Add system-characteristics information-type constrains & tests

features/fedramp_extensions.feature

@@ -93,6 +93,12 @@ Examples:
   | has-separation-of-duties-matrix-PASS.yaml |
   | has-user-guide-FAIL.yaml |
   | has-user-guide-PASS.yaml |
+  | information-type-has-availability-impact-FAIL.yaml |
+  | information-type-has-availability-impact-PASS.yaml |
+  | information-type-has-confidentiality-impact-FAIL.yaml |
+  | information-type-has-confidentiality-impact-PASS.yaml |
+  | information-type-has-integrity-impact-FAIL.yaml |
+  | information-type-has-integrity-impact-PASS.yaml |
   | information-type-system-FAIL.yaml |
   | information-type-system-PASS.yaml |
   | interconnection-direction-FAIL.yaml |
@@ -173,6 +179,9 @@ Examples:
   | has-rules-of-behavior |
   | has-separation-of-duties-matrix |
   | has-user-guide |
+  | information-type-has-availability-impact |
+  | information-type-has-confidentiality-impact |
+  | information-type-has-integrity-impact |
   | information-type-system |
   | interconnection-direction |
   | interconnection-security |

src/validations/constraints/content/ssp-all-INVALID.xml

@@ -74,15 +74,9 @@
         <categorization system="https://unsupported-system.com">
           <!-- Removed information-type-id to ensure that categorization-has-information-type-id fails correctly. -->
         </categorization>
-        <confidentiality-impact>
-          <base>high</base>
-        </confidentiality-impact>
-        <integrity-impact>
-          <base>moderate</base>
-        </integrity-impact>
-        <availability-impact>
-          <base>low</base>
-        </availability-impact>
+        <!-- Confidentiality impact was removed to ensure that information-type-has-confidentiality-impact test fails correctly -->
+        <!-- Integrity impact was removed to ensure that information-type-has-integrity-impact test fails correctly -->
+        <!-- Availability impact was removed to ensure that information-type-has-availability-impact test fails correctly -->
       </information-type>
     </system-information>
 

src/validations/constraints/fedramp-external-constraints.xml

@@ -120,6 +120,15 @@
                 <message>A FedRAMP SSP must have a network architecture description.</message>
             </expect>
 
+            <expect id="information-type-has-confidentiality-impact" target="./system-characteristics" test="system-information/information-type/confidentiality-impact" level="ERROR">
+                <message>An OSCAL SSP information type must have a confidentiality impact.</message>
+            </expect>
+            <expect id="information-type-has-integrity-impact" target="./system-characteristics" test="system-information/information-type/integrity-impact" level="ERROR">
+                <message>An OSCAL SSP information type must have an integrity impact.</message>
+            </expect>
+            <expect id="information-type-has-availability-impact" target="./system-characteristics" test="system-information/information-type/availability-impact" level="ERROR">
+                <message>An OSCAL SSP information type must have an availability impact.</message>
+            </expect>
         </constraints>
     </context>
     <context>

src/validations/constraints/unit-tests/information-type-has-availability-impact-FAIL.yaml

@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for information-type-has-availability-impact
+  description: >-
+    This test case validates the behavior of constraint
+    information-type-has-availability-impact
+  content: ../content/ssp-all-INVALID.xml
+  expectations:
+    - constraint-id: information-type-has-availability-impact
+      result: fail

src/validations/constraints/unit-tests/information-type-has-availability-impact-PASS.yaml

@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for information-type-has-availability-impact
+  description: >-
+    This test case validates the behavior of constraint
+    information-type-has-availability-impact
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: information-type-has-availability-impact
+      result: pass

src/validations/constraints/unit-tests/information-type-has-confidentiality-impact-FAIL.yaml

@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for information-type-has-confidentiality-impact
+  description: >-
+    This test case validates the behavior of constraint
+    information-type-has-confidentiality-impact
+  content: ../content/ssp-all-INVALID.xml
+  expectations:
+    - constraint-id: information-type-has-confidentiality-impact
+      result: fail

src/validations/constraints/unit-tests/information-type-has-confidentiality-impact-PASS.yaml

@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for information-type-has-confidentiality-impact
+  description: >-
+    This test case validates the behavior of constraint
+    information-type-has-confidentiality-impact
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: information-type-has-confidentiality-impact
+      result: pass

src/validations/constraints/unit-tests/information-type-has-integrity-impact-FAIL.yaml

@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for information-type-has-integrity-impact
+  description: >-
+    This test case validates the behavior of constraint
+    information-type-has-integrity-impact
+  content: ../content/ssp-all-INVALID.xml
+  expectations:
+    - constraint-id: information-type-has-integrity-impact
+      result: fail

src/validations/constraints/unit-tests/information-type-has-integrity-impact-PASS.yaml

@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for information-type-has-integrity-impact
+  description: >-
+    This test case validates the behavior of constraint
+    information-type-has-integrity-impact
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: information-type-has-integrity-impact
+      result: pass