As an ASAP Developer, in order to provide FedRAMP reviewers easy confirmation that Identified Risks have been described., I want to provide validations in accordance with section 4.6 of the SAR Guide.
Acceptance Criteria
[x] All Schematron assertion messages are declarative statements which affirm the positive test outcome.
[x] All Schematron assertion diagnostic messages are declarative statements which explain the negative test outcome.
[x] The Schematron code has no assertion failures when validated using src/validations/styleguides/sch.sch using the basic phase.
[x] XSpec unit tests for positive and negative Schematron assertion outcomes accompany all Schematron assertions (where feasible).
[x] a finding with a target/status/@state of 'not-satisfied' must have at least one associated-risk child
[x] Any associated-risk must have a @risk-uuid value that points to a risk/@uuid value in the SAR.
[x] Each risk assembly must have an characterization with children facet elements of @system='https://fedramp.gov' AND @name='likelihood' AND @system='https://fedramp.gov' and @name='impact').
[x] each facet (likelihood' or 'impact' and 'https://fedramp.gov') have a @value of 'low', 'moderate', or 'high'
Definition of Done
[x] Acceptance criteria met
[x] Unit test coverage of our code > 95%
[x] Automated code quality checks passed
[x] Security reviewed and reported
[x] Reviewed against plain language guidelines
[x] Code must be self-documenting
[x] No local tech debt
[x] Load/performance tests passed – needs to be created/automated
[x] Documentation updated
[x] Architectural Decision Record completed as necessary for significant design choices
Extended Description
Acceptance Criteria
src/validations/styleguides/sch.sch
using thebasic
phase.Definition of Done