASS.yaml b/src/validations/constraints/unit-tests/has-security-objective-confidentiality-PASS.yaml deleted file mode 100644 index 67bacc8f8..000000000 --- a/src/validations/constraints/unit-tests/has-security-objective-confidentiality-PASS.yaml +++ /dev/null @@ -1,9 +0,0 @@ -test-case: - name: Positive Test for has-security-objective-confidentiality - description: >- - This test case validates the behavior of constraint - has-security-objective-confidentiality - content: ../content/ssp-all-VALID.xml - expectations: - - constraint-id: has-security-objective-confidentiality - result: pass diff --git a/src/validations/constraints/unit-tests/has-security-objective-integrity-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-objective-integrity-FAIL.yaml deleted file mode 100644 index cdbc8be6d..000000000 --- a/src/validations/constraints/unit-tests/has-security-objective-integrity-FAIL.yaml +++ /dev/null @@ -1,9 +0,0 @@ -test-case: - name: Negative Test for has-security-objective-integrity - description: >- - This test case validates the behavior of constraint - has-security-objective-integrity - content: ../content/ssp-all-INVALID.xml - expectations: - - constraint-id: has-security-objective-integrity - result: fail diff --git a/src/validations/constraints/unit-tests/has-security-objective-integrity-PASS.yaml b/src/validations/constraints/unit-tests/has-security-objective-integrity-PASS.yaml deleted file mode 100644 index c509dc75c..000000000 --- a/src/validations/constraints/unit-tests/has-security-objective-integrity-PASS.yaml +++ /dev/null @@ -1,9 +0,0 @@ -test-case: - name: Positive Test for has-security-objective-integrity - description: >- - This test case validates the behavior of constraint - has-security-objective-integrity - content: ../content/ssp-all-VALID.xml - expectations: - - constraint-id: has-security-objective-integrity - result: pass From ffad7b06023b58e312b21785a36e3420008e885d Mon Sep 17 00:00:00 2001 From: Gabeblis Date: Tue, 24 Sep 2024 21:30:54 +0000 Subject: [PATCH 3/9] Added separate invalid test data files --- .../content/ssp-has-security-impact-level-INVALID.xml | 8 ++++++++ .../ssp-has-security-sensitivity-level-INVALID.xml | 8 ++++++++ .../unit-tests/has-security-impact-level-FAIL.yaml | 2 +- .../unit-tests/has-security-sensitivity-level-FAIL.yaml | 2 +- 4 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 src/validations/constraints/content/ssp-has-security-impact-level-INVALID.xml create mode 100644 src/validations/constraints/content/ssp-has-security-sensitivity-level-INVALID.xml diff --git a/src/validations/constraints/content/ssp-has-security-impact-level-INVALID.xml b/src/validations/constraints/content/ssp-has-security-impact-level-INVALID.xml new file mode 100644 index 000000000..25cbe3dbe --- /dev/null +++ b/src/validations/constraints/content/ssp-has-security-impact-level-INVALID.xml @@ -0,0 +1,8 @@ + + + + + diff --git a/src/validations/constraints/content/ssp-has-security-sensitivity-level-INVALID.xml b/src/validations/constraints/content/ssp-has-security-sensitivity-level-INVALID.xml new file mode 100644 index 000000000..25cbe3dbe --- /dev/null +++ b/src/validations/constraints/content/ssp-has-security-sensitivity-level-INVALID.xml @@ -0,0 +1,8 @@ + + + + + diff --git a/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml index d4554c2a0..8540a8dcf 100644 --- a/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml +++ b/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml @@ -3,7 +3,7 @@ test-case: description: >- This test case validates the behavior of constraint has-security-impact-level - content: ../content/ssp-all-INVALID.xml + content: ../content/ssp-has-security-impact-level-INVALID.xml expectations: - constraint-id: has-security-impact-level result: fail diff --git a/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml index 756fc8bdb..0aa9e2dd7 100644 --- a/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml +++ b/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml @@ -3,7 +3,7 @@ test-case: description: >- This test case validates the behavior of constraint has-security-sensitivity-level - content: ../content/ssp-all-INVALID.xml + content: ../content/ssp-has-security-sensitivity-level-INVALID.xml expectations: - constraint-id: has-security-sensitivity-level result: fail From c2575b61db37a77ce5eedbfd123bda1ffabce61b Mon Sep 17 00:00:00 2001 From: Gabeblis Date: Wed, 25 Sep 2024 02:34:03 +0000 Subject: [PATCH 4/9] merge correction --- .../ssp-has-network-architecture-INVALID.xml | 37 ------------------- .../fedramp-external-constraints.xml | 1 + 2 files changed, 1 insertion(+), 37 deletions(-) diff --git a/src/validations/constraints/content/ssp-has-network-architecture-INVALID.xml b/src/validations/constraints/content/ssp-has-network-architecture-INVALID.xml index 2cd39496d..25cbe3dbe 100644 --- a/src/validations/constraints/content/ssp-has-network-architecture-INVALID.xml +++ b/src/validations/constraints/content/ssp-has-network-architecture-INVALID.xml @@ -4,42 +4,5 @@ xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd" uuid="12345678-1234-4321-8765-123456789012"> - F00000001 - Enhanced Example System - -

This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.

- - - - - - - - Financial Information - -

Contains sensitive financial data related to organizational operations.

- - - - - - high - - - moderate - - - low - - - - - - - - -

The authorization boundary includes all components within the main data center and the disaster recovery site.

- - diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml index 735ff9445..f34bd8473 100644 --- a/src/validations/constraints/fedramp-external-constraints.xml +++ b/src/validations/constraints/fedramp-external-constraints.xml @@ -157,6 +157,7 @@ Each FedRAMP SSP data flow diagram must have a link rel attribute with the value "diagram". + An OSCAL SSP document must specify a FIPS 199 categorization. From 6705da2d803842ee20002290e65126be32cb338e Mon Sep 17 00:00:00 2001 From: Gabeblis Date: Thu, 26 Sep 2024 18:11:28 +0000 Subject: [PATCH 5/9] Add more detailed test descriptions --- .../unit-tests/has-security-impact-level-FAIL.yaml | 4 +--- .../unit-tests/has-security-impact-level-PASS.yaml | 4 +--- .../unit-tests/has-security-sensitivity-level-FAIL.yaml | 4 +--- .../unit-tests/has-security-sensitivity-level-PASS.yaml | 4 +--- 4 files changed, 4 insertions(+), 12 deletions(-) diff --git a/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml index 8540a8dcf..dd966bbd2 100644 --- a/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml +++ b/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml @@ -1,8 +1,6 @@ test-case: name: Negative Test for has-security-impact-level - description: >- - This test case validates the behavior of constraint - has-security-impact-level + description: Test that a SSP system-characteristics element does not have a security-impact-level element. content: ../content/ssp-has-security-impact-level-INVALID.xml expectations: - constraint-id: has-security-impact-level diff --git a/src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml b/src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml index dd112dba4..cdc9dc0fb 100644 --- a/src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml +++ b/src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml @@ -1,8 +1,6 @@ test-case: name: Positive Test for has-security-impact-level - description: >- - This test case validates the behavior of constraint - has-security-impact-level + description: Test that a SSP system-characteristics element has a security-impact-level element. content: ../content/ssp-all-VALID.xml expectations: - constraint-id: has-security-impact-level diff --git a/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml index 0aa9e2dd7..a657c107b 100644 --- a/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml +++ b/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml @@ -1,8 +1,6 @@ test-case: name: Negative Test for has-security-sensitivity-level - description: >- - This test case validates the behavior of constraint - has-security-sensitivity-level + description: Test that a SSP system-characteristics element does not have a security-sensitivity-level element. content: ../content/ssp-has-security-sensitivity-level-INVALID.xml expectations: - constraint-id: has-security-sensitivity-level diff --git a/src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml b/src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml index be4216b92..5a789350a 100644 --- a/src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml +++ b/src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml @@ -1,8 +1,6 @@ test-case: name: Positive Test for has-security-sensitivity-level - description: >- - This test case validates the behavior of constraint - has-security-sensitivity-level + description: Test that a SSP system-characteristics element has a security-sensitivity-level element. content: ../content/ssp-all-VALID.xml expectations: - constraint-id: has-security-sensitivity-level From 51be34606e761949944ff98eea101fa2264cce5d Mon Sep 17 00:00:00 2001 From: Gabeblis Date: Tue, 29 Oct 2024 19:17:40 +0000 Subject: [PATCH 6/9] Add help-url props --- src/validations/constraints/fedramp-external-constraints.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml index f34bd8473..52f11527f 100644 --- a/src/validations/constraints/fedramp-external-constraints.xml +++ b/src/validations/constraints/fedramp-external-constraints.xml @@ -160,9 +160,11 @@ An OSCAL SSP document must specify a FIPS 199 categorization. + An OSCAL SSP document must specify a security impact level. + From 546fa4fb39cc9629bbd4b8b51a1082a6a2a06808 Mon Sep 17 00:00:00 2001 From: Gabeblis Date: Tue, 29 Oct 2024 20:10:13 +0000 Subject: [PATCH 7/9] What even is caps lock? --- src/validations/constraints/fedramp-external-constraints.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml index 52f11527f..873c7aaef 100644 --- a/src/validations/constraints/fedramp-external-constraints.xml +++ b/src/validations/constraints/fedramp-external-constraints.xml @@ -159,11 +159,11 @@ Each FedRAMP SSP data flow diagram must have a link rel attribute with the value "diagram". - An OSCAL SSP document must specify a FIPS 199 categorization. + An OSCAL SSP document MUST specify a FIPS 199 categorization. - An OSCAL SSP document must specify a security impact level. + An OSCAL SSP document MUST specify a security impact level. From 81f172b8f9a3428ab7ef022c166246d4720fa874 Mon Sep 17 00:00:00 2001 From: Gabeblis Date: Tue, 29 Oct 2024 20:42:25 +0000 Subject: [PATCH 8/9] Message correction --- src/validations/constraints/fedramp-external-constraints.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml index 873c7aaef..75bae95f8 100644 --- a/src/validations/constraints/fedramp-external-constraints.xml +++ b/src/validations/constraints/fedramp-external-constraints.xml @@ -159,11 +159,11 @@ Each FedRAMP SSP data flow diagram must have a link rel attribute with the value "diagram". - An OSCAL SSP document MUST specify a FIPS 199 categorization. + A FedRAMP SSP document MUST specify a FIPS 199 categorization. - An OSCAL SSP document MUST specify a security impact level. + A FedRAMP SSP document MUST specify a security impact level. From 2a2f464416b543e5a1b04731360d6599dd9edbb1 Mon Sep 17 00:00:00 2001 From: Gabeblis Date: Wed, 30 Oct 2024 04:51:23 +0000 Subject: [PATCH 9/9] Add n --- .../constraints/unit-tests/has-security-impact-level-FAIL.yaml | 2 +- .../constraints/unit-tests/has-security-impact-level-PASS.yaml | 2 +- .../unit-tests/has-security-sensitivity-level-FAIL.yaml | 2 +- .../unit-tests/has-security-sensitivity-level-PASS.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml index dd966bbd2..2ffa32552 100644 --- a/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml +++ b/src/validations/constraints/unit-tests/has-security-impact-level-FAIL.yaml @@ -1,6 +1,6 @@ test-case: name: Negative Test for has-security-impact-level - description: Test that a SSP system-characteristics element does not have a security-impact-level element. + description: Test that an SSP system-characteristics element does not have a security-impact-level element. content: ../content/ssp-has-security-impact-level-INVALID.xml expectations: - constraint-id: has-security-impact-level diff --git a/src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml b/src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml index cdc9dc0fb..b3405cea3 100644 --- a/src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml +++ b/src/validations/constraints/unit-tests/has-security-impact-level-PASS.yaml @@ -1,6 +1,6 @@ test-case: name: Positive Test for has-security-impact-level - description: Test that a SSP system-characteristics element has a security-impact-level element. + description: Test that an SSP system-characteristics element has a security-impact-level element. content: ../content/ssp-all-VALID.xml expectations: - constraint-id: has-security-impact-level diff --git a/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml b/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml index a657c107b..ae40e708d 100644 --- a/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml +++ b/src/validations/constraints/unit-tests/has-security-sensitivity-level-FAIL.yaml @@ -1,6 +1,6 @@ test-case: name: Negative Test for has-security-sensitivity-level - description: Test that a SSP system-characteristics element does not have a security-sensitivity-level element. + description: Test that an SSP system-characteristics element does not have a security-sensitivity-level element. content: ../content/ssp-has-security-sensitivity-level-INVALID.xml expectations: - constraint-id: has-security-sensitivity-level diff --git a/src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml b/src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml index 5a789350a..e6bd7f3e8 100644 --- a/src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml +++ b/src/validations/constraints/unit-tests/has-security-sensitivity-level-PASS.yaml @@ -1,6 +1,6 @@ test-case: name: Positive Test for has-security-sensitivity-level - description: Test that a SSP system-characteristics element has a security-sensitivity-level element. + description: Test that an SSP system-characteristics element has a security-sensitivity-level element. content: ../content/ssp-all-VALID.xml expectations: - constraint-id: has-security-sensitivity-level