Check that published data defined for digital authorization package documents

aj-stein-gsa commented 1 week ago

Constraint Task

As a digital authorization package maintainer, to know that FedRAMP will want to check the last published date of the document when considering review and freshness, I would like a check to know I have properly defined the publication date.

Intended Outcome

Goal

All documents submitted should have a valid publication date for FedRAMP automation and reviewers to consider the freshness of information, if not they should fail with error message.

Syntax

Create an expect constraint (id="has-published-date" and level="ERROR") and check the field exists.

Syntax Type

This is required core OSCAL syntax.

Allowed Values

There are no relevant allowed values.

Metapath(s) to Content

/(assessment-plan|assessment-results|plan-of-action-and-milestones|system-security-plan)/metadata/published

Purpose of the OSCAL Content

A document with a published date helps drive automation knowing when the author "published" an official copy to submit to FedRAMP, it can be used to compare between different versions later on.

Dependencies

No response

Acceptance Criteria

[x] All OSCAL adoption content affected by the change in this issue have been updated in accordance with the Documentation Standards.
- [x] Explanation is present and accurate
- [x] sample content is present and accurate
- [x] Metapath is present, accurate, and does not throw a syntax exception using oscal-cli metaschema metapath eval -e "expression".
[x] All constraints associated with the review task have been created
[x] The appropriate example OSCAL file is updated with content that demonstrates the FedRAMP-compliant OSCAL presentation.
[x] The constraint conforms to the FedRAMP Constraint Style Guide.
- [x] All automated and manual review items that identify non-conformance are addressed; or technical leads (David Waltermire; AJ Stein) have approved the PR and “override” the style guide requirement.
[x] Known good test content is created for unit testing.
[x] Known bad test content is created for unit testing.
[x] Unit testing is configured to run both known good and known bad test content examples.
[x] Passing and failing unit tests, and corresponding test vectors in the form of known valid and invalid OSCAL test files, are created or updated for each constraint.
[x] A Pull Request (PR) is submitted that fully addresses the goals section of the User Story in the issue.
[x] This issue is referenced in the PR.

Other information

No response

aj-stein-gsa commented 1 day ago

@Gabeblis you and I will need to review checklist to ensure this is ready to ship, please update accordingly.

Gabeblis commented 1 day ago

Everything looks good to me. I updated the checklist

GSA / fedramp-automation