Skip to content

Commit

Permalink
Edit message
Browse files Browse the repository at this point in the history
  • Loading branch information
Gabeblis committed Dec 3, 2024
1 parent 7ff12df commit 9d66a97
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/validations/constraints/fedramp-external-constraints.xml
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@
<expect id="component-has-non-provider-responsible-role" target="//component[(@type='system' and prop[@name='leveraged-authorization-uuid']) or (@type='service' and not(prop[@name='leveraged-authorization-uuid']) and prop[@name='implementation-point' and @value='external']) or (@type='interconnection') or (@type='service' and prop[@name='implementation-point' and @value='internal'] and prop[@name='direction']) or (@type='software' and prop[@name='asset-type' and @value='cli'] and prop[@name='direction'])]" test="count(responsible-role[not(@role-id='provider')]) >= 1" level="ERROR">
<formal-name>Component Has Non-Provider Responsible Role</formal-name>
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#external-systems-and-services-not-having-fedramp-authorization"/>
<message>Each component dealing with leveraged systems, interconnections, or authorized services MUST have at least one responsible role other than "provider".</message>
<message>A FedRAMP SSP MUST have each component describing leveraged systems, interconnections, or authorized services identify at least one responsible role other than "provider".</message>
</expect>
<expect id="component-has-provider-responsible-role" target="//component[(@type='system' and ./prop[@name='leveraged-authorization-uuid']) or (@type='service' and not(./prop[@name='leveraged-authorization-uuid']) and ./prop[@name='implementation-point' and @value='external']) or (@type='interconnection') or (@type='service' and ./prop[@name='implementation-point' and @value='internal'] and ./prop[@name='direction']) or (@type='software' and ./prop[@name='asset-type' and @value='cli'] and ./prop[@name='direction'])]" test="count(responsible-role[@role-id='provider']/party-uuid) = 1" level="ERROR">
<formal-name>Component Has Provider Responsible Role</formal-name>
Expand Down Expand Up @@ -121,7 +121,7 @@
<expect id="non-provider-responsible-role-references-user" target="." test="$non-provider-user-has-function-performed" level="ERROR">
<formal-name>Non-Provider Responsible Role References User</formal-name>
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#external-systems-and-services-not-having-fedramp-authorization"/>
<message>Each non-provider responsible role MUST reference at least one user with an authorized privilege and function performed via the "privilege-uuid" property.</message>
<message>A FedRAMP SSP MUST have each component describing leveraged systems, interconnections, or authorized services reference at least one user with an authorized privilege and function performed via the "privilege-uuid" property.</message>
</expect>
</constraints>
</context>
Expand Down

0 comments on commit 9d66a97

Please sign in to comment.