Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add leveraged-authorization-has-valid-impact-level Constraint #913

Open
wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

Add leveraged-authorization-has-valid-impact-level Constraint #913

wants to merge 5 commits into from

Conversation

Gabeblis
Copy link

Committer Notes

Purpose

This PR adds a constraint to ensure that a digital authorization package maintains appropriate FIPS-199 impact levels for leveraged authorizations within an SSP. This update helps avoid pass-back errors by aligning with the system's security sensitivity level (e.g., low, moderate, or high).

Changes

  • Added a new expect constraint to check that all leveraged authorizations define the appropriate FIPS-199 impact level (low, moderate, or high).
  • Edited ssp-all-VALID.xml to have proper data to trigger the constraint and pass.
  • Added an invalid test data file to trigger the constraint and demonstrate a successful fail
  • Added pass and fail YAML files for the constraint.

All Submissions:

  • Have you selected the correct base branch per Contributing guidance?
  • Have you set "Allow edits and access to secrets by maintainers"?
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?
  • Have you squashed any non-relevant commits and commit messages? [instructions]
  • Have you added an explanation of what your changes do and why you'd like us to include them?
    - [ ] If applicable, have all FedRAMP Documents Related to OSCAL Adoption affected by the changes in this issue have been updated.? Documentation already exists
  • If applicable, does this PR reference the issue it addresses and explain how it addresses the issue?

By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.

@Gabeblis Gabeblis self-assigned this Nov 19, 2024
@Gabeblis Gabeblis requested a review from a team as a code owner November 19, 2024 13:06
@Gabeblis Gabeblis linked an issue Nov 19, 2024 that may be closed by this pull request
Check for impact level of leveraged authorizations in a SSP #888
Open
18 tasks
@Gabeblis Gabeblis changed the title Add leveraged-authorization-matches-impact-level constraint Add leveraged-authorization-has-valid-impact-level constraint Nov 20, 2024
@Gabeblis Gabeblis force-pushed the constraints/leveraged-authorization-impact-level branch 4 times, most recently from dd9dc71 to cf28b02 Compare November 20, 2024 16:22
@Gabeblis Gabeblis force-pushed the constraints/leveraged-authorization-impact-level branch from 45f01c4 to e98cbd0 Compare November 20, 2024 18:49
@Gabeblis Gabeblis changed the title Add leveraged-authorization-has-valid-impact-level constraint Add leveraged-authorization-has-valid-impact-level Constraint Nov 20, 2024
@Gabeblis Gabeblis force-pushed the constraints/leveraged-authorization-impact-level branch from e98cbd0 to a485fe4 Compare November 20, 2024 20:24
@Gabeblis Gabeblis requested a review from a team November 20, 2024 20:26
wandmagic
wandmagic previously approved these changes Nov 20, 2024
View reviewed changes
Copy link
Collaborator

@wandmagic wandmagic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good nice work

aj-stein-gsa
aj-stein-gsa requested changes Nov 20, 2024
View reviewed changes
Copy link
Contributor

@aj-stein-gsa aj-stein-gsa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very solid but would like the documentation change to match.

src/validations/constraints/fedramp-external-constraints.xml Show resolved Hide resolved
@Gabeblis Gabeblis mentioned this pull request Nov 22, 2024
Open
@Gabeblis Gabeblis requested review from aj-stein-gsa and a team November 22, 2024 14:46
aj-stein-gsa
aj-stein-gsa previously approved these changes Nov 22, 2024
View reviewed changes
Copy link
Contributor

@aj-stein-gsa aj-stein-gsa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very good work, I particularly enjoy how you document the scenarios in your passing and failing test cases over the last few weeks. Keep it up!

@Gabeblis Gabeblis dismissed stale reviews from aj-stein-gsa and wandmagic via a403c4b November 25, 2024 14:30
@Gabeblis Gabeblis force-pushed the constraints/leveraged-authorization-impact-level branch from a403c4b to 423dc35 Compare November 25, 2024 14:34
@Gabeblis Gabeblis force-pushed the constraints/leveraged-authorization-impact-level branch from 423dc35 to 2d17552 Compare November 25, 2024 14:39
Rene2mt
Rene2mt approved these changes Nov 25, 2024
View reviewed changes
Copy link
Member

@Rene2mt Rene2mt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@Gabeblis Gabeblis requested a review from a team November 26, 2024 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DimitriZhurkin DimitriZhurkin DimitriZhurkin approved these changes

@wandmagic wandmagic wandmagic approved these changes

@Rene2mt Rene2mt Rene2mt approved these changes

@brian-ruf brian-ruf Awaiting requested review from brian-ruf

@aj-stein-gsa aj-stein-gsa Awaiting requested review from aj-stein-gsa

Assignees

@Gabeblis Gabeblis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Check for impact level of leveraged authorizations in a SSP
6 participants
@Gabeblis @brian-ruf @Rene2mt @wandmagic @DimitriZhurkin @aj-stein-gsa