Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

931 Connection Security for Network Component #938

Merged
merged 1 commit into from
Dec 4, 2024
Merged

931 Connection Security for Network Component #938

merged 1 commit into from
Dec 4, 2024

Conversation

kyhu65867
Copy link

@kyhu65867 kyhu65867 commented Nov 25, 2024
edited
Loading

… work because I am still figuring out oscal syntax

Committer Notes

This is a draft. I may need some help tomorrow figuring out if there is a connection security property or if it should be "interconnection security"
Addresses issue #931

All Submissions:

By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.

Gabeblis
Gabeblis requested changes Nov 26, 2024
View reviewed changes
Copy link
Contributor

@Gabeblis Gabeblis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some small changes to get the tests passing so we can open this for review 😄

...lidations/constraints/content/ssp-network-component-has-connection-security-prop-INVALID.xml Show resolved Hide resolved
...lidations/constraints/content/ssp-network-component-has-connection-security-prop-INVALID.xml Show resolved Hide resolved
src/validations/constraints/fedramp-external-constraints.xml Outdated Show resolved Hide resolved
@Gabeblis Gabeblis linked an issue Nov 26, 2024 that may be closed by this pull request
Connection security property for network components #931
Closed
14 tasks
@kyhu65867 kyhu65867 marked this pull request as ready for review November 26, 2024 19:56
@kyhu65867 kyhu65867 requested a review from a team as a code owner November 26, 2024 19:56
Gabeblis
Gabeblis requested changes Nov 27, 2024
View reviewed changes
Copy link
Contributor

@Gabeblis Gabeblis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Just a couple suggestions for improvement.

src/validations/constraints/fedramp-external-constraints.xml Outdated Show resolved Hide resolved
src/validations/constraints/fedramp-external-constraints.xml Outdated Show resolved Hide resolved
@kyhu65867 kyhu65867 force-pushed the 931-connection-security branch from 6625c35 to 9bcc47b Compare November 27, 2024 17:15
@kyhu65867 kyhu65867 requested a review from a team November 27, 2024 17:59
wandmagic
wandmagic previously approved these changes Nov 27, 2024
View reviewed changes
DimitriZhurkin
DimitriZhurkin previously approved these changes Nov 27, 2024
View reviewed changes
Gabeblis
Gabeblis previously approved these changes Nov 29, 2024
View reviewed changes
Copy link
Contributor

@Gabeblis Gabeblis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good 😄 I'd just make sure the necessary documentation gets added.

@Gabeblis Gabeblis changed the title 931 Connection Security for Network Component [Pending Documentation] 931 Connection Security for Network Component Nov 29, 2024
@aj-stein-gsa aj-stein-gsa mentioned this pull request Nov 29, 2024
Merged
@kyhu65867 kyhu65867 dismissed stale reviews from Gabeblis, DimitriZhurkin, and wandmagic via 5c8e7fa December 2, 2024 15:16
@kyhu65867 kyhu65867 force-pushed the 931-connection-security branch from 5c8e7fa to 3cb6101 Compare December 2, 2024 16:48
aj-stein-gsa
aj-stein-gsa requested changes Dec 2, 2024
View reviewed changes
Copy link
Contributor

@aj-stein-gsa aj-stein-gsa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait, woops, just kidding (I am sorry to reverse course quickly): it seems I missed some changes, should @name="interconnection-security" not be @name="connection-security" per the requirements in #931?

@aj-stein-gsa
Copy link
Contributor

Wait, woops, just kidding (I am sorry to reverse course quickly): it seems I missed some changes, should @name="interconnection-security" not be @name="connection-security" per the requirements in #931?

@brian-ruf, I know the old way was prop[@name="interconnection-security"] (per https://github.com/GSA/fedramp-automation/blob/fedramp-2.0.0-oscal-1.0.4/dist/content/rev5/resources/xml/FedRAMP_extensions.xml#L445-L461) but the point of the newer requirements is we will obsolete interconnection-security as a name that is more specific than the broaded intent we discussed in Google Chat:

Rene summed it up well. Most technical components are "networked", but only for communication within the authorization boundary.

The point of these issues is communication that crosses the authorization boundary. I wanted the issue titles to be clear that they are all focusing on components whose communication crosses the boundary.

@kyhu65867
Copy link
Author

@GSA/fedramp-oscal-contributors should I add remarks to this constraint to describe that nuance of communication across the boundary?

@kyhu65867 kyhu65867 force-pushed the 931-connection-security branch 2 times, most recently from cb88e85 to 86ec51d Compare December 2, 2024 21:40
@aj-stein-gsa aj-stein-gsa mentioned this pull request Dec 2, 2024
Closed
7 tasks
@aj-stein-gsa aj-stein-gsa changed the title [Pending Documentation] 931 Connection Security for Network Component 931 Connection Security for Network Component Dec 3, 2024
@aj-stein-gsa
Copy link
Contributor

Updated PR title, relevant documentation PR has been merged.

@kyhu65867 kyhu65867 force-pushed the 931-connection-security branch from 4ce7874 to b5e5b51 Compare December 3, 2024 18:26
@kyhu65867 kyhu65867 force-pushed the 931-connection-security branch from 61f8b48 to 3e1b54a Compare December 3, 2024 20:33
@aj-stein-gsa aj-stein-gsa force-pushed the 931-connection-security branch from 7687c9c to 23a5449 Compare December 3, 2024 21:16
aj-stein-gsa
aj-stein-gsa previously approved these changes Dec 3, 2024
View reviewed changes
@aj-stein-gsa aj-stein-gsa force-pushed the 931-connection-security branch from 23a5449 to 72d26f5 Compare December 3, 2024 21:23
@wandmagic wandmagic merged commit 7312686 into GSA:develop Dec 4, 2024
6 checks passed
@aj-stein-gsa aj-stein-gsa mentioned this pull request Dec 4, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gabeblis Gabeblis Gabeblis approved these changes

@wandmagic wandmagic wandmagic approved these changes

@aj-stein-gsa aj-stein-gsa aj-stein-gsa left review comments

@DimitriZhurkin DimitriZhurkin Awaiting requested review from DimitriZhurkin

Assignees

@kyhu65867 kyhu65867

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Connection security property for network components
5 participants
@kyhu65867 @aj-stein-gsa @wandmagic @DimitriZhurkin @Gabeblis