GSA · wandmagic · Jan 3, 2025 · Jan 3, 2025 · Jan 3, 2025 · Jan 3, 2025
@@ -28,6 +28,7 @@ Examples:
   | address-type |
   | aggregate-parameters-warning |
   | attachment-type |
+  | authenticated-scan-no-has-remarks |
   | authentication-method-has-remarks |
   | authorization-type |
   | by-component-has-responsible-role |
@@ -49,6 +50,7 @@ Examples:
   | data-center-primary |
   | data-center-us |
   | deployment-model |
+  | end-of-life-date-type |
   | external-system-nature-of-agreement |
   | extraneous-implemented-requirements |
   | fedramp-citations-has-correct-link |
@@ -104,6 +106,7 @@ Examples:
   | has-system-id |
   | has-system-name-short |
   | has-user-guide |
+  | high-impact-inventory-item-has-asset-owner |
   | image-has-checksum |
   | implementation-status-has-remarks |
   | import-profile-has-available-document |
@@ -120,6 +123,8 @@ Examples:
   | interconnection-security |
   | inventory-item-allows-authenticated-scan |
   | inventory-item-and-component-has-public |
+  | inventory-item-has-function |
+  | inventory-item-has-scan-type |
   | inventory-item-has-valid-mac-address |
   | inventory-item-has-vendor-name |
   | inventory-item-or-component-has-asset-id |
@@ -154,6 +159,7 @@ Examples:
   | role-defined-system-owner |
   | saas-has-leveraged-authorization |
   | scan-type |
+  | scan-type-has-remarks |
   | security-level |
   | security-sensitivity-level-matches-security-impact-level |
   | statement-has-this-system-component |
@@ -189,6 +195,8 @@ Examples:
   | aggregate-parameters-warning-PASS.yaml |
   | attachment-type-FAIL.yaml |
   | attachment-type-PASS.yaml |
+  | authenticated-scan-no-has-remarks-FAIL.yaml |
+  | authenticated-scan-no-has-remarks-PASS.yaml |
   | authentication-method-has-remarks-FAIL.yaml |
   | authentication-method-has-remarks-PASS.yaml |
   | authorization-type-FAIL.yaml |
@@ -231,6 +239,8 @@ Examples:
   | data-center-us-PASS.yaml |
   | deployment-model-FAIL.yaml |
   | deployment-model-PASS.yaml |
+  | end-of-life-date-type-FAIL.yaml |
+  | end-of-life-date-type-PASS.yaml |
   | external-system-nature-of-agreement-FAIL.yaml |
   | external-system-nature-of-agreement-PASS.yaml |
   | extraneous-implemented-requirements-FAIL.yaml |
@@ -341,6 +351,8 @@ Examples:
   | has-system-name-short-PASS.yaml |
   | has-user-guide-FAIL.yaml |
   | has-user-guide-PASS.yaml |
+  | high-impact-inventory-item-has-asset-owner-FAIL.yaml |
+  | high-impact-inventory-item-has-asset-owner-PASS.yaml |
   | image-has-checksum-FAIL.yaml |
   | image-has-checksum-PASS.yaml |
   | implementation-status-has-remarks-FAIL.yaml |
@@ -373,6 +385,10 @@ Examples:
   | inventory-item-allows-authenticated-scan-PASS.yaml |
   | inventory-item-and-component-has-public-FAIL.yaml |
   | inventory-item-and-component-has-public-PASS.yaml |
+  | inventory-item-has-function-FAIL.yaml |
+  | inventory-item-has-function-PASS.yaml |
+  | inventory-item-has-scan-type-FAIL.yaml |
+  | inventory-item-has-scan-type-PASS.yaml |
   | inventory-item-has-valid-mac-address-FAIL.yaml |
   | inventory-item-has-valid-mac-address-PASS.yaml |
   | inventory-item-has-vendor-name-FAIL.yaml |
@@ -441,6 +457,8 @@ Examples:
   | saas-has-leveraged-authorization-PASS.yaml |
   | scan-type-FAIL.yaml |
   | scan-type-PASS.yaml |
+  | scan-type-has-remarks-FAIL.yaml |
+  | scan-type-has-remarks-PASS.yaml |
   | security-level-FAIL.yaml |
   | security-level-PASS.yaml |
   | security-sensitivity-level-matches-security-impact-level-FAIL.yaml |

@@ -929,6 +929,7 @@ that represents the whole system.</p>
       <prop name="implementation-point" value="external"/>
       <prop name="inherited-uuid" value="22222222-0000-4000-9001-009000000001"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="nature-of-agreement" value="sla"/>
+      <prop ns="http://fedramp.gov/ns/oscal" name="end-of-life-date" value="2025-12-31"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
         <remarks>
           <p>If 'yes', describe the authentication method.</p>
@@ -1651,7 +1652,9 @@ property.</p>
       </description>
       <prop name="implementation-point" value="internal"/>
       <prop name="public" value="yes"/>
+      <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
       <status state="operational"/>
+
     </component>
 
     <!-- Virtual Appliance Component -->
@@ -1662,7 +1665,9 @@ property.</p>
         <p>Describe the virtual appliance and what it is used for.</p>
       </description>
       <prop name="implementation-point" value="internal"/>
+      <prop name='function' value='virtual'><remarks><p>virtual function</p></remarks></prop>
       <status state="operational"/>
+
     </component>
 
     <!-- Hardware Component -->
@@ -1781,6 +1786,7 @@ compliance (e.g., Module in Process).</p>
       <prop name="model" value="stable-slim"/>
       <prop name="version" value="11"/>
       <prop name="patch-level" value="Patch Level"/>
+      <prop name="asset-id" value="unique-asset-ID-03"/>
       <link rel="validation" href="#11111111-2222-4000-8000-009000000002"/>
       <link href="https://hub.docker.com/layers/library/debian/stable/images/sha256-e83913597ca9deb9d699316a9a9d806c2a87ed61195ac66ae0a8ac55089a84b9"/>
       <status state="operational"/>
@@ -2367,6 +2373,10 @@ approved.</p>
           <p>If no, explain why. If yes, omit remark.</p>
         </remarks>
       </prop>
+      <prop ns="http://fedramp.gov/ns/oscal" name="function" value="none">
+        <remarks><p>no function</p></remarks>
+      </prop>
+
       <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
       <responsible-party role-id="asset-owner">
         <party-uuid>11111111-2222-4000-8000-004000000010</party-uuid>
@@ -2395,6 +2405,12 @@ approved.</p>
       <prop name="is-scanned" value="yes"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="vendor-name" value="Vendor"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
+
+      <prop name="function" value="Required brief, text-based description.">
+        <remarks>
+          <p>Required, longer, formatted description.</p>
+        </remarks>
+      </prop>
       <implemented-component component-uuid="11111111-2222-4000-8000-009000000008"/>
     </inventory-item>
     <inventory-item uuid="11111111-2222-4000-8000-011000000004">
@@ -2409,7 +2425,9 @@ approved.</p>
       <prop name="ipv6-address" value="0000:0000:0000:0000:0000:ffff:0a04:0404"/>
       <prop name="is-scanned" value="yes"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="vendor-name" value="Vendor"/>
-      <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
+      <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="other">
+        <remarks><p>a different kind of scan</p></remarks>
+      </prop>
       <implemented-component component-uuid="11111111-2222-4000-8000-009000500006"/>
     </inventory-item>
     <inventory-item uuid="11111111-2222-4000-8000-011000000005">
@@ -2425,7 +2443,13 @@ approved.</p>
       <prop name="is-scanned" value="yes"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="vendor-name" value="Vendor"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
-      <implemented-component component-uuid="11111111-2222-4000-8000-009000000011"/>
+
+      <prop name="function" value="Required brief, text-based description.">
+        <remarks>
+          <p>Required, longer, formatted description.</p>
+        </remarks>
+      </prop>
+     <implemented-component component-uuid="11111111-2222-4000-8000-009000000011"/>
     </inventory-item>
     <inventory-item uuid="11111111-2222-4000-8000-011000000006">
       <description>
@@ -2443,6 +2467,13 @@ approved.</p>
           <p>Asset wasn't running at time of scan.</p>
         </remarks>
       </prop>
+      <prop name="function" value="Required brief, text-based description.">
+        <remarks>
+          <p>Required, longer, formatted description.</p>
+        </remarks>
+      </prop>
+
+      <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
       <implemented-component component-uuid="11111111-2222-4000-8000-009000500007"/>
     </inventory-item>
     <inventory-item uuid="11111111-2222-4000-8000-011000000007">
@@ -2458,6 +2489,11 @@ approved.</p>
       <prop name="is-scanned" value="yes"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="vendor-name" value="Vendor"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
+      <prop name="function" value="Required brief, text-based description.">
+        <remarks>
+          <p>Optional, longer, formatted description.</p>
+        </remarks>
+      </prop>
       <implemented-component component-uuid="11111111-2222-4000-8000-009000000008"/>
     </inventory-item>
     <inventory-item uuid="11111111-2222-4000-8000-011000000008">
@@ -2476,6 +2512,12 @@ approved.</p>
           <p>Asset wasn't running at time of scan.</p>
         </remarks>
       </prop>
+      <prop name="function" value="Required brief, text-based description.">
+        <remarks>
+          <p>Optional, longer, formatted description.</p>
+        </remarks>
+      </prop>
+      <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
       <implemented-component component-uuid="11111111-2222-4000-8000-009000500005"/>
     </inventory-item>
     <inventory-item uuid="11111111-2222-4000-8000-011000000009">
@@ -2491,6 +2533,7 @@ approved.</p>
       <prop name="is-scanned" value="yes"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="vendor-name" value="Vendor"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="infrastructure"/>
+      <prop name='function' value='virtual'><remarks><p>virtual function</p></remarks></prop>
       <implemented-component component-uuid="11111111-2222-4000-8000-009000000018"/>
     </inventory-item>
   </system-implementation>

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                      xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+                      uuid="12345678-1234-4321-8765-123456789012">
+
+  <system-characteristics>
+      <security-sensitivity-level>fips-199-moderate</security-sensitivity-level>
+</system-characteristics>
+  <system-implementation>
+    <inventory-item uuid="77777777-0000-4000-9000-000000000007">
+      <description>
+        <p>Primary database server</p>
+      </description>
+      <prop name="asset-id" value="DB-001" ns="http://csrc.nist.gov/ns/oscal"/>
+      <prop name="asset-type" value="database"/>
+      <prop name="allows-authenticated-scan" value="no"/>
+      <prop name="public" value="no"/>
+      <prop name="virtual" value="yes"/>
+      <prop name="scan-type" value="database" ns="http://fedramp.gov/ns/oscal"/>
+      <responsible-party role-id="asset-owner">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-party>
+    </inventory-item>
+  </system-implementation>
+
+</system-security-plan>
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+    uuid="12345678-1234-4321-8765-123456789012">
+    <metadata>
+        <title>Test SSP for End of Life Date Type Validation</title>
+        <last-modified>2023-12-08T12:00:00Z</last-modified>
+        <version>1.0</version>
+        <oscal-version>1.0.0</oscal-version>
+    </metadata>
+    <system-implementation>
+        <component uuid="11111111-0000-4000-9000-000000000001" type="software">
+            <title>Example Component</title>
+            <description>
+                <p>A component with an invalid end-of-life-date format</p>
+            </description>
+            <prop ns="http://fedramp.gov/ns/oscal" name="end-of-life-date" value="not-a-valid-date"/>
+            <status state="operational"/>
+        </component>
+    </system-implementation>
+</system-security-plan>
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                      xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+                      uuid="12345678-1234-4321-8765-123456789012">
+
+  <system-characteristics>
+      <security-sensitivity-level>fips-199-high</security-sensitivity-level>
+</system-characteristics>
+  <system-implementation>
+    <inventory-item uuid="77777777-0000-4000-9000-000000000007">
+      <description>
+        <p>Primary database server</p>
+      </description>
+      <prop name="asset-id" value="DB-001" ns="http://csrc.nist.gov/ns/oscal"/>
+      <prop name="asset-type" value="database"/>
+      <prop name="allows-authenticated-scan" value="no"/>
+      <prop name="public" value="no"/>
+      <prop name="virtual" value="yes"/>
+      <prop name="scan-type" value="database" ns="http://fedramp.gov/ns/oscal"/>
+    </inventory-item>
+  </system-implementation>
+
+</system-security-plan>
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                      xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+                      uuid="12345678-1234-4321-8765-123456789012">
+
+  <system-implementation>
+    <inventory-item uuid="77777777-0000-4000-9000-000000000007">
+      <prop name="public" value="unsupported-public"/>
+    </inventory-item>
+  </system-implementation>
+
+</system-security-plan>
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                      xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+                      uuid="12345678-1234-4321-8765-123456789012">
+
+  <system-implementation>
+    <inventory-item uuid="77777777-0000-4000-9000-000000000007">
+      <prop name="virtual" value="unsupported-virtual"/>
+    </inventory-item>
+  </system-implementation>
+
+</system-security-plan>
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0">
+    <metadata/>
+    <system-implementation>
+   <component uuid="11111111-0000-4000-9000-000000000001" type="software">
+        <title>Example Component 1</title>
+        <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="other"/>
+    </component>
+    <component uuid="22222222-0000-4000-9000-000000000002" type="software">
+        <title>Example Component 2</title>
+        <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="not-applicable"/>
+    </component>
+    <inventory-item>
+        <implemented-component component-uuid="11111111-0000-4000-9000-000000000001">
+            <prop name="asset-id" value="unique-asset-ID-3"/>
+        </implemented-component>
+        <prop ns="http://fedramp.gov/ns/oscal" name="scan-type" value="not-applicable"/>
+    </inventory-item>
+    </system-implementation> 
+</system-security-plan>