Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add leveraged-authorization-has-valid-impact-level Constraint #913

Conversation

Gabeblis
Copy link

Committer Notes

Purpose

This PR adds a constraint to ensure that a digital authorization package maintains appropriate FIPS-199 impact levels for leveraged authorizations within an SSP. This update helps avoid pass-back errors by aligning with the system's security sensitivity level (e.g., low, moderate, or high).

Changes

  • Added a new expect constraint to check that all leveraged authorizations define the appropriate FIPS-199 impact level (low, moderate, or high).
  • Edited ssp-all-VALID.xml to have proper data to trigger the constraint and pass.
  • Added an invalid test data file to trigger the constraint and demonstrate a successful fail
  • Added pass and fail YAML files for the constraint.

All Submissions:

  • Have you selected the correct base branch per Contributing guidance?
  • Have you set "Allow edits and access to secrets by maintainers"?
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?
  • Have you squashed any non-relevant commits and commit messages? [instructions]
  • Have you added an explanation of what your changes do and why you'd like us to include them?
    - [ ] If applicable, have all FedRAMP Documents Related to OSCAL Adoption affected by the changes in this issue have been updated.? Documentation already exists
  • If applicable, does this PR reference the issue it addresses and explain how it addresses the issue?

By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.

@Gabeblis Gabeblis self-assigned this Nov 19, 2024
@Gabeblis Gabeblis requested a review from a team as a code owner November 19, 2024 13:06
@Gabeblis Gabeblis linked an issue Nov 19, 2024 that may be closed by this pull request
18 tasks
@Gabeblis Gabeblis changed the title Add leveraged-authorization-matches-impact-level constraint Add leveraged-authorization-has-valid-impact-level constraint Nov 20, 2024
@Gabeblis Gabeblis force-pushed the constraints/leveraged-authorization-impact-level branch 4 times, most recently from dd9dc71 to cf28b02 Compare November 20, 2024 16:22
@Gabeblis Gabeblis force-pushed the constraints/leveraged-authorization-impact-level branch from 45f01c4 to e98cbd0 Compare November 20, 2024 18:49
@Gabeblis Gabeblis changed the title Add leveraged-authorization-has-valid-impact-level constraint Add leveraged-authorization-has-valid-impact-level Constraint Nov 20, 2024
@Gabeblis Gabeblis force-pushed the constraints/leveraged-authorization-impact-level branch from e98cbd0 to a485fe4 Compare November 20, 2024 20:24
@Gabeblis Gabeblis requested a review from a team November 20, 2024 20:26
wandmagic
wandmagic previously approved these changes Nov 20, 2024
Copy link
Collaborator

@wandmagic wandmagic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good nice work

Copy link
Contributor

@aj-stein-gsa aj-stein-gsa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very solid but would like the documentation change to match.

aj-stein-gsa
aj-stein-gsa previously approved these changes Nov 22, 2024
Copy link
Contributor

@aj-stein-gsa aj-stein-gsa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very good work, I particularly enjoy how you document the scenarios in your passing and failing test cases over the last few weeks. Keep it up!

@Gabeblis Gabeblis dismissed stale reviews from aj-stein-gsa and wandmagic via a403c4b November 25, 2024 14:30
@Gabeblis Gabeblis force-pushed the constraints/leveraged-authorization-impact-level branch 2 times, most recently from 423dc35 to 2d17552 Compare November 25, 2024 14:39
wandmagic
wandmagic previously approved these changes Nov 25, 2024
Rene2mt
Rene2mt previously approved these changes Nov 25, 2024
Copy link
Member

@Rene2mt Rene2mt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

DimitriZhurkin
DimitriZhurkin previously approved these changes Nov 27, 2024
@Gabeblis Gabeblis force-pushed the constraints/leveraged-authorization-impact-level branch 2 times, most recently from 31f0ee4 to bf5b3bf Compare November 29, 2024 15:45
@Gabeblis Gabeblis force-pushed the constraints/leveraged-authorization-impact-level branch from bf5b3bf to e694da4 Compare November 29, 2024 16:53
aj-stein-gsa
aj-stein-gsa previously approved these changes Nov 29, 2024
wandmagic
wandmagic previously approved these changes Dec 2, 2024
Copy link
Contributor

@aj-stein-gsa aj-stein-gsa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review acceptance criteria and related documentation updates to the website in GSA/automate.fedramp.gov#124, looks good to go. 🚢

@aj-stein-gsa aj-stein-gsa merged commit b82c417 into GSA:develop Dec 2, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Check for impact level of leveraged authorizations in a SSP
7 participants