Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Connection security property for network components #931

Open
9 of 14 tasks
aj-stein-gsa opened this issue Nov 22, 2024 · 0 comments · May be fixed by #938
Open
9 of 14 tasks

Connection security property for network components #931

aj-stein-gsa opened this issue Nov 22, 2024 · 0 comments · May be fixed by #938

Comments

@aj-stein-gsa
Copy link
Contributor

aj-stein-gsa commented Nov 22, 2024

Constraint Task

For network components that support leveraged authorizations and interconnections in different scenarios, you need to identify the connection security characteristics for those components.

Intended Outcome

Determine there is a connection-security property for the relevant components.

Syntax Type

This is required core OSCAL syntax.

Allowed Values

There are no relevant allowed values.

Metapath(s) to Content

<!-- Metapath target context -->
//component[ (@type='service'  and not(./prop[@name='leveraged-authorization-uuid']) and ./prop[@name='implementation-point' and @value='external']) or (@type='interconnection') or (@type='service' and ./prop[@name='implementation-point' and @value='internal'] and ./prop[@name='direction']) or (@type='software' and ./prop[@name='asset-type' and @value='cli'] and ./prop[@name='direction']) ]

<!-- Constraint requirement: There must be at least one connection security property. -->
count(./prop[@name='connection-security' and @ns='http://fedramp.gov/ns/oscal']) >= 1

Purpose of the OSCAL Content

Allow reviewers to understand how network system components manage risk and conform to FedRAMP requirements and best practices.

Dependencies

No response

Acceptance Criteria

  • All OSCAL adoption content affected by the change in this issue have been updated in accordance with the Documentation Standards.
    • Explanation is present and accurate
    • sample content is present and accurate
    • Metapath is present, accurate, and does not throw a syntax exception using oscal-cli metaschema metapath eval -e "expression".
  • All constraints associated with the review task have been created
  • The appropriate example OSCAL file is updated with content that demonstrates the FedRAMP-compliant OSCAL presentation.
  • The constraint conforms to the FedRAMP Constraint Style Guide.
    • All automated and manual review items that identify non-conformance are addressed; or technical leads (David Waltermire; AJ Stein) have approved the PR and “override” the style guide requirement.
  • Known good test content is created for unit testing.
  • Known bad test content is created for unit testing.
  • Unit testing is configured to run both known good and known bad test content examples.
  • Passing and failing unit tests, and corresponding test vectors in the form of known valid and invalid OSCAL test files, are created or updated for each constraint.
  • A Pull Request (PR) is submitted that fully addresses the goals section of the User Story in the issue.
  • This issue is referenced in the PR.

Other information

These tasks are part of #807 and #808.

@aj-stein-gsa aj-stein-gsa moved this from 🆕 New to 🔖 Ready in FedRAMP Automation Nov 22, 2024
@kyhu65867 kyhu65867 linked a pull request Nov 25, 2024 that will close this issue
6 tasks
@Gabeblis Gabeblis linked a pull request Nov 26, 2024 that will close this issue
6 tasks
@Gabeblis Gabeblis moved this from 🏗 In progress to 👀 In review in FedRAMP Automation Dec 3, 2024
aj-stein-gsa pushed a commit to kyhu65867/fedramp-automation that referenced this issue Dec 3, 2024
aj-stein-gsa pushed a commit to kyhu65867/fedramp-automation that referenced this issue Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: 👀 In review
Development

Successfully merging a pull request may close this issue.

2 participants