-
Notifications
You must be signed in to change notification settings - Fork 92
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update ssp-has-security-sensitivity-level-INVALID.xml
- Loading branch information
Showing
1 changed file
with
6 additions
and
296 deletions.
There are no files selected for viewing
302 changes: 6 additions & 296 deletions
302
src/validations/constraints/content/ssp-has-security-sensitivity-level-INVALID.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,298 +1,8 @@ | ||
| <system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd" uuid="12345678-1234-4321-8765-123456789012"> | ||
| <metadata> | ||
| <title>Enhanced Example System Security Plan</title> | ||
| <published>2024-08-01T14:30:00Z</published> | ||
| <last-modified>2024-08-01T14:30:00Z</last-modified> | ||
| <version>1.1</version> | ||
| <oscal-version>1.0.0</oscal-version> | ||
| <document-id scheme="https://example.com/identifiers">SSP-2024-002</document-id> | ||
| <role id="creator"> | ||
| <title>Document Creator</title> | ||
| </role> | ||
| <role id="content-approver"> | ||
| <title>Content Approver</title> | ||
| </role> | ||
| <role id="system-admin"> | ||
| <title>System Administrator</title> | ||
| </role> | ||
| <role id="asset-owner"> | ||
| <title>Asset Owner</title> | ||
| </role> | ||
| <role id="system-owner"> | ||
| <title>System Owner</title> | ||
| </role> | ||
| <role id="authorizing-official-poc"> | ||
| <title>Authorizing Official Point of Contact</title> | ||
| </role> | ||
| <role id="information-system-security-officer"> | ||
| <title>Information System Security Officer (or Equivalent)</title> | ||
| </role> | ||
| <location uuid="11111112-0000-4000-9001-000000000009"> | ||
| <address> | ||
| <country>US</country> | ||
| </address> | ||
| <prop name="data-center" value="dc-zone-1" class="primary" ns="https://fedramp.gov/ns/oscal"/> | ||
| </location> | ||
| <location uuid="11111112-0000-4000-9000-000000000003"> | ||
| <address> | ||
| <country>US</country> | ||
| </address> | ||
| <prop name="data-center" value="aws-us-west-1" class="alternate" ns="https://fedramp.gov/ns/oscal"/> | ||
| </location> | ||
| <party uuid="11111111-0000-4000-9000-000000000001" type="organization"> | ||
| <name>Example Organization</name> | ||
| <short-name>ExOrg</short-name> | ||
| <link rel="website" href="https://example.com"/> | ||
| </party> | ||
| <party uuid="22222222-0000-4000-9000-000000000002" type="person"> | ||
| <name>Jane Doe</name> | ||
| <email-address>[email protected]</email-address> | ||
| <address type="work"/> | ||
| </party> | ||
| <responsible-party role-id="creator"> | ||
| <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
| </responsible-party> | ||
| <responsible-party role-id="content-approver"> | ||
| <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid> | ||
| </responsible-party> | ||
| <remarks> | ||
| <p>This SSP is an example for demonstration purposes.</p> | ||
| </remarks> | ||
| </metadata> | ||
| <import-profile href="../../../../dist/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.xml"/> | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" | ||
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd" | ||
| uuid="12345678-1234-4321-8765-123456789012"> | ||
| <system-characteristics> | ||
| <system-id identifier-type="https://fedramp.gov">F00000001</system-id> | ||
| <system-name>Enhanced Example System</system-name> | ||
| <description> | ||
| <p>This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.</p> | ||
| </description> | ||
| <prop name="cloud-deployment-model" value="government-only-cloud" ns="https://fedramp.gov/ns/oscal"/> | ||
| <prop name="cloud-service-model" value="other" ns="https://fedramp.gov/ns/oscal"/> | ||
| <prop name="authorization-type" value="fedramp-agency" ns="https://fedramp.gov/ns/oscal"/> | ||
| <prop name="identity-assurance-level" value="2"/> | ||
| <prop name="authenticator-assurance-level" value="2"/> | ||
| <prop name="federation-assurance-level" value="2"/> | ||
| <system-information> | ||
| <information-type uuid="33333333-0000-4000-9000-000000000003"> | ||
| <title>Financial Information</title> | ||
| <description> | ||
| <p>Contains sensitive financial data related to organizational operations.</p> | ||
| </description> | ||
| <categorization system="https://doi.org/10.6028/NIST.SP.800-60v2r1"> | ||
| <information-type-id>C.2.8.12</information-type-id> | ||
| </categorization> | ||
| <confidentiality-impact> | ||
| <base>fips-199-high</base> | ||
| </confidentiality-impact> | ||
| <integrity-impact> | ||
| <base>fips-199-moderate</base> | ||
| </integrity-impact> | ||
| <availability-impact> | ||
| <base>fips-199-low</base> | ||
| </availability-impact> | ||
| </information-type> | ||
| </system-information> | ||
| <security-impact-level> | ||
| <security-objective-confidentiality>fips-199-moderate</security-objective-confidentiality> | ||
| <security-objective-integrity>fips-199-moderate</security-objective-integrity> | ||
| <security-objective-availability>fips-199-moderate</security-objective-availability> | ||
| </security-impact-level> | ||
| <data-flow> | ||
| <description> | ||
| <p>A holistic, top-level explanation of the system's data flows.</p> | ||
| </description> | ||
| <diagram uuid="e3b98448-4219-46a5-b229-412423c566f3"> | ||
| <description> | ||
| <p>A diagram-specific explanation.</p> | ||
| </description> | ||
| <link href="#ac5d7535-f3b8-45d3-bf3b-735c82c64547" rel="diagram"/> | ||
| <caption>Data Flow Diagram</caption> | ||
| </diagram> | ||
| </data-flow> | ||
| </system-characteristics> | ||
| <system-implementation> | ||
| <user uuid="44444444-0000-4000-9000-000000000004"> | ||
| <title>System Administrator</title> | ||
| <prop name="type" value="internal"/> | ||
| <prop name="privilege-level" value="read-write"/> | ||
| <role-id>system-admin</role-id> | ||
| </user> | ||
| <component uuid="55555555-0000-4000-9000-000000000005" type="this-system"> | ||
| <title>Primary Application Server</title> | ||
| <description> | ||
| <p>Main application server hosting the core system functionality.</p> | ||
| </description> | ||
| <purpose>main line</purpose> | ||
| <status state="operational"/> | ||
| <responsible-role role-id="system-admin"> | ||
| <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
| </responsible-role> | ||
| <remarks> | ||
| <p>This is the primary application server for the system.</p> | ||
| </remarks> | ||
| </component> | ||
| <component uuid="66666666-0000-4000-9000-000000000006" type="interconnection"> | ||
| <title>External API Connection</title> | ||
| <description> | ||
| <p>Secure connection to an external API for data enrichment.</p> | ||
| </description> | ||
| <prop name="interconnection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/> | ||
| <prop name="interconnection-direction" value="in/out" ns="https://fedramp.gov/ns/oscal"/> | ||
| <status state="operational"/> | ||
| <responsible-role role-id="system-admin"> | ||
| <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
| </responsible-role> | ||
| <remarks> | ||
| <p>This connection is used for secure data exchange with external systems.</p> | ||
| </remarks> | ||
| </component> | ||
| <inventory-item uuid="77777777-0000-4000-9000-000000000007"> | ||
| <description> | ||
| <p>Primary database server</p> | ||
| </description> | ||
| <prop name="asset-id" value="DB-001" ns="http://csrc.nist.gov/ns/oscal"/> | ||
| <prop name="asset-type" value="database"/> | ||
| <prop name="allows-authenticated-scan" value="yes"/> | ||
| <prop name="public" value="no"/> | ||
| <prop name="virtual" value="yes"/> | ||
| <prop name="scan-type" value="database" ns="https://fedramp.gov/ns/oscal"/> | ||
| <responsible-party role-id="asset-owner"> | ||
| <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
| </responsible-party> | ||
| <implemented-component component-uuid="55555555-0000-4000-9000-000000000005"> | ||
| <prop name="asset-id" value="DB-001" ns="http://csrc.nist.gov/ns/oscal"/> | ||
| </implemented-component> | ||
| </inventory-item> | ||
| </system-implementation> | ||
| <control-implementation> | ||
| <description> | ||
| <p>Implementation of controls for the Enhanced Example System</p> | ||
| </description> | ||
| <implemented-requirement uuid="88888888-0000-4000-9000-000000000008" control-id="ac-1"> | ||
| <prop name="control-origination" value="sp-system" ns="https://fedramp.gov/ns/oscal"/> | ||
| <prop name="implementation-status" value="partial" ns="https://fedramp.gov/ns/oscal"/> | ||
| <statement statement-id="ac-1_stmt.a" uuid="99999999-0000-4000-9000-000000000009"> | ||
| </statement> | ||
| <by-component component-uuid="55555555-0000-4000-9000-000000000005" uuid="aaaaaaaa-0000-4000-9000-00000000000a"> | ||
| <description> | ||
| <p>Access Control Policy and Procedures (AC-1) is fully implemented in our system.</p> | ||
| </description> | ||
| <prop ns="https://fedramp.gov/ns/oscal" name="implementation-status" value="implemented"/> | ||
| <responsible-role role-id="system-admin"> | ||
| <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
| </responsible-role> | ||
| </by-component> | ||
| </implemented-requirement> | ||
| <implemented-requirement uuid="bbbbbbbb-0000-4000-9000-00000000000b" control-id="cm-8"> | ||
| <prop name="control-origination" value="sp-system" ns="https://fedramp.gov/ns/oscal"/> | ||
| <statement statement-id="cm-8_stmt.a" uuid="cccccccc-0000-4000-9000-00000000000c"> | ||
| </statement> | ||
| <by-component component-uuid="55555555-0000-4000-9000-000000000005" uuid="dddddddd-0000-4000-9000-00000000000d"> | ||
| <description> | ||
| <p>Information System Component Inventory (CM-8) is partially implemented.</p> | ||
| </description> | ||
| <prop ns="https://fedramp.gov/ns/oscal" name="implementation-status" value="partial"/> | ||
| <responsible-role role-id="system-admin"> | ||
| <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
| </responsible-role> | ||
| </by-component> | ||
| </implemented-requirement> | ||
| </control-implementation> | ||
| <back-matter> | ||
| <resource uuid="eeeeeeee-0000-4000-9000-00000000000e"> | ||
| <title>Access Control Policy</title> | ||
| <description> | ||
| <p>Detailed access control policy document</p> | ||
| </description> | ||
| <prop name="type" value="policy" ns="https://fedramp.gov/ns/oscal"/> | ||
| <rlink href="https://example.com/policies/access-control.pdf"/> | ||
| </resource> | ||
| <resource uuid="90a128ac-c850-48f6-8fff-a55692f80b41"> | ||
| <title>User's Guide</title> | ||
| <description> | ||
| <p>User's Guide</p> | ||
| </description> | ||
| <prop name="type" value="users-guide"/> | ||
| <prop name="published" value="2023-01-01T00:00:00Z"/> | ||
| <rlink href="./documents/guides/sample_guide.pdf"/> | ||
| <remarks> | ||
| <p>Table 12-1 Attachments: User's Guide Attachment</p> | ||
| <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p> | ||
| </remarks> | ||
| </resource> | ||
| <resource uuid="489112e1-57f2-4c29-8dd0-95b1442fbf3b"> | ||
| <title>Document Title</title> | ||
| <description> | ||
| <p>Rules of Behavior</p> | ||
| </description> | ||
| <prop name="type" value="rules-of-behavior"/> | ||
| <prop name="published" value="2023-01-01T00:00:00Z"/> | ||
| <prop name="version" value="Document Version"/> | ||
| <rlink href="./documents/rob.docx" media-type="application/msword"/> | ||
| <base64 filename="rob.docx" media-type="application/msword">00000000</base64> | ||
| <remarks> | ||
| <p>Table 12-1 Attachments: Rules of Behavior (ROB)</p> | ||
| <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p> | ||
| </remarks> | ||
| </resource> | ||
| <resource uuid="c7860916-f2f4-43aa-b578-d48cf8e6d381"> | ||
| <title>Document Title</title> | ||
| <description> | ||
| <p>Contingency Plan (CP)</p> | ||
| </description> | ||
| <prop name="type" value="plan" class="information-system-contingency-plan"/> | ||
| <prop name="published" value="2023-01-01T00:00:00Z"/> | ||
| <prop name="version" value="Document Version"/> | ||
| <rlink href="./documents/cp.docx" media-type="application/msword"/> | ||
| <base64 filename="cp.docx" media-type="application/msword">00000000</base64> | ||
| <remarks> | ||
| <p>Table 12-1 Attachments: Contingency Plan (CP) Attachment</p> | ||
| <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p> | ||
| </remarks> | ||
| </resource> | ||
| <resource uuid="ab56cf27-0dae-40d6-89b7-d750137309af"> | ||
| <title>Document Title</title> | ||
| <description> | ||
| <p>Configuration Management (CM) Plan</p> | ||
| </description> | ||
| <prop name="type" value="plan" class="configuration-management-plan"/> | ||
| <prop name="published" value="2023-01-01T00:00:00Z"/> | ||
| <prop name="version" value="Document Version"/> | ||
| <rlink href="./documents/CM_Plan.docx" media-type="application/msword"/> | ||
| <base64 filename="CM_Plan.docx" media-type="application/msword">00000000</base64> | ||
| <remarks> | ||
| <p>Table 12-1 Attachments: Configuration Management (CM) Plan Attachment</p> | ||
| <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p> | ||
| </remarks> | ||
| </resource> | ||
| <resource uuid="3f771ab5-8016-4571-98d1-f0fb962e15e2"> | ||
| <title>Document Title</title> | ||
| <description> | ||
| <p>Incident Response (IR) Plan</p> | ||
| </description> | ||
| <prop name="type" value="plan" class="incident-response-plan"/> | ||
| <prop name="published" value="2023-01-01T00:00:00Z"/> | ||
| <prop name="version" value="Document Version"/> | ||
| <rlink href="./documents/IR_Plan.docx" media-type="application/msword"/> | ||
| <base64 filename="IR_Plan.docx" media-type="application/msword">00000000</base64> | ||
| <remarks> | ||
| <p>Table 12-1 Attachments: Incident Response (IR) Plan Attachment</p> | ||
| <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p> | ||
| </remarks> | ||
| </resource> | ||
| <resource uuid="49fb4631-1da2-41ca-b0b3-e1b1006d4025"> | ||
| <title>Separation of Duties Matrix</title> | ||
| <description> | ||
| <p>Separation of Duties Matrix</p> | ||
| </description> | ||
| <prop ns="https://fedramp.gov/ns/oscal" name="type" value="separation-of-duties-matrix"/> | ||
| <prop name="published" value="2023-01-01T00:00:00Z"/> | ||
| <prop name="version" value="Document Version"/> | ||
| <rlink href="./documents/Sep_Matrix.docx" media-type="application/msword"/> | ||
| <base64 filename="Sep_Matrix.docx" media-type="application/msword">00000000</base64> | ||
| <remarks> | ||
| <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p> | ||
| </remarks> | ||
| </resource> | ||
| </back-matter> | ||
| </system-security-plan> | ||
| </system-security-plan> |