diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature
index a29d3c941..7aced5bef 100644
--- a/features/fedramp_extensions.feature
+++ b/features/fedramp_extensions.feature
@@ -28,6 +28,7 @@ Examples:
   | address-type |
   | aggregate-parameters-warning |
   | attachment-type |
+  | authenticated-scan-no-has-remarks |
   | authentication-method-has-remarks |
   | authorization-type |
   | by-component-has-responsible-role |
@@ -49,6 +50,7 @@ Examples:
   | data-center-primary |
   | data-center-us |
   | deployment-model |
+  | end-of-life-date-type |
   | external-system-nature-of-agreement |
   | extraneous-implemented-requirements |
   | fedramp-citations-has-correct-link |
@@ -104,6 +106,7 @@ Examples:
   | has-system-id |
   | has-system-name-short |
   | has-user-guide |
+  | high-impact-inventory-item-has-asset-owner |
   | image-has-checksum |
   | implementation-status-has-remarks |
   | import-profile-has-available-document |
@@ -116,10 +119,13 @@ Examples:
   | information-type-has-confidentiality-impact |
   | information-type-has-integrity-impact |
   | information-type-system |
+  | inter-boundary-component-has-information-type |
   | interconnection-direction |
   | interconnection-security |
   | inventory-item-allows-authenticated-scan |
   | inventory-item-and-component-has-public |
+  | inventory-item-has-function |
+  | inventory-item-has-scan-type |
   | inventory-item-has-valid-mac-address |
   | inventory-item-has-vendor-name |
   | inventory-item-or-component-has-asset-id |
@@ -154,6 +160,7 @@ Examples:
   | role-defined-system-owner |
   | saas-has-leveraged-authorization |
   | scan-type |
+  | scan-type-has-remarks |
   | security-level |
   | security-sensitivity-level-matches-security-impact-level |
   | statement-has-this-system-component |
@@ -189,6 +196,8 @@ Examples:
   | aggregate-parameters-warning-PASS.yaml |
   | attachment-type-FAIL.yaml |
   | attachment-type-PASS.yaml |
+  | authenticated-scan-no-has-remarks-FAIL.yaml |
+  | authenticated-scan-no-has-remarks-PASS.yaml |
   | authentication-method-has-remarks-FAIL.yaml |
   | authentication-method-has-remarks-PASS.yaml |
   | authorization-type-FAIL.yaml |
@@ -231,6 +240,8 @@ Examples:
   | data-center-us-PASS.yaml |
   | deployment-model-FAIL.yaml |
   | deployment-model-PASS.yaml |
+  | end-of-life-date-type-FAIL.yaml |
+  | end-of-life-date-type-PASS.yaml |
   | external-system-nature-of-agreement-FAIL.yaml |
   | external-system-nature-of-agreement-PASS.yaml |
   | extraneous-implemented-requirements-FAIL.yaml |
@@ -341,6 +352,8 @@ Examples:
   | has-system-name-short-PASS.yaml |
   | has-user-guide-FAIL.yaml |
   | has-user-guide-PASS.yaml |
+  | high-impact-inventory-item-has-asset-owner-FAIL.yaml |
+  | high-impact-inventory-item-has-asset-owner-PASS.yaml |
   | image-has-checksum-FAIL.yaml |
   | image-has-checksum-PASS.yaml |
   | implementation-status-has-remarks-FAIL.yaml |
@@ -365,6 +378,8 @@ Examples:
   | information-type-id-PASS.yaml |
   | information-type-system-FAIL.yaml |
   | information-type-system-PASS.yaml |
+  | inter-boundary-component-has-information-type-FAIL.yaml |
+  | inter-boundary-component-has-information-type-PASS.yaml |
   | interconnection-direction-FAIL.yaml |
   | interconnection-direction-PASS.yaml |
   | interconnection-security-FAIL.yaml |
@@ -373,6 +388,10 @@ Examples:
   | inventory-item-allows-authenticated-scan-PASS.yaml |
   | inventory-item-and-component-has-public-FAIL.yaml |
   | inventory-item-and-component-has-public-PASS.yaml |
+  | inventory-item-has-function-FAIL.yaml |
+  | inventory-item-has-function-PASS.yaml |
+  | inventory-item-has-scan-type-FAIL.yaml |
+  | inventory-item-has-scan-type-PASS.yaml |
   | inventory-item-has-valid-mac-address-FAIL.yaml |
   | inventory-item-has-valid-mac-address-PASS.yaml |
   | inventory-item-has-vendor-name-FAIL.yaml |
@@ -441,6 +460,8 @@ Examples:
   | saas-has-leveraged-authorization-PASS.yaml |
   | scan-type-FAIL.yaml |
   | scan-type-PASS.yaml |
+  | scan-type-has-remarks-FAIL.yaml |
+  | scan-type-has-remarks-PASS.yaml |
   | security-level-FAIL.yaml |
   | security-level-PASS.yaml |
   | security-sensitivity-level-matches-security-impact-level-FAIL.yaml |
diff --git a/features/steps/fedramp_extensions_steps.ts b/features/steps/fedramp_extensions_steps.ts
index 44b2435df..601f7b8af 100644
--- a/features/steps/fedramp_extensions_steps.ts
+++ b/features/steps/fedramp_extensions_steps.ts
@@ -1,23 +1,22 @@
-import { BeforeAll, BeforeStep, Given, Then, When, setDefaultTimeout, world } from "@cucumber/cucumber";
+import { BeforeAll, Given, Then, When, setDefaultTimeout } from "@cucumber/cucumber";
 import { expect } from "chai";
 import {
+  existsSync,
+  mkdirSync,
   readFileSync,
   readdirSync,
   unlinkSync,
   writeFileSync,
-  mkdirSync,
-  existsSync,
 } from "fs";
 import { load } from "js-yaml";
-import { executeOscalCliCommand, resolveProfile, resolveProfileDocument, validateDocument} from "oscal";
-import {checkServerStatus} from 'oscal/dist/server.js'
-import { dirname, join,parse, resolve } from "path";
-import { Exception, Log, Result } from "sarif";
+import { JSDOM } from 'jsdom';
+import { executeOscalCliCommand, formatSarifOutput, resolveProfileDocument, validateDocument } from "oscal";
+import { checkServerStatus } from 'oscal/dist/server.js';
+import { dirname, join, parse, resolve } from "path";
+import { Log } from "sarif";
 import { fileURLToPath } from "url";
-import { parseString } from "xml2js";
-import {JSDOM} from 'jsdom'
 import { promisify } from "util";
-import {formatSarifOutput} from 'oscal'
+import { parseString } from "xml2js";
 let executor: 'oscal-cli'|'oscal-server' = process.env.OSCAL_EXECUTOR as 'oscal-cli'|'oscal-server' || 'oscal-cli'
 const quiet = process.env.OSCAL_TEST_QUIET === 'true'
 
@@ -686,6 +685,7 @@ Then('I should have valid results {string}', async function (fileToValidate) {
 
 Then('I should verify that all constraints follow the style guide constraint', async function () {
   const baseDir = join(__dirname, '..', '..');
+  const styleGuidePath = join(baseDir, 'src', 'validations', 'styleguides', 'fedramp-constraint-style.xml');
   const constraintDir = join(baseDir, 'src', 'validations', 'constraints');
   const constraintFiles = readdirSync(constraintDir).filter(file => 
     file.startsWith('fedramp') && file.endsWith('.xml')
@@ -701,7 +701,15 @@ Then('I should verify that all constraints follow the style guide constraint', a
       const fileContent = readFileSync(filePath, 'utf8');
       const dom = new JSDOM(fileContent, { contentType: 'text/xml' });
       const document = dom.window.document;
-
+      const {isValid,log} = await validateDocument(filePath,{flags:['disable-schema'],quiet,extensions:[styleGuidePath],module:"http://csrc.nist.gov/ns/oscal/metaschema/1.0"},executor)
+      writeFileSync(
+        join(
+          __dirname,
+          "../../sarif/",
+          fileName.split(".xml").join("").toString()+".sarif"
+        ),JSON.stringify(log, null,"\t"))  
+      const formattedErrors = (formatSarifOutput(log));
+      formattedErrors&&errors.push(formattedErrors)
       // Process each 'constraints' block separately
       document.querySelectorAll('constraints').forEach(constraintsNode => {
         // Get direct child elements with IDs within this constraints block
diff --git a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
index b41041343..171d69de9 100644
--- a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+++ b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
@@ -929,6 +929,7 @@ that represents the whole system.</p>
       <prop name="implementation-point" value="external"/>
       <prop name="inherited-uuid" value="22222222-0000-4000-9001-009000000001"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="nature-of-agreement" value="sla"/>
+      <prop ns="http://fedramp.gov/ns/oscal" name="end-of-life-date" value="2025-12-31"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
         <remarks>
           <p>If 'yes', describe the authentication method.</p>
@@ -1199,6 +1200,10 @@ leveraged-authorization assembly:</p>
       <prop name="implementation-point" value="external"/>
       <prop name="direction" value="incoming" ns="http://fedramp.gov/ns/oscal"/>
       <prop name="direction" value="outgoing" ns="http://fedramp.gov/ns/oscal"/>
+
+      <prop ns="http://fedramp.gov/ns/oscal" name="information-type" class="incoming" value="C.3.5.1"/>
+      <prop ns="http://fedramp.gov/ns/oscal" name="information-type" class="outgoing" value="C.3.5.8"/>
+
       <prop name="connection-security" value="tls-1.3" ns="http://fedramp.gov/ns/oscal"/>
       <prop name="asset-type" value="saas"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
@@ -1651,7 +1656,9 @@ property.</p>
       </description>
       <prop name="implementation-point" value="internal"/>
       <prop name="public" value="yes"/>
+      <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
       <status state="operational"/>
+      
     </component>
     
     <!-- Virtual Appliance Component -->
@@ -1662,7 +1669,9 @@ property.</p>
         <p>Describe the virtual appliance and what it is used for.</p>
       </description>
       <prop name="implementation-point" value="internal"/>
+      <prop name='function' value='virtual'><remarks><p>virtual function</p></remarks></prop>
       <status state="operational"/>
+      
     </component>
     
     <!-- Hardware Component -->
@@ -1781,6 +1790,7 @@ compliance (e.g., Module in Process).</p>
       <prop name="model" value="stable-slim"/>
       <prop name="version" value="11"/>
       <prop name="patch-level" value="Patch Level"/>
+      <prop name="asset-id" value="unique-asset-ID-03"/>
       <link rel="validation" href="#11111111-2222-4000-8000-009000000002"/>
       <link href="https://hub.docker.com/layers/library/debian/stable/images/sha256-e83913597ca9deb9d699316a9a9d806c2a87ed61195ac66ae0a8ac55089a84b9"/>
       <status state="operational"/>
@@ -1835,6 +1845,10 @@ compliance (e.g., Module in Process).</p>
       <prop name="implementation-point" value="external"/>
       <prop name="direction" value="incoming" ns="http://fedramp.gov/ns/oscal"/>
       <prop name="direction" value="outgoing" ns="http://fedramp.gov/ns/oscal"/>
+
+      <prop ns="http://fedramp.gov/ns/oscal" name="information-type" class="incoming" value="C.3.5.1"/>
+      <prop ns="http://fedramp.gov/ns/oscal" name="information-type" class="outgoing" value="C.3.5.8"/>
+
       <prop ns="http://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
         <remarks>
           <p>If 'yes', describe the authentication method.</p>
@@ -2258,6 +2272,10 @@ approved.</p>
       <prop name="implementation-point" value="external"/>
       <prop name="direction" value="incoming" ns="http://fedramp.gov/ns/oscal"/>
       <prop name="direction" value="outgoing" ns="http://fedramp.gov/ns/oscal"/>
+
+      <prop ns="http://fedramp.gov/ns/oscal" name="information-type" class="incoming" value="C.3.5.1"/>
+      <prop ns="http://fedramp.gov/ns/oscal" name="information-type" class="outgoing" value="C.3.5.8"/>
+
       <prop ns="http://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
         <remarks>
           <p>If 'yes', describe the authentication method.</p>
@@ -2367,6 +2385,10 @@ approved.</p>
           <p>If no, explain why. If yes, omit remark.</p>
         </remarks>
       </prop>
+      <prop ns="http://fedramp.gov/ns/oscal" name="function" value="none">
+        <remarks><p>no function</p></remarks>
+      </prop>
+
       <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
       <responsible-party role-id="asset-owner">
         <party-uuid>11111111-2222-4000-8000-004000000010</party-uuid>
@@ -2395,6 +2417,12 @@ approved.</p>
       <prop name="is-scanned" value="yes"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="vendor-name" value="Vendor"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
+
+      <prop name="function" value="Required brief, text-based description.">
+        <remarks>
+          <p>Required, longer, formatted description.</p>
+        </remarks>
+      </prop>
       <implemented-component component-uuid="11111111-2222-4000-8000-009000000008"/>
     </inventory-item>
     <inventory-item uuid="11111111-2222-4000-8000-011000000004">
@@ -2409,7 +2437,9 @@ approved.</p>
       <prop name="ipv6-address" value="0000:0000:0000:0000:0000:ffff:0a04:0404"/>
       <prop name="is-scanned" value="yes"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="vendor-name" value="Vendor"/>
-      <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
+      <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="other">
+        <remarks><p>a different kind of scan</p></remarks>
+      </prop>
       <implemented-component component-uuid="11111111-2222-4000-8000-009000500006"/>
     </inventory-item>
     <inventory-item uuid="11111111-2222-4000-8000-011000000005">
@@ -2425,7 +2455,13 @@ approved.</p>
       <prop name="is-scanned" value="yes"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="vendor-name" value="Vendor"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
-      <implemented-component component-uuid="11111111-2222-4000-8000-009000000011"/>
+ 
+      <prop name="function" value="Required brief, text-based description.">
+        <remarks>
+          <p>Required, longer, formatted description.</p>
+        </remarks>
+      </prop>
+     <implemented-component component-uuid="11111111-2222-4000-8000-009000000011"/>
     </inventory-item>
     <inventory-item uuid="11111111-2222-4000-8000-011000000006">
       <description>
@@ -2443,6 +2479,13 @@ approved.</p>
           <p>Asset wasn't running at time of scan.</p>
         </remarks>
       </prop>
+      <prop name="function" value="Required brief, text-based description.">
+        <remarks>
+          <p>Required, longer, formatted description.</p>
+        </remarks>
+      </prop>
+
+      <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
       <implemented-component component-uuid="11111111-2222-4000-8000-009000500007"/>
     </inventory-item>
     <inventory-item uuid="11111111-2222-4000-8000-011000000007">
@@ -2458,6 +2501,11 @@ approved.</p>
       <prop name="is-scanned" value="yes"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="vendor-name" value="Vendor"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
+      <prop name="function" value="Required brief, text-based description.">
+        <remarks>
+          <p>Optional, longer, formatted description.</p>
+        </remarks>
+      </prop>
       <implemented-component component-uuid="11111111-2222-4000-8000-009000000008"/>
     </inventory-item>
     <inventory-item uuid="11111111-2222-4000-8000-011000000008">
@@ -2476,6 +2524,12 @@ approved.</p>
           <p>Asset wasn't running at time of scan.</p>
         </remarks>
       </prop>
+      <prop name="function" value="Required brief, text-based description.">
+        <remarks>
+          <p>Optional, longer, formatted description.</p>
+        </remarks>
+      </prop>
+      <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
       <implemented-component component-uuid="11111111-2222-4000-8000-009000500005"/>
     </inventory-item>
     <inventory-item uuid="11111111-2222-4000-8000-011000000009">
@@ -2491,6 +2545,7 @@ approved.</p>
       <prop name="is-scanned" value="yes"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="vendor-name" value="Vendor"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
+      <prop name='function' value='virtual'><remarks><p>virtual function</p></remarks></prop>
       <implemented-component component-uuid="11111111-2222-4000-8000-009000000018"/>
     </inventory-item>
   </system-implementation>
@@ -2522,8 +2577,9 @@ SSP authors must add implmentations for all required controls.
         <value>at least every 3 years</value>
       </set-parameter><set-parameter param-id="ac-01_odp.07">
         <value>at least annually</value>
-      </set-parameter><statement statement-id="ac-1_smt.a.1" uuid="11111111-2222-4000-8000-013000000001">
-        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000001">
+      </set-parameter>
+      <statement statement-id="ac-1_smt" uuid="11111117-2222-4000-8000-013000000001">
+<by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000001">
           <description>
             <p>Describe how Part a is satisfied within the system.</p>
             <p>Legacy approach. If no policy component is defined, describe here how the policy satisfies part a.</p>
@@ -2553,6 +2609,37 @@ SSP authors must add implmentations for all required controls.
                     </responsible-role>
         </by-component>
       </statement>
+      <statement statement-id="ac-1_smt.a.1" uuid="11111111-2222-4000-8000-013000000001">
+        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8880-014000000001">
+          <description>
+            <p>Describe how Part a is satisfied within the system.</p>
+            <p>Legacy approach. If no policy component is defined, describe here how the policy satisfies part a.</p>
+            <p>In this case, a link must be provided to the policy.</p>
+            <p>FedRAMP prefers all policies and procedures be attached as a resource in the back-matter. The link points to a resource.</p>
+          </description>
+          <link href="#11111111-2222-4000-8000-001000000005" rel="policy"/>
+          <link href="#11111111-2222-4000-8000-001000000023" rel="procedure"/>
+          <implementation-status state="operational"/>
+                    <responsible-role role-id="system-admin">
+                        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+                    </responsible-role>
+          <remarks>
+            <p>The specified component is the system itself.</p>
+            <p>Any control implementation response that can not be associated with another component is associated with the component representing the system.</p>
+          </remarks>
+        </by-component>
+        <by-component component-uuid="11111111-2222-4000-8000-009000000012" uuid="11111111-2222-4000-8000-014000000012">
+          <description>
+            <p>Describe how this policy component satisfies part a.</p>
+            <p>Component approach. This links to a component representing the Identity Management and Access Control Policy.</p>
+            <p>That component contains a link to the policy, so it does not have to be linked here too.</p>
+          </description>
+          <implementation-status state="operational"/>
+                    <responsible-role role-id="system-admin">
+                        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+                    </responsible-role>
+        </by-component>
+      </statement>
       <statement statement-id="ac-1_smt.a.2" uuid="11111111-2222-4000-8000-013000000002">
         <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000003">
           <description>
@@ -2786,7 +2873,7 @@ SSP authors must add implmentations for all required controls.
                     </responsible-role>
         </by-component>
       </statement><statement statement-id="at-1_smt.a" uuid="11111111-2222-4000-8000-013000000008">
-        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000012">
+        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000017">
           <description>
             <p>Describe how Part a is satisfied.</p>
           </description>
@@ -2856,7 +2943,7 @@ SSP authors must add implmentations for all required controls.
       </set-parameter><responsible-role role-id="information-system-security-officer">
         <party-uuid>11111111-2222-4000-8000-004000000011</party-uuid>
       </responsible-role><statement statement-id="au-1_smt" uuid="11111111-2222-4000-8000-013000000011">
-        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000017">
+        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8800-004000000017">
           <description>
             <p>Describe how the control is satisfied within the system.</p>
           </description>
@@ -3756,7 +3843,7 @@ SSP authors must add implmentations for all required controls.
         <value>All employees, contractors, and third-party vendors who handle sensitive information or have access to organizational media.</value>
       </set-parameter><responsible-role role-id="information-system-security-officer">
         <party-uuid>11111111-2222-4000-8000-004000000011</party-uuid>
-      </responsible-role><statement statement-id="_smt" uuid="11111111-2222-4000-8000-013000000039">
+      </responsible-role><statement statement-id="mp-1_smt" uuid="11111111-2222-4000-8000-013000000039">
         <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000059">
           <description>
             <p>Describe how the control is satisfied within the system.</p>
@@ -3771,7 +3858,9 @@ SSP authors must add implmentations for all required controls.
                         <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
                     </responsible-role>
         </by-component>
-      </statement><statement statement-id="mp-1_smt.a" uuid="11111111-2222-4000-8000-013000000040">
+      </statement>
+      
+      <statement statement-id="mp-1_smt.a" uuid="11111111-2222-4000-8000-013000000040">
         <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000060">
           <description>
             <p>For the portion of the control satisfied by the service provider, describe <strong>how</strong> the control is met.</p>
@@ -3841,7 +3930,7 @@ SSP authors must add implmentations for all required controls.
         <value>All personnel with access to company facilities or systems, including employees, contractors, and third-party vendors.</value>
       </set-parameter><responsible-role role-id="information-system-security-officer">
         <party-uuid>11111111-2222-4000-8000-004000000011</party-uuid>
-      </responsible-role><statement statement-id="_smt" uuid="11111111-2222-4000-8000-013000000043">
+      </responsible-role><statement statement-id="pe-1_smt" uuid="11111111-2222-4000-8000-013000000043">
         <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000065">
           <description>
             <p>Describe how the control is satisfied within the system.</p>
diff --git a/src/validations/constraints/content/resolved-example-profile.xml b/src/validations/constraints/content/resolved-example-profile.xml
new file mode 100644
index 000000000..ce2dd5bc1
--- /dev/null
+++ b/src/validations/constraints/content/resolved-example-profile.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="2a1553a7-2ae5-4669-a260-7c6fe6215170">
+    <metadata>
+        <title>Sample</title>
+        <last-modified>2025-01-08T00:00:00Z</last-modified>
+        <version>1.0</version>
+        <oscal-version>1.1.3</oscal-version>
+    </metadata>
+    <control id="sample-1">
+        <title>Sample 1</title>
+        <part name="statement" id="sample-1_smt">
+            <part name="item" id="sample-1_smt.a">
+                <prop ns="https://fedramp.gov/ns/oscal" name="response-point" value="You must fill in this response point." />
+                <p>Should be INCLUDED (sample-1_smt.a)</p>
+                <part name="item" id="sample-1_smt.a.1">
+                    <prop ns="https://fedramp.gov/ns/oscal" name="response-point" value="You must fill in this response point." />
+                    <p>Should be INCLUDED (sample-1_smt.a.1)</p>
+                </part>
+            </part>
+        </part>
+
+        <part id="sample-1_obj" name="assessment-objective">
+            <part id="sample-1_obj.a" name="assessment-objective">
+                <prop ns="https://fedramp.gov/ns/oscal" name="response-point" value="You must fill in this response point."/>
+                <p>this should be EXCLUDED (sample-1_obj.a)</p>
+                <part id="sample-1_obj.a-1" name="assessment-objective">
+                    <prop ns="https://fedramp.gov/ns/oscal" name="response-point" value="You must fill in this response point."/>
+                    <p>this should be EXCLUDED (sample-1_obj.a-1)</p>
+                </part>
+            </part>
+        </part>
+    </control>
+</catalog>
\ No newline at end of file
diff --git a/src/validations/constraints/content/ssp-authenticated-scan-no-has-remarks-INVALID.xml b/src/validations/constraints/content/ssp-authenticated-scan-no-has-remarks-INVALID.xml
new file mode 100644
index 000000000..7128ef723
--- /dev/null
+++ b/src/validations/constraints/content/ssp-authenticated-scan-no-has-remarks-INVALID.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                      xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+                      uuid="12345678-1234-4321-8765-123456789012">
+  
+  <system-characteristics>
+      <security-sensitivity-level>fips-199-moderate</security-sensitivity-level>
+</system-characteristics>
+  <system-implementation>
+    <inventory-item uuid="77777777-0000-4000-9000-000000000007">
+      <description>
+        <p>Primary database server</p>
+      </description>
+      <prop name="asset-id" value="DB-001" ns="http://csrc.nist.gov/ns/oscal"/>
+      <prop name="asset-type" value="database"/>
+      <prop name="allows-authenticated-scan" value="no"/>
+      <prop name="public" value="no"/>
+      <prop name="virtual" value="yes"/>
+      <prop name="scan-type" value="database" ns="http://fedramp.gov/ns/oscal"/>
+      <responsible-party role-id="asset-owner">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-party>
+    </inventory-item>
+  </system-implementation>
+
+</system-security-plan>
diff --git a/src/validations/constraints/content/ssp-end-of-life-date-type-INVALID.xml b/src/validations/constraints/content/ssp-end-of-life-date-type-INVALID.xml
new file mode 100644
index 000000000..f8ec6e421
--- /dev/null
+++ b/src/validations/constraints/content/ssp-end-of-life-date-type-INVALID.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+    uuid="12345678-1234-4321-8765-123456789012">
+    <metadata>
+        <title>Test SSP for End of Life Date Type Validation</title>
+        <last-modified>2023-12-08T12:00:00Z</last-modified>
+        <version>1.0</version>
+        <oscal-version>1.0.0</oscal-version>
+    </metadata>
+    <system-implementation>
+        <component uuid="11111111-0000-4000-9000-000000000001" type="software">
+            <title>Example Component</title>
+            <description>
+                <p>A component with an invalid end-of-life-date format</p>
+            </description>
+            <prop ns="http://fedramp.gov/ns/oscal" name="end-of-life-date" value="not-a-valid-date"/>
+            <status state="operational"/>
+        </component>
+    </system-implementation>
+</system-security-plan>
diff --git a/src/validations/constraints/content/ssp-has-required-response-points-VALID.xml b/src/validations/constraints/content/ssp-has-required-response-points-VALID.xml
new file mode 100644
index 000000000..c32acfbf1
--- /dev/null
+++ b/src/validations/constraints/content/ssp-has-required-response-points-VALID.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-model href="https://raw.githubusercontent.com/usnistgov/OSCAL/v1.0.4/xml/schema/oscal_complete_schema.xsd" schematypens="http://www.w3.org/2001/XMLSchema" title="OSCAL complete schema"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="11111111-2222-4000-8000-000000000000">
+<metadata></metadata>
+     <import-profile href="resolved-example-profile.xml"/>
+     <control-implementation>
+     <description></description>
+         <implemented-requirement uuid="11111111-2222-4000-8000-012000000001" control-id="unsupported-id">
+            <prop name="control-origination" ns="http://fedramp.gov/ns/oscal" value="sp-system"/>
+            <link href="#11111111-2222-4000-8000-001000000005" rel="policy"/>
+            <link href="#11111111-2222-4000-8000-001000000023" rel="procedure"/>
+            <set-parameter param-id="ac-1_prm_1">
+                <value>organization-defined personnel or roles</value>
+            </set-parameter>
+                        <set-parameter param-id="mp-2_prm_2">
+                <value>Chief Information Security Officer, Information System Security Officers, and System Administrators</value>
+            </set-parameter>
+                        <statement statement-id="sample-1_smt" uuid="11111111-2222-4000-8000-013000000008">
+                <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000003">
+                    <description>
+                        <p>There</p>
+                    </description>
+                    <prop name="planned-completion-date" ns="http://fedramp.gov/ns/oscal" value="2024-01-31Z"/>
+                    <implementation-status state="partial">
+                        <remarks>
+                            <p>Describe the plan to complete the implementation.</p>
+                        </remarks>
+                    </implementation-status>
+                </by-component>
+                <by-component component-uuid="11111111-2222-4000-8000-009000000013" uuid="11111111-2222-4000-8000-014000000004">
+                    <description>
+                        <p>Describe how this policy currently satisfies part a.</p>
+                    </description>
+                    <prop name="planned-completion-date" ns="http://fedramp.gov/ns/oscal" value="2024-01-31Z">
+                        <remarks>
+                            <p>Describe the plan for addressing the missing policy elements.</p>
+                        </remarks>
+                    </prop>
+                    <implementation-status state="partial">
+                        <remarks>
+                            <p>Identify what is currently missing from this policy.</p>
+                        </remarks>
+                    </implementation-status>
+                </by-component>
+            </statement>
+            <statement statement-id="ac-1_smt.a.1" uuid="11111111-2222-4000-8000-013000000001">
+                <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000001">
+                    <description>
+                        <p>Describe how Part a is satisfied within the system.</p>
+                        <p>Legacy approach. If no policy component is defined, describe here how the policy satisfies part a.</p>
+                        <p>In this case, a link must be provided to the policy.</p>
+                        <p>FedRAMP prefers all policies and procedures be attached as a resource in the back-matter. The link points to a resource.</p>
+                    </description>
+                    <link href="#11111111-2222-4000-8000-001000000005" rel="policy"/>
+                    <link href="#11111111-2222-4000-8000-001000000023" rel="procedure"/>
+                    <implementation-status state="operational"/>
+                    <remarks>
+                        <p>The specified component is the system itself.</p>
+                        <p>Any control implementation response that can not be associated with another component is associated with the component representing the system.</p>
+                    </remarks>
+                </by-component>
+                <by-component component-uuid="11111111-2222-4000-8000-009000000012" uuid="11111111-2222-4000-8000-014000000002">
+                    <description>
+                        <p>Describe how this policy component satisfies part a.</p>
+                        <p>Component approach. This links to a component representing the Identity Management and Access Control Policy.</p>
+                        <p>That component contains a link to the policy, so it does not have to be linked here too.</p>
+                    </description>
+                    <implementation-status state="operational"/>
+                </by-component>
+            </statement>
+            <statement statement-id="sample-1_smt.a" uuid="11111111-2222-4000-8000-013000000002">
+                <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000003">
+                    <description>
+                        <p>There</p>
+                    </description>
+                    <prop name="planned-completion-date" ns="http://fedramp.gov/ns/oscal" value="2024-01-31Z"/>
+                    <implementation-status state="partial">
+                        <remarks>
+                            <p>Describe the plan to complete the implementation.</p>
+                        </remarks>
+                    </implementation-status>
+                </by-component>
+                <by-component component-uuid="11111111-2222-4000-8000-009000000013" uuid="11111111-2222-4000-8000-014000000004">
+                    <description>
+                        <p>Describe how this policy currently satisfies part a.</p>
+                    </description>
+                    <prop name="planned-completion-date" ns="http://fedramp.gov/ns/oscal" value="2024-01-31Z">
+                        <remarks>
+                            <p>Describe the plan for addressing the missing policy elements.</p>
+                        </remarks>
+                    </prop>
+                    <implementation-status state="partial">
+                        <remarks>
+                            <p>Identify what is currently missing from this policy.</p>
+                        </remarks>
+                    </implementation-status>
+                </by-component>
+            </statement>
+
+            <statement statement-id="sample-1_smt.a.1" uuid="11111111-2222-4000-8000-013000000003">
+                <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000005">
+                    <description>
+                        <p>Describe how Part b-1 is satisfied.</p>
+                    </description>
+                    <implementation-status state="operational"/>
+                </by-component>
+            </statement>
+            <statement statement-id="ac-1_smt.b.2" uuid="11111111-2222-4000-8000-013000000004">
+                <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000006">
+                    <description>
+                        <p>Describe how Part b-2 is satisfied.</p>
+                    </description>
+                    <implementation-status state="operational"/>
+                </by-component>
+            </statement>
+        </implemented-requirement>
+    </control-implementation>
+</system-security-plan>
\ No newline at end of file
diff --git a/src/validations/constraints/content/ssp-high-impact-inventory-item-has-asset-owner-INVALID.xml b/src/validations/constraints/content/ssp-high-impact-inventory-item-has-asset-owner-INVALID.xml
new file mode 100644
index 000000000..2beab9dab
--- /dev/null
+++ b/src/validations/constraints/content/ssp-high-impact-inventory-item-has-asset-owner-INVALID.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                      xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+                      uuid="12345678-1234-4321-8765-123456789012">
+  
+  <system-characteristics>
+      <security-sensitivity-level>fips-199-high</security-sensitivity-level>
+</system-characteristics>
+  <system-implementation>
+    <inventory-item uuid="77777777-0000-4000-9000-000000000007">
+      <description>
+        <p>Primary database server</p>
+      </description>
+      <prop name="asset-id" value="DB-001" ns="http://csrc.nist.gov/ns/oscal"/>
+      <prop name="asset-type" value="database"/>
+      <prop name="allows-authenticated-scan" value="no"/>
+      <prop name="public" value="no"/>
+      <prop name="virtual" value="yes"/>
+      <prop name="scan-type" value="database" ns="http://fedramp.gov/ns/oscal"/>
+    </inventory-item>
+  </system-implementation>
+
+</system-security-plan>
diff --git a/src/validations/constraints/content/ssp-inter-boundary-component-has-information-type-INVALID.xml b/src/validations/constraints/content/ssp-inter-boundary-component-has-information-type-INVALID.xml
new file mode 100644
index 000000000..5b248eef3
--- /dev/null
+++ b/src/validations/constraints/content/ssp-inter-boundary-component-has-information-type-INVALID.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-model href="https://github.com/usnistgov/OSCAL/releases/download/v1.1.3/oscal_ssp_schema.xsd" schematypens="http://www.w3.org/2001/XMLSchema" title="OSCAL complete schema"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="df903c4c-6bb5-4b78-8a71-c5baa06a9f2e">
+   <system-implementation>
+      <component uuid="67ecaba6-e5be-4c92-9731-e55825689e8f" type="service">
+         <title>Service B</title>
+         <description>
+            <p>An non-authorized service provided by the Awesome Cloud leveraged authorization.</p>
+            <p>Describe the service and what it is used for.</p>
+         </description>
+         <prop name="implementation-point" value="external"/>
+         <prop name="connection-security" value="non-fedramp-value" ns="https://fedramp.gov/ns/oscal"/>
+         <prop ns="https://fedramp.gov/ns/oscal" name="provider" value="self"/>
+         <prop ns="https://fedramp.gov/ns/oscal" name="still-supported" value="yes"/>
+         <prop ns="https://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
+            <remarks>
+               <p>If 'yes', describe the authentication method.</p>
+               <p>If 'no', explain why no authentication is used.</p>
+               <p>If 'not-applicable', attest explain why authentication is not applicable in the remarks.</p>
+            </remarks>
+         </prop>
+         <prop name="poam-item-uuid" ns="https://fedramp.gov/ns/oscal" value="11111111-3333-4000-8000-000000000001"/>
+         <prop name="poam-id" ns="https://fedramp.gov/ns/oscal" value="ID-0001"/>
+         <link rel="provided-by" href="#11111111-2222-4000-8000-009000100001"/>
+         <status state="operational"/>
+         <responsible-role role-id="admin">
+         </responsible-role>
+         <responsible-role role-id="provider">
+            <party-uuid>33333333-2222-4000-8000-004000000001</party-uuid>
+         </responsible-role>
+         <remarks>
+            <p>Each non-authorized leveraged service must be expressed as a "service" component.</p>
+         </remarks>
+      </component>
+   </system-implementation>
+</system-security-plan>
\ No newline at end of file
diff --git a/src/validations/constraints/content/ssp-inventory-item-has-function-INVALID.xml b/src/validations/constraints/content/ssp-inventory-item-has-function-INVALID.xml
new file mode 100644
index 000000000..2d8409b5b
--- /dev/null
+++ b/src/validations/constraints/content/ssp-inventory-item-has-function-INVALID.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                      xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+                      uuid="12345678-1234-4321-8765-123456789012">
+
+  <system-implementation>
+    <inventory-item uuid="77777777-0000-4000-9000-000000000007">
+      <prop name="public" value="unsupported-public"/>
+    </inventory-item>
+  </system-implementation>
+
+</system-security-plan>
diff --git a/src/validations/constraints/content/ssp-inventory-item-has-scan-type-INVALID.xml b/src/validations/constraints/content/ssp-inventory-item-has-scan-type-INVALID.xml
new file mode 100644
index 000000000..fe940d32a
--- /dev/null
+++ b/src/validations/constraints/content/ssp-inventory-item-has-scan-type-INVALID.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                      xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+                      uuid="12345678-1234-4321-8765-123456789012">
+
+  <system-implementation>
+    <inventory-item uuid="77777777-0000-4000-9000-000000000007">
+      <prop name="virtual" value="unsupported-virtual"/>
+    </inventory-item>
+  </system-implementation>
+
+</system-security-plan>
diff --git a/src/validations/constraints/content/ssp-scan-type-has-remarks-INVALID.xml b/src/validations/constraints/content/ssp-scan-type-has-remarks-INVALID.xml
new file mode 100644
index 000000000..2bc42b807
--- /dev/null
+++ b/src/validations/constraints/content/ssp-scan-type-has-remarks-INVALID.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0">
+    <metadata/>
+    <system-implementation>
+   <component uuid="11111111-0000-4000-9000-000000000001" type="software">
+        <title>Example Component 1</title>
+        <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="other"/>
+    </component>
+    <component uuid="22222222-0000-4000-9000-000000000002" type="software">
+        <title>Example Component 2</title>
+        <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="not-applicable"/>
+    </component>
+    <inventory-item>
+        <implemented-component component-uuid="11111111-0000-4000-9000-000000000001">
+            <prop name="asset-id" value="unique-asset-ID-3"/>
+        </implemented-component>
+        <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="not-applicable"/>
+    </inventory-item>
+    </system-implementation> 
+</system-security-plan>
diff --git a/src/validations/constraints/content/ssp-security-level-INVALID.xml b/src/validations/constraints/content/ssp-security-level-INVALID.xml
index 33d9cdaef..fa4f426b4 100644
--- a/src/validations/constraints/content/ssp-security-level-INVALID.xml
+++ b/src/validations/constraints/content/ssp-security-level-INVALID.xml
@@ -24,4 +24,13 @@
       <security-objective-availability>INVALID-fips-199-moderate</security-objective-availability>
     </security-impact-level>
   </system-characteristics>
+  <system-implementation>
+    <leveraged-authorization uuid="11111111-2222-4000-8000-019000000001">
+      <prop ns="http://fedramp.gov/ns/oscal" name="impact-level" value="INVALID-fips-199-moderate">
+        <remarks>
+          <p>For now, this is a required field. In the future we intend to pull this information directly from FedRAMP's records based on the "leveraged-system-identifier" property's value.</p>
+        </remarks>
+      </prop>
+    </leveraged-authorization>
+  </system-implementation>
 </system-security-plan>
\ No newline at end of file
diff --git a/src/validations/constraints/fedramp-external-allowed-values.xml b/src/validations/constraints/fedramp-external-allowed-values.xml
index 592df480c..4e2013a05 100644
--- a/src/validations/constraints/fedramp-external-allowed-values.xml
+++ b/src/validations/constraints/fedramp-external-allowed-values.xml
@@ -647,9 +647,10 @@
         <metapath target="/system-security-plan/system-characteristics/security-sensitivity-level"/>
         <metapath target="/system-security-plan/system-characteristics/security-impact-level/(security-objective-confidentiality|security-objective-integrity|security-objective-availability)"/>
         <metapath target="/system-security-plan/system-characteristics/system-information/information-type/(confidentiality-impact|integrity-impact|availability-impact)/(base|selected)"/>
+        <metapath target="/system-security-plan/system-implementation/leveraged-authorization"/>
         <constraints>
-
-            <allowed-values id="security-level" target="." allow-other="no" level="ERROR">
+            <let var="security-level-target" expression="if (prop[@name='impact-level' and @ns='http://fedramp.gov/ns/oscal']) then prop[@name='impact-level' and @ns='http://fedramp.gov/ns/oscal']/@value else ."/>
+            <allowed-values id="security-level" target="$security-level-target" allow-other="no" level="ERROR">
                 <formal-name>Security Impact Level</formal-name>
                 <description>The security objective level as defined by <a href="https://doi.org/10.6028/NIST.SP.800-60v1r1">NIST SP 800-60</a>.
                 </description>
diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
index af08fea6f..af1baef6b 100644
--- a/src/validations/constraints/fedramp-external-constraints.xml
+++ b/src/validations/constraints/fedramp-external-constraints.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <metaschema-meta-constraints xmlns="http://csrc.nist.gov/ns/oscal/metaschema/1.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/metaschema/1.0 https://raw.githubusercontent.com/metaschema-framework/metaschema/refs/heads/develop/schema/xml/metaschema-meta-constraints.xsd">
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
     <!-- ================== -->
     <!-- FedRAMP Extensions -->
     <!-- ================== -->
@@ -66,7 +66,7 @@
             <let var="aggregate-parameters" expression="$resolved-profile//param[prop[@name='aggregates']]/@id"/>
             <let var="implemented-parameters-map" expression="map:merge(//set-parameter ! map:entry(@param-id,.))?*"/>          
             <let var="implemented-statements-map" expression="map:merge(//statement ! map:entry(@statement-id,.))?*"/>          
-            <let var="required-response-points-map" expression="map:merge($resolved-profile//part[(prop[@name='response-point'])] ! map:entry(@id,.))?*"/>          
+            <let var="required-response-points-map" expression="map:merge($resolved-profile//part[@name='statement' and (.//prop[@name='response-point'])] ! map:entry(@id,.))?*"/>          
             <index name="index-implemented-statements" target="$implemented-statements-map">
                 <formal-name>Statements implimented in SSP</formal-name>
                 <description>This index includes all statements defined in a FedRAMP SSP</description>
@@ -92,12 +92,12 @@
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#external-systems-and-services-not-having-fedramp-authorization"/>
                 <message>A FedRAMP SSP MUST have each component describing leveraged systems, interconnections, or authorized services identify a "provider" role that references one responsible party.</message>
             </expect>
-                        <index-has-key id='extraneous-implemented-requirements' target="//implemented-requirement" name="index-imported-controls" level="ERROR">
+                        <index-has-key id='extraneous-implemented-requirements' target="//implemented-requirement" name="index-imported-controls" level="WARNING">
                 <formal-name>Additional Controls Implemented Not in Baseline</formal-name>
-                <description>A FedRAMP SSP MUST NOT include extraneous controls outside of the FedRAMP baseline.</description>
+                <description>A FedRAMP SSP SHOULD NOT include extraneous controls outside of the FedRAMP baseline.</description>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/6-security-controls/#implementation-status"/>
                 <key-field target="@control-id"/>
-                <message>A FedRAMP SSP MUST NOT include extraneous controls outside of the FedRAMP baseline. Extraneous control: ({@control-id}).</message>
+                <message>A FedRAMP SSP SHOULD NOT include extraneous controls outside of the FedRAMP baseline. Extraneous control: ({@control-id}).</message>
             </index-has-key>
 
             <index name="index-implemented-parameters" target="$implemented-parameters-map">
@@ -151,7 +151,7 @@
             <expect id="leveraged-authorization-has-valid-impact-level" target="//leveraged-authorization/prop[@name='impact-level'][@ns='http://fedramp.gov/ns/oscal']/@value" test=". = $sensitivity-level-floor" level="ERROR">
                 <formal-name>Leveraged Authorization Has Valid Impact Level</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>
-                <message>A FedRAMP SSP MUST define the appropriate FIPS-199 impact level (low, moderate, or high) for each leveraged authorization.</message>
+                <message>The FIPS-199 impact level of the leveraged system MUST be the same or higher than the impact level of this system.</message>
             </expect>
             <expect id="non-provider-responsible-role-references-user" target="." test="$non-provider-user-has-function-performed" level="ERROR">
                 <formal-name>Non-Provider Responsible Role References User</formal-name>
@@ -571,10 +571,21 @@
         </constraints>
     </context>
 
+    <context>
+        <metapath target="//(component | inventory-item)"/>
+        <constraints>
+            <matches id="end-of-life-date-type" target="prop[@ns='http://fedramp.gov/ns/oscal' and @name='end-of-life-date']/@value" datatype="date" level="ERROR">
+                <formal-name>End of Life Date Type</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
+                <message>When the end-of-life-date property is present, it MUST be in date format.</message>
+            </matches>
+        </constraints>
+    </context>
+
     <context>
         <metapath target="/system-security-plan/system-implementation"/>
         <constraints>
-            <let var="inter-boundary-component" expression="component[(@type=('service','software') and not(prop[@name='leveraged-authorization-uuid']) and prop[@name='implementation-point' and @value='external']) or (@type='interconnection') or (@type=('service', 'software') and prop[@name='implementation-point' and @value='internal'] and (prop[@name='communicates-externally' and @value='yes' and @ns='http://fedramp.gov/ns/oscal']))]"/>
+            <let var="inter-boundary-component" expression="component[(@type=('service','software') and not(prop[@name='leveraged-authorization-uuid']) and prop[@name='implementation-point' and @value='external']) or (@type='interconnection') or (@type=('service','software') and prop[@name='implementation-point' and @value='internal'] and (prop[@name='communicates-externally' and @value='yes' and @ns='http://fedramp.gov/ns/oscal']))]"/>
             <expect id="authentication-method-has-remarks" target="//component[(@type='system' and ./prop[@name='leveraged-authorization-uuid']) or (@type='service' and not(./prop[@name='leveraged-authorization-uuid']) and ./prop[@name='implementation-point' and @value='external']) or (@type='interconnection') or (@type='service' and ./prop[@name='implementation-point' and @value='internal'] and ./prop[@name='direction']) or (@type='software' and ./prop[@name='asset-type' and @value='cli'] and ./prop[@name='direction'])]" test="count(./prop[@name='authentication-method' and @ns='http://fedramp.gov/ns/oscal'])  = count(./prop[@name='authentication-method' and @ns='http://fedramp.gov/ns/oscal']/remarks)" level="ERROR">
                 <formal-name>Authentication Method Has Remarks</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>
@@ -592,7 +603,7 @@
             </expect>
             <expect id="image-has-checksum" target="//component[@type='software' and ./prop[@name='asset-type' and @value='image']]" test="count(./prop[@name='checksum' and @ns='http://fedramp.gov/ns/oscal']) = 1" level="ERROR">
                 <formal-name>Container Image Has Checksum Property</formal-name>
-                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="insert-help-url-here"/>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
                 <message>In a FedRAMP SSP, a component that describes a container or operating system image MUST define a checksum property.</message>
             </expect>
             <expect id="information-type-has-class" target="component/prop[@name='information-type' and @ns='http://fedramp.gov/ns/oscal']" test="exists(@class)" level="ERROR">
@@ -600,11 +611,21 @@
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>
                 <message>In a FedRAMP SSP, each information type property in a component MUST categorize the class of data flow as incoming to the system, outgoing from the system, or both.</message>
             </expect>
+            <expect id="inter-boundary-component-has-information-type" target="$inter-boundary-component" test="count(prop[@name='information-type' and @ns='http://fedramp.gov/ns/oscal']) &gt;= 1" level="ERROR">
+                <formal-name>Inter-Boundary Component Has Information Type</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#system-information-and-information-types"/>
+                <message>An inter-boundary communication component {@uuid} ({path(.)}) MUST have at least one information-type property.</message>
+            </expect>
             <expect id="inventory-item-and-component-has-public" target="(inventory-item | component[@type='service' and prop[@name='implementation-point' and @value='internal']])" test="count(prop[@name='public']) = 1" level="ERROR">
                 <formal-name>Inventory Item and Component Has Public</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
                 <message>In a FedRAMP SSP, each inventory item and internal service component MUST state if they are public-facing.</message>
             </expect>
+            <expect id="inventory-item-or-component-has-asset-id" target="(inventory-item)| (component[@type='software' and prop[@name='asset-type' and @value='image']])" test="count(prop[@name='asset-id']) = 1" level="ERROR">
+                <formal-name>Inventory Item or Component Has Asset ID</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
+                <message>In a FedRAMP SSP, each inventory item and software image component MUST include the asset ID.</message>
+            </expect>
             <expect id="leveraged-authorization-has-authorization-type" target="leveraged-authorization" test="count(prop[@name='authorization-type'][@ns='http://fedramp.gov/ns/oscal']) = 1" level="ERROR">
                 <formal-name>Leveraged Authorization Has Authorization Type</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>
@@ -648,21 +669,35 @@
         </constraints>
     </context>
 
-    <context>
-        <metapath target="/system-security-plan/system-implementation"/>
-        <constraints>
-            <expect id="inventory-item-or-component-has-asset-id" target="(inventory-item)| (component[@type='software' and prop[@name='asset-type' and @value='image']])" test="count(prop[@name='asset-id']) = 1" level="ERROR">
-                <formal-name>Inventory Item or Component Has Asset ID</formal-name>
-                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
-                <message>In a FedRAMP SSP, each inventory item and software image component MUST include the asset ID.</message>
-            </expect>
-        </constraints>
-    </context>
 
     <context>
         <metapath target="/system-security-plan/system-implementation/inventory-item"/>
         <constraints>
+            <let var="high-sensitivity" expression="../../system-characteristics/security-sensitivity-level='fips-199-high'"/>
+            <let var="moderate-sensitivity" expression="../../system-characteristics/security-sensitivity-level='fips-199-moderate'"/>
+
             <let var ="component-uuid" expression="implemented-component/@component-uuid"/>
+            <let var ="implemented-component" expression="../component[@uuid=$component-uuid]"/>
+            <expect id="authenticated-scan-no-has-remarks" target="prop[@name='allows-authenticated-scan' and @value='no']" test="if ($high-sensitivity or $moderate-sensitivity) then exists(remarks) else true()" level="ERROR">
+                <formal-name>Authenticated Scan No Has Remarks</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
+                <message>A FedRAMP SSP MUST provide justification for any high or moderate impact system inventory item that does not support authenticated scans.</message>
+            </expect>
+             <expect id="high-impact-inventory-item-has-asset-owner" target="." test="if ($high-sensitivity) then count(./responsible-party[@role-id=('asset-owner', 'asset-administrator')] | $implemented-component/responsible-role[@role-id=('asset-owner', 'asset-administrator')][count(party[@uuid=./party-uuid]) >= 1]) >= 1 else true()" level="ERROR">
+                <formal-name>High Impact Inventory Item Has Asset Owner</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
+                <message>For HIGH-impact systems, every inventory-item MUST identify an asset-owner or administrator property either within the inventory-item itself, or within the component linked by the inventory-item.</message>
+            </expect>
+            <expect id="inventory-item-has-function" target="." test="exists(prop[@name='function']/remarks) or exists($implemented-component/prop[@name='function']/remarks)" level="ERROR">
+                <formal-name>Inventory Item Has Function</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
+                <message>Every inventory-item MUST provide remarks to describe the function of the item, either within the inventory-item itself, or within the component linked by the inventory-item.</message>
+            </expect>
+            <expect id="inventory-item-has-scan-type" target="." test="count(prop[@name='scan-type' and @ns='http://fedramp.gov/ns/oscal']) >= 1 or count($implemented-component/prop[@name='scan-type' and @ns='http://fedramp.gov/ns/oscal']) >= 1" level="ERROR">
+                <formal-name>Inventory Item Has Scan Type</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
+                <message>Every inventory-item MUST indicate one or more scan type(s), either within the inventory-item itself, or within the component linked by the inventory-item.</message>
+            </expect>
              <expect id="inventory-item-has-valid-mac-address" target=".[prop[@name='mac-address']]/prop[@name='mac-address']" test="matches(@value, '^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})|([0-9a-fA-F]{4}\\.[0-9a-fA-F]{4}\\.[0-9a-fA-F]{4})$')" level="ERROR">
                 <formal-name>Inventory Item Has Valid Mac Address</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
@@ -673,6 +708,11 @@
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
                 <message>In a FedRAMP SSP, each inventory item MUST include the vendor name in the inventory item itself or within the linked component.</message>
             </expect>
+<expect id="scan-type-has-remarks" target="..//prop[@name='scan-type' and @ns='http://fedramp.gov/ns/oscal' and @value=('other','not-applicable')]" test="exists(remarks)" level="ERROR">
+    <formal-name>Scan Type Has Remarks</formal-name>
+    <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
+    <message>When scan-type is 'other' or 'not-applicable', remarks MUST be provided to explain the selection.</message>
+</expect>
         </constraints>
     </context>
 
@@ -756,6 +796,7 @@
             'sc-1_smt.a' : 'at least one procedure that addresses System and Communications Protection MUST be associated with SC-1 part a.',
             'si-1_smt.a' : 'at least one procedure that addresses System and Information Integrity MUST be associated with SI-1 part a.',
             'sr-1_smt.a' : 'at least one procedure that addresses Supply Chain Risk Management MUST be associated with SR-1 part a.'}"/>
+            <let var="component-uuid" expression="by-component/@component-uuid"/>
             <expect id="has-policy" target=".[@statement-id=$control-statement-ids]" test="some $uuid in $component-uuid satisfies count(../../../system-implementation/component[@uuid=$component-uuid and @type='policy']) >= 1" level="ERROR">
                 <formal-name>Has Policy</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/6-security-controls/#organization-policy-and-procedure-statements"/>
@@ -766,6 +807,11 @@
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/6-security-controls/#organization-policy-and-procedure-statements"/>
                 <message>In a FedRAMP SSP, {$procedure-messages(./@statement-id)}</message>
             </expect>
+            <expect id="statement-has-this-system-component" target="." test="count(../../../system-implementation/component[@type='this-system' and @uuid=$component-uuid]) = 1" level="ERROR">
+                <formal-name>Statement Has This System Component</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/6-security-controls/#response-this-system-component"/>
+                <message>In a FedRAMP SSP, each control implementation statement MUST have one "this-system" by-component.</message>
+            </expect>
         </constraints>
     </context>
 
@@ -785,17 +831,6 @@
         </constraints>
     </context>
 
-    <context>
-        <metapath target="/system-security-plan/control-implementation/implemented-requirement/statement"/>
-        <constraints>
-            <let var="component-uuid" expression="by-component/@component-uuid"/>
-            <expect id="statement-has-this-system-component" target="." test="count(../../../system-implementation/component[@type='this-system' and @uuid=$component-uuid]) = 1" level="ERROR">
-                <formal-name>Statement Has This System Component</formal-name>
-                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/6-security-controls/#response-this-system-component"/>
-                <message>In a FedRAMP SSP, each control implementation statement MUST have one "this-system" by-component.</message>
-            </expect>
-        </constraints>
-    </context>
 
     <context>
         <metapath target="/system-security-plan/system-characteristics/authorization-boundary/diagram/link"/>
diff --git a/src/validations/constraints/unit-tests/authenticated-scan-no-has-remarks-FAIL.yaml b/src/validations/constraints/unit-tests/authenticated-scan-no-has-remarks-FAIL.yaml
new file mode 100644
index 000000000..823a3d4ca
--- /dev/null
+++ b/src/validations/constraints/unit-tests/authenticated-scan-no-has-remarks-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for authenticated-scan-no-has-remarks
+  description: >-
+    This test case validates the behavior of constraint
+    authenticated-scan-no-has-remarks
+  content: ../content/ssp-authenticated-scan-no-has-remarks-INVALID.xml
+  expectations:
+    - constraint-id: authenticated-scan-no-has-remarks
+      result: fail
diff --git a/src/validations/constraints/unit-tests/authenticated-scan-no-has-remarks-PASS.yaml b/src/validations/constraints/unit-tests/authenticated-scan-no-has-remarks-PASS.yaml
new file mode 100644
index 000000000..4b917d3c5
--- /dev/null
+++ b/src/validations/constraints/unit-tests/authenticated-scan-no-has-remarks-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for authenticated-scan-no-has-remarks
+  description: >-
+    This test case validates the behavior of constraint
+    authenticated-scan-no-has-remarks
+  content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+  expectations:
+    - constraint-id: authenticated-scan-no-has-remarks
+      result: pass
diff --git a/src/validations/constraints/unit-tests/end-of-life-date-type-FAIL.yaml b/src/validations/constraints/unit-tests/end-of-life-date-type-FAIL.yaml
new file mode 100644
index 000000000..b4a27cea8
--- /dev/null
+++ b/src/validations/constraints/unit-tests/end-of-life-date-type-FAIL.yaml
@@ -0,0 +1,7 @@
+test-case:
+  name: Negative Test for end-of-life-date-type
+  description: This test case validates the behavior of constraint end-of-life-date-type
+  content: ../content/ssp-end-of-life-date-type-INVALID.xml
+  expectations:
+    - constraint-id: end-of-life-date-type
+      result: fail
diff --git a/src/validations/constraints/unit-tests/end-of-life-date-type-PASS.yaml b/src/validations/constraints/unit-tests/end-of-life-date-type-PASS.yaml
new file mode 100644
index 000000000..98d522661
--- /dev/null
+++ b/src/validations/constraints/unit-tests/end-of-life-date-type-PASS.yaml
@@ -0,0 +1,7 @@
+test-case:
+  name: Positive Test for end-of-life-date-type
+  description: This test case validates the behavior of constraint end-of-life-date-type
+  content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+  expectations:
+    - constraint-id: end-of-life-date-type
+      result: pass
diff --git a/src/validations/constraints/unit-tests/has-required-response-points-PASS.yaml b/src/validations/constraints/unit-tests/has-required-response-points-PASS.yaml
index 719e673d1..0f80b159d 100644
--- a/src/validations/constraints/unit-tests/has-required-response-points-PASS.yaml
+++ b/src/validations/constraints/unit-tests/has-required-response-points-PASS.yaml
@@ -3,7 +3,9 @@ test-case:
   description: >-
     This test case validates the behavior of constraint
     has-required-response-points
-  content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+  content: 
+    - ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+    - ../content/ssp-has-required-response-points-VALID.xml
   expectations:
     - constraint-id: has-required-response-points
       result: pass
diff --git a/src/validations/constraints/unit-tests/high-impact-inventory-item-has-asset-owner-FAIL.yaml b/src/validations/constraints/unit-tests/high-impact-inventory-item-has-asset-owner-FAIL.yaml
new file mode 100644
index 000000000..8fb2b3e03
--- /dev/null
+++ b/src/validations/constraints/unit-tests/high-impact-inventory-item-has-asset-owner-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for high-impact-inventory-item-has-asset-owner
+  description: >-
+    This test case validates the behavior of constraint
+    high-impact-inventory-item-has-asset-owner
+  content: ../content/ssp-high-impact-inventory-item-has-asset-owner-INVALID.xml
+  expectations:
+    - constraint-id: high-impact-inventory-item-has-asset-owner
+      result: fail
diff --git a/src/validations/constraints/unit-tests/high-impact-inventory-item-has-asset-owner-PASS.yaml b/src/validations/constraints/unit-tests/high-impact-inventory-item-has-asset-owner-PASS.yaml
new file mode 100644
index 000000000..773f381ab
--- /dev/null
+++ b/src/validations/constraints/unit-tests/high-impact-inventory-item-has-asset-owner-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for high-impact-inventory-item-has-asset-owner
+  description: >-
+    This test case validates the behavior of constraint
+    high-impact-inventory-item-has-asset-owner
+  content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+  expectations:
+    - constraint-id: high-impact-inventory-item-has-asset-owner
+      result: pass
diff --git a/src/validations/constraints/unit-tests/inter-boundary-component-has-information-type-FAIL.yaml b/src/validations/constraints/unit-tests/inter-boundary-component-has-information-type-FAIL.yaml
new file mode 100644
index 000000000..e148e6f8d
--- /dev/null
+++ b/src/validations/constraints/unit-tests/inter-boundary-component-has-information-type-FAIL.yaml
@@ -0,0 +1,8 @@
+# Driver for the invalid inter-boundary-component-has-information-type constraint unit test.
+test-case:
+  name: The invalid inter-boundary-component-has-information-type constraint unit test.
+  description: Test that the FedRAMP SSP inter-boundary communication component does not have the "information-type" property.
+  content: ../content/ssp-inter-boundary-component-has-information-type-INVALID.xml
+  expectations:
+  - constraint-id: inter-boundary-component-has-information-type
+    result: fail
\ No newline at end of file
diff --git a/src/validations/constraints/unit-tests/inter-boundary-component-has-information-type-PASS.yaml b/src/validations/constraints/unit-tests/inter-boundary-component-has-information-type-PASS.yaml
new file mode 100644
index 000000000..6bb761964
--- /dev/null
+++ b/src/validations/constraints/unit-tests/inter-boundary-component-has-information-type-PASS.yaml
@@ -0,0 +1,8 @@
+# Driver for the valid inter-boundary-component-has-information-type constraint unit test.
+test-case:
+  name: The valid inter-boundary-component-has-information-type constraint unit test.
+  description: Test that the FedRAMP SSP inter-boundary communication component has at least one "information-type" property.
+  content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+  expectations:
+  - constraint-id: inter-boundary-component-has-information-type
+    result: pass
\ No newline at end of file
diff --git a/src/validations/constraints/unit-tests/inventory-item-has-function-FAIL.yaml b/src/validations/constraints/unit-tests/inventory-item-has-function-FAIL.yaml
new file mode 100644
index 000000000..f29ed1250
--- /dev/null
+++ b/src/validations/constraints/unit-tests/inventory-item-has-function-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for inventory-item-has-function
+  description: >-
+    This test case validates the behavior of constraint
+    inventory-item-has-function
+  content: ../content/ssp-inventory-item-has-function-INVALID.xml
+  expectations:
+    - constraint-id: inventory-item-has-function
+      result: fail
diff --git a/src/validations/constraints/unit-tests/inventory-item-has-function-PASS.yaml b/src/validations/constraints/unit-tests/inventory-item-has-function-PASS.yaml
new file mode 100644
index 000000000..50d8c2bc0
--- /dev/null
+++ b/src/validations/constraints/unit-tests/inventory-item-has-function-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for inventory-item-has-function
+  description: >-
+    This test case validates the behavior of constraint
+    inventory-item-has-function
+  content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+  expectations:
+    - constraint-id: inventory-item-has-function
+      result: pass
diff --git a/src/validations/constraints/unit-tests/inventory-item-has-scan-type-FAIL.yaml b/src/validations/constraints/unit-tests/inventory-item-has-scan-type-FAIL.yaml
new file mode 100644
index 000000000..ee3da2f1e
--- /dev/null
+++ b/src/validations/constraints/unit-tests/inventory-item-has-scan-type-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for inventory-item-has-scan-type
+  description: >-
+    This test case validates the behavior of constraint
+    inventory-item-has-scan-type
+  content: ../content/ssp-inventory-item-has-scan-type-INVALID.xml
+  expectations:
+    - constraint-id: inventory-item-has-scan-type
+      result: fail
diff --git a/src/validations/constraints/unit-tests/inventory-item-has-scan-type-PASS.yaml b/src/validations/constraints/unit-tests/inventory-item-has-scan-type-PASS.yaml
new file mode 100644
index 000000000..c6a340d53
--- /dev/null
+++ b/src/validations/constraints/unit-tests/inventory-item-has-scan-type-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for inventory-item-has-scan-type
+  description: >-
+    This test case validates the behavior of constraint
+    inventory-item-has-scan-type
+  content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+  expectations:
+    - constraint-id: inventory-item-has-scan-type
+      result: pass
diff --git a/src/validations/constraints/unit-tests/scan-type-has-remarks-FAIL.yaml b/src/validations/constraints/unit-tests/scan-type-has-remarks-FAIL.yaml
new file mode 100644
index 000000000..3b267403c
--- /dev/null
+++ b/src/validations/constraints/unit-tests/scan-type-has-remarks-FAIL.yaml
@@ -0,0 +1,7 @@
+test-case:
+  name: Negative Test for scan-type-has-remarks
+  description: This test case validates the behavior of constraint scan-type-has-remarks
+  content: ../content/ssp-scan-type-has-remarks-INVALID.xml
+  expectations:
+    - constraint-id: scan-type-has-remarks
+      result: fail
diff --git a/src/validations/constraints/unit-tests/scan-type-has-remarks-PASS.yaml b/src/validations/constraints/unit-tests/scan-type-has-remarks-PASS.yaml
new file mode 100644
index 000000000..e1889714b
--- /dev/null
+++ b/src/validations/constraints/unit-tests/scan-type-has-remarks-PASS.yaml
@@ -0,0 +1,7 @@
+test-case:
+  name: Positive Test for scan-type-has-remarks
+  description: This test case validates the behavior of constraint scan-type-has-remarks
+  content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+  expectations:
+    - constraint-id: scan-type-has-remarks
+      result: pass