From b727064db85b3dddfd9c5e656f194d6e7cb6ad06 Mon Sep 17 00:00:00 2001 From: Rene Tshiteya Date: Wed, 27 Nov 2024 16:59:31 -0500 Subject: [PATCH] Update namespaces in constraints and unit test data files --- .../constraints/content/ssp-all-VALID.xml | 32 +++++++-------- ...hentication-method-has-remarks-INVALID.xml | 2 +- ...nent-has-authentication-method-INVALID.xml | 18 ++++----- ...nal-system-nature-of-agreement-INVALID.xml | 4 +- ...ully-operational-date-is-valid-INVALID.xml | 2 +- ...-fully-operational-date-type-INVALID-1.xml | 2 +- ...-fully-operational-date-type-INVALID-2.xml | 2 +- ...ndary-diagram-link-href-target-VALID-1.xml | 40 +++++++++---------- ...-flow-diagram-link-href-target-VALID-1.xml | 40 +++++++++---------- .../ssp-has-inventory-items-INVALID.xml | 2 +- ...cture-diagram-link-href-target-VALID-1.xml | 40 +++++++++---------- ...le-resolves-to-fedramp-content-VALID-1.xml | 36 ++++++++--------- ...le-resolves-to-fedramp-content-VALID-2.xml | 38 +++++++++--------- ...le-resolves-to-fedramp-content-VALID-3.xml | 38 +++++++++--------- ...horization-nature-of-agreement-INVALID.xml | 2 +- .../content/ssp-privilege-level-INVALID.xml | 2 +- ...sp-responsible-party-is-person-INVALID.xml | 2 +- ...rty-prepared-by-location-valid-VALID-1.xml | 40 +++++++++---------- ...ty-prepared-for-location-valid-VALID-1.xml | 40 +++++++++---------- ...saas-has-leveraged-authorization-VALID.xml | 40 +++++++++---------- ...unique-inventory-item-asset-id-INVALID.xml | 4 +- .../ssp-user-authentication-INVALID.xml | 18 ++++----- .../ssp-user-privilege-level-INVALID.xml | 2 +- .../ssp-user-sensitivity-level-INVALID.xml | 2 +- .../fedramp-external-allowed-values.xml | 22 +++++----- .../fedramp-external-constraints.xml | 26 ++++++------ .../unit-tests/has-system-id-FAIL.yaml | 2 +- .../unit-tests/has-system-id-PASS.yaml | 2 +- 28 files changed, 250 insertions(+), 250 deletions(-) diff --git a/src/validations/constraints/content/ssp-all-VALID.xml b/src/validations/constraints/content/ssp-all-VALID.xml index 5e3fb0a43..c863c150f 100644 --- a/src/validations/constraints/content/ssp-all-VALID.xml +++ b/src/validations/constraints/content/ssp-all-VALID.xml @@ -10,7 +10,7 @@ 1.1 1.1.2 SSP-2024-002 - + Authorizing Official @@ -178,11 +178,11 @@

Remarks are required if service model is "other". Optional otherwise.

- + - + fips-199-moderate @@ -262,9 +262,9 @@ GovCloud - - - + + + f0bc13a4-3303-47dd-80d3-380e159c8362 2015-01-01 @@ -277,8 +277,8 @@ System Administrator - - + + system-admin Admin @@ -308,8 +308,8 @@

An external leveraged system.

- - + + @@ -318,9 +318,9 @@

Secure connection to an external API for data enrichment.

- - - + + +

Some description of the authentication method.

@@ -340,8 +340,8 @@

Briefly describe the external system.

- - + + @@ -372,7 +372,7 @@ - + 11111111-0000-4000-9000-000000000001 diff --git a/src/validations/constraints/content/ssp-authentication-method-has-remarks-INVALID.xml b/src/validations/constraints/content/ssp-authentication-method-has-remarks-INVALID.xml index 06b7b625d..678aa18b8 100644 --- a/src/validations/constraints/content/ssp-authentication-method-has-remarks-INVALID.xml +++ b/src/validations/constraints/content/ssp-authentication-method-has-remarks-INVALID.xml @@ -1,7 +1,7 @@ - + diff --git a/src/validations/constraints/content/ssp-component-has-authentication-method-INVALID.xml b/src/validations/constraints/content/ssp-component-has-authentication-method-INVALID.xml index 41bba60e6..76c638f63 100644 --- a/src/validations/constraints/content/ssp-component-has-authentication-method-INVALID.xml +++ b/src/validations/constraints/content/ssp-component-has-authentication-method-INVALID.xml @@ -7,8 +7,8 @@ - - + diff --git a/src/validations/constraints/content/ssp-fully-operational-date-type-INVALID-1.xml b/src/validations/constraints/content/ssp-fully-operational-date-type-INVALID-1.xml index 9777a0709..903819fa8 100644 --- a/src/validations/constraints/content/ssp-fully-operational-date-type-INVALID-1.xml +++ b/src/validations/constraints/content/ssp-fully-operational-date-type-INVALID-1.xml @@ -5,7 +5,7 @@ uuid="12345678-1234-4321-8765-123456789012"> - + \ No newline at end of file diff --git a/src/validations/constraints/content/ssp-fully-operational-date-type-INVALID-2.xml b/src/validations/constraints/content/ssp-fully-operational-date-type-INVALID-2.xml index f56852859..d3dda7a06 100644 --- a/src/validations/constraints/content/ssp-fully-operational-date-type-INVALID-2.xml +++ b/src/validations/constraints/content/ssp-fully-operational-date-type-INVALID-2.xml @@ -5,7 +5,7 @@ uuid="12345678-1234-4321-8765-123456789012"> - + \ No newline at end of file diff --git a/src/validations/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-VALID-1.xml b/src/validations/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-VALID-1.xml index f2df4e7d7..ca7e9261a 100644 --- a/src/validations/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-VALID-1.xml +++ b/src/validations/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-VALID-1.xml @@ -10,7 +10,7 @@ 1.1 1.1.2 SSP-2024-002 - + Document Creator @@ -112,15 +112,15 @@ - F00000001 + F00000001 Enhanced Example System System's Short Name or Acronym

This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.

- - - + + + @@ -203,8 +203,8 @@ System Administrator - - + + system-admin Admin @@ -234,8 +234,8 @@

Secure connection to an external API for data enrichment.

- - + + 11111111-0000-4000-9000-000000000001 @@ -254,7 +254,7 @@ - + 11111111-0000-4000-9000-000000000001 @@ -269,15 +269,15 @@

Implementation of controls for the Enhanced Example System

- - + +

Access Control Policy and Procedures (AC-1) is fully implemented in our system.

- + 11111111-0000-4000-9000-000000000001 @@ -285,14 +285,14 @@
- +

Information System Component Inventory (CM-8) is partially implemented.

- + 11111111-0000-4000-9000-000000000001 @@ -306,7 +306,7 @@

Detailed access control policy document

- + @@ -387,7 +387,7 @@

Separation of Duties Matrix

- + @@ -403,7 +403,7 @@

Authorization Boundary Diagram

- + @@ -418,7 +418,7 @@

Network Architecture Diagram

- + @@ -433,7 +433,7 @@

Data flow Diagram

- + diff --git a/src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-VALID-1.xml b/src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-VALID-1.xml index e747c4e5d..53dc29acd 100644 --- a/src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-VALID-1.xml +++ b/src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-VALID-1.xml @@ -10,7 +10,7 @@ 1.1 1.1.2 SSP-2024-002 - + Document Creator @@ -112,15 +112,15 @@ - F00000001 + F00000001 Enhanced Example System System's Short Name or Acronym

This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.

- - - + + + @@ -203,8 +203,8 @@ System Administrator - - + + system-admin Admin @@ -234,8 +234,8 @@

Secure connection to an external API for data enrichment.

- - + + 11111111-0000-4000-9000-000000000001 @@ -254,7 +254,7 @@ - + 11111111-0000-4000-9000-000000000001 @@ -269,15 +269,15 @@

Implementation of controls for the Enhanced Example System

- - + +

Access Control Policy and Procedures (AC-1) is fully implemented in our system.

- + 11111111-0000-4000-9000-000000000001 @@ -285,14 +285,14 @@
- +

Information System Component Inventory (CM-8) is partially implemented.

- + 11111111-0000-4000-9000-000000000001 @@ -306,7 +306,7 @@

Detailed access control policy document

- +
@@ -387,7 +387,7 @@

Separation of Duties Matrix

- + @@ -403,7 +403,7 @@

Authorization Boundary Diagram

- + @@ -418,7 +418,7 @@

Network Architecture Diagram

- + @@ -433,7 +433,7 @@

Data flow Diagram

- + diff --git a/src/validations/constraints/content/ssp-has-inventory-items-INVALID.xml b/src/validations/constraints/content/ssp-has-inventory-items-INVALID.xml index e395ad924..ae3e4e5ac 100644 --- a/src/validations/constraints/content/ssp-has-inventory-items-INVALID.xml +++ b/src/validations/constraints/content/ssp-has-inventory-items-INVALID.xml @@ -14,7 +14,7 @@ - + 11111111-0000-4000-9000-000000000001 diff --git a/src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml b/src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml index 4b144a341..d156da919 100644 --- a/src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml +++ b/src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml @@ -10,7 +10,7 @@ 1.1 1.1.2 SSP-2024-002 - + Document Creator @@ -112,15 +112,15 @@ - F00000001 + F00000001 Enhanced Example System System's Short Name or Acronym

This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.

- - - + + + @@ -203,8 +203,8 @@ System Administrator - - + + system-admin Admin @@ -234,8 +234,8 @@

Secure connection to an external API for data enrichment.

- - + + 11111111-0000-4000-9000-000000000001 @@ -254,7 +254,7 @@ - + 11111111-0000-4000-9000-000000000001 @@ -269,15 +269,15 @@

Implementation of controls for the Enhanced Example System

- - + +

Access Control Policy and Procedures (AC-1) is fully implemented in our system.

- + 11111111-0000-4000-9000-000000000001 @@ -285,14 +285,14 @@
- +

Information System Component Inventory (CM-8) is partially implemented.

- + 11111111-0000-4000-9000-000000000001 @@ -306,7 +306,7 @@

Detailed access control policy document

- +
@@ -387,7 +387,7 @@

Separation of Duties Matrix

- + @@ -403,7 +403,7 @@

Authorization Boundary Diagram

- + @@ -418,7 +418,7 @@

Network Architecture Diagram

- + @@ -433,7 +433,7 @@

Data flow Diagram

- + diff --git a/src/validations/constraints/content/ssp-import-profile-resolves-to-fedramp-content-VALID-1.xml b/src/validations/constraints/content/ssp-import-profile-resolves-to-fedramp-content-VALID-1.xml index fcf746648..b92975e69 100644 --- a/src/validations/constraints/content/ssp-import-profile-resolves-to-fedramp-content-VALID-1.xml +++ b/src/validations/constraints/content/ssp-import-profile-resolves-to-fedramp-content-VALID-1.xml @@ -10,7 +10,7 @@ 1.1 1.1.2 SSP-2024-002 - + Document Creator @@ -71,14 +71,14 @@ - F00000001 + F00000001 Enhanced Example System

This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.

- - - + + + @@ -175,8 +175,8 @@

Secure connection to an external API for data enrichment.

- - + + 11111111-0000-4000-9000-000000000001 @@ -195,7 +195,7 @@ - + 11111111-0000-4000-9000-000000000001 @@ -210,15 +210,15 @@

Implementation of controls for the Enhanced Example System

- - + +

Access Control Policy and Procedures (AC-1) is fully implemented in our system.

- + 11111111-0000-4000-9000-000000000001 @@ -226,14 +226,14 @@
- +

Information System Component Inventory (CM-8) is partially implemented.

- + 11111111-0000-4000-9000-000000000001 @@ -247,7 +247,7 @@

Detailed access control policy document

- +
@@ -328,7 +328,7 @@

Separation of Duties Matrix

- + @@ -344,7 +344,7 @@

Authorization Boundary Diagram

- + @@ -359,7 +359,7 @@

Network Architecture Diagram

- + @@ -374,7 +374,7 @@

Data flow Diagram

- + diff --git a/src/validations/constraints/content/ssp-import-profile-resolves-to-fedramp-content-VALID-2.xml b/src/validations/constraints/content/ssp-import-profile-resolves-to-fedramp-content-VALID-2.xml index c423b81e2..01968f3f0 100644 --- a/src/validations/constraints/content/ssp-import-profile-resolves-to-fedramp-content-VALID-2.xml +++ b/src/validations/constraints/content/ssp-import-profile-resolves-to-fedramp-content-VALID-2.xml @@ -10,7 +10,7 @@ 1.1 1.1.2 SSP-2024-002 - + Document Creator @@ -71,14 +71,14 @@ - F00000001 + F00000001 Enhanced Example System

This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.

- - - + + + @@ -175,8 +175,8 @@

Secure connection to an external API for data enrichment.

- - + + 11111111-0000-4000-9000-000000000001 @@ -195,7 +195,7 @@ - + 11111111-0000-4000-9000-000000000001 @@ -210,15 +210,15 @@

Implementation of controls for the Enhanced Example System

- - + +

Access Control Policy and Procedures (AC-1) is fully implemented in our system.

- + 11111111-0000-4000-9000-000000000001 @@ -226,14 +226,14 @@
- +

Information System Component Inventory (CM-8) is partially implemented.

- + 11111111-0000-4000-9000-000000000001 @@ -247,7 +247,7 @@

Detailed access control policy document

- +
@@ -255,7 +255,7 @@

Profile to be imported

- +
@@ -336,7 +336,7 @@

Separation of Duties Matrix

- + @@ -352,7 +352,7 @@

Authorization Boundary Diagram

- + @@ -367,7 +367,7 @@

Network Architecture Diagram

- + @@ -382,7 +382,7 @@

Data flow Diagram

- + diff --git a/src/validations/constraints/content/ssp-import-profile-resolves-to-fedramp-content-VALID-3.xml b/src/validations/constraints/content/ssp-import-profile-resolves-to-fedramp-content-VALID-3.xml index b658e6310..0a95e778f 100644 --- a/src/validations/constraints/content/ssp-import-profile-resolves-to-fedramp-content-VALID-3.xml +++ b/src/validations/constraints/content/ssp-import-profile-resolves-to-fedramp-content-VALID-3.xml @@ -10,7 +10,7 @@ 1.1 1.1.2 SSP-2024-002 - + Document Creator @@ -71,14 +71,14 @@ - F00000001 + F00000001 Enhanced Example System

This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.

- - - + + + @@ -175,8 +175,8 @@

Secure connection to an external API for data enrichment.

- - + + 11111111-0000-4000-9000-000000000001 @@ -195,7 +195,7 @@ - + 11111111-0000-4000-9000-000000000001 @@ -210,15 +210,15 @@

Implementation of controls for the Enhanced Example System

- - + +

Access Control Policy and Procedures (AC-1) is fully implemented in our system.

- + 11111111-0000-4000-9000-000000000001 @@ -226,14 +226,14 @@
- +

Information System Component Inventory (CM-8) is partially implemented.

- + 11111111-0000-4000-9000-000000000001 @@ -247,7 +247,7 @@

Detailed access control policy document

- +
@@ -255,7 +255,7 @@

Profile to be imported

- +
@@ -336,7 +336,7 @@

Separation of Duties Matrix

- + @@ -352,7 +352,7 @@

Authorization Boundary Diagram

- + @@ -367,7 +367,7 @@

Network Architecture Diagram

- + @@ -382,7 +382,7 @@

Data flow Diagram

- + diff --git a/src/validations/constraints/content/ssp-leveraged-authorization-nature-of-agreement-INVALID.xml b/src/validations/constraints/content/ssp-leveraged-authorization-nature-of-agreement-INVALID.xml index 560d3183d..96ce1e1a3 100644 --- a/src/validations/constraints/content/ssp-leveraged-authorization-nature-of-agreement-INVALID.xml +++ b/src/validations/constraints/content/ssp-leveraged-authorization-nature-of-agreement-INVALID.xml @@ -11,7 +11,7 @@

An external leveraged system.

- + diff --git a/src/validations/constraints/content/ssp-privilege-level-INVALID.xml b/src/validations/constraints/content/ssp-privilege-level-INVALID.xml index dcd963ded..84120558b 100644 --- a/src/validations/constraints/content/ssp-privilege-level-INVALID.xml +++ b/src/validations/constraints/content/ssp-privilege-level-INVALID.xml @@ -5,7 +5,7 @@ uuid="12345678-1234-4321-8765-123456789012"> - + \ No newline at end of file diff --git a/src/validations/constraints/content/ssp-responsible-party-is-person-INVALID.xml b/src/validations/constraints/content/ssp-responsible-party-is-person-INVALID.xml index 321c778df..77558dca9 100644 --- a/src/validations/constraints/content/ssp-responsible-party-is-person-INVALID.xml +++ b/src/validations/constraints/content/ssp-responsible-party-is-person-INVALID.xml @@ -45,7 +45,7 @@
US
- + Example Organization diff --git a/src/validations/constraints/content/ssp-responsible-party-prepared-by-location-valid-VALID-1.xml b/src/validations/constraints/content/ssp-responsible-party-prepared-by-location-valid-VALID-1.xml index deffeb3d5..62280758a 100644 --- a/src/validations/constraints/content/ssp-responsible-party-prepared-by-location-valid-VALID-1.xml +++ b/src/validations/constraints/content/ssp-responsible-party-prepared-by-location-valid-VALID-1.xml @@ -10,7 +10,7 @@ 1.1 1.1.2 SSP-2024-002 - + Prepared By @@ -136,15 +136,15 @@ - F00000001 + F00000001 Enhanced Example System System's Short Name or Acronym

This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.

- - - + + + @@ -227,8 +227,8 @@ System Administrator - - + + system-admin Admin @@ -258,8 +258,8 @@

Secure connection to an external API for data enrichment.

- - + + 11111111-0000-4000-9000-000000000001 @@ -278,7 +278,7 @@ - + 11111111-0000-4000-9000-000000000001 @@ -293,15 +293,15 @@

Implementation of controls for the Enhanced Example System

- - + +

Access Control Policy and Procedures (AC-1) is fully implemented in our system.

- + 11111111-0000-4000-9000-000000000001 @@ -309,14 +309,14 @@
- +

Information System Component Inventory (CM-8) is partially implemented.

- + 11111111-0000-4000-9000-000000000001 @@ -330,7 +330,7 @@

Detailed access control policy document

- +
@@ -411,7 +411,7 @@

Separation of Duties Matrix

- + @@ -427,7 +427,7 @@

Authorization Boundary Diagram

- + @@ -442,7 +442,7 @@

Network Architecture Diagram

- + @@ -457,7 +457,7 @@

Data flow Diagram

- + diff --git a/src/validations/constraints/content/ssp-responsible-party-prepared-for-location-valid-VALID-1.xml b/src/validations/constraints/content/ssp-responsible-party-prepared-for-location-valid-VALID-1.xml index 2cbfddbc6..331191dfe 100644 --- a/src/validations/constraints/content/ssp-responsible-party-prepared-for-location-valid-VALID-1.xml +++ b/src/validations/constraints/content/ssp-responsible-party-prepared-for-location-valid-VALID-1.xml @@ -10,7 +10,7 @@ 1.1 1.1.2 SSP-2024-002 - + Prepared For @@ -132,15 +132,15 @@ - F00000001 + F00000001 Enhanced Example System System's Short Name or Acronym

This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.

- - - + + + @@ -223,8 +223,8 @@ System Administrator - - + + system-admin Admin @@ -254,8 +254,8 @@

Secure connection to an external API for data enrichment.

- - + + 11111111-0000-4000-9000-000000000001 @@ -274,7 +274,7 @@ - + 11111111-0000-4000-9000-000000000001 @@ -289,15 +289,15 @@

Implementation of controls for the Enhanced Example System

- - + +

Access Control Policy and Procedures (AC-1) is fully implemented in our system.

- + 11111111-0000-4000-9000-000000000001 @@ -305,14 +305,14 @@
- +

Information System Component Inventory (CM-8) is partially implemented.

- + 11111111-0000-4000-9000-000000000001 @@ -326,7 +326,7 @@

Detailed access control policy document

- +
@@ -407,7 +407,7 @@

Separation of Duties Matrix

- + @@ -423,7 +423,7 @@

Authorization Boundary Diagram

- + @@ -438,7 +438,7 @@

Network Architecture Diagram

- + @@ -453,7 +453,7 @@

Data flow Diagram

- + diff --git a/src/validations/constraints/content/ssp-saas-has-leveraged-authorization-VALID.xml b/src/validations/constraints/content/ssp-saas-has-leveraged-authorization-VALID.xml index d501f09d9..d94c243f3 100644 --- a/src/validations/constraints/content/ssp-saas-has-leveraged-authorization-VALID.xml +++ b/src/validations/constraints/content/ssp-saas-has-leveraged-authorization-VALID.xml @@ -10,7 +10,7 @@ 1.1 1.1.2 SSP-2024-002 - + @@ -157,7 +157,7 @@ - F00000001 + F00000001 Enhanced Example System System's Short Name or Acronym @@ -173,11 +173,11 @@

Remarks are required if service model is "other". Optional otherwise.

- + - + fips-199-moderate @@ -272,8 +272,8 @@ System Administrator - - + + system-admin Admin @@ -303,8 +303,8 @@

Secure connection to an external API for data enrichment.

- - + + 11111111-0000-4000-9000-000000000001 @@ -323,7 +323,7 @@ - + 11111111-0000-4000-9000-000000000001 @@ -341,7 +341,7 @@ - + 11111111-0000-4000-9000-000000000001 @@ -357,15 +357,15 @@

Implementation of controls for the Enhanced Example System

- - + +

Access Control Policy and Procedures (AC-1) is fully implemented in our system.

- + 11111111-0000-4000-9000-000000000001 @@ -373,14 +373,14 @@
- +

Information System Component Inventory (CM-8) is partially implemented.

- + 11111111-0000-4000-9000-000000000001 @@ -394,7 +394,7 @@

Detailed access control policy document

- +
@@ -475,7 +475,7 @@

Separation of Duties Matrix

- + @@ -491,7 +491,7 @@

Authorization Boundary Diagram

- + @@ -506,7 +506,7 @@

Network Architecture Diagram

- + @@ -521,7 +521,7 @@

Data flow Diagram

- + diff --git a/src/validations/constraints/content/ssp-unique-inventory-item-asset-id-INVALID.xml b/src/validations/constraints/content/ssp-unique-inventory-item-asset-id-INVALID.xml index 5460bc49d..06768b340 100644 --- a/src/validations/constraints/content/ssp-unique-inventory-item-asset-id-INVALID.xml +++ b/src/validations/constraints/content/ssp-unique-inventory-item-asset-id-INVALID.xml @@ -9,7 +9,7 @@ - + 11111111-0000-4000-9000-000000000001 @@ -26,7 +26,7 @@ - + 11111111-0000-4000-9000-000000000001 diff --git a/src/validations/constraints/content/ssp-user-authentication-INVALID.xml b/src/validations/constraints/content/ssp-user-authentication-INVALID.xml index 2f95792f2..beddedf80 100644 --- a/src/validations/constraints/content/ssp-user-authentication-INVALID.xml +++ b/src/validations/constraints/content/ssp-user-authentication-INVALID.xml @@ -7,8 +7,8 @@ - - + +

If 'yes', describe the authentication method.

If 'no', explain why no authentication is used.

@@ -24,8 +24,8 @@ - - + +

If 'yes', describe the authentication method.

If 'no', explain why no authentication is used.

@@ -36,9 +36,9 @@ - - - + + +

If 'yes', describe the authentication method in the remarks.

If 'no', explain why no authentication is used in the remarks.

@@ -54,7 +54,7 @@ - +

If 'yes', describe the authentication method in the remarks.

If 'no', explain why no authentication is used in the remarks.

@@ -70,7 +70,7 @@ - +

If 'yes', describe the authentication method in the remarks.

If 'no', explain why no authentication is used in the remarks.

diff --git a/src/validations/constraints/content/ssp-user-privilege-level-INVALID.xml b/src/validations/constraints/content/ssp-user-privilege-level-INVALID.xml index 695e56111..d7b35a773 100644 --- a/src/validations/constraints/content/ssp-user-privilege-level-INVALID.xml +++ b/src/validations/constraints/content/ssp-user-privilege-level-INVALID.xml @@ -2,7 +2,7 @@ - + diff --git a/src/validations/constraints/content/ssp-user-sensitivity-level-INVALID.xml b/src/validations/constraints/content/ssp-user-sensitivity-level-INVALID.xml index a1e2b8801..6332bfb15 100644 --- a/src/validations/constraints/content/ssp-user-sensitivity-level-INVALID.xml +++ b/src/validations/constraints/content/ssp-user-sensitivity-level-INVALID.xml @@ -2,7 +2,7 @@ - + diff --git a/src/validations/constraints/fedramp-external-allowed-values.xml b/src/validations/constraints/fedramp-external-allowed-values.xml index c7978f24d..420014924 100644 --- a/src/validations/constraints/fedramp-external-allowed-values.xml +++ b/src/validations/constraints/fedramp-external-allowed-values.xml @@ -30,7 +30,7 @@ Controlled Unclassified Information - + Attachment Type Identifies the type of attachment. Law or Statute @@ -71,7 +71,7 @@
- + Authorization Type The FedRAMP Authorization Type FedRAMP JAB P-ATO @@ -127,7 +127,7 @@ Other - + Nature of Agreement for External Systems Identifies nature of agreement for external systems. @@ -140,7 +140,7 @@ A service-level agreement between the CSP and the organization that owns the external system. - + FedRAMP Version Identifies the FedRAMP version of the document. FedRAMP Version @@ -326,7 +326,7 @@ NIST SP 800-60 Volume 2 Revision 1 - + Interconnection Direction Identifies the direction of information flow for the interconnection. Incoming @@ -367,7 +367,7 @@ No - + Nature of Agreement for Leveraged Authorizations Identifies nature of agreement for leveraged authorizations. @@ -379,7 +379,7 @@ A service-level agreement between the CSP and the organization that owns the leveraged system. - + Privilege Level The privilege level of the user. @@ -389,7 +389,7 @@ No Access - + Scan Type Identifies the type of scan. Infrastructure and Operating System Scan @@ -398,7 +398,7 @@ Other - + User Authentication Identifies if user authentication is required. @@ -412,7 +412,7 @@
- + Privilege Level The privilege level of the user. @@ -422,7 +422,7 @@ No Access - + User Sensitvity Level Sensitivity level of the user. diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml index eebb1b89a..f8f3030ee 100644 --- a/src/validations/constraints/fedramp-external-constraints.xml +++ b/src/validations/constraints/fedramp-external-constraints.xml @@ -7,7 +7,7 @@ - + Fedramp Version A FedRAMP document's metadata MUST define a valid FedRAMP version. @@ -32,7 +32,7 @@ A FedRAMP document MUST define a user with at least one authorized privilege by a privilege identifier. - + User Has Privilege Level A FedRAMP document MUST define a user with a privilege for their use of the system. @@ -60,7 +60,7 @@ - + Prop Response Point Has Cardinality One MUST NOT have Duplicate response point at '{ path(.) }'. @@ -81,7 +81,7 @@ - + Component Has Authentication Method A FedRAMP SSP MUST include at least one authentication method for each leveraged system. @@ -106,7 +106,7 @@ A FedRAMP SSP MUST import a profile or catalog with a valid file or HTTP(S) address. - + Import Profile resolves to Fedramp content A FedRAMP SSP MUST import a profile or catalog of security controls to reference implemented requirements against those control(s). @@ -274,12 +274,12 @@ - + Fully Operational Date Is Valid A system MUST be fully implemented prior to submitting the SSP to FedRAMP. - + Fully Operational Date Type @@ -287,7 +287,7 @@ A FedRAMP SSP MUST specify the system's fully operational data as a "full-date" per RFC3339 with the addition of a timezone. --> - + Fully Operational Date A FedRAMP SSP MUST define the system's fully operational date. @@ -483,7 +483,7 @@ A FedRAMP SSP document MUST specify a FIPS 199 categorization. - + Has System Id A FedRAMP SSP MUST have a FedRAMP system identifier. @@ -528,17 +528,17 @@ A FedRAMP SSP system implementation section MUST have at least two inventory items. - + Leveraged Authorization Has Authorization Type A FedRAMP SSP MUST define exactly one authorization type for each leveraged authorization entry. - + Leveraged Authorization Has Impact Level A FedRAMP SSP MUST define exactly one impact level for each leveraged authorization entry. - + Leveraged Authorization Has System Identifier A FedRAMP SSP MUST define exactly one system identifier for each leveraged authorization entry. @@ -568,7 +568,7 @@ - + Authentication Method Has Remarks Each authentication method in a FedRAMP SSP MUST have a remarks field. diff --git a/src/validations/constraints/unit-tests/has-system-id-FAIL.yaml b/src/validations/constraints/unit-tests/has-system-id-FAIL.yaml index c63afee41..abbfdc6f0 100644 --- a/src/validations/constraints/unit-tests/has-system-id-FAIL.yaml +++ b/src/validations/constraints/unit-tests/has-system-id-FAIL.yaml @@ -1,6 +1,6 @@ test-case: name: Negative Test for has-system-id - description: Test that a SSP system-characteristics system-id identifier-type attribute is not equal to 'https://fedramp.gov'. + description: Test that a SSP system-characteristics system-id identifier-type attribute is not equal to 'http://fedramp.gov/ns/oscal'. content: ../content/ssp-has-system-id-INVALID.xml expectations: - constraint-id: has-system-id diff --git a/src/validations/constraints/unit-tests/has-system-id-PASS.yaml b/src/validations/constraints/unit-tests/has-system-id-PASS.yaml index 2372e593e..89472914c 100644 --- a/src/validations/constraints/unit-tests/has-system-id-PASS.yaml +++ b/src/validations/constraints/unit-tests/has-system-id-PASS.yaml @@ -1,6 +1,6 @@ test-case: name: Positive Test for has-system-id - description: Test that a SSP system-characteristics system-id identifier-type attribute is equal to 'https://fedramp.gov'. + description: Test that a SSP system-characteristics system-id identifier-type attribute is equal to 'http://fedramp.gov/ns/oscal'. content: ../content/ssp-all-VALID.xml expectations: - constraint-id: has-system-id