As an ASAP developer, in order to assist FedRAMP reviewers, I want to examine the Observation assembly for the SAR document for adherence to the Guide instructions.
Acceptance Criteria
[x] All Schematron assertion messages are declarative statements which affirm the positive test outcome.
[x] All Schematron assertion diagnostic messages are declarative statements which explain the negative test outcome.
[x] The Schematron code has no assertion failures when validated using src/validations/styleguides/sch.sch using the basic phase.
[x] XSpec unit tests for positive and negative Schematron assertion outcomes accompany all Schematron assertions (where feasible).
[x] Generalize comparison of oscal:actor[@type='party'] to all oscal:actor elements - compare to SAP and SAR party assemblies
[x] Any observation with a type of 'control-objective' must have a subject that has a @subject-uuid that points to a resource/@uuid in the SAR back-matter.
[x] Any observation with a type of 'control-objective' must have an origin/related-task with a @task-uuid that points to the task in the SAP.
[x] Generally under observation elements:
[X] Acceptable values of method as 'EXAMINE, INTERVIEW, TEST'
[X] Acceptable values of subject/@type are ' component, inventory-item, location, party, or user'
[X] Acceptable values of origin/actor/@type are 'tool, party, or assessment-platform'
Definition of Done
[x] Acceptance criteria met
[x] Unit test coverage of our code > 95%
[ ] Automated code quality checks passed
[x] Security reviewed and reported
[x] Reviewed against plain language guidelines
[x] Code must be self-documenting
[x] No local tech debt
[x] Load/performance tests passed – needs to be created/automated
[x] Documentation updated
[x] Architectural Decision Record completed as necessary for significant design choices
Extended Description
Acceptance Criteria
src/validations/styleguides/sch.sch
using thebasic
phase.Definition of Done