diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature
index ecf2d4156..955fce586 100644
--- a/features/fedramp_extensions.feature
+++ b/features/fedramp_extensions.feature
@@ -167,6 +167,20 @@ Examples:
   | security-level-PASS.yaml |
   | security-sensitivity-level-matches-security-impact-level-FAIL.yaml |
   | security-sensitivity-level-matches-security-impact-level-PASS.yaml |
+  | user-has-authorized-privilege-FAIL.yaml |
+  | user-has-authorized-privilege-PASS.yaml |
+  | user-has-privilege-level-FAIL.yaml |
+  | user-has-privilege-level-PASS.yaml |
+  | user-has-role-id-FAIL.yaml |
+  | user-has-role-id-PASS.yaml |
+  | user-has-sensitivity-level-FAIL.yaml |
+  | user-has-sensitivity-level-PASS.yaml |
+  | user-has-user-type-FAIL.yaml |
+  | user-has-user-type-PASS.yaml |
+  | user-privilege-level-FAIL.yaml |
+  | user-privilege-level-PASS.yaml |
+  | user-sensitivity-level-FAIL.yaml |
+  | user-sensitivity-level-PASS.yaml |
   | user-type-FAIL.yaml |
   | user-type-PASS.yaml |
 #END_DYNAMIC_TEST_CASES
@@ -260,5 +274,12 @@ Examples:
   | scan-type |
   | security-level |
   | security-sensitivity-level-matches-security-impact-level |
+  | user-has-authorized-privilege |
+  | user-has-privilege-level |
+  | user-has-role-id |
+  | user-has-sensitivity-level |
+  | user-has-user-type |
+  | user-privilege-level |
+  | user-sensitivity-level |
   | user-type |
 #END_DYNAMIC_CONSTRAINT_IDS
\ No newline at end of file
diff --git a/src/validations/constraints/content/ssp-all-VALID.xml b/src/validations/constraints/content/ssp-all-VALID.xml
index 641840263..5e0a5b33e 100644
--- a/src/validations/constraints/content/ssp-all-VALID.xml
+++ b/src/validations/constraints/content/ssp-all-VALID.xml
@@ -203,8 +203,15 @@
     <user uuid="44444444-0000-4000-9000-000000000004">
       <title>System Administrator</title>
       <prop name="type" value="internal"/>
-      <prop name="privilege-level" value="read-write"/>
+      <prop ns="https://fedramp.gov/ns/oscal" name="privilege-level" value="read-write"/>
+      <prop ns="https://fedramp.gov/ns/oscal" name="sensitivity" value="high-risk"/>
       <role-id>system-admin</role-id>
+      <authorized-privilege>
+        <title>Admin</title>
+        <description><p>admin user</p></description>
+        <function-performed>administration</function-performed>
+      </authorized-privilege>
+
     </user>
     
     <component uuid="55555555-0000-4000-9000-000000000005" type="this-system">
diff --git a/src/validations/constraints/content/ssp-privilege-level-INVALID.xml b/src/validations/constraints/content/ssp-privilege-level-INVALID.xml
index 8413ce1bc..dcd963ded 100644
--- a/src/validations/constraints/content/ssp-privilege-level-INVALID.xml
+++ b/src/validations/constraints/content/ssp-privilege-level-INVALID.xml
@@ -5,7 +5,7 @@
                       uuid="12345678-1234-4321-8765-123456789012">
   <system-implementation>
     <user uuid="44444444-0000-4000-9000-000000000004">
-      <prop name="privilege-level" value="unsupported-access-type"/>
+      <prop ns="https://fedramp.gov/ns/oscal" name="privilege-level" value="unsupported-access-type"/>
     </user>
   </system-implementation>
 </system-security-plan>
\ No newline at end of file
diff --git a/src/validations/constraints/content/ssp-user-INVALID.xml b/src/validations/constraints/content/ssp-user-INVALID.xml
new file mode 100644
index 000000000..3e73a1fb1
--- /dev/null
+++ b/src/validations/constraints/content/ssp-user-INVALID.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" uuid="12345678-1234-4321-8765-123456789012">
+  <system-implementation>
+    <user uuid="44444444-0000-4000-9000-000000000004">
+    </user>
+  </system-implementation>
+</system-security-plan>
\ No newline at end of file
diff --git a/src/validations/constraints/content/ssp-user-privilege-level-INVALID.xml b/src/validations/constraints/content/ssp-user-privilege-level-INVALID.xml
new file mode 100644
index 000000000..695e56111
--- /dev/null
+++ b/src/validations/constraints/content/ssp-user-privilege-level-INVALID.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" uuid="12345678-1234-4321-8765-123456789012">
+  <system-implementation>
+    <user uuid="44444444-0000-4000-9000-000000000004">
+      <prop ns="https://fedramp.gov/ns/oscal" name="privilege-level" value="invalid"/>
+    </user>
+  </system-implementation>
+</system-security-plan>
diff --git a/src/validations/constraints/content/ssp-user-sensitivity-level-INVALID.xml b/src/validations/constraints/content/ssp-user-sensitivity-level-INVALID.xml
new file mode 100644
index 000000000..a1e2b8801
--- /dev/null
+++ b/src/validations/constraints/content/ssp-user-sensitivity-level-INVALID.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" uuid="12345678-1234-4321-8765-123456789012">
+  <system-implementation>
+    <user uuid="44444444-0000-4000-9000-000000000004">
+      <prop ns='https://fedramp.gov/ns/oscal' name="sensitivity" value="infinite-risk"/>
+    </user>
+  </system-implementation>
+</system-security-plan>
diff --git a/src/validations/constraints/fedramp-external-allowed-values.xml b/src/validations/constraints/fedramp-external-allowed-values.xml
index 4b5ae3b06..b79d8aa7d 100644
--- a/src/validations/constraints/fedramp-external-allowed-values.xml
+++ b/src/validations/constraints/fedramp-external-allowed-values.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<metaschema-meta-constraints xmlns="http://csrc.nist.gov/ns/oscal/metaschema/1.0">
+<metaschema-meta-constraints xmlns="http://csrc.nist.gov/ns/oscal/metaschema/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/metaschema/1.0 https://raw.githubusercontent.com/metaschema-framework/metaschema/refs/heads/develop/schema/xml/metaschema-meta-constraints.xsd">
     <!-- ================== -->
     <!-- FedRAMP Extensions -->
     <!-- ================== -->
@@ -155,6 +155,7 @@
             <allowed-values id="user-type" target="system-implementation/user/prop[@name='type']/@value" allow-other="no" level="ERROR">
                 <formal-name>User Type</formal-name>
                 <description>The type of user.</description>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>
                 <enum value="internal">Internal</enum>
                 <enum value="external">External</enum>
                 <enum value="privileged">Privileged</enum>
@@ -164,9 +165,10 @@
                 <description>The system used for categorizing information types.</description>
                 <enum value="https://doi.org/10.6028/NIST.SP.800-60v2r1">NIST SP 800-60 Volume 2 Revision 1</enum>
               </allowed-values>
-              <allowed-values id="privilege-level" target="system-implementation/user/prop[@name='privilege-level']/@value" allow-other="no" level="ERROR">
+              <allowed-values id="privilege-level" target="system-implementation/user/prop[@name='privilege-level'][@ns='https://fedramp.gov/ns/oscal']/@value" allow-other="no" level="ERROR">
                 <formal-name>Privilege Level</formal-name>
                 <description>The privilege level of the user.</description>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>
                 <enum value="read">Read</enum>
                 <enum value="read-write">Read-Write</enum>
                 <enum value="write">Write</enum>
@@ -377,6 +379,26 @@
                 <enum value="D.9.4">Industry Sector Income Stabilization</enum>
             </allowed-values>
 
+
+            <allowed-values id="user-privilege-level" target="//user/prop[@ns='https://fedramp.gov/ns/oscal' and @name='privilege-level']/@value" allow-other="no" level="ERROR">
+                <formal-name>Privilege Level</formal-name>
+                <description>The privilege level of the user.</description>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>
+                <enum value="read">Read</enum>
+                <enum value="read-write">Read-Write</enum>
+                <enum value="write">Write</enum>
+                <enum value="no-access">No Access</enum>
+            </allowed-values>
+            <allowed-values id="user-sensitivity-level" target="//user/prop[@ns='https://fedramp.gov/ns/oscal' and @name='sensitivity']/@value"  allow-other="no" level="ERROR">
+                <formal-name>User Sensitvity Level</formal-name>
+                <description>Sensitivity level of the user.</description>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>
+                <enum value="high-risk">High Risk</enum>
+                <enum value="severe">Severe</enum>
+                <enum value="moderate">Moderate</enum>
+                <enum value="limited">Limited</enum>
+                <enum value="not-applicable">Not Applicable</enum>
+            </allowed-values>
         </constraints>
 
     </context>
diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
index 6c024946b..58c1985c1 100644
--- a/src/validations/constraints/fedramp-external-constraints.xml
+++ b/src/validations/constraints/fedramp-external-constraints.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<metaschema-meta-constraints xmlns="http://csrc.nist.gov/ns/oscal/metaschema/1.0">
+<metaschema-meta-constraints xmlns="http://csrc.nist.gov/ns/oscal/metaschema/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/metaschema/1.0 https://raw.githubusercontent.com/metaschema-framework/metaschema/refs/heads/develop/schema/xml/metaschema-meta-constraints.xsd">
     <!-- ================== -->
     <!-- FedRAMP Extensions -->
     <!-- ================== -->
@@ -42,6 +42,32 @@
             </expect>
         </constraints>
     </context>
+    <context>
+        <metapath target="//user"/>
+        <constraints>
+
+            <expect id="user-has-user-type" target="." test="count(prop[@name='type']) = 1">
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>
+                <message>A FedRAMP document MUST define a user with a type.</message>
+            </expect>
+            <expect id="user-has-privilege-level" target="." test="count(prop[@name='privilege-level'][@ns='https://fedramp.gov/ns/oscal']) = 1">
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>
+                <message>A FedRAMP document MUST define a user with a privilege for their use of the system.</message>
+            </expect>
+            <expect id="user-has-sensitivity-level" target="." test="count(prop[@name='sensitivity']) = 1">
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>
+                <message>A FedRAMP document MUST define a user with a sensitivity level of their use of the system.</message>
+            </expect>
+            <expect id="user-has-role-id" target="." test="count(role-id) gt 0">
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>
+                <message>A FedRAMP document MUST define a user with at least one role by a role identifier.</message>
+            </expect>
+            <expect id="user-has-authorized-privilege" target="." test="count(authorized-privilege) gt 0">
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>
+                <message>A FedRAMP document MUST define a user with at least one authorized privilege by a privilege identifier.</message>
+            </expect>
+        </constraints>
+    </context>
     <context>
         <metapath target="/system-security-plan"/>
         <constraints>
diff --git a/src/validations/constraints/unit-tests/user-has-authorized-privilege-FAIL.yaml b/src/validations/constraints/unit-tests/user-has-authorized-privilege-FAIL.yaml
new file mode 100644
index 000000000..6e6e6c3f2
--- /dev/null
+++ b/src/validations/constraints/unit-tests/user-has-authorized-privilege-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for user-has-authorized-privilege
+  description: >-
+    This test case validates the behavior of constraint
+    user-has-authorized-privilege
+  content: ../content/ssp-user-INVALID.xml
+  expectations:
+    - constraint-id: user-has-authorized-privilege
+      result: fail
diff --git a/src/validations/constraints/unit-tests/user-has-authorized-privilege-PASS.yaml b/src/validations/constraints/unit-tests/user-has-authorized-privilege-PASS.yaml
new file mode 100644
index 000000000..3964c8422
--- /dev/null
+++ b/src/validations/constraints/unit-tests/user-has-authorized-privilege-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for user-has-authorized-privilege
+  description: >-
+    This test case validates the behavior of constraint
+    user-has-authorized-privilege
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: user-has-authorized-privilege
+      result: pass
diff --git a/src/validations/constraints/unit-tests/user-has-privilege-level-FAIL.yaml b/src/validations/constraints/unit-tests/user-has-privilege-level-FAIL.yaml
new file mode 100644
index 000000000..89e5cebb3
--- /dev/null
+++ b/src/validations/constraints/unit-tests/user-has-privilege-level-FAIL.yaml
@@ -0,0 +1,7 @@
+test-case:
+  name: Negative Test for user-has-privilege-level
+  description: This test case validates the behavior of constraint user-has-privilege-level
+  content: ../content/ssp-user-INVALID.xml
+  expectations:
+    - constraint-id: user-has-privilege-level
+      result: fail
diff --git a/src/validations/constraints/unit-tests/user-has-privilege-level-PASS.yaml b/src/validations/constraints/unit-tests/user-has-privilege-level-PASS.yaml
new file mode 100644
index 000000000..cc9f3218d
--- /dev/null
+++ b/src/validations/constraints/unit-tests/user-has-privilege-level-PASS.yaml
@@ -0,0 +1,7 @@
+test-case:
+  name: Positive Test for user-has-privilege-level
+  description: This test case validates the behavior of constraint user-has-privilege-level
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: user-has-privilege-level
+      result: pass
diff --git a/src/validations/constraints/unit-tests/user-has-role-id-FAIL.yaml b/src/validations/constraints/unit-tests/user-has-role-id-FAIL.yaml
new file mode 100644
index 000000000..051e3f77c
--- /dev/null
+++ b/src/validations/constraints/unit-tests/user-has-role-id-FAIL.yaml
@@ -0,0 +1,7 @@
+test-case:
+  name: Negative Test for user-has-role-id
+  description: This test case validates the behavior of constraint user-has-role-id
+  content: ../content/ssp-user-INVALID.xml
+  expectations:
+    - constraint-id: user-has-role-id
+      result: fail
diff --git a/src/validations/constraints/unit-tests/user-has-role-id-PASS.yaml b/src/validations/constraints/unit-tests/user-has-role-id-PASS.yaml
new file mode 100644
index 000000000..917dea426
--- /dev/null
+++ b/src/validations/constraints/unit-tests/user-has-role-id-PASS.yaml
@@ -0,0 +1,7 @@
+test-case:
+  name: Positive Test for user-has-role-id
+  description: This test case validates the behavior of constraint user-has-role-id
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: user-has-role-id
+      result: pass
diff --git a/src/validations/constraints/unit-tests/user-has-sensitivity-level-FAIL.yaml b/src/validations/constraints/unit-tests/user-has-sensitivity-level-FAIL.yaml
new file mode 100644
index 000000000..1fcd4e448
--- /dev/null
+++ b/src/validations/constraints/unit-tests/user-has-sensitivity-level-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for user-has-sensitivity-level
+  description: >-
+    This test case validates the behavior of constraint
+    user-has-sensitivity-level
+  content: ../content/ssp-user-INVALID.xml
+  expectations:
+    - constraint-id: user-has-sensitivity-level
+      result: fail
diff --git a/src/validations/constraints/unit-tests/user-has-sensitivity-level-PASS.yaml b/src/validations/constraints/unit-tests/user-has-sensitivity-level-PASS.yaml
new file mode 100644
index 000000000..cc8adf6ee
--- /dev/null
+++ b/src/validations/constraints/unit-tests/user-has-sensitivity-level-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for user-has-sensitivity-level
+  description: >-
+    This test case validates the behavior of constraint
+    user-has-sensitivity-level
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: user-has-sensitivity-level
+      result: pass
diff --git a/src/validations/constraints/unit-tests/user-has-user-type-FAIL.yaml b/src/validations/constraints/unit-tests/user-has-user-type-FAIL.yaml
new file mode 100644
index 000000000..c0399549f
--- /dev/null
+++ b/src/validations/constraints/unit-tests/user-has-user-type-FAIL.yaml
@@ -0,0 +1,7 @@
+test-case:
+  name: Negative Test for user-has-user-type
+  description: This test case validates the behavior of constraint user-has-user-type
+  content: ../content/ssp-user-INVALID.xml
+  expectations:
+    - constraint-id: user-has-user-type
+      result: fail
diff --git a/src/validations/constraints/unit-tests/user-has-user-type-PASS.yaml b/src/validations/constraints/unit-tests/user-has-user-type-PASS.yaml
new file mode 100644
index 000000000..c13224ed4
--- /dev/null
+++ b/src/validations/constraints/unit-tests/user-has-user-type-PASS.yaml
@@ -0,0 +1,7 @@
+test-case:
+  name: Positive Test for user-has-user-type
+  description: This test case validates the behavior of constraint user-has-user-type
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: user-has-user-type
+      result: pass
diff --git a/src/validations/constraints/unit-tests/user-privilege-level-FAIL.yaml b/src/validations/constraints/unit-tests/user-privilege-level-FAIL.yaml
new file mode 100644
index 000000000..bb542e47a
--- /dev/null
+++ b/src/validations/constraints/unit-tests/user-privilege-level-FAIL.yaml
@@ -0,0 +1,7 @@
+test-case:
+  name: Negative Test for user-privilege-level
+  description: This test case validates the behavior of constraint user-privilege-level
+  content: ../content/ssp-user-privilege-level-INVALID.xml
+  expectations:
+    - constraint-id: user-privilege-level
+      result: fail
diff --git a/src/validations/constraints/unit-tests/user-privilege-level-PASS.yaml b/src/validations/constraints/unit-tests/user-privilege-level-PASS.yaml
new file mode 100644
index 000000000..db272e857
--- /dev/null
+++ b/src/validations/constraints/unit-tests/user-privilege-level-PASS.yaml
@@ -0,0 +1,7 @@
+test-case:
+  name: Positive Test for user-privilege-level
+  description: This test case validates the behavior of constraint user-privilege-level
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: user-privilege-level
+      result: pass
diff --git a/src/validations/constraints/unit-tests/user-sensitivity-level-FAIL.yaml b/src/validations/constraints/unit-tests/user-sensitivity-level-FAIL.yaml
new file mode 100644
index 000000000..c3e7f295a
--- /dev/null
+++ b/src/validations/constraints/unit-tests/user-sensitivity-level-FAIL.yaml
@@ -0,0 +1,7 @@
+test-case:
+  name: Negative Test for user-sensitivity-level
+  description: This test case validates the behavior of constraint user-sensitivity-level
+  content: ../content/ssp-user-sensitivity-level-INVALID.xml
+  expectations:
+    - constraint-id: user-sensitivity-level
+      result: fail
diff --git a/src/validations/constraints/unit-tests/user-sensitivity-level-PASS.yaml b/src/validations/constraints/unit-tests/user-sensitivity-level-PASS.yaml
new file mode 100644
index 000000000..582d4cd37
--- /dev/null
+++ b/src/validations/constraints/unit-tests/user-sensitivity-level-PASS.yaml
@@ -0,0 +1,7 @@
+test-case:
+  name: Positive Test for user-sensitivity-level
+  description: This test case validates the behavior of constraint user-sensitivity-level
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: user-sensitivity-level
+      result: pass