Skip to content

Update the authorization-type for FedRAMP JAB to be deprecated #1208

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
14 tasks
aj-stein-gsa opened this issue Mar 13, 2025 · 0 comments
Open
14 tasks

Update the authorization-type for FedRAMP JAB to be deprecated #1208

aj-stein-gsa opened this issue Mar 13, 2025 · 0 comments
Assignees
@DimitriZhurkin
Labels
constraint: completeness enhancement New feature or request scope: constraints type: task
Milestone
v3.0.0-milestone1

Comments

@aj-stein-gsa
Copy link
Contributor

aj-stein-gsa commented Mar 13, 2025
edited
Loading

Constraint Task

As a developer of OSCAL-enabled tools, to ensure I do not continue to prepare OSCAL data for system authorizations that are currently obsolete, I want a deprecation warning to the .[@type="fedramp-jab"] for the value in allowed-value of authorization-type in FedRAMP constraints to know and possibly communicate through software to users this value is deprecated, even if still applicable.

Intended Outcome

Add a deprecation message like to so the fedramp-jab authorization-type value in the enum set.

https://github.com/usnistgov/OSCAL/blob/b39789e5ab6df36dbe14f481e40113b91fd25f3f/src/metaschema/oscal_catalog_metaschema.xml#L234

                        <enum value="fedramp-jab" deprecated="3.0.0-milestone1">**(deprecated)*** The authorization type of 'fedramp-jab' is deprecated. Use it for pre-existing JAB authorizations only.</enum>

Syntax Type

This is a FedRAMP constraint in the FedRAMP-specific namespace.

Allowed Values

FedRAMP allowed values must be defined or verified.

Metapath(s) to Content

/system-security-plan/system-characteristics/prop[@name='authorization-type'][@ns='http://fedramp.gov/ns/oscal']/@value

Purpose of the OSCAL Content

No response

Dependencies

No response

Acceptance Criteria

  • All OSCAL adoption content affected by the change in this issue have been updated in accordance with the Documentation Standards.
    • Explanation is present and accurate
    • sample content is present and accurate
    • Metapath is present, accurate, and does not throw a syntax exception using oscal-cli metaschema metapath eval -e "expression".
  • All constraints associated with the review task have been created
  • The appropriate example OSCAL file is updated with content that demonstrates the FedRAMP-compliant OSCAL presentation.
  • The constraint conforms to the FedRAMP Constraint Style Guide.
    • All automated and manual review items that identify non-conformance are addressed; or technical leads (David Waltermire; AJ Stein) have approved the PR and “override” the style guide requirement.
  • Known good test content is created for unit testing.
  • Known bad test content is created for unit testing.
  • Unit testing is configured to run both known good and known bad test content examples.
  • Passing and failing unit tests, and corresponding test vectors in the form of known valid and invalid OSCAL test files, are created or updated for each constraint.
  • A Pull Request (PR) is submitted that fully addresses the goals section of the User Story in the issue.
  • This issue is referenced in the PR.

Other information

No response
@aj-stein-gsa aj-stein-gsa added the enhancement New feature or request label Mar 13, 2025
@aj-stein-gsa aj-stein-gsa moved this from 🆕 New to 📋 Backlog in FedRAMP Automation Mar 13, 2025
@aj-stein-gsa aj-stein-gsa moved this from 📋 Backlog to 🔖 Ready in FedRAMP Automation Mar 13, 2025
@DimitriZhurkin DimitriZhurkin self-assigned this Mar 13, 2025
@DimitriZhurkin DimitriZhurkin mentioned this issue Mar 13, 2025
Merged
7 tasks
@DimitriZhurkin DimitriZhurkin moved this from 🔖 Ready to 👀 In review in FedRAMP Automation Mar 13, 2025
@DimitriZhurkin DimitriZhurkin moved this from 👀 In review to 🚢 Ready to Ship in FedRAMP Automation Mar 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DimitriZhurkin DimitriZhurkin

Labels
constraint: completeness enhancement New feature or request scope: constraints type: task
Projects
FedRAMP Automation
Status: 🚢 Ready to Ship
Milestone
v3.0.0-milestone1
Development

No branches or pull requests
2 participants
@DimitriZhurkin @aj-stein-gsa