Skip to content

Commit

Permalink
Add help-url props
Browse files Browse the repository at this point in the history
  • Loading branch information
Gabeblis committed Oct 29, 2024
1 parent 9040f1f commit a7b258e
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/validations/constraints/fedramp-external-constraints.xml
Original file line number Diff line number Diff line change
Expand Up @@ -165,12 +165,15 @@
<message>A FedRAMP SSP SHOULD define its FIPS-199 security sensitivity level to match the highest security impact level for the system's confidentiality, integrity, and availability objectives.</message>
</expect>
<expect id="cia-impact-has-selected" target="system-characteristics/system-information/information-type/(confidentiality-impact | integrity-impact | availability-impact)" test="selected" level="ERROR">
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#system-information-and-information-types"/>
<message>A FedRAMP SSP information type confidentiality, integrity, or availability impact must specify the selected impact.</message>
</expect>
<expect id="cia-impact-has-adjustment-justification" target="system-characteristics/system-information/information-type/(confidentiality-impact | integrity-impact | availability-impact)" test="if (base ne selected) then exists(adjustment-justification) else true()" level="ERROR">
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#system-information-and-information-types"/>
<message>When SP 800-60 base and selected impacts levels differ for a given information type, the SSP must include a justification for the difference.</message>
</expect>
<expect id="has-system-name-short" target="system-characteristics" test="system-name-short" level="ERROR">
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#system-name-abbreviation-and-fedramp-unique-identifier"/>
<message>A FedRAMP SSP must have a short system name.</message>
</expect>
</constraints>
Expand Down

0 comments on commit a7b258e

Please sign in to comment.