Relocate to proper context per AC for GSA#833

kyhu65867 · Nov 8, 2024 · 8fd1c54 · 8fd1c54
1 parent d37d0dd
commit 8fd1c54
Showing 1 changed file with 27 additions and 23 deletions.
diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
@@ -18,9 +18,34 @@
             </expect>
         </constraints>
     </context>
+    <context>
+        <metapath target="/(assessment-plan|assessment-results|plan-of-action-and-milestones|system-security-plan)/metadata"/>
+        <constraints>
+            <let var="preferred-version" expression="'3.0.0-rc1'"/>
+            <let var="fedramp-minimum-oscal-versions" expression="map{'3.0.0-rc1': '1.1.2'}"/>
+            <let var="doc-fedramp-version" expression="prop[@name='fedramp-version'][@ns='https://fedramp.gov/ns/oscal']"/>
+            <let var="fedramp-required-minimum-version" 
+                expression="if (empty($doc-fedramp-version/@value))
+                    then map:get($fedramp-minimum-oscal-versions, $preferred-version)
+                    else map:get($fedramp-minimum-oscal-versions, $doc-fedramp-version/@value)"/>
+            <let var="required-doc-oscal-version-parts" expression="tokenize($fedramp-required-minimum-version, '\.')"/>
+            <let var="doc-oscal-version-parts" expression="tokenize(oscal-version, '\.')"/>
+            <let var="major-version-valid" expression="$doc-oscal-version-parts[1]  = $required-doc-oscal-version-parts[1]">
+                <remarks>
+                    <p>FedRAMP considers every major version as a possible source of backwards-compatible changes. FedRAMP only accepts versions with the same major version, but not newer.</p>
+                </remarks>
+            </let>
+            <let var="minor-version-valid" expression="$doc-oscal-version-parts[2] >= $required-doc-oscal-version-parts[2]"/>
+            <let var="patch-version-valid" expression="$doc-oscal-version-parts[3] >= $required-doc-oscal-version-parts[3]"/>
+            <expect id="oscal-version-matches-fedramp-version" target="oscal-version" level="WARNING"
+                test="$major-version-valid and $minor-version-valid and $patch-version-valid">
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://docs.oasis-open.org/sarif/sarif/v2.1.0"/>                
+                <message>A FedRAMP document SHOULD have an OSCAL version that matches the minimally required version for FedRAMP packages ({$fedramp-required-minimum-version} not {.}).</message>
+            </expect>
+        </constraints>
+    </context>
     <context>
         <metapath target="//user"/>
-
         <constraints>
             <expect id="user-has-authorized-privilege" target="." test="count(authorized-privilege) gt 0">
                 <formal-name>User Has Authorized Privilege</formal-name>
@@ -149,28 +174,7 @@
 
     <context>
         <metapath target="/system-security-plan/metadata"/>
-        <constraints>
-            <let var="preferred-version" expression="'3.0.0-rc1'"/>
-            <let var="fedramp-minimum-oscal-versions" expression="map{'3.0.0-rc1': '1.1.2'}"/>
-            <let var="doc-fedramp-version" expression="prop[@name='fedramp-version'][@ns='https://fedramp.gov/ns/oscal']"/>
-            <let var="fedramp-required-minimum-version" 
-                expression="if (empty($doc-fedramp-version/@value))
-                    then map:get($fedramp-minimum-oscal-versions, $preferred-version)
-                    else map:get($fedramp-minimum-oscal-versions, $doc-fedramp-version/@value)"/>
-            <let var="required-doc-oscal-version-parts" expression="tokenize($fedramp-required-minimum-version, '\.')"/>
-            <let var="doc-oscal-version-parts" expression="tokenize(oscal-version, '\.')"/>
-            <let var="major-version-valid" expression="$doc-oscal-version-parts[1]  = $required-doc-oscal-version-parts[1]">
-                <remarks>
-                    <p>FedRAMP considers every major version as a possible source of backwards-compatible changes. FedRAMP only accepts versions with the same major version, but not newer.</p>
-                </remarks>
-            </let>
-            <let var="minor-version-valid" expression="$doc-oscal-version-parts[2] >= $required-doc-oscal-version-parts[2]"/>
-            <let var="patch-version-valid" expression="$doc-oscal-version-parts[3] >= $required-doc-oscal-version-parts[3]"/>
-            <expect id="oscal-version-matches-fedramp-version" target="oscal-version" level="WARNING"
-                test="$major-version-valid and $minor-version-valid and $patch-version-valid">
-                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://docs.oasis-open.org/sarif/sarif/v2.1.0"/>                
-                <message>A FedRAMP document SHOULD have an OSCAL version that matches the minimally required version for FedRAMP packages ({$fedramp-required-minimum-version} not {.}).</message>
-            </expect>            
+        <constraints>      
             <expect id="data-center-alternate" target="." test="count(/location/prop[@name eq 'type'][@value eq 'data-center'][@class eq 'alternate']) &gt; 0">
                 <formal-name>Data Center Alternate</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0"  name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#data-centers"/>