From a9c2488e0f39c2089312a921a79740828989baf6 Mon Sep 17 00:00:00 2001
From: Rene Tshiteya <rene-claude.tshiteya@noblis.org>
Date: Fri, 18 Oct 2024 10:22:59 -0400
Subject: [PATCH] Fix documentation for "authorizing-official" role

---
 .../ssp/4-ssp-template-to-oscal-mapping.md    | 46 ++++++++++++++++++-
 1 file changed, 44 insertions(+), 2 deletions(-)

diff --git a/content/documentation/ssp/4-ssp-template-to-oscal-mapping.md b/content/documentation/ssp/4-ssp-template-to-oscal-mapping.md
index 9b6d60e..dc498cd 100644
--- a/content/documentation/ssp/4-ssp-template-to-oscal-mapping.md
+++ b/content/documentation/ssp/4-ssp-template-to-oscal-mapping.md
@@ -534,6 +534,49 @@ Required role ID:
 
 If no country is provided, FedRAMP tools will assume a US address.
 
+---
+## Federal Authorizing Officials
+
+A `role` with an ID value of "authorizing-official" is required. Use the `responsible-party` assembly to associate this role with the `party` assembly containing the Authorizing Official's information.
+
+##### Federal Agency Authorization Representation
+{{< highlight xml "linenos=table" >}}
+<metadata>
+    <role id="authorizing-official">
+        <title>Authorizing Official</title>
+    </role>
+    <party uuid="uuid-of-agency" type="organization">
+        <name>Agency Name</name>
+        <address type="work">
+            <addr-line>Address Line</addr-line>
+            <city>City</city>
+            <state>ST</state>
+            <postal-code>00000</postal-code>
+            <country>US</country>
+         </address>
+    </party>
+    <responsible-party role-id="authorizing-official">
+        <party-uuid>uuid-of-agency</party-uuid>
+    </responsible-party>
+</metadata>
+<!-- import -->
+<system-characteristics>
+    <!-- description -->
+    <prop name="authorization-type" 
+          ns="https://fedramp.gov/ns/oscal" 
+          value="fedramp-agency" />
+    <!-- prop -->
+</system-characteristics>
+{{</ highlight >}}
+
+#### XPath Queries
+{{< highlight xml "linenos=table" >}}
+    FedRAMP Authorization Type:
+        /*/system-characteristics/prop[@name="authorization-type"][@ns="https://fedramp.gov/ns/oscal"]/@value
+    Authorizing Official:
+        /*/metadata/party[@uuid=[/*/metadata/responsible-party[@role-id="authorizing-official"]/party-uuid]]/name
+{{</ highlight >}}
+
 ---
 ## Assignment of Security Responsibilities
 
@@ -615,10 +658,9 @@ Required Role ID:
 ---
 ## Summary of SSP Roles Requirements
 
-A FedRAMP OSCAL SSP must have "system-owner" `role` defined and an "information-system-security-officer" `role` defined.  Both of these roles must use the `responsible-party` assembly to associate the role to a `party` of type "person". For details, see the [System Owner](#information-system-owner) and [Assignment of Security Responsibilities](#assignment-of-security-responsibilities) sections.
+A FedRAMP OSCAL SSP must have "system-owner" `role` defined, an "authorizing-official" `role`, and an "information-system-security-officer" `role` defined.  The "system-owner" and "information-system-security-officer" roles must use the `responsible-party` assembly to associate the role to a `party` of type "person". For details, see the [System Owner](#information-system-owner) and [Assignment of Security Responsibilities](#assignment-of-security-responsibilities) sections.
 
 The roles listed below are no longer required by FedRAMP:
-- "authorizing-official"
 - "authorizing-official-poc"
 - "system-poc"
 - "system-poc-management"