Skip to content

Commit

Permalink
Add new metapath target to 'security-level' constraint (#1079)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Gabeblis
Gabeblis authored Jan 9, 2025
1 parent 608080d commit 8c1a343
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 2 deletions.
9 changes: 9 additions & 0 deletions src/validations/constraints/content/ssp-security-level-INVALID.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,13 @@
<security-objective-availability>INVALID-fips-199-moderate</security-objective-availability>
</security-impact-level>
</system-characteristics>
<system-implementation>
<leveraged-authorization uuid="11111111-2222-4000-8000-019000000001">
<prop ns="http://fedramp.gov/ns/oscal" name="impact-level" value="INVALID-fips-199-moderate">
<remarks>
<p>For now, this is a required field. In the future we intend to pull this information directly from FedRAMP's records based on the "leveraged-system-identifier" property's value.</p>
</remarks>
</prop>
</leveraged-authorization>
</system-implementation>
</system-security-plan>
5 changes: 3 additions & 2 deletions src/validations/constraints/fedramp-external-allowed-values.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -647,9 +647,10 @@
<metapath target="/system-security-plan/system-characteristics/security-sensitivity-level"/>
<metapath target="/system-security-plan/system-characteristics/security-impact-level/(security-objective-confidentiality|security-objective-integrity|security-objective-availability)"/>
<metapath target="/system-security-plan/system-characteristics/system-information/information-type/(confidentiality-impact|integrity-impact|availability-impact)/(base|selected)"/>
<metapath target="/system-security-plan/system-implementation/leveraged-authorization"/>
<constraints>

<allowed-values id="security-level" target="." allow-other="no" level="ERROR">
<let var="security-level-target" expression="if (prop[@name='impact-level' and @ns='http://fedramp.gov/ns/oscal']) then prop[@name='impact-level' and @ns='http://fedramp.gov/ns/oscal']/@value else ."/>
<allowed-values id="security-level" target="$security-level-target" allow-other="no" level="ERROR">
<formal-name>Security Impact Level</formal-name>
<description>The security objective level as defined by <a href="https://doi.org/10.6028/NIST.SP.800-60v1r1">NIST SP 800-60</a>.
</description>
Expand Down

0 comments on commit 8c1a343

Please sign in to comment.