Skip to content
This repository has been archived by the owner on Dec 12, 2023. It is now read-only.

Add new assertion groupings #624

Merged
merged 3 commits into from
Jul 21, 2022
+22 −10
Merged

Add new assertion groupings #624

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5ce9e84
Add "all rules" assertion grouping.
danielnaab Jul 20, 2022
570a2a2
Standardize on feddoc:documentation-reference attributes
danielnaab Jul 20, 2022
95368e3
Add feddoc:documentation-reference assertion group.
danielnaab Jul 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 18 additions & 6 deletions src/validations/rules/assertion-grouping.xsl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
exclude-result-prefixes="xs math sch doc"
version="3.0"
xmlns:doc="https://fedramp.gov/oscal/fedramp-automation-documentation"
xmlns:feddoc="http://us.gov/documentation/federal-documentation"
xmlns:math="http://www.w3.org/2005/xpath-functions/math"
xmlns:sch="http://purl.oclc.org/dsdl/schematron"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
Expand All @@ -22,7 +23,7 @@
<xsl:variable
as="xs:string*"
name="groups"
select="distinct-values(//assert/@doc:* ! local-name())" />
select="distinct-values(//assert/(@doc:*|@feddoc:*) ! local-name()), ('all')" />
<!-- create the proto-JSON XML -->
<xsl:variable
as="node()"
Expand Down Expand Up @@ -51,13 +52,24 @@
test="current() eq 'guide-reference'">FedRAMP OSCAL Guide</xsl:when>
<xsl:when
test="current() eq 'template-reference'">FedRAMP SSP Template</xsl:when>
<xsl:when
test="current() eq 'documentation-reference'">Other Federal Documentation</xsl:when>
<xsl:when
test="current() eq 'all'">
<xsl:text>All Rules</xsl:text>
</xsl:when>
</xsl:choose>
</string>
<!-- get the distinct values found in this attribute -->
<xsl:variable
as="xs:string*"
name="groupitems"
select="distinct-values($sch//@doc:*[local-name() eq $attribute-local-name] ! tokenize(., ',\s*'))" />
select="
if ($attribute-local-name = 'all') then
('Unorganized')
else
distinct-values($sch//(@doc:*|@feddoc:*)[local-name() eq $attribute-local-name] ! tokenize(., ',\s*'))"
/>
<!-- create a list of related assertions for each distinct attribute value-->
<array
key="groups">
Expand Down Expand Up @@ -116,9 +128,9 @@
select="current()" />
<xsl:if
test="
some $d in $sch//assert/@doc:*
$item = 'Unorganized' or (some $d in $sch//assert/(@doc:*|@feddoc:*)
satisfies some $t in tokenize($d, ',\s*')
satisfies $t = tokenize($item, ',\s*')">
satisfies $t = tokenize($item, ',\s*'))">
<map>
<string
key="title">
Expand All @@ -131,9 +143,9 @@
select="$sch//assert">
<xsl:if
test="
some $d in @doc:*
$item = 'Unorganized' or (some $d in (@doc:*|@feddoc:*)
satisfies some $t in tokenize($d, ',\s*')
satisfies $t = tokenize($item, ',\s*')">
satisfies $t = tokenize($item, ',\s*'))">
<string>
<xsl:value-of
select="@id" />
Expand Down
8 changes: 4 additions & 4 deletions src/validations/rules/ssp.sch
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1990,7 +1990,7 @@
doc:checklist-reference="Section B Check 3.3, Section C Check 7"
doc:guide-reference="Guide to OSCAL-based FedRAMP System Security Plans §4.5"
doc:template-reference="System Security Plan Template §2.3"
feddoc:referenced-documentation="NIST Special Publication 800-63-3"
feddoc:documentation-reference="NIST Special Publication 800-63-3"
fedramp:specific="true"
id="has-allowed-identity-assurance-level"
role="error"
Expand All @@ -2010,7 +2010,7 @@
doc:checklist-reference="Section B Check 3.3, Section C Check 7"
doc:guide-reference="Guide to OSCAL-based FedRAMP System Security Plans §4.5"
doc:template-reference="System Security Plan Template §2.3"
feddoc:referenced-documentation="NIST Special Publication 800-63-3"
feddoc:documentation-reference="NIST Special Publication 800-63-3"
fedramp:specific="true"
id="has-allowed-authenticator-assurance-level"
role="error"
Expand All @@ -2030,7 +2030,7 @@
doc:checklist-reference="Section B Check 3.3, Section C Check 7"
doc:guide-reference="Guide to OSCAL-based FedRAMP System Security Plans §4.5"
doc:template-reference="System Security Plan Template §2.3"
feddoc:referenced-documentation="NIST Special Publication 800-63-3"
feddoc:documentation-reference="NIST Special Publication 800-63-3"
fedramp:specific="true"
id="has-allowed-federation-assurance-level"
role="error"
Expand Down Expand Up @@ -2380,7 +2380,7 @@
'China Telecom', 'China Telecom (Americas) Corp')" />
<sch:assert
diagnostics="has-prohibited-vendor-name-diagnostic"
feddoc:reference-documentation="FAR 889(a)(1)(B)"
feddoc:documentation-reference="FAR 889(a)(1)(B)"
id="has-prohibited-vendor-name"
role="warning"
test="not(oscal:prop[@name eq 'vendor-name']/@value = $prohibit-vendor)">The inventory item does not cite a banned
Expand Down