diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature
index a29d3c941..e75ab3955 100644
--- a/features/fedramp_extensions.feature
+++ b/features/fedramp_extensions.feature
@@ -36,6 +36,7 @@ Examples:
| cia-impact-has-adjustment-justification |
| cia-impact-has-selected |
| cloud-service-model |
+ | component-has-authenticated-scan |
| component-has-authentication-method |
| component-has-non-provider-responsible-role |
| component-has-provider-responsible-role |
@@ -120,6 +121,7 @@ Examples:
| interconnection-security |
| inventory-item-allows-authenticated-scan |
| inventory-item-and-component-has-public |
+ | inventory-item-has-authenticated-scan |
| inventory-item-has-valid-mac-address |
| inventory-item-has-vendor-name |
| inventory-item-or-component-has-asset-id |
@@ -205,6 +207,8 @@ Examples:
| cia-impact-has-selected-PASS.yaml |
| cloud-service-model-FAIL.yaml |
| cloud-service-model-PASS.yaml |
+ | component-has-authenticated-scan-FAIL.yaml |
+ | component-has-authenticated-scan-PASS.yaml |
| component-has-authentication-method-FAIL.yaml |
| component-has-authentication-method-PASS.yaml |
| component-has-non-provider-responsible-role-FAIL.yaml |
@@ -373,6 +377,8 @@ Examples:
| inventory-item-allows-authenticated-scan-PASS.yaml |
| inventory-item-and-component-has-public-FAIL.yaml |
| inventory-item-and-component-has-public-PASS.yaml |
+ | inventory-item-has-authenticated-scan-FAIL.yaml |
+ | inventory-item-has-authenticated-scan-PASS.yaml |
| inventory-item-has-valid-mac-address-FAIL.yaml |
| inventory-item-has-valid-mac-address-PASS.yaml |
| inventory-item-has-vendor-name-FAIL.yaml |
diff --git a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
index 09a867b27..d6130978d 100644
--- a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+++ b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
@@ -1518,6 +1518,7 @@ leveraged-authorization assembly:
+
@@ -1650,6 +1651,7 @@ property.
Describe the service and what it is used for.
+
@@ -2394,6 +2396,7 @@ approved.
+
@@ -2409,6 +2412,7 @@ approved.
+
@@ -2424,6 +2428,7 @@ approved.
+
@@ -2444,6 +2449,7 @@ approved.
Asset wasn't running at time of scan.
+
@@ -2457,6 +2463,7 @@ approved.
+
@@ -2477,6 +2484,7 @@ approved.
Asset wasn't running at time of scan.
+
@@ -2490,6 +2498,7 @@ approved.
+
diff --git a/src/validations/constraints/content/ssp-component-has-authenticated-scan-INVALID.xml b/src/validations/constraints/content/ssp-component-has-authenticated-scan-INVALID.xml
new file mode 100644
index 000000000..d831bef9c
--- /dev/null
+++ b/src/validations/constraints/content/ssp-component-has-authenticated-scan-INVALID.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/src/validations/constraints/content/ssp-inventory-item-has-authenticated-scan-INVALID.xml b/src/validations/constraints/content/ssp-inventory-item-has-authenticated-scan-INVALID.xml
new file mode 100644
index 000000000..8f5a1b05c
--- /dev/null
+++ b/src/validations/constraints/content/ssp-inventory-item-has-authenticated-scan-INVALID.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
index af08fea6f..db524e0d1 100644
--- a/src/validations/constraints/fedramp-external-constraints.xml
+++ b/src/validations/constraints/fedramp-external-constraints.xml
@@ -644,7 +644,6 @@
A FedRAMP SSP's component MUST reference the existing component(s) that use it via network communication. However, component "{../@uuid}" references a nonexistent component "{@href}".
-
@@ -659,10 +658,37 @@
+
+
+
+
+ Component Has Authenticated Scan
+
+ In a FedRAMP SSP, each internal service component MUST state whether it allows authenticated scans.
+
+
+
+
+
+
+
+
+ Component Has Authenticated Scan
+
+ In a FedRAMP SSP, each internal service component MUST state whether it allows authenticated scans.
+
+
+
+
+
+ Inventory Item Has Authenticated Scan
+
+ In a FedRAMP SSP, each inventory item MUST state whether it allows authenticated scans in the inventory item itself or within the linked component.
+
Inventory Item Has Valid Mac Address
diff --git a/src/validations/constraints/unit-tests/component-has-authenticated-scan-FAIL.yaml b/src/validations/constraints/unit-tests/component-has-authenticated-scan-FAIL.yaml
new file mode 100644
index 000000000..9640ee3c6
--- /dev/null
+++ b/src/validations/constraints/unit-tests/component-has-authenticated-scan-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+ name: Negative Test for component-has-authenticated-scan
+ description: >-
+ This test case validates the behavior of constraint
+ component-has-authenticated-scan
+ content: ../content/ssp-component-has-authenticated-scan-INVALID.xml
+ expectations:
+ - constraint-id: component-has-authenticated-scan
+ result: fail
diff --git a/src/validations/constraints/unit-tests/component-has-authenticated-scan-PASS.yaml b/src/validations/constraints/unit-tests/component-has-authenticated-scan-PASS.yaml
new file mode 100644
index 000000000..489f96149
--- /dev/null
+++ b/src/validations/constraints/unit-tests/component-has-authenticated-scan-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+ name: Positive Test for component-has-authenticated-scan
+ description: >-
+ This test case validates the behavior of constraint
+ component-has-authenticated-scan
+ content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+ expectations:
+ - constraint-id: component-has-authenticated-scan
+ result: pass
diff --git a/src/validations/constraints/unit-tests/inventory-item-has-authenticated-scan-FAIL.yaml b/src/validations/constraints/unit-tests/inventory-item-has-authenticated-scan-FAIL.yaml
new file mode 100644
index 000000000..218802efc
--- /dev/null
+++ b/src/validations/constraints/unit-tests/inventory-item-has-authenticated-scan-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+ name: Negative Test for inventory-item-has-authenticated-scan
+ description: >-
+ This test case validates the behavior of constraint
+ inventory-item-has-authenticated-scan
+ content: ../content/ssp-inventory-item-has-authenticated-scan-INVALID.xml
+ expectations:
+ - constraint-id: inventory-item-has-authenticated-scan
+ result: fail
diff --git a/src/validations/constraints/unit-tests/inventory-item-has-authenticated-scan-PASS.yaml b/src/validations/constraints/unit-tests/inventory-item-has-authenticated-scan-PASS.yaml
new file mode 100644
index 000000000..13a912a94
--- /dev/null
+++ b/src/validations/constraints/unit-tests/inventory-item-has-authenticated-scan-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+ name: Positive Test for inventory-item-has-authenticated-scan
+ description: >-
+ This test case validates the behavior of constraint
+ inventory-item-has-authenticated-scan
+ content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+ expectations:
+ - constraint-id: inventory-item-has-authenticated-scan
+ result: pass