Skip to content

Commit

Permalink
Added system-characteristics has-security constraints and tests
Browse files Browse the repository at this point in the history
  • Loading branch information
Gabeblis committed Sep 11, 2024
1 parent ddd3a02 commit 24c6dfb
Show file tree
Hide file tree
Showing 13 changed files with 126 additions and 9 deletions.
15 changes: 15 additions & 0 deletions features/fedramp_extensions.feature
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,16 @@ Examples:
| has-information-system-contingency-plan-PASS.yaml |
| has-rules-of-behavior-FAIL.yaml |
| has-rules-of-behavior-PASS.yaml |
| has-security-impact-level-FAIL.yaml |
| has-security-impact-level-PASS.yaml |
| has-security-objective-availability-FAIL.yaml |
| has-security-objective-availability-PASS.yaml |
| has-security-objective-confidentiality-FAIL.yaml |
| has-security-objective-confidentiality-PASS.yaml |
| has-security-objective-integrity-FAIL.yaml |
| has-security-objective-integrity-PASS.yaml |
| has-security-sensitivity-level-FAIL.yaml |
| has-security-sensitivity-level-PASS.yaml |
| has-separation-of-duties-matrix-FAIL.yaml |
| has-separation-of-duties-matrix-PASS.yaml |
| has-user-guide-FAIL.yaml |
Expand Down Expand Up @@ -100,6 +110,11 @@ Examples:
| has-incident-response-plan |
| has-information-system-contingency-plan |
| has-rules-of-behavior |
| has-security-impact-level |
| has-security-objective-availability |
| has-security-objective-confidentiality |
| has-security-objective-integrity |
| has-security-sensitivity-level |
| has-separation-of-duties-matrix |
| has-user-guide |
| information-type-system |
Expand Down
13 changes: 5 additions & 8 deletions src/validations/constraints/content/ssp-all-INVALID.xml
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@
<prop name='cloud-service-model' value='unsupported-model' ns="https://fedramp.gov/ns/oscal"/>
<prop name='cloud-deployment-model' value='unsupported-value' ns="https://fedramp.gov/ns/oscal"/>
<prop name='authorization-type' value='unsupported-value' ns="https://fedramp.gov/ns/oscal"/>
<security-sensitivity-level>moderate</security-sensitivity-level>
<!-- security-sensitivity-level was removed to ensure that test fails correctly. -->
<system-information>
<information-type uuid="33333333-0000-4000-9000-000000000003">
<title>Financial Information</title>
Expand All @@ -85,13 +85,10 @@
</availability-impact>
</information-type>
</system-information>

<security-impact-level>
<security-objective-confidentiality>moderate</security-objective-confidentiality>
<security-objective-integrity>moderate</security-objective-integrity>
<security-objective-availability>moderate</security-objective-availability>
</security-impact-level>

<!-- security-impact-level was removed to ensure that test fails correctly. -->
<!-- security-objective-confidentiality was removed to ensure that test fails correctly. -->
<!-- security-objective-integrity was removed to ensure that test fails correctly. -->
<!-- security-objective-availability was removed to ensure that test fails correctly. -->
<status state="operational"/>

<authorization-boundary>
Expand Down
17 changes: 16 additions & 1 deletion src/validations/constraints/fedramp-external-constraints.xml
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,21 @@
<expect id="has-separation-of-duties-matrix" target="back-matter" test="resource[prop[@name eq 'type' and @value eq 'separation-of-duties-matrix']]" level="ERROR">
<message>A FedRAMP SSP must have a Separation of Duties Matrix attached.</message>
</expect>
<expect id="has-security-sensitivity-level" target="//system-characteristics" test="security-sensitivity-level" level="ERROR">
<message>An OSCAL SSP document must specify a FIPS 199 categorization.</message>
</expect>
<expect id="has-security-impact-level" target="//system-characteristics" test="security-impact-level" level="ERROR">
<message>An OSCAL SSP document must specify a security impact level.</message>
</expect>
<expect id="has-security-objective-confidentiality" target="//system-characteristics" test="security-impact-level/security-objective-confidentiality" level="ERROR">
<message>An OSCAL SSP must specify a confidentiality security objective.</message>
</expect>
<expect id="has-security-objective-integrity" target="//system-characteristics" test="security-impact-level/security-objective-integrity" level="ERROR">
<message>An OSCAL SSP must specify an integrity security objective.</message>
</expect>
<expect id="has-security-objective-availability" target="//system-characteristics" test="security-impact-level/security-objective-availability" level="ERROR">
<message>An OSCAL SSP must specify an availability security objective.</message>
</expect>
</constraints>
</context>
<context>
Expand All @@ -75,4 +90,4 @@
</expect>
</constraints>
</context>
</metaschema-meta-constraints>
</metaschema-meta-constraints>
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Negative Test for has-security-impact-level
description: >-
This test case validates the behavior of constraint
has-security-impact-level
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-security-impact-level
result: fail
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Positive Test for has-security-impact-level
description: >-
This test case validates the behavior of constraint
has-security-impact-level
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-security-impact-level
result: pass
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Negative Test for has-security-objective-availability
description: >-
This test case validates the behavior of constraint
has-security-objective-availability
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-security-objective-availability
result: fail
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Positive Test for has-security-objective-availability
description: >-
This test case validates the behavior of constraint
has-security-objective-availability
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-security-objective-availability
result: pass
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Negative Test for has-security-objective-confidentiality
description: >-
This test case validates the behavior of constraint
has-security-objective-confidentiality
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-security-objective-confidentiality
result: fail
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Positive Test for has-security-objective-confidentiality
description: >-
This test case validates the behavior of constraint
has-security-objective-confidentiality
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-security-objective-confidentiality
result: pass
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Negative Test for has-security-objective-integrity
description: >-
This test case validates the behavior of constraint
has-security-objective-integrity
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-security-objective-integrity
result: fail
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Positive Test for has-security-objective-integrity
description: >-
This test case validates the behavior of constraint
has-security-objective-integrity
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-security-objective-integrity
result: pass
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Negative Test for has-security-sensitivity-level
description: >-
This test case validates the behavior of constraint
has-security-sensitivity-level
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-security-sensitivity-level
result: fail
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Positive Test for has-security-sensitivity-level
description: >-
This test case validates the behavior of constraint
has-security-sensitivity-level
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-security-sensitivity-level
result: pass

0 comments on commit 24c6dfb

Please sign in to comment.