Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSP Back-Matter constraints development #658

Closed
8 of 40 tasks
Rene2mt opened this issue Sep 9, 2024 · 1 comment
Closed
8 of 40 tasks

SSP Back-Matter constraints development #658

Rene2mt opened this issue Sep 9, 2024 · 1 comment
Labels
enhancement New feature or request model: ssp scope: constraints type: epic
Milestone
Digital Authoriza...

Comments

@Rene2mt
Copy link
Member

Rene2mt commented Sep 9, 2024
edited
Loading

This is a ...

improvement - something could be better

This relates to ...

  • the FedRAMP OSCAL Registry
  • the FedRAMP OSCAL baselines
  • the Guide to OSCAL-based FedRAMP Content
  • the Guide to OSCAL-based FedRAMP System Security Plans (SSP)
  • the Guide to OSCAL-based FedRAMP Security Assessment Plans (SAP)
  • the Guide to OSCAL-based FedRAMP Security Assessment Results (SAR)
  • the Guide to OSCAL-based FedRAMP Plan of Action and Milestones (POA&M)
  • the FedRAMP SSP OSCAL Template (JSON or XML Format)
  • the FedRAMP SAP OSCAL Template (JSON or XML Format)
  • the FedRAMP SAR OSCAL Template (JSON or XML Format)
  • the FedRAMP POA&M OSCAL Template (JSON or XML Format)

User Story

As a FedRAMP stakeholder, I need to use FedRAMP's external constraints so that I can make sure my OSCAL SSP back-matter content is valid in accordance with FedRAMP requirements.

Goals

The goal is to ensure the following FedRAMP validations are either developed as Metaschema-based constraints or dropped.

  • resource-is-referenced
  • attachment-type
  • resource-base64-available-filename
  • base64-has-content
  • resource-base64-available-media-type
  • has-allowed-media-type
  • transport-type
  • resource-has-base64-or-rlink
  • attachment-type-is-valid
  • resource-has-base64
  • resource-has-base64-cardinality
  • has-fedramp-logo
  • has-user-guide
  • has-rules-of-behavior
  • has-information-system-contingency-plan
  • has-configuration-management-plan
  • has-incident-response-plan
  • has-separation-of-duties-matrix
  • has-policy-link
  • has-policy-attachment-resource
  • has-procedure-link
  • has-procedure-attachment-resource
  • hash-algorithm
  • base64-has-filename

Dependencies

No response

Acceptance Criteria

  • Metaschema-based external constraint is developed

  • External constraint has PASS & FAIL unit tests

  • Unit test content (e.g., valid and invalid SSP) is provided

  • Constraints testing harness produces expected results when unit tests are run

  • The constraint is documented and mentioned in the https://automate.fedramp.gov/documentation site (confirm by reviewing SSP sub-pages)

  • All FedRAMP Documents Related to OSCAL Adoption (https://github.com/GSA/fedramp-automation) affected by the changes in this issue have been updated.

  • A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.

Other information

No response
@Rene2mt Rene2mt added this to the Digital Authorization Phase 1 milestone Sep 9, 2024
@aj-stein-gsa
Copy link
Contributor

Per discussion today with ongoing work in #626 and upcoming work to follow on how we publish our progress against the public strategy doc, we will close this out issue to be replaced with the thematic objective and epic issue approach.

(For public stakeholders who follow these updates, more to follow.)

@aj-stein-gsa aj-stein-gsa closed this as not planned Won't fix, can't repro, duplicate, stale Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request model: ssp scope: constraints type: epic
Projects
FedRAMP Automation
Archived in project
Milestone
Digital Authorization Phase 1
Development

No branches or pull requests
2 participants
@Rene2mt @aj-stein-gsa