Revise inter-boundary-component-has-direction constraint (#930) (#988)

* Revise inter-boundary-component-has-direction constraint (#930) * replace http with https * apply comments
GSA · Dec 13, 2024 · 4859c3f · 4859c3f
1 parent 99f532f
commit 4859c3f
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/validations/constraints/content/ssp-inter-boundary-component-has-direction-INVALID.xml b/src/validations/constraints/content/ssp-inter-boundary-component-has-direction-INVALID.xml
@@ -12,7 +12,7 @@
         <p>A network communication service system.</p>
       </description>
       <prop name="inherited-uuid" value="11111111-0000-4000-9001-000000000001"/>
-      <prop name="implementation-point" value="internal"/>
+      <prop name="implementation-point" value="external"/>
       <prop name="direction" value="incoming" ns="https://fedramp.gov/ns/oscal"/>
       <prop name="direction" value="outgoing" ns="https://fedramp.gov/ns/oscal"/>
       <prop name="direction" value="outgoing" ns="https://fedramp.gov/ns/oscal"/>

diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
@@ -534,7 +534,7 @@
     <context>
         <metapath target="/system-security-plan/system-implementation"/>
         <constraints>
-            <let var="inter-boundary-component" expression="component[(@type='service' and not(prop[@name='leveraged-authorization-uuid']) and prop[@name='implementation-point' and @value='external']) or (@type='interconnection') or (@type='service' and prop[@name='implementation-point' and @value='internal'] and prop[@name='direction']) or (@type='software' and prop[@name='asset-type' and @value='cli'] and prop[@name='direction'])]"/>
+            <let var="inter-boundary-component" expression="component[(@type=('service','software') and not(prop[@name='leveraged-authorization-uuid']) and prop[@name='implementation-point' and @value='external']) or (@type='interconnection') or (@type=('service', 'software') and prop[@name='implementation-point' and @value='internal'] and (prop[@name='communicates-externally' and @value='yes' and @ns='https://fedramp.gov/ns/oscal']))]"/>
             <expect id="authentication-method-has-remarks" target="//component[(@type='system' and ./prop[@name='leveraged-authorization-uuid']) or (@type='service' and not(./prop[@name='leveraged-authorization-uuid']) and ./prop[@name='implementation-point' and @value='external']) or (@type='interconnection') or (@type='service' and ./prop[@name='implementation-point' and @value='internal'] and ./prop[@name='direction']) or (@type='software' and ./prop[@name='asset-type' and @value='cli'] and ./prop[@name='direction'])]" test="count(./prop[@name='authentication-method' and @ns='https://fedramp.gov/ns/oscal'])  = count(./prop[@name='authentication-method' and @ns='https://fedramp.gov/ns/oscal']/remarks)" level="ERROR">
                 <formal-name>Authentication Method Has Remarks</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>