Skip to content

Commit

Permalink
Merge pull request #478 from GSA/rev4-fedramp_values.xml-fix
Browse files Browse the repository at this point in the history 
Fix rev 4 fedramp_values.xml value sets and XSpec tests to match OSCAL
  • Loading branch information
@dimitri-zhurkin-vitg
dimitri-zhurkin-vitg committed Aug 25, 2023
2 parents a42a40c + 21225ea commit 685be08
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 62 deletions.
77 changes: 18 additions & 59 deletions src/content/rev4/resources/xml/fedramp_values.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,11 @@
<description>This EXPERIMENTAL file provides the FedRAMP defined identifiers and acceptable values in a machine-readable format.</description>
<remarks/>
</metadata>

<namespace>
<ns
name="fedramp"
ns="https://fedramp.gov/ns/oscal"/>
</namespace>

<value-set
name="system-identifier-type">
<formal-name>System Identifier Type</formal-name>
Expand All @@ -35,7 +33,6 @@
value="https://ietf.org/rfc/rfc4122">RFC-4122 UUIDv4 Value</enum>
</allowed-values>
</value-set>

<value-set
name="address-type">
<formal-name>Address Type</formal-name>
Expand All @@ -53,9 +50,7 @@
</allowed-values>
<remarks>FedRAMP requires work addresses.</remarks>
</value-set>

<!-- Removed value-set[@name='eauth-level'] in accordance with NIST SP 800-63-3. -->

<value-set
name="identity-assurance-level">
<formal-name>Identity Assurance Level</formal-name>
Expand All @@ -65,17 +60,16 @@
<allowed-values
allow-other="no">
<enum
short-label="IAL1"
value="IAL1">IAL1</enum>
short-label="L"
value="1">Low</enum>
<enum
short-label="IAL2"
value="IAL2">IAL2</enum>
short-label="M"
value="2">Moderate</enum>
<enum
short-label="IAL3"
value="IAL3">IAL3</enum>
short-label="H"
value="3">High</enum>
</allowed-values>
</value-set>

<value-set
name="authenticator-assurance-level">
<formal-name>Authenticator Assurance Level</formal-name>
Expand All @@ -85,17 +79,16 @@
<allowed-values
allow-other="no">
<enum
short-label="AAL1"
value="AAL1">AAL1</enum>
short-label="L"
value="1">Low</enum>
<enum
short-label="AAL2"
value="AAL2">AAL2</enum>
short-label="M"
value="2">Moderate</enum>
<enum
short-label="AAL3"
value="AAL3">AAL3</enum>
short-label="H"
value="3">High</enum>
</allowed-values>
</value-set>

<value-set
name="federation-assurance-level">
<formal-name>Federation Assurance Level</formal-name>
Expand All @@ -105,17 +98,16 @@
<allowed-values
allow-other="no">
<enum
short-label="FAL1"
value="FAL1">FAL1</enum>
short-label="L"
value="1">Low</enum>
<enum
short-label="FAL2"
value="FAL2">FAL2</enum>
short-label="M"
value="2">Moderate</enum>
<enum
short-label="FAL3"
value="FAL3">FAL3</enum>
short-label="H"
value="3">High</enum>
</allowed-values>
</value-set>

<value-set
name="authorization-type">
<formal-name>Authorization Type</formal-name>
Expand All @@ -135,7 +127,6 @@
value="fedramp-li-saas">FedRAMP Tailored for LI-SaaS</enum>
</allowed-values>
</value-set>

<value-set
name="service-model">
<formal-name>Service Model</formal-name>
Expand All @@ -158,7 +149,6 @@
value="other">Other</enum>
</allowed-values>
</value-set>

<value-set
name="deployment-model">
<formal-name>Deployment Model</formal-name>
Expand All @@ -184,7 +174,6 @@
value="other">Other</enum>
</allowed-values>
</value-set>

<value-set
name="security-level">
<formal-name>Security Impact Level</formal-name>
Expand All @@ -210,7 +199,6 @@
value="fips-199-high">High</enum>
</allowed-values>
</value-set>

<value-set
name="privacy-designation">
<formal-name>Privacy Designation</formal-name>
Expand All @@ -227,7 +215,6 @@
value="no">Not Privacy Sensitive</enum>
</allowed-values>
</value-set>

<value-set
name="privacy-threshold-analysis-q1">
<formal-name>Privacy Threshold Analysis (Q1)</formal-name>
Expand All @@ -244,7 +231,6 @@
value="no">No</enum>
</allowed-values>
</value-set>

<value-set
name="privacy-threshold-analysis-q2">
<formal-name>Privacy Threshold Analysis (Q2)</formal-name>
Expand All @@ -261,7 +247,6 @@
value="no">No</enum>
</allowed-values>
</value-set>

<value-set
name="privacy-threshold-analysis-q3">
<formal-name>Privacy Threshold Analysis (Q3)</formal-name>
Expand All @@ -278,7 +263,6 @@
value="no">No</enum>
</allowed-values>
</value-set>

<value-set
name="privacy-threshold-analysis-q4">
<formal-name>Privacy Threshold Analysis (Q4)</formal-name>
Expand All @@ -296,7 +280,6 @@
</allowed-values>
<remarks>If "yes" a SORN ID must be provided.</remarks>
</value-set>

<value-set
name="likelihood">
<formal-name>Likelihood</formal-name>
Expand All @@ -316,7 +299,6 @@
value="high">High</enum>
</allowed-values>
</value-set>

<value-set
name="impact-level">
<formal-name>Impact Level</formal-name>
Expand All @@ -336,9 +318,7 @@
value="high">High</enum>
</allowed-values>
</value-set>

<!-- Additional values to be defined here. -->

<value-set
name="information-type-system">
<formal-name>Information Type System</formal-name>
Expand All @@ -353,7 +333,6 @@
</allowed-values>
<remarks>FedRAMP only allows information types defined in NIST SP 800-60v2r1.</remarks>
</value-set>

<value-set
name="operational-status">
<formal-name>Operational Status (system)</formal-name>
Expand All @@ -379,7 +358,6 @@
value="other">Other</enum>
</allowed-values>
</value-set>

<value-set
name="user-type">
<formal-name>User Type</formal-name>
Expand All @@ -399,7 +377,6 @@
value="general-public">General Public</enum>
</allowed-values>
</value-set>

<value-set
name="user-privilege">
<formal-name>User Privilege</formal-name>
Expand All @@ -419,7 +396,6 @@
value="no-logical-access">No Logical Access</enum>
</allowed-values>
</value-set>

<value-set
name="user-sensitivity-level">
<formal-name>User Sensitivity level</formal-name>
Expand All @@ -445,7 +421,6 @@
value="not-applicable">Not Applicable</enum>
</allowed-values>
</value-set>

<value-set
name="interconnection-direction">
<formal-name>Interconnection Direction</formal-name>
Expand All @@ -465,7 +440,6 @@
value="incoming-outgoing">Bi-Directional</enum>
</allowed-values>
</value-set>

<value-set
name="interconnection-security">
<formal-name>Interconnection Security</formal-name>
Expand Down Expand Up @@ -497,7 +471,6 @@
value="other">Other</enum>
</allowed-values>
</value-set>

<value-set
name="component-type">
<formal-name>Component Type</formal-name>
Expand Down Expand Up @@ -544,7 +517,6 @@
value="interconnection">Interconnection</enum>
</allowed-values>
</value-set>

<value-set
name="asset-type">
<formal-name>Asset Type</formal-name>
Expand Down Expand Up @@ -590,7 +562,6 @@
value="storage-array">Storage Array</enum>
</allowed-values>
</value-set>

<value-set
name="scan-type">
<formal-name>Scan Type</formal-name>
Expand All @@ -615,7 +586,6 @@
value="other">Web Scan</enum>
</allowed-values>
</value-set>

<value-set
name="transport-type">
<formal-name>Transport Type</formal-name>
Expand All @@ -632,7 +602,6 @@
value="udp">UDP</enum>
</allowed-values>
</value-set>

<value-set
name="virtual">
<formal-name>Virtual</formal-name>
Expand All @@ -651,7 +620,6 @@
value="no">No</enum>
</allowed-values>
</value-set>

<value-set
name="public">
<formal-name>Public</formal-name>
Expand All @@ -670,7 +638,6 @@
value="no">No</enum>
</allowed-values>
</value-set>

<value-set
name="allows-authenticated-scan">
<formal-name>Allows Authenticated Scan</formal-name>
Expand All @@ -690,7 +657,6 @@
</allowed-values>
<remarks>if the value is "no", the prop remarks must contain the reason why.</remarks>
</value-set>

<value-set
name="is-scanned">
<formal-name>Is Scanned</formal-name>
Expand All @@ -710,7 +676,6 @@
</allowed-values>
<remarks>if the value is "no", the prop remarks must contain the reason why.</remarks>
</value-set>

<value-set
name="control-implementation-status">
<formal-name>Control Implementation Status</formal-name>
Expand All @@ -736,7 +701,6 @@
value="not-applicable">Not Applicable</enum>
</allowed-values>
</value-set>

<value-set
name="control-origination">
<formal-name>Control Origination</formal-name>
Expand All @@ -762,7 +726,6 @@
value="inherited">Inherited</enum>
</allowed-values>
</value-set>

<value-set
name="attachment-type">
<formal-name>Attachment Type</formal-name>
Expand Down Expand Up @@ -875,7 +838,6 @@
</allowed-values>
<remarkas>Not all values apply to all FedRAMP artifacts.</remarkas>
</value-set>

<value-set
name="hash-algorithm">
<formal-name>Hash Algorithm</formal-name>
Expand All @@ -901,7 +863,6 @@
value="RIPEMD-160">RIPEMD-160</enum>
</allowed-values>
</value-set>

<value-set
name="role-type">
<formal-name>Defined Role Identifiers</formal-name>
Expand Down Expand Up @@ -951,7 +912,6 @@
value="penetration-test-lead">Penetration Test Lead</enum>
</allowed-values>
</value-set>

<value-set
name="media-type">
<formal-name>Resource Media Types</formal-name>
Expand Down Expand Up @@ -1023,5 +983,4 @@
value="application/yaml">application/yaml</enum>
</allowed-values>
</value-set>

</fedramp-values>
6 changes: 3 additions & 3 deletions src/validations/test/rules/rev4/ssp.xspec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4808,7 +4808,7 @@
class="identity-assurance"
name="identity-assurance-level"
ns="https://fedramp.gov/ns/oscal"
value="IAL2" />
value="2" />
</system-characteristics>
</x:context>
<x:expect-not-assert
Expand Down Expand Up @@ -4843,7 +4843,7 @@
class="authenticator-assurance"
name="authenticator-assurance-level"
ns="https://fedramp.gov/ns/oscal"
value="AAL2" />
value="2" />
</system-characteristics>
</x:context>
<x:expect-not-assert
Expand Down Expand Up @@ -4878,7 +4878,7 @@
class="federation-assurance"
name="federation-assurance-level"
ns="https://fedramp.gov/ns/oscal"
value="FAL2" />
value="2" />
</system-characteristics>
</x:context>
<x:expect-not-assert
Expand Down

0 comments on commit 685be08

Please sign in to comment.