Adjust Constraint Target For 'inventory-item-has-vendor-name'

GSA · Jan 15, 2025 · 6fd9c91 · 6fd9c91
1 parent f112e0d
commit 6fd9c91
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
@@ -2643,7 +2643,7 @@ SSP authors must add implmentations for all required controls.
           </description>
           <link href="#11111111-2222-4000-8000-001000000005" rel="policy"/>
           <link href="#11111111-2222-4000-8000-001000000023" rel="procedure"/>
-          <implementation-status state="operational"/>
+          <implementation-status state="implemented"/>
                     <responsible-role role-id="system-admin">
                         <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
                     </responsible-role>
@@ -2658,7 +2658,7 @@ SSP authors must add implmentations for all required controls.
             <p>Component approach. This links to a component representing the Identity Management and Access Control Policy.</p>
             <p>That component contains a link to the policy, so it does not have to be linked here too.</p>
           </description>
-          <implementation-status state="operational"/>
+          <implementation-status state="implemented"/>
                     <responsible-role role-id="system-admin">
                         <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
                     </responsible-role>

diff --git a/src/validations/constraints/content/ssp-inventory-item-has-vendor-name-INVALID.xml b/src/validations/constraints/content/ssp-inventory-item-has-vendor-name-INVALID.xml
@@ -1,6 +1,6 @@
 <system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="11111111-2222-4000-8000-000000000000">
   <system-implementation>
-    <component uuid="11111111-2222-4000-8000-009000000007" type="process-procedure">
+    <component uuid="11111111-2222-4000-8000-009000000007" type="software">
       <!-- <prop ns="http://fedramp.gov/ns/oscal" name="vendor-name" value="Vendor"/> Missing software-name in linked component-->
     </component>
     <inventory-item uuid="11111111-2222-4000-8000-011000000001">

diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
@@ -724,7 +724,7 @@
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
                 <message>In a FedRAMP SSP, each inventory item that has a MAC address MUST format the MAC address correctly.</message>
             </expect>
-            <expect id="inventory-item-has-vendor-name" target="." test="count(prop[@name='vendor-name' and @ns='http://fedramp.gov/ns/oscal']) >= 1 or count(../component[@uuid=$component-uuid]/prop[@name='vendor-name' and @ns='http://fedramp.gov/ns/oscal']) >= 1" level="ERROR">
+            <expect id="inventory-item-has-vendor-name" target=".[../component[@uuid=$component-uuid and @type=('hardware','software')]]" test="count(prop[@name='vendor-name' and @ns='http://fedramp.gov/ns/oscal']) >= 1 or count(../component[@uuid=$component-uuid]/prop[@name='vendor-name' and @ns='http://fedramp.gov/ns/oscal']) >= 1" level="ERROR">
                 <formal-name>Inventory Item Has Vendor Name</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
                 <message>In a FedRAMP SSP, each inventory item MUST include the vendor name in the inventory item itself or within the linked component.</message>