Hotfix/deprecate all valid (#960)

* deprecate ssp-all-valid * Update src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml Co-authored-by: A.J. Stein <[email protected]> * Update src/validations/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-VALID-1.xml Co-authored-by: A.J. Stein <[email protected]> * Update src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-VALID-1.xml Co-authored-by: A.J. Stein <[email protected]> * Update src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml Co-authored-by: A.J. Stein <[email protected]> * Update fedramp-ssp-example.oscal.xml --------- Co-authored-by: A.J. Stein <[email protected]>
GSA · Dec 5, 2024 · 780b38a · 780b38a
1 parent 2c0e4de
commit 780b38a
Show file tree

Hide file tree

Showing 125 changed files with 1,377 additions and 134 deletions.
diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature
@@ -11,9 +11,6 @@ Scenario Outline: Documents that should be valid are pass
 Examples:
 | valid_file     |
 | ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml |
-# | ssp-all-VALID.xml |
-# | ../../../content/awesome-cloud/xml/AwesomeCloudSSP1.xml |
-# | ../../../content/awesome-cloud/xml/AwesomeCloudSSP2.xml |
 
 @full-coverage
 Scenario: Preparing constraint coverage analysis

diff --git a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
@@ -1088,7 +1088,7 @@
             <p>Describe the service and what it is used for.</p>
          </description>
          <prop name="implementation-point" value="external" />
-         <prop name="connection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
+         <prop name="connection-security" value="tls-1.3" ns="https://fedramp.gov/ns/oscal"/>
          <prop ns="https://fedramp.gov/ns/oscal" name="direction" value="outgoing"/>
          <prop ns="https://fedramp.gov/ns/oscal" name="provider" value="self"/>
          <prop ns="https://fedramp.gov/ns/oscal" name="still-supported" value="yes"/>
@@ -1183,7 +1183,7 @@
             <p>An external system to which this system shares an interconnection.</p>
          </description>
          <prop name="implementation-point" value="external"/>
-         <prop name="connection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
+         <prop name="connection-security" value="tls-1.3" ns="https://fedramp.gov/ns/oscal"/>
          <prop name="asset-type" value="saas"/>
          <prop ns="https://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
             <remarks>
@@ -1494,7 +1494,7 @@
          </description>
 
          <prop name="implementation-point" value="internal"/>
-         <prop name="connection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
+         <prop name="connection-security" value="tls-1.3" ns="https://fedramp.gov/ns/oscal"/>
          <prop ns="https://fedramp.gov/ns/oscal" name="provider" value="self"/>
          <prop ns="https://fedramp.gov/ns/oscal" name="direction" value="outgoing"/>
          <prop ns="https://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
@@ -1569,7 +1569,7 @@
          </description>
          <prop name="asset-type" value="cli"/>
          <prop name="implementation-point" value="internal"/>
-         <prop name="connection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
+         <prop name="connection-security" value="tls-1.3" ns="https://fedramp.gov/ns/oscal"/>
          <prop ns="https://fedramp.gov/ns/oscal" name="provider" value="self"/>
          <prop ns="https://fedramp.gov/ns/oscal" name="direction" value="outgoing"/>
          <prop ns="https://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
@@ -1761,7 +1761,7 @@
          <description>
             <p>None</p>
          </description>
-         <prop name="connection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
+         <prop name="connection-security" value="tls-1.3" ns="https://fedramp.gov/ns/oscal"/>
          <prop name="implementation-point" value="external"/>
          <prop ns="https://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
             <remarks>
@@ -2174,7 +2174,7 @@
          <description>
             <p>Email Service</p>
          </description>
-         <prop name="connection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
+         <prop name="connection-security" value="tls-1.3" ns="https://fedramp.gov/ns/oscal"/>
          <prop name="implementation-point" value="external"/>
          <prop ns="https://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
             <remarks>

diff --git a/src/validations/constraints/CONTRIBUTING.md b/src/validations/constraints/CONTRIBUTING.md
@@ -107,15 +107,15 @@ npm run constraint
 You can add a constraint and test to this repository by following these high-level steps.
 
 1. Create a new constraint in [the appropriate constraints file](#which-constraint-file-do-i-edit). Note the `id`, you will use it later.
-2. Add the necessary, correct data to [`./content/ssp-all-VALID.xml`](./content/ssp-all-VALID.xml) for a positive test of the constraint.
+2. Add the necessary, correct data to [`../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml`](../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml) for a positive test of the constraint.
 3. Add the YAML metadata for the positive test in [`./unit-tests`](./unit-tests/). The name of the file should start with the name of the assembly, field, or flag, and end with `-PASS.yaml`. For example, a new constraint and test for a [`//metadata/party/prop`](https://pages.nist.gov/OSCAL-Reference/models/v1.1.2/system-security-plan/json-reference/#/system-security-plan/metadata/parties) assembly should be `party-PASS.yaml`. The content should be like the example below.
 
 ```yaml
 # ./unit-tests/party-PASS.yaml
 test-case:
   name: Positive Test for party
   description: This test case validates the behavior of constraint party
-  content: ../content/ssp-all-VALID.xml
+  content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
   expectations:
     - constraint-id: party
       result: pass

diff --git a/...ons/constraints/content/ssp-all-VALID.xml → ...p-control-implementation-status-VALID.xml b/...ons/constraints/content/ssp-all-VALID.xml → ...p-control-implementation-status-VALID.xml
diff --git a/...s/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-VALID-1.xml b/...s/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-VALID-1.xml
@@ -169,7 +169,7 @@
             <description>
                <p>A diagram-specific explanation.</p>
             </description>
-            <link href="./ssp-all-VALID.xml" rel="diagram"/>
+            <link href="https://github.com/GSA/fedramp-automation/blob/9a8e155668d4f7a26ffc372b73d568b074854aac/src/content/awesome-cloud/artifacts/AwesomeCloudHLA1.png" rel="diagram"/>
             <caption>Authorization Boundary Diagram</caption>
          </diagram>
     </authorization-boundary>

diff --git a/src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-VALID-1.xml b/src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-VALID-1.xml
@@ -193,7 +193,7 @@
         <description>
           <p>A diagram-specific explanation.</p>
         </description>
-        <link href="./ssp-all-VALID.xml" rel="diagram"/>
+            <link href="https://github.com/GSA/fedramp-automation/blob/9a8e155668d4f7a26ffc372b73d568b074854aac/src/content/awesome-cloud/artifacts/AwesomeCloudHLA1.png" rel="diagram"/>
         <caption>Data Flow Diagram</caption>
       </diagram>
     </data-flow>

diff --git a/...ons/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml b/...ons/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml
@@ -85,9 +85,6 @@
     <responsible-party role-id="system-owner">
       <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
     </responsible-party>
-    <responsible-party role-id="authorizing-official">
-      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
-    </responsible-party>
     <responsible-party role-id="authorizing-official-poc">
       <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
     </responsible-party>
@@ -181,7 +178,7 @@
         <description>
           <p>A diagram-specific explanation.</p>
         </description>
-        <link href="./ssp-all-VALID.xml" rel="diagram"/>
+            <link href="https://github.com/GSA/fedramp-automation/blob/9a8e155668d4f7a26ffc372b73d568b074854aac/src/content/awesome-cloud/artifacts/AwesomeCloudHLA1.png" rel="diagram"/>
         <caption>Network Diagram</caption>
       </diagram>
     </network-architecture>
@@ -234,7 +231,7 @@
       <description>
         <p>Secure connection to an external API for data enrichment.</p>
       </description>
-      <prop name="interconnection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
+      <prop name="connection-security" value="tls-1.3" ns="https://fedramp.gov/ns/oscal"/>
       <prop name="interconnection-direction" value="in/out" ns="https://fedramp.gov/ns/oscal"/>
       <status state="operational"/>
       <responsible-role role-id="system-admin">