Skip to content

Commit

Permalink
Add back-matter 'has' constraints (#654)
Browse files Browse the repository at this point in the history
* Added back-matter 'has' constraints

* Set levels to 'ERROR'
  • Loading branch information
Gabeblis authored and aj-stein-gsa committed Sep 25, 2024
1 parent 5a0e799 commit 9a636ea
Show file tree
Hide file tree
Showing 15 changed files with 224 additions and 1 deletion.
18 changes: 18 additions & 0 deletions features/fedramp_extensions.feature
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,18 @@ Examples:
| data-center-us-PASS.yaml |
| deployment-mode-FAIL.yaml |
| deployment-mode-PASS.yaml |
| has-configuration-management-plan-FAIL.yaml |
| has-configuration-management-plan-PASS.yaml |
| has-incident-response-plan-FAIL.yaml |
| has-incident-response-plan-PASS.yaml |
| has-information-system-contingency-plan-FAIL.yaml |
| has-information-system-contingency-plan-PASS.yaml |
| has-rules-of-behavior-FAIL.yaml |
| has-rules-of-behavior-PASS.yaml |
| has-separation-of-duties-matrix-FAIL.yaml |
| has-separation-of-duties-matrix-PASS.yaml |
| has-user-guide-FAIL.yaml |
| has-user-guide-PASS.yaml |
| information-type-system-FAIL.yaml |
| information-type-system-PASS.yaml |
| interconnection-direction-FAIL.yaml |
Expand Down Expand Up @@ -84,6 +96,12 @@ Examples:
| data-center-country-code |
| data-center-primary |
| deployment-model |
| has-configuration-management-plan |
| has-incident-response-plan |
| has-information-system-contingency-plan |
| has-rules-of-behavior |
| has-separation-of-duties-matrix |
| has-user-guide |
| information-type-system |
| interconnection-direction |
| interconnection-security |
Expand Down
89 changes: 88 additions & 1 deletion src/validations/constraints/content/ssp-all-VALID.xml
Original file line number Diff line number Diff line change
Expand Up @@ -205,5 +205,92 @@
<prop name="type" value="policy" ns="https://fedramp.gov/ns/oscal"/>
<rlink href="https://example.com/policies/access-control.pdf"/>
</resource>
<resource uuid="90a128ac-c850-48f6-8fff-a55692f80b41">
<title>User's Guide</title>
<description>
<p>User's Guide</p>
</description>
<prop name="type" value="users-guide"/>
<prop name="published" value="2023-01-01T00:00:00Z"/>
<rlink href="./documents/guides/sample_guide.pdf"/>
<remarks>
<p>Table 12-1 Attachments: User's Guide Attachment</p>
<p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
</remarks>
</resource>
<resource uuid="489112e1-57f2-4c29-8dd0-95b1442fbf3b">
<title>Document Title</title>
<description>
<p>Rules of Behavior</p>
</description>
<prop name="type" value="rules-of-behavior"/>
<prop name="published" value="2023-01-01T00:00:00Z"/>
<prop name="version" value="Document Version"/>
<rlink href="./documents/rob.docx" media-type="application/msword"/>
<base64 filename="rob.docx" media-type="application/msword">00000000</base64>
<remarks>
<p>Table 12-1 Attachments: Rules of Behavior (ROB)</p>
<p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
</remarks>
</resource>
<resource uuid="c7860916-f2f4-43aa-b578-d48cf8e6d381">
<title>Document Title</title>
<description>
<p>Contingency Plan (CP)</p>
</description>
<prop name="type" value="plan" class="information-system-contingency-plan"/>
<prop name="published" value="2023-01-01T00:00:00Z"/>
<prop name="version" value="Document Version"/>
<rlink href="./documents/cp.docx" media-type="application/msword"/>
<base64 filename="cp.docx" media-type="application/msword">00000000</base64>
<remarks>
<p>Table 12-1 Attachments: Contingency Plan (CP) Attachment</p>
<p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
</remarks>
</resource>
<resource uuid="ab56cf27-0dae-40d6-89b7-d750137309af">
<title>Document Title</title>
<description>
<p>Configuration Management (CM) Plan</p>
</description>
<prop name="type" value="plan" class="configuration-management-plan"/>
<prop name="published" value="2023-01-01T00:00:00Z"/>
<prop name="version" value="Document Version"/>
<rlink href="./documents/CM_Plan.docx" media-type="application/msword"/>
<base64 filename="CM_Plan.docx" media-type="application/msword">00000000</base64>
<remarks>
<p>Table 12-1 Attachments: Configuration Management (CM) Plan Attachment</p>
<p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
</remarks>
</resource>
<resource uuid="3f771ab5-8016-4571-98d1-f0fb962e15e2">
<title>Document Title</title>
<description>
<p>Incident Response (IR) Plan</p>
</description>
<prop name="type" value="plan" class="incident-response-plan"/>
<prop name="published" value="2023-01-01T00:00:00Z"/>
<prop name="version" value="Document Version"/>
<rlink href="./documents/IR_Plan.docx" media-type="application/msword"/>
<base64 filename="IR_Plan.docx" media-type="application/msword">00000000</base64>
<remarks>
<p>Table 12-1 Attachments: Incident Response (IR) Plan Attachment</p>
<p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
</remarks>
</resource>
<resource uuid="49fb4631-1da2-41ca-b0b3-e1b1006d4025">
<title>Separation of Duties Matrix</title>
<description>
<p>Separation of Duties Matrix</p>
</description>
<prop ns="https://fedramp.gov/ns/oscal" name="type" value="separation-of-duties-matrix"/>
<prop name="published" value="2023-01-01T00:00:00Z"/>
<prop name="version" value="Document Version"/>
<rlink href="./documents/Sep_Matrix.docx" media-type="application/msword"/>
<base64 filename="Sep_Matrix.docx" media-type="application/msword">00000000</base64>
<remarks>
<p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
</remarks>
</resource>
</back-matter>
</system-security-plan>
</system-security-plan>
18 changes: 18 additions & 0 deletions src/validations/constraints/fedramp-external-constraints.xml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,24 @@
<expect id="resource-has-base64-or-rlink" target="back-matter/resource" test="count(./rlink) >= 1 or count(./base64) >= 1" level="WARNING">
<message>Every supporting artifact found in a citation must have at least one base64 or rlink element.</message>
</expect>
<expect id="has-user-guide" target="back-matter" test="resource[prop[@name eq 'type' and @value eq 'users-guide']]" level="ERROR">
<message>A FedRAMP SSP must have a User Guide attached.</message>
</expect>
<expect id="has-rules-of-behavior" target="back-matter" test="resource[prop[@name eq 'type' and @value eq 'rules-of-behavior']]" level="ERROR">
<message>A FedRAMP SSP must have Rules of Behavior.</message>
</expect>
<expect id="has-information-system-contingency-plan" target="back-matter" test="resource[prop[@name eq 'type' and @value eq 'plan' and @class eq 'information-system-contingency-plan']]" level="ERROR">
<message>A FedRAMP SSP must have a Contingency Plan attached.</message>
</expect>
<expect id="has-configuration-management-plan" target="back-matter" test="resource[prop[@name eq 'type' and @value eq 'plan' and @class eq 'configuration-management-plan']]" level="ERROR">
<message>A FedRAMP SSP must have a Configuration Management Plan attached.</message>
</expect>
<expect id="has-incident-response-plan" target="back-matter" test="resource[prop[@name eq 'type' and @value eq 'plan' and @class eq 'incident-response-plan']]" level="ERROR">
<message>A FedRAMP SSP must have an Incident Response Plan attached.</message>
</expect>
<expect id="has-separation-of-duties-matrix" target="back-matter" test="resource[prop[@name eq 'type' and @value eq 'separation-of-duties-matrix']]" level="ERROR">
<message>A FedRAMP SSP must have a Separation of Duties Matrix attached.</message>
</expect>
</constraints>
</context>
<context>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Negative Test for has-configuration-management-plan
description: >-
This test case validates the behavior of constraint
has-configuration-management-plan
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-configuration-management-plan
result: fail
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Positive Test for has-configuration-management-plan
description: >-
This test case validates the behavior of constraint
has-configuration-management-plan
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-configuration-management-plan
result: pass
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Negative Test for has-incident-response-plan
description: >-
This test case validates the behavior of constraint
has-incident-response-plan
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-incident-response-plan
result: fail
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Positive Test for has-incident-response-plan
description: >-
This test case validates the behavior of constraint
has-incident-response-plan
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-incident-response-plan
result: pass
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Negative Test for has-information-system-contingency-plan
description: >-
This test case validates the behavior of constraint
has-information-system-contingency-plan
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-information-system-contingency-plan
result: fail
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Positive Test for has-information-system-contingency-plan
description: >-
This test case validates the behavior of constraint
has-information-system-contingency-plan
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-information-system-contingency-plan
result: pass
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
test-case:
name: Negative Test for has-rules-of-behavior
description: This test case validates the behavior of constraint has-rules-of-behavior
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-rules-of-behavior
result: fail
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
test-case:
name: Positive Test for has-rules-of-behavior
description: This test case validates the behavior of constraint has-rules-of-behavior
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-rules-of-behavior
result: pass
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Negative Test for has-separation-of-duties-matrix
description: >-
This test case validates the behavior of constraint
has-separation-of-duties-matrix
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-separation-of-duties-matrix
result: fail
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
test-case:
name: Positive Test for has-separation-of-duties-matrix
description: >-
This test case validates the behavior of constraint
has-separation-of-duties-matrix
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-separation-of-duties-matrix
result: pass
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
test-case:
name: Negative Test for has-user-guide
description: This test case validates the behavior of constraint has-user-guide
content: ../content/ssp-all-INVALID.xml
expectations:
- constraint-id: has-user-guide
result: fail
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
test-case:
name: Positive Test for has-user-guide
description: This test case validates the behavior of constraint has-user-guide
content: ../content/ssp-all-VALID.xml
expectations:
- constraint-id: has-user-guide
result: pass

0 comments on commit 9a636ea

Please sign in to comment.