From 40f0c91f134255f63273fd5316957bbb1b3ca434 Mon Sep 17 00:00:00 2001
From: Gabeblis <gabriel.rodriguez@gsa.gov>
Date: Tue, 17 Sep 2024 01:23:38 -0400
Subject: [PATCH] Add system-characteristics 'categorization-has' constraints
 (#671)

* Added system-characteristics 'categorization-has constraints and tests

* Adjust path style and message wording per my PR feedback

---------

Co-authored-by: A.J. Stein <aj@gsa.gov>
---
 features/fedramp_extensions.feature                      | 6 ++++++
 src/validations/constraints/content/ssp-all-INVALID.xml  | 2 +-
 .../constraints/fedramp-external-constraints.xml         | 6 ++++++
 ...categorization-has-correct-system-attribute-FAIL.yaml | 9 +++++++++
 ...categorization-has-correct-system-attribute-PASS.yaml | 9 +++++++++
 .../categorization-has-information-type-id-FAIL.yaml     | 9 +++++++++
 .../categorization-has-information-type-id-PASS.yaml     | 9 +++++++++
 7 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 src/validations/constraints/unit-tests/categorization-has-correct-system-attribute-FAIL.yaml
 create mode 100644 src/validations/constraints/unit-tests/categorization-has-correct-system-attribute-PASS.yaml
 create mode 100644 src/validations/constraints/unit-tests/categorization-has-information-type-id-FAIL.yaml
 create mode 100644 src/validations/constraints/unit-tests/categorization-has-information-type-id-PASS.yaml

diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature
index b37cc75f5..f535989c3 100644
--- a/features/fedramp_extensions.feature
+++ b/features/fedramp_extensions.feature
@@ -21,6 +21,10 @@ Examples:
   | attachment-type-PASS.yaml |
   | authorization-type-FAIL.yaml |
   | authorization-type-PASS.yaml |
+  | categorization-has-correct-system-attribute-FAIL.yaml |
+  | categorization-has-correct-system-attribute-PASS.yaml |
+  | categorization-has-information-type-id-FAIL.yaml |
+  | categorization-has-information-type-id-PASS.yaml |
   | cloud-service-model-FAIL.yaml |
   | cloud-service-model-PASS.yaml |
   | component-type-FAIL.yaml |
@@ -95,6 +99,8 @@ Examples:
   | address-type |
   | attachment-type |
   | authorization-type |
+  | categorization-has-correct-system-attribute |
+  | categorization-has-information-type-id |
   | cloud-service-model |
   | component-type |
   | control-implementation-status |
diff --git a/src/validations/constraints/content/ssp-all-INVALID.xml b/src/validations/constraints/content/ssp-all-INVALID.xml
index 6904ae83c..6ee6187dd 100644
--- a/src/validations/constraints/content/ssp-all-INVALID.xml
+++ b/src/validations/constraints/content/ssp-all-INVALID.xml
@@ -72,7 +72,7 @@
           <p>Contains sensitive financial data related to organizational operations.</p>
         </description>
         <categorization system="https://unsupported-system.com">
-          <information-type-id>C.2.8.12</information-type-id>
+          <!-- Removed information-type-id to ensure that categorization-has-information-type-id fails correctly. -->
         </categorization>
         <confidentiality-impact>
           <base>high</base>
diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
index e0ade5942..e81dda8ff 100644
--- a/src/validations/constraints/fedramp-external-constraints.xml
+++ b/src/validations/constraints/fedramp-external-constraints.xml
@@ -56,6 +56,12 @@
             <expect id="has-separation-of-duties-matrix" target="back-matter" test="resource[prop[@name eq 'type' and @value eq 'separation-of-duties-matrix']]" level="ERROR">
                 <message>A FedRAMP SSP must have a Separation of Duties Matrix attached.</message>
             </expect>
+            <expect id="categorization-has-correct-system-attribute" target="./system-characteristics" test="system-information/information-type/categorization/@system eq 'https://doi.org/10.6028/NIST.SP.800-60v2r1'" level="ERROR">
+            <message>A FedRAMP SSP information-type categorization requires a correct system attribute. FedRAMP only supports the system value 'https://doi.org/10.6028/NIST.SP.800-60v2r1'.</message>
+            </expect>
+            <expect id="categorization-has-information-type-id" target="//system-characteristics" test="system-information/information-type/categorization/information-type-id" level="ERROR">
+            <message>A FedRAMP SSP information type categorization must have at least one information type identifier.</message>
+            </expect>
         </constraints>
     </context>
     <context>
diff --git a/src/validations/constraints/unit-tests/categorization-has-correct-system-attribute-FAIL.yaml b/src/validations/constraints/unit-tests/categorization-has-correct-system-attribute-FAIL.yaml
new file mode 100644
index 000000000..816fd6fd5
--- /dev/null
+++ b/src/validations/constraints/unit-tests/categorization-has-correct-system-attribute-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for categorization-has-correct-system-attribute
+  description: >-
+    This test case validates the behavior of constraint
+    categorization-has-correct-system-attribute
+  content: ../content/ssp-all-INVALID.xml
+  expectations:
+    - constraint-id: categorization-has-correct-system-attribute
+      result: fail
diff --git a/src/validations/constraints/unit-tests/categorization-has-correct-system-attribute-PASS.yaml b/src/validations/constraints/unit-tests/categorization-has-correct-system-attribute-PASS.yaml
new file mode 100644
index 000000000..d6b47c346
--- /dev/null
+++ b/src/validations/constraints/unit-tests/categorization-has-correct-system-attribute-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for categorization-has-correct-system-attribute
+  description: >-
+    This test case validates the behavior of constraint
+    categorization-has-correct-system-attribute
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: categorization-has-correct-system-attribute
+      result: pass
diff --git a/src/validations/constraints/unit-tests/categorization-has-information-type-id-FAIL.yaml b/src/validations/constraints/unit-tests/categorization-has-information-type-id-FAIL.yaml
new file mode 100644
index 000000000..c18cf74cf
--- /dev/null
+++ b/src/validations/constraints/unit-tests/categorization-has-information-type-id-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for categorization-has-information-type-id
+  description: >-
+    This test case validates the behavior of constraint
+    categorization-has-information-type-id
+  content: ../content/ssp-all-INVALID.xml
+  expectations:
+    - constraint-id: categorization-has-information-type-id
+      result: fail
diff --git a/src/validations/constraints/unit-tests/categorization-has-information-type-id-PASS.yaml b/src/validations/constraints/unit-tests/categorization-has-information-type-id-PASS.yaml
new file mode 100644
index 000000000..1cc8db491
--- /dev/null
+++ b/src/validations/constraints/unit-tests/categorization-has-information-type-id-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for categorization-has-information-type-id
+  description: >-
+    This test case validates the behavior of constraint
+    categorization-has-information-type-id
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: categorization-has-information-type-id
+      result: pass