Add responsible-party-is-person constraint

features/fedramp_extensions.feature

@@ -53,6 +53,8 @@ Examples:
   | resource-has-title-PASS.yaml |
   | response-point-FAIL.yaml |
   | response-point-PASS.yaml |
+  | responsible-party-is-person-FAIL.yaml |
+  | responsible-party-is-person-PASS.yaml |
   | scan-type-FAIL.yaml |
   | scan-type-PASS.yaml |
   | user-type-FAIL.yaml |
@@ -91,6 +93,7 @@ Examples:
   | prop-response-point-has-cardinality-one |
   | resource-has-base64-or-rlink |
   | resource-has-title |
+  | responsible-party-is-person |
   | scan-type |
   | user-type |
 #END_DYNAMIC_CONSTRAINT_IDS

src/validations/constraints/content/ssp-all-INVALID.xml

@@ -23,6 +23,48 @@
     <role id="asset-owner">
       <title>Asset Owner</title>
     </role>
+    <role id="system-owner">
+      <title>Information System Owner</title>
+      <description>
+         <p>The individual within the CSP who is ultimately accountable for everything related to this system.</p>
+      </description>
+   </role>
+   <role id="authorizing-official">
+      <title>Authorizing Official</title>
+      <description>
+         <p>The individual or individuals who must grant this system an authorization to operate.</p>
+      </description>
+   </role>
+   <role id="authorizing-official-poc">
+      <title>Authorizing Official's Point of Contact</title>
+      <description>
+         <p>The individual representing the authorizing official.</p>
+      </description>
+   </role>
+   <role id="system-poc-management">
+      <title>Information System Management Point of Contact (POC)</title>
+      <description>
+         <p>The highest level manager who responsible for system operation on behalf of the System Owner.</p>
+      </description>
+   </role>
+   <role id="system-poc-technical">
+      <title>Information System Technical Point of Contact</title>
+      <description>
+         <p>The individual or individuals leading the technical operation of the system.</p>
+      </description>
+   </role>
+   <role id="system-poc-other">
+      <title>General Point of Contact (POC)</title>
+      <description>
+         <p>A general point of contact for the system, designated by the system owner.</p>
+      </description>
+   </role>
+   <role id="information-system-security-officer">
+      <title>System Information System Security Officer (or Equivalent)</title>
+      <description>
+         <p>The individual accountable for the security posture of the system on behalf of the system owner.</p>
+      </description>
+   </role>
     <location uuid="11111112-0000-4000-9001-000000000009">
       <address >
         <country>WRONG</country>
@@ -48,6 +90,28 @@
       <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
     </responsible-party>
 
+    <responsible-party role-id="system-owner">
+      <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="authorizing-official">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="authorizing-official-poc">
+      <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="system-poc-management">
+      <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="system-poc-technical">
+      <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="system-poc-other">
+      <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="information-system-security-officer">
+      <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+    </responsible-party>
+
     <remarks>
       <p>This SSP is an example for demonstration purposes.</p>
     </remarks>