As an ASAP Developer, in order to reduce time FedRAMP reviewers require to ensure all Assessment Objectives and Methods are handled in the SAR, I want to compare the baseline document with the appropriate control objectives.
Acceptance Criteria
[x] All Schematron assertion messages are declarative statements which affirm the positive test outcome.
[x] All Schematron assertion diagnostic messages are declarative statements which explain the negative test outcome.
[x] The Schematron code has no assertion failures when validated using src/validations/styleguides/sch.sch using the basic phase.
[x] XSpec unit tests for positive and negative Schematron assertion outcomes accompany all Schematron assertions (where feasible).
[x] Check for existence of SAP, SSP, and Baseline documents
[x] identify all in-scope controls
[x] all control objectives that have a response point in the baseline have a matching finding in the most recent result assembly of the SAR.
Tasks
[x] add test for resource/rlink for sap and ssp
[x] move import variables to global
[x] resolved profile catalog rather than profile (see SAR Guide 4.2)
[x] determine if control-objective-selection values are sufficient for matching with resolved profile
Definition of Done
[x] Acceptance criteria met
[x] Unit test coverage of our code > 95%
[x] Automated code quality checks passed
[x] Security reviewed and reported
[x] Reviewed against plain language guidelines
[x] Code must be self-documenting
[x] No local tech debt
[x] Load/performance tests passed – needs to be created/automated
[x] Documentation updated
[x] Architectural Decision Record completed as necessary for significant design choices
Extended Description
Acceptance Criteria
src/validations/styleguides/sch.sch
using thebasic
phase.Tasks
Definition of Done