Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create constraints for "validation" components #1156

Open
18 tasks done
Rene2mt opened this issue Feb 7, 2025 · 0 comments · May be fixed by #1158
Open
18 tasks done

Create constraints for "validation" components #1156

Rene2mt opened this issue Feb 7, 2025 · 0 comments · May be fixed by #1158
Assignees
@Gabeblis
Labels
constraint: completeness enhancement New feature or request model: ssp scope: constraints type: task
Milestone
Digital Authoriza...

Comments

@Rene2mt
Copy link
Member

Rene2mt commented Feb 7, 2025
edited by Gabeblis
Loading

Constraint Task

Consistent with issue #606, this task focuses on constraints for "validation" components.

Intended Outcome

Ensure that all components of type "validation":

  • must have a "validation-reference" prop
  • the "validation-reference" prop contains the NIST lab certificate number. Note - see CMVP search. The certificate numbers are usually a four digit number (e.g., 0000)
  • must have a "proof-of-compliance" link
  • the "proof-of-compliance" link must contain an @href flag with valu that is resolvable to the public internet.

Syntax Type

This is required core OSCAL syntax.

Allowed Values

There are no relevant allowed values.

Metapath(s) to Content

context="//component[ @type='validation' and ./prop[@name='asset-type' and @value='cryptographic-module']  and  ./prop[@name='validation-type' and @value=('fips-140-2', 'fips-140-3')]  ]"

Purpose of the OSCAL Content

Validation components provide details about how each cryptographic module was independently validated. FedRAMP requires that where cryptography is utilized, it must be done with FIPS validated cryptographic modules.

Dependencies

No response

Acceptance Criteria

  • All OSCAL adoption content affected by the change in this issue have been updated in accordance with the Documentation Standards.
    • Explanation is present and accurate
    • sample content is present and accurate
    • Metapath is present, accurate, and does not throw a syntax exception using oscal-cli metaschema metapath eval -e "expression".
  • All constraints associated with the review task have been created
  • The appropriate example OSCAL file is updated with content that demonstrates the FedRAMP-compliant OSCAL presentation.
  • The constraint conforms to the FedRAMP Constraint Style Guide.
    • All automated and manual review items that identify non-conformance are addressed; or technical leads (David Waltermire; AJ Stein) have approved the PR and “override” the style guide requirement.
  • Known good test content is created for unit testing.
  • Known bad test content is created for unit testing.
  • Unit testing is configured to run both known good and known bad test content examples.
  • Passing and failing unit tests, and corresponding test vectors in the form of known valid and invalid OSCAL test files, are created or updated for each constraint.
  • A Pull Request (PR) is submitted that fully addresses the goals section of the User Story in the issue.
  • This issue is referenced in the PR.

Other information

No response
@Rene2mt Rene2mt added this to the Digital Authorization Phase 1 milestone Feb 7, 2025
@Rene2mt Rene2mt moved this from 🆕 New to 🔖 Ready in FedRAMP Automation Feb 7, 2025
@Gabeblis Gabeblis self-assigned this Feb 11, 2025
@Gabeblis Gabeblis moved this from 🔖 Ready to 🏗 In progress in FedRAMP Automation Feb 11, 2025
@Gabeblis Gabeblis linked a pull request Feb 12, 2025 that will close this issue
Open
7 tasks
@Gabeblis Gabeblis linked a pull request Feb 12, 2025 that will close this issue
Add Validation Component Constraints #1158
Open
7 tasks
@Gabeblis Gabeblis moved this from 🏗 In progress to 👀 In review in FedRAMP Automation Feb 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Gabeblis Gabeblis

Labels
constraint: completeness enhancement New feature or request model: ssp scope: constraints type: task
Projects
FedRAMP Automation
Status: 👀 In review
Milestone
Digital Authorization Phase 1
Development

Successfully merging a pull request may close this issue.

Add Validation Component Constraints Gabeblis/fedramp-automation
2 participants
@Rene2mt @Gabeblis