Merge branch 'develop' into 931-connection-security

.tool-versions

@@ -1 +1,2 @@
-oscal-cli 2.4.0
+oscal-cli 2.4.0
+oscal-server v1.0.0-SNAPSHOT-6363f60-20241202160440

features/fedramp_extensions.feature

@@ -36,6 +36,7 @@ Examples:
   | cia-impact-has-selected |
   | cloud-service-model |
   | component-has-authentication-method |
+  | component-has-provider-responsible-role |
   | component-type |
   | control-implementation-status |
   | data-center-alternate |
@@ -108,9 +109,11 @@ Examples:
   | leveraged-authorization-has-authorization-type |
   | leveraged-authorization-has-impact-level |
   | leveraged-authorization-has-system-identifier |
+  | leveraged-authorization-has-valid-impact-level |
   | leveraged-authorization-nature-of-agreement |
   | marking |
   | missing-response-components |
+  | network-component-has-implementation-point |
   | party-has-name |
   | privilege-level |
   | prop-response-point-has-cardinality-one |
@@ -177,6 +180,8 @@ Examples:
   | cloud-service-model-PASS.yaml |
   | component-has-authentication-method-FAIL.yaml |
   | component-has-authentication-method-PASS.yaml |
+  | component-responsible-role-references-party-FAIL.yaml |
+  | component-responsible-role-references-party-PASS.yaml |
   | component-type-FAIL.yaml |
   | component-type-PASS.yaml |
   | control-implementation-status-FAIL.yaml |
@@ -321,12 +326,16 @@ Examples:
   | leveraged-authorization-has-impact-level-PASS.yaml |
   | leveraged-authorization-has-system-identifier-FAIL.yaml |
   | leveraged-authorization-has-system-identifier-PASS.yaml |
+  | leveraged-authorization-has-valid-impact-level-FAIL.yaml |
+  | leveraged-authorization-has-valid-impact-level-PASS.yaml |
   | leveraged-authorization-nature-of-agreement-FAIL.yaml |
   | leveraged-authorization-nature-of-agreement-PASS.yaml |
   | marking-FAIL.yaml |
   | marking-PASS.yaml |
   | missing-response-components-FAIL.yaml |
   | missing-response-components-PASS.yaml |
+  | network-component-has-implementation-point-FAIL.yaml |
+  | network-component-has-implementation-point-PASS.yaml |
   | party-has-name-FAIL.yaml |
   | party-has-name-PASS.yaml |
   | privilege-level-FAIL.yaml |

package.json

@@ -28,7 +28,7 @@
     "inquirer": "^10.1.8",
     "js-yaml": "^4.1.0",
     "jsdom": "^25.0.0",
-    "oscal": "2.0.6",
+    "oscal": "2.0.7",
     "ts-node": "^10.9.2",
     "xml-formatter": "^3.6.3",
     "xml2js": "^0.6.2"

src/validations/constraints/content/ssp-all-VALID.xml

@@ -264,7 +264,7 @@
       <title>GovCloud</title>
       <prop ns="https://fedramp.gov/ns/oscal" name="leveraged-system-identifier" value="F1603047866"/>
       <prop ns="https://fedramp.gov/ns/oscal" name="authorization-type" value="fedramp-agency"/>
-      <prop ns="https://fedramp.gov/ns/oscal" name="impact-level" value="moderate"/>
+      <prop ns="https://fedramp.gov/ns/oscal" name="impact-level" value="fips-199-moderate"/>
       <link href="//path/to/leveraged_system_ssp.xml"/>
       <party-uuid>f0bc13a4-3303-47dd-80d3-380e159c8362</party-uuid>
       <date-authorized>2015-01-01</date-authorized>
@@ -301,28 +301,55 @@
         <p>This is the primary application server for the system.</p>
       </remarks>
     </component>
-
+    <component uuid="66666666-0000-4000-9000-000000000007" type="service">
+      <title>Firebase CLI Connection</title>
+      <description>
+        <p>CLI for updating firebase Secure connection to an external API for data enrichment.</p>
+      </description>
+      <prop ns="https://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
+        <remarks>
+          <p>Some description of the authentication method.</p>
+        </remarks>
+      </prop>
+      <prop name="interconnection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
+      <prop name="interconnection-direction" value="in/out" ns="https://fedramp.gov/ns/oscal"/>
+      <prop name="leveraged-authorization-uuid" value="233e0f09-fe5e-47e2-bca3-5f32df75e57a"/>
+      <prop name="asset-type" value="cli"/>
+      <prop name="implementation-point" value="external"/>
+      <status state="operational"/>
+      <responsible-role role-id="system-admin">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-role>
+      <remarks>
+        <p>This connection is used for secure data exchange with external systems.</p>
+      </remarks>
+    </component>
     <component uuid="6ac88fd2-7c7b-4357-af2e-f22ccd3ead26" type="system">
       <title>An External Leveraged System</title>
       <description>
         <p>An external leveraged system.</p>
       </description>
       <prop name="leveraged-authorization-uuid" value="233e0f09-fe5e-47e2-bca3-5f32df75e57a"/>
+      <prop name="implementation-point" value="external"/>
       <prop name="nature-of-agreement" ns="https://fedramp.gov/ns/oscal" value="sla"/>
       <prop ns="https://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
         <remarks>
-          <p>Some description of the authentication method.</p>
+          <p>Some description of the external authentication method.</p>
         </remarks>
       </prop>
      <status state="operational"/>
-     </component>
+      <responsible-role role-id="provider">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-role>
+    </component>
 
     <component uuid="66666666-0000-4000-9000-000000000006" type="interconnection">
       <title>External API Connection</title>
       <description>
         <p>Secure connection to an external API for data enrichment.</p>
       </description>
       <prop name="connection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
+      <prop name="leveraged-authorization-uuid" value="233e0f09-fe5e-47e2-bca3-5f32df75e57a"/>
       <prop name="interconnection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
       <prop name="direction" value="incoming" ns="https://fedramp.gov/ns/oscal"/>
       <prop name="interconnection-direction" value="incoming" ns="https://fedramp.gov/ns/oscal"/>
@@ -332,6 +359,9 @@
         </remarks>
       </prop>
       <status state="operational"/>
+      <responsible-role role-id="provider">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-role>
       <responsible-role role-id="system-admin">
         <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
       </responsible-role>
@@ -348,13 +378,19 @@
       <prop name="connection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
       <prop name="asset-type" value="cli"/>
       <prop name="direction" value="incoming" ns="https://fedramp.gov/ns/oscal"/>
+      <prop name="implementation-point" value="external"/>
+      <prop name="direction" value="in/out" ns="https://fedramp.gov/ns/oscal"/>
+      <prop name="nature-of-agreement" ns="https://fedramp.gov/ns/oscal" value="isa"/>
       <prop ns="https://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
         <remarks>
           <p>Some description of the authentication method.</p>
         </remarks>
       </prop>
       <prop name="nature-of-agreement" ns="https://fedramp.gov/ns/oscal" value="isa"/>
       <status state="operational"/>
+      <responsible-role role-id="provider">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-role>
     </component>
 
     <inventory-item uuid="77777777-0000-4000-9000-000000000007">

src/validations/constraints/content/ssp-component-has-provider-responsible-role-INVALID.xml

@@ -0,0 +1,12 @@
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd" uuid="12345678-1234-4321-8765-123456789012">
+  <system-implementation>
+    <component uuid="6ac88fd2-7c7b-4357-af2e-f22ccd3ead26" type="system">
+      <prop name="leveraged-authorization-uuid" value="233e0f09-fe5e-47e2-bca3-5f32df75e57a"/>
+      <responsible-role role-id="provider">
+        <!-- There are two parties referenced. The count should be 1. -->
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+        <party-uuid>11111111-0000-4000-9000-000000000002</party-uuid>
+      </responsible-role>
+    </component>
+  </system-implementation>
+</system-security-plan>

src/validations/constraints/content/ssp-leveraged-authorization-has-valid-impact-level-INVALID.xml

@@ -0,0 +1,10 @@
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd" uuid="12345678-1234-4321-8765-123456789012">
+  <system-characteristics>
+    <security-sensitivity-level>fips-199-moderate</security-sensitivity-level>
+  </system-characteristics>
+  <system-implementation>
+    <leveraged-authorization uuid="5a9c98ab-8e5e-433d-a7bd-515c07cd1497">
+      <prop ns="https://fedramp.gov/ns/oscal" name="impact-level" value="fips-199-low"/>
+    </leveraged-authorization>
+  </system-implementation>
+</system-security-plan>