Remove code related to "automation" and "technical" controls

[GaryGapinski]

Extended Description

Previous attempts to identify "automation" and "technical" control implementations were ill-advised.

See issue 18F/fedramp-automation#309 and 18F/fedramp-automation#310.

Neither of these issues cites a reference to a FedRAMP source of control identifiers. Absence of a reference precludes maintenance.

With the advent of 800-53 rev5 (and there will be successors) a problem arose. The src/content/rev4resources/xml/fedramp_values.xml document was cloned for rev5. "Technical" control AC-2(10) was subsequently found in rev5 to be withdrawn and incorporated into AC-2 statement k. That alone indicates that the concept of identifying such controls now expands to controls and control statements. These probably should have been identified in catalogs and/or profiles in a manner analogous to "response-point" designations.

But only if this provided utility. It does not appear to do so.

The actual implementation simply checked for control implementations for each set of "technical" and "automation" control identifiers. These checkes are redundant since controls are required by their presence in a (resolved) catalog. All the extra Schematron assertions accomplish is a duplicative, qualified assertion for "automation" and "technical". There is no obvious handling of control identifiers with respect to required controls relative to baseline (profile).

Unless a sponsor of the "automation" and "technical" inspection can be found, the best course of action is to remove the related code.

Were there a sponsor, that individual should have identified the rev5 "automation" and "technical" control and control statement identifier sets, and those sets should have been placed in profiles, catalogs, or "resolved profiles" (i.e., catalogs). I suspect to no avail, as "automation" and "technical" controls are essentially required controls and the required controls (in catalog/profile) should carry the "automation" and "technical" attributes.

Preconditions

None.

Acceptance Criteria

• [ ] All XSpec code introduced by 18F/fedramp-automation#309 and 18F/fedramp-automation#310 is removed from rev4 and rev5.
• [ ] All Schematron code introduced by 18F/fedramp-automation#309 and 18F/fedramp-automation#310 is removedfrom rev4 and rev5.
• [ ] All fedramp_values.xml code introduced by 18F/fedramp-automation#309 and 18F/fedramp-automation#310 is removedfrom rev4 and rev5.
• [ ] An additional issue is created to resolve the variant code formatting styles observed in https://github.com/GSA/fedramp-automation/blob/master/src/content/rev4/resources/xml/fedramp_values.xml and https://github.com/GSA/fedramp-automation/blob/master/src/content/rev5/resources/xml/fedramp_values.xml.

Story Tasks

• [ ] Remove all XSpec code introduced by 18F/fedramp-automation#309 and 18F/fedramp-automation#310 from rev4 and rev5.
• [ ] Remove all Schematron code introduced by 18F/fedramp-automation#309 and 18F/fedramp-automation#310 from rev4 and rev5.
• [ ] Remove all fedramp_values.xml code introduced by 18F/fedramp-automation#309 and 18F/fedramp-automation#310 from rev4 and rev5.
• [ ] Create an issue to resolve code formatting differences.

Definition of Done

• [ ] Acceptance criteria met
• [ ] Unit test coverage of our code > 95%
• [ ] Automated code quality checks passed
• [ ] Security reviewed and reported
• [ ] Reviewed against plain language guidelines
• [ ] Code must be self-documenting
• [ ] No local tech debt
• [ ] Load/performance tests passed – needs to be created/automated
• [ ] Documentation updated
• [ ] Architectural Decision Record completed as necessary for significant design choices
• [ ] PR reviewed & approved
• [ ] Source code merged

[GaryGapinski]

Related PRs (to see what code to remove) are https://github.com/18F/fedramp-automation/pull/536 and https://github.com/18F/fedramp-automation/pull/542.

[dimitri-zhurkin-vitg]

Fixed in rev 4 and rev 5.