Skip to content
This repository has been archived by the owner on Dec 12, 2023. It is now read-only.

Bootstrap Schematron Setup for SAP Validations #258

Closed
5 of 22 tasks
danielnaab opened this issue Sep 8, 2021 · 0 comments
Closed
5 of 22 tasks

Bootstrap Schematron Setup for SAP Validations #258

danielnaab opened this issue Sep 8, 2021 · 0 comments
Assignees
@danielnaab
Labels
g: rules development Goal: Implement all the automatable rules (the 60%) o: sap OSCAL Type: Security Assessment Plan story

Comments

@danielnaab
Copy link
Member

danielnaab commented Sep 8, 2021
edited
Loading

Extended Description

  • As a reviewer, I would like to evaluate SAP documents in FedRAMP submission packages.

Acceptance Criteria

  • A file sap.sch, similar to ssp.sch, exists for new rules
  • A simple rule validating the existence of a root element exist
  • A simple rule validating a reference to a related component in the SSP exists
  • Example code is updated with usage examples
  • UI is updated to validate new document type
  • Updated ADR with implementation details

Story Tasks
...

Definition of Done

  • Acceptance criteria met - Each user story should meet the acceptance criteria in the description
  • Unit test coverage of our code > 90% (from QASP) this may be fuzzy and hard to prove
  • Code quality checks passed (from QASP)
  • Accessibility: (from QASP) as we create guidance or documentation and reports (semantic tagging including aria tags): demonstrate with 0 errors reported for WCAG 2.1 AA standards using an automated scanner and 0 errors reported in manual testing
  • Code reviewed - Code reviewed by at least one other team members (or developed by a pair)
  • Source code merged - Code that’s demoed must be in source control and merged
  • Code must successfully build and deploy into staging environment (from QASP): this may evolve from xslt sh pipline into something more
  • Security reviewed and reported - Conduct vulnerability and compliance scanning. threat modeling?
  • Code submitted must be free of medium- and high-level static and dynamic security vulnerabilities (from QASP)
  • Usability tests passed - Each user story should be easy to use by target users (development community? FedRAMP FART team)
  • Usability testing and other user research methods must be conducted at regular intervals throughout the development process (not just at the beginning or end). (from QASP)
  • Code refactored for clarity - Code must be clean, self-documenting
  • No local design debt
  • Load/performance tests passed - test data needed - saxon instrumentation
  • Documentation generated - update readme or contributing markdown as necessary.
  • Architectural Decision Record completed as necessary for significant design choices
@danielnaab danielnaab added story task it's a task labels Sep 8, 2021
This was referenced Sep 8, 2021
Merged
Closed
@ohsh6o ohsh6o added g: rules development Goal: Implement all the automatable rules (the 60%) o: sap OSCAL Type: Security Assessment Plan and removed task it's a task labels Oct 20, 2021
@ohsh6o ohsh6o changed the title SAP document validation Setup for SAP Validation Oct 20, 2021
@ohsh6o ohsh6o changed the title Setup for SAP Validation Bootstrap Schematron Setup for SAP Validations Oct 20, 2021
@ohsh6o ohsh6o mentioned this issue Oct 20, 2021
Closed
23 tasks
@danielnaab danielnaab mentioned this issue May 31, 2022
Merged
@danielnaab danielnaab self-assigned this Jun 7, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@danielnaab danielnaab

Labels
g: rules development Goal: Implement all the automatable rules (the 60%) o: sap OSCAL Type: Security Assessment Plan story
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danielnaab @ohsh6o