-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSP Leveraged Authorization Entries #897
Comments
NOTE: Removed |
@brian-ruf or @aj-stein-gsa what is the goal of |
The word template had a column that is labeled something like Authorized Users and Authentication Mechanism. It was one column with two pieces of information requested. I'm mobile at the moment and can't look it up. Can answer better in an hour or so. |
Ok, no worries. I was looking at the xml template and json template and I didn't see what that |
You might want to look at Brian's WIP branch he uses to look at how we analyze the Word/Excel attachment file requirements how they fit into required and OSCAL data fields. |
Actually, the The user authentication information is required in both 6.1 and 7.1, but 7.1 only uses components. To keep everything as clean and aligned as possible, the property should also be in the component for LA. I am updating #893 dealing with the allowed values, and created #924 specifically for this constraint as the metapath target for this is unique. |
Constraint Task
As a FedRAMP Reviewer, I need to ensure that any leveraged authorization entries have required content.
Intended Outcome
For each leveraged-authorization entry, check for the presence of:
1 or more authorized users (WARN if less than 1)(Remodeled. Constraint now fits better in SSP Leveraged Authorization Component Entries #898)Syntax Type
This is optional core OSCAL syntax.
Allowed Values
There are no relevant allowed values.
Metapath(s) to Content
Removed from this issue (see #924):
./prop[@name='user-authentication'][@ns='http://fedramp.gov/ns/oscal']/remarksPurpose of the OSCAL Content
The content provides information necessary for reviewers to properly evaluate leveraged authorizations. This information is consistent with the requirements of Table 6.1 of the FedRAMP Rev 5 SSP Template.
Dependencies
None.
Acceptance Criteria
oscal-cli metaschema metapath eval -e "expression"
.Other information
The following constraint work appears to already cover pieces of this:
The text was updated successfully, but these errors were encountered: