Inventory - IP or DNS Information

[Rene2mt]

Constraint Task

Consistent with issue #813, these constraints focus on ensuring the "ipv4-address", "ipv6-address", "fqdn", and/or "uri" props are present for "service" components that are internal to the authorization boundary. These constrains ensure that:

• All inventory items and internal "service" components SHOULD be reachable via a network, which requires either an IPv4 address, IPv6 address, fully qualified domain name (FQDN) or uniform resource identifier (URI).
• At least one of these four properties SHOULD be present.

More than one in any combination is acceptable. For example, a single asset may have an IPv4 address, IPv6 address, and a FQDN.

NOTE - These constraints are level="WARNING"

Intended Outcome

This information helps assessors, penetration testers, and others security stakeholders understand what networked components are in the authorization boundary and ensure that assessment(s) are scoped accordingly.

Syntax Type

This is required core OSCAL syntax.

Allowed Values

There are no relevant allowed values.

Metapath(s) to Content

context="//( component[@type='service' and ./prop[@name='implementation-point' and @value='internal']] | inventory-item)"

target="."

count(./prop[@name=('ipv4-address', 'ipv6-address', 'fqdn', 'uri')]) >= 1

Purpose of the OSCAL Content

If applicable, the "ipv4-address", "ipv6-address", "fqdn", and/or "uri" will give assessors and FedRAMP information they need to ensure assessments (e.g., pen tests, vulnerability scans, etc.) are properly scoped.

Dependencies

No response

Acceptance Criteria

• All OSCAL adoption content affected by the change in this issue have been updated in accordance with the Documentation Standards.
  • Explanation is present and accurate
  • sample content is present and accurate
  • Metapath is present, accurate, and does not throw a syntax exception using oscal-cli metaschema metapath eval -e "expression".
• All constraints associated with the review task have been created
• The appropriate example OSCAL file is updated with content that demonstrates the FedRAMP-compliant OSCAL presentation.
• The constraint conforms to the FedRAMP Constraint Style Guide.
  • All automated and manual review items that identify non-conformance are addressed; or technical leads (David Waltermire; AJ Stein) have approved the PR and “override” the style guide requirement.
• Known good test content is created for unit testing.
• Known bad test content is created for unit testing.
• Unit testing is configured to run both known good and known bad test content examples.
• Passing and failing unit tests, and corresponding test vectors in the form of known valid and invalid OSCAL test files, are created or updated for each constraint.
• A Pull Request (PR) is submitted that fully addresses the goals section of the User Story in the issue.
• This issue is referenced in the PR.

Other information

No response