From 1e9ae83852baf4df54923a3f9c5ac96f123049e2 Mon Sep 17 00:00:00 2001
From: Gabeblis <gabriel.rodriguez@gsa.gov>
Date: Tue, 10 Sep 2024 01:51:01 +0000
Subject: [PATCH] Add system-characteristics information-type constrains &
 tests

---
 features/fedramp_extensions.feature                  |  9 +++++++++
 .../constraints/content/ssp-all-INVALID.xml          | 12 +++---------
 .../constraints/fedramp-external-constraints.xml     |  9 +++++++++
 ...nformation-type-has-availability-impact-FAIL.yaml |  9 +++++++++
 ...nformation-type-has-availability-impact-PASS.yaml |  9 +++++++++
 ...rmation-type-has-confidentiality-impact-FAIL.yaml |  9 +++++++++
 ...rmation-type-has-confidentiality-impact-PASS.yaml |  9 +++++++++
 .../information-type-has-integrity-impact-FAIL.yaml  |  9 +++++++++
 .../information-type-has-integrity-impact-PASS.yaml  |  9 +++++++++
 9 files changed, 75 insertions(+), 9 deletions(-)
 create mode 100644 src/validations/constraints/unit-tests/information-type-has-availability-impact-FAIL.yaml
 create mode 100644 src/validations/constraints/unit-tests/information-type-has-availability-impact-PASS.yaml
 create mode 100644 src/validations/constraints/unit-tests/information-type-has-confidentiality-impact-FAIL.yaml
 create mode 100644 src/validations/constraints/unit-tests/information-type-has-confidentiality-impact-PASS.yaml
 create mode 100644 src/validations/constraints/unit-tests/information-type-has-integrity-impact-FAIL.yaml
 create mode 100644 src/validations/constraints/unit-tests/information-type-has-integrity-impact-PASS.yaml

diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature
index cff5d4a8b..bc2547a06 100644
--- a/features/fedramp_extensions.feature
+++ b/features/fedramp_extensions.feature
@@ -61,6 +61,12 @@ Examples:
   | has-separation-of-duties-matrix-PASS.yaml |
   | has-user-guide-FAIL.yaml |
   | has-user-guide-PASS.yaml |
+  | information-type-has-availability-impact-FAIL.yaml |
+  | information-type-has-availability-impact-PASS.yaml |
+  | information-type-has-confidentiality-impact-FAIL.yaml |
+  | information-type-has-confidentiality-impact-PASS.yaml |
+  | information-type-has-integrity-impact-FAIL.yaml |
+  | information-type-has-integrity-impact-PASS.yaml |
   | information-type-system-FAIL.yaml |
   | information-type-system-PASS.yaml |
   | interconnection-direction-FAIL.yaml |
@@ -125,6 +131,9 @@ Examples:
   | has-rules-of-behavior |
   | has-separation-of-duties-matrix |
   | has-user-guide |
+  | information-type-has-availability-impact |
+  | information-type-has-confidentiality-impact |
+  | information-type-has-integrity-impact |
   | information-type-system |
   | interconnection-direction |
   | interconnection-security |
diff --git a/src/validations/constraints/content/ssp-all-INVALID.xml b/src/validations/constraints/content/ssp-all-INVALID.xml
index 6ee6187dd..565a351b8 100644
--- a/src/validations/constraints/content/ssp-all-INVALID.xml
+++ b/src/validations/constraints/content/ssp-all-INVALID.xml
@@ -74,15 +74,9 @@
         <categorization system="https://unsupported-system.com">
           <!-- Removed information-type-id to ensure that categorization-has-information-type-id fails correctly. -->
         </categorization>
-        <confidentiality-impact>
-          <base>high</base>
-        </confidentiality-impact>
-        <integrity-impact>
-          <base>moderate</base>
-        </integrity-impact>
-        <availability-impact>
-          <base>low</base>
-        </availability-impact>
+        <!-- Confidentiality impact was removed to ensure that information-type-has-confidentiality-impact test fails correctly -->
+        <!-- Integrity impact was removed to ensure that information-type-has-integrity-impact test fails correctly -->
+        <!-- Availability impact was removed to ensure that information-type-has-availability-impact test fails correctly -->
       </information-type>
     </system-information>
     
diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
index a5b90dcf6..d34e2cafc 100644
--- a/src/validations/constraints/fedramp-external-constraints.xml
+++ b/src/validations/constraints/fedramp-external-constraints.xml
@@ -71,6 +71,15 @@
             <expect id="has-federation-assurance-level" target="./system-characteristics" test="prop[@name eq 'federation-assurance-level']" level="INFORMATIONAL">
             <message>This FedRAMP SSP does define its NIST SP 800-63 federation assurance level (IAL).</message>
             </expect>
+            <expect id="information-type-has-confidentiality-impact" target="./system-characteristics" test="system-information/information-type/confidentiality-impact" level="ERROR">
+                <message>An OSCAL SSP information type must have a confidentiality impact.</message>
+            </expect>
+            <expect id="information-type-has-integrity-impact" target="./system-characteristics" test="system-information/information-type/integrity-impact" level="ERROR">
+                <message>An OSCAL SSP information type must have an integrity impact.</message>
+            </expect>
+            <expect id="information-type-has-availability-impact" target="./system-characteristics" test="system-information/information-type/availability-impact" level="ERROR">
+                <message>An OSCAL SSP information type must have an availability impact.</message>
+            </expect>
         </constraints>
     </context>
     <context>
diff --git a/src/validations/constraints/unit-tests/information-type-has-availability-impact-FAIL.yaml b/src/validations/constraints/unit-tests/information-type-has-availability-impact-FAIL.yaml
new file mode 100644
index 000000000..000e22d4e
--- /dev/null
+++ b/src/validations/constraints/unit-tests/information-type-has-availability-impact-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for information-type-has-availability-impact
+  description: >-
+    This test case validates the behavior of constraint
+    information-type-has-availability-impact
+  content: ../content/ssp-all-INVALID.xml
+  expectations:
+    - constraint-id: information-type-has-availability-impact
+      result: fail
diff --git a/src/validations/constraints/unit-tests/information-type-has-availability-impact-PASS.yaml b/src/validations/constraints/unit-tests/information-type-has-availability-impact-PASS.yaml
new file mode 100644
index 000000000..31cb8d988
--- /dev/null
+++ b/src/validations/constraints/unit-tests/information-type-has-availability-impact-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for information-type-has-availability-impact
+  description: >-
+    This test case validates the behavior of constraint
+    information-type-has-availability-impact
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: information-type-has-availability-impact
+      result: pass
diff --git a/src/validations/constraints/unit-tests/information-type-has-confidentiality-impact-FAIL.yaml b/src/validations/constraints/unit-tests/information-type-has-confidentiality-impact-FAIL.yaml
new file mode 100644
index 000000000..c4863c603
--- /dev/null
+++ b/src/validations/constraints/unit-tests/information-type-has-confidentiality-impact-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for information-type-has-confidentiality-impact
+  description: >-
+    This test case validates the behavior of constraint
+    information-type-has-confidentiality-impact
+  content: ../content/ssp-all-INVALID.xml
+  expectations:
+    - constraint-id: information-type-has-confidentiality-impact
+      result: fail
diff --git a/src/validations/constraints/unit-tests/information-type-has-confidentiality-impact-PASS.yaml b/src/validations/constraints/unit-tests/information-type-has-confidentiality-impact-PASS.yaml
new file mode 100644
index 000000000..c406d7339
--- /dev/null
+++ b/src/validations/constraints/unit-tests/information-type-has-confidentiality-impact-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for information-type-has-confidentiality-impact
+  description: >-
+    This test case validates the behavior of constraint
+    information-type-has-confidentiality-impact
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: information-type-has-confidentiality-impact
+      result: pass
diff --git a/src/validations/constraints/unit-tests/information-type-has-integrity-impact-FAIL.yaml b/src/validations/constraints/unit-tests/information-type-has-integrity-impact-FAIL.yaml
new file mode 100644
index 000000000..0a30752af
--- /dev/null
+++ b/src/validations/constraints/unit-tests/information-type-has-integrity-impact-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for information-type-has-integrity-impact
+  description: >-
+    This test case validates the behavior of constraint
+    information-type-has-integrity-impact
+  content: ../content/ssp-all-INVALID.xml
+  expectations:
+    - constraint-id: information-type-has-integrity-impact
+      result: fail
diff --git a/src/validations/constraints/unit-tests/information-type-has-integrity-impact-PASS.yaml b/src/validations/constraints/unit-tests/information-type-has-integrity-impact-PASS.yaml
new file mode 100644
index 000000000..6bfd1f32e
--- /dev/null
+++ b/src/validations/constraints/unit-tests/information-type-has-integrity-impact-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for information-type-has-integrity-impact
+  description: >-
+    This test case validates the behavior of constraint
+    information-type-has-integrity-impact
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: information-type-has-integrity-impact
+      result: pass