Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Latest Example SSP Changes #1162

Open
wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

Add Latest Example SSP Changes #1162

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
6c2e18d
Add Latest Example SSP Changes
Gabeblis Feb 14, 2025
bcedb8d
First Pass Fix Errors
Gabeblis Feb 18, 2025
ab9f04f
Second Pass Fix Errors
Gabeblis Feb 19, 2025
a12fc5f
Third Pass Fix Errors
Gabeblis Feb 19, 2025
9914d24
Fourth Pass Fix Errors
Gabeblis Feb 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 0 additions & 3 deletions features/fedramp_extensions.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,6 @@ Examples:
| network-component-has-implementation-point |
| non-provider-responsible-role-references-user |
| party-has-name |
| privilege-level |
| prop-response-point-has-cardinality-one |
| resource-has-base64-or-rlink |
| resource-has-title |
Expand Down Expand Up @@ -494,8 +493,6 @@ Examples:
| non-provider-responsible-role-references-user-PASS.yaml |
| party-has-name-FAIL.yaml |
| party-has-name-PASS.yaml |
| privilege-level-FAIL.yaml |
| privilege-level-PASS.yaml |
| resource-has-base64-or-rlink-FAIL.yaml |
| resource-has-base64-or-rlink-PASS.yaml |
| resource-has-title-FAIL.yaml |
Expand Down
21,394 changes: 14,707 additions & 6,687 deletions src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
View file
Open in desktop

Large diffs are not rendered by default.

5 changes: 3 additions & 2 deletions src/validations/constraints/content/ssp-inventory-item-has-diagram-label-INVALID.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="11111111-2222-4000-8000-000000000000">
<system-implementation>
<component uuid="11111111-2222-4000-8000-009000000007" type="process-procedure">
<component uuid="11111111-2222-4000-8000-009000000007" type="service">
<!-- <prop name='diagram-label' ns='http://fedramp.gov/ns/oscal' value='label'/> Missing "diagram-label" prop. -->
</component>
<inventory-item uuid="11111111-2222-4000-8000-011000000001">
<!-- <prop name='diagram-label' ns='http://fedramp.gov/ns/oscal' value='label'/> Missing "diagram-label" prop. -->
<!-- <prop name='diagram-label' ns='http://fedramp.gov/ns/oscal' value='label'/> -->
<implemented-component component-uuid="11111111-2222-4000-8000-009000000007"/>
</inventory-item>
</system-implementation>
</system-security-plan>
11 changes: 0 additions & 11 deletions src/validations/constraints/content/ssp-privilege-level-INVALID.xml
View file
Open in desktop

This file was deleted.

10 changes: 0 additions & 10 deletions src/validations/constraints/fedramp-external-allowed-values.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -596,16 +596,6 @@
<enum value="cui">Controlled Unclassified Information</enum>
</allowed-values>

<allowed-values id="privilege-level" target="system-implementation/user/prop[@name='privilege-level'][@ns='http://fedramp.gov/ns/oscal']/@value" allow-other="no" level="ERROR">
<formal-name>Privilege Level</formal-name>
<description>The privilege level of the user.</description>
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>
<enum value="read">Read</enum>
<enum value="read-write">Read-Write</enum>
<enum value="write">Write</enum>
<enum value="no-access">No Access</enum>
</allowed-values>

<allowed-values id="scan-type" target="system-implementation//prop[@name='scan-type'][@ns='http://fedramp.gov/ns/oscal']/@value" allow-other="no" level="ERROR">
<formal-name>Scan Type</formal-name>
<description>Identifies the type of scan.</description>
Expand Down
12 changes: 6 additions & 6 deletions src/validations/constraints/fedramp-external-constraints.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,22 +11,22 @@
<expect id="cryptographic-module-component-has-function" target=".[@type='software' and prop[@name='asset-type' and @value='cryptographic-module']]" test="(count(prop[@name='function']) eq 1) and (if (prop[@name='function' and @value='other']) then exists(prop[@name='function' and @value='other']/remarks) else true())" level="ERROR">
<formal-name>Cryptographic Module Component Has Function</formal-name>
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
<message>In a FedRAMP SSP, a crytographic module component MUST include its function and use remarks to describe its function.</message>
<message>In a FedRAMP SSP, a cryptographic module component MUST include its function and use remarks to describe its function.</message>
</expect>
<expect id="cryptographic-module-component-has-provided-by-link" target=".[@type='software' and prop[@name='asset-type' and @value='cryptographic-module']]" test="count(link[@rel='provided-by']) >= 1" level="ERROR">
<formal-name>Cryptographic Module Component Has Provided By Link</formal-name>
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
<message>In a FedRAMP SSP, a crytographic module component MUST include at least one "provided by" link.</message>
<message>In a FedRAMP SSP, a cryptographic module component MUST include at least one "provided by" link.</message>
</expect>
<expect id="cryptographic-module-component-has-used-by-link" target=".[@type='software' and prop[@name='asset-type' and @value='cryptographic-module']]" test="count(link[@rel='used-by']) >= 1" level="ERROR">
<formal-name>Cryptographic Module Component Has Used By Link</formal-name>
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
<message>In a FedRAMP SSP, a crytographic module component MUST include at least one "used by" link.</message>
<message>In a FedRAMP SSP, a cryptographic module component MUST include at least one "used by" link.</message>
</expect>
<expect id="cryptographic-module-component-has-validation-link" target=".[@type='software' and prop[@name='asset-type' and @value='cryptographic-module']]" test="count(link[@rel='validation']) >= 1" level="ERROR">
<formal-name>Cryptographic Module Component Has Validation Link</formal-name>
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
<message>In a FedRAMP SSP, a crytographic module component MUST include at least one "validation" link.</message>
<message>In a FedRAMP SSP, a cryptographic module component MUST include at least one "validation" link.</message>
</expect>
</constraints>
</context>
Expand Down Expand Up @@ -912,12 +912,12 @@
'si-1_smt.a' : 'at least one procedure that addresses System and Information Integrity MUST be associated with SI-1 part a.',
'sr-1_smt.a' : 'at least one procedure that addresses Supply Chain Risk Management MUST be associated with SR-1 part a.'}"/>
<let var="component-uuid" expression="by-component/@component-uuid"/>
<expect id="has-policy" target=".[@statement-id=$control-statement-ids]" test="some $uuid in $component-uuid satisfies count(../../../system-implementation/component[@uuid=$component-uuid and @type='policy']) >= 1" level="ERROR">
<expect id="has-policy" target=".[@statement-id=$control-statement-ids]" test="some $uuid in $component-uuid satisfies count(../../../system-implementation/component[@uuid=$uuid and @type='policy']) >= 1" level="ERROR">
<formal-name>Has Policy</formal-name>
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/6-security-controls/#organization-policy-and-procedure-statements"/>
<message>In a FedRAMP SSP, {$policy-messages(./@statement-id)}</message>
</expect>
<expect id="has-procedure" target=".[@statement-id=$control-statement-ids]" test="some $uuid in $component-uuid satisfies count(../../../system-implementation/component[@uuid=$component-uuid and @type='process-procedure']) >= 1" level="ERROR">
<expect id="has-procedure" target=".[@statement-id=$control-statement-ids]" test="some $uuid in $component-uuid satisfies count(../../../system-implementation/component[@uuid=$uuid and @type='process-procedure']) >= 1" level="ERROR">
<formal-name>Has Procedure</formal-name>
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/6-security-controls/#organization-policy-and-procedure-statements"/>
<message>In a FedRAMP SSP, {$procedure-messages(./@statement-id)}</message>
Expand Down
7 changes: 0 additions & 7 deletions src/validations/constraints/unit-tests/privilege-level-FAIL.yaml
View file
Open in desktop

This file was deleted.

7 changes: 0 additions & 7 deletions src/validations/constraints/unit-tests/privilege-level-PASS.yaml
View file
Open in desktop

This file was deleted.

Loading