GSA · aj-stein-gsa · Oct 10, 2024 · Oct 8, 2024 · Oct 9, 2024 · Oct 9, 2024
@@ -107,6 +107,8 @@ Examples:
   | has-system-id-PASS.yaml |
   | has-user-guide-FAIL.yaml |
   | has-user-guide-PASS.yaml |
+  | information-type-id-FAIL.yaml |
+  | information-type-id-PASS.yaml |
   | information-type-system-FAIL.yaml |
   | information-type-system-PASS.yaml |
   | interconnection-direction-FAIL.yaml |
@@ -202,6 +204,7 @@ Examples:
   | has-separation-of-duties-matrix |
   | has-system-id |
   | has-user-guide |
+  | information-type-800-60-v2r1 |
   | information-type-system |
   | interconnection-direction |
   | interconnection-security |

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                      xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+                      uuid="12345678-1234-4321-8765-123456789012">
+
+  <system-characteristics>
+    <system-information>
+      <information-type uuid="33333333-0000-4000-9000-000000000003">
+        <title>Financial Information</title>
+        <description>
+          <p>Contains sensitive financial data related to organizational operations.</p>
+        </description>
+        <categorization system="https://doi.org/10.6028/NIST.SP.800-60v2r1">
+          <information-type-id>invalid-information-type</information-type-id>
+        </categorization>
+      </information-type>
+      <information-type  uuid="44444444-0000-4000-9000-000000000004">
+        <categorization system="https://example.org/other-data-categorization-scheme">
+          <information-type-id>C.2.8.12</information-type-id>
+        </categorization>
+      </information-type>
+    </system-information>
+  </system-characteristics>
+
+</system-security-plan>
@@ -195,6 +195,180 @@
                 <enum value="yes">Yes</enum>
                 <enum value="no">No</enum>
             </allowed-values>
+
+            <allowed-values id="information-type-800-60-v2r1" target="system-characteristics/system-information/information-type/categorization[@system='https://doi.org/10.6028/NIST.SP.800-60v2r1']/information-type-id" allow-other="no" level="ERROR">
+                <formal-name>NIST SP 800-60 Volume 2 Revision 1 Information Types</formal-name>
+                <description>Contains a list of all supported information types from NIST SP 800-60 Volume 2 Revision 1.</description>
+                <enum value="C.2.1.1">Corrective Action Information Type</enum>
+                <enum value="C.2.1.2">Program Evaluation</enum>
+                <enum value="C.2.1.3">Program Monitoring</enum>
+                <enum value="C.2.2.1">Policy and Guidance Development</enum>
+                <enum value="C.2.2.2"> Public Comment Tracking</enum>
+                <enum value="C.2.2.3">Regulatory Creation</enum>
+                <enum value="C.2.2.4">Rule Publication</enum>
+                <enum value="C.2.3.1">Budget Formulation</enum>
+                <enum value="C.2.3.2">Capital Planning</enum>
+                <enum value="C.2.3.3">Enterprise Architecture</enum>
+                <enum value="C.2.3.4">Strategic Planning</enum>
+                <enum value="C.2.3.5">Budget Execution</enum>
+                <enum value="C.2.3.6">Workforce Planning</enum>
+                <enum value="C.2.3.7">Management Improvement</enum>
+                <enum value="C.2.3.8">Budget and Performance Integration</enum>
+                <enum value="C.2.3.9">Tax and Fiscal Policy</enum>
+                <enum value="C.2.4.1">Contingency Planning</enum>
+                <enum value="C.2.4.2">Continuity of Operations</enum>
+                <enum value="C.2.4.3">Service Recovery</enum>
+                <enum value="C.2.5.1">Debt Collection</enum>
+                <enum value="C.2.5.2">User Fee Collection</enum>
+                <enum value="C.2.5.3">Federal Asset Sales</enum>
+                <enum value="C.2.6.1">Customer Services</enum>
+                <enum value="C.2.6.2">Official Information Dissemination</enum>
+                <enum value="C.2.6.3">Product Outreach</enum>
+                <enum value="C.2.6.4">Public Relations</enum>
+                <enum value="C.2.7.1">Legislation Tracking</enum>
+                <enum value="C.2.7.2">Legislative Testimony</enum>
+                <enum value="C.2.7.3">Proposal Development</enum>
+                <enum value="C.2.7.4">Congressional Liaison Operations</enum>
+                <enum value="C.2.8.1">Central Fiscal Operations</enum>
+                <enum value="C.2.8.10">Entitlement Event Information</enum>
+                <enum value="C.2.8.11">Representative Payee Information</enum>
+                <enum value="C.2.8.12">General Information</enum>
+                <enum value="C.2.8.2">Legislative Functions</enum>
+                <enum value="C.2.8.3">Executive Functions</enum>
+                <enum value="C.2.8.4">Central Property Management</enum>
+                <enum value="C.2.8.5">Central Personnel Management</enum>
+                <enum value="C.2.8.6">Taxation Management</enum>
+                <enum value="C.2.8.7">Central Records and Statistics Management</enum>
+                <enum value="C.2.8.8">Income Information</enum>
+                <enum value="C.2.8.9">Personal Identity and Authentication Information</enum>
+                <enum value="C.3.1.1">Facilities, Fleet, and Equipment Management</enum>
+                <enum value="C.3.1.2">Help Desk Services</enum>
+                <enum value="C.3.1.3">Security Management</enum>
+                <enum value="C.3.1.4">Travel Information</enum>
+                <enum value="C.3.1.5">Workplace Policy Development and Management</enum>
+                <enum value="C.3.2.1">Assets and Liability Management</enum>
+                <enum value="C.3.2.2">Reporting and Information</enum>
+                <enum value="C.3.2.3">Funds Control</enum>
+                <enum value="C.3.2.4">Accounting</enum>
+                <enum value="C.3.2.5">Payments</enum>
+                <enum value="C.3.2.6">Collections and Receivables</enum>
+                <enum value="C.3.2.7">Cost Accounting/ Performance Measurement</enum>
+                <enum value="C.3.3.1">HR Strategy</enum>
+                <enum value="C.3.3.10">Human Resources Development</enum>
+                <enum value="C.3.3.2">Staff Acquisition</enum>
+                <enum value="C.3.3.3">Organization &amp; Position Management</enum>
+                <enum value="C.3.3.4">Compensation Management</enum>
+                <enum value="C.3.3.5">Benefits Management</enum>
+                <enum value="C.3.3.6">Employee Performance Management</enum>
+                <enum value="C.3.3.7">Employee Relations</enum>
+                <enum value="C.3.3.8">Labor Relations</enum>
+                <enum value="C.3.3.9">Separation Management</enum>
+                <enum value="C.3.4.1">Goods Acquisition</enum>
+                <enum value="C.3.4.2">Inventory Control</enum>
+                <enum value="C.3.4.3">Logistics Management</enum>
+                <enum value="C.3.4.4">Services Acquisition</enum>
+                <enum value="C.3.5.1">System Development</enum>
+                <enum value="C.3.5.2">Lifecycle/Change Management</enum>
+                <enum value="C.3.5.3">System Maintenance</enum>
+                <enum value="C.3.5.4">IT Infrastructure Maintenance</enum>
+                <enum value="C.3.5.5">Information Security</enum>
+                <enum value="C.3.5.6">Record Retention</enum>
+                <enum value="C.3.5.7">Information Management</enum>
+                <enum value="C.3.5.8">System and Network Monitoring</enum>
+                <enum value="C.3.5.9">Information Sharing</enum>
+                <enum value="D.10.1">Home-ownership Promotion</enum>
+                <enum value="D.10.2">Community and Regional Development</enum>
+                <enum value="D.10.3">Social Services</enum>
+                <enum value="D.10.4">Postal Services</enum>
+                <enum value="D.11.1">Ground Transportation</enum>
+                <enum value="D.11.2">Water Transportation</enum>
+                <enum value="D.11.3">Air Transportation</enum>
+                <enum value="D.11.4">Space Operations</enum>
+                <enum value="D.12.1">Elementary, Secondary, and Vocational Education</enum>
+                <enum value="D.12.2">Higher Education</enum>
+                <enum value="D.12.3">Cultural and Historic Preservation</enum>
+                <enum value="D.12.4">Cultural and Historic Exhibition</enum>
+                <enum value="D.13.1">Training and Employment</enum>
+                <enum value="D.13.2">Labor Rights Management</enum>
+                <enum value="D.13.3">Worker Safety</enum>
+                <enum value="D.14.1">Access to Care</enum>
+                <enum value="D.14.2">Population Health Management and Consumer Safety</enum>
+                <enum value="D.14.3">Health Care Administration</enum>
+                <enum value="D.14.4">Health Care Delivery Services</enum>
+                <enum value="D.14.5">Health Care Research and Practitioner Education</enum>
+                <enum value="D.15.1">General Retirement and Disability</enum>
+                <enum value="D.15.2">Unemployment Compensation</enum>
+                <enum value="D.15.3">Housing Assistance</enum>
+                <enum value="D.15.4">Food and Nutrition Assistance</enum>
+                <enum value="D.15.5">Survivor Compensation</enum>
+                <enum value="D.16.1">Criminal Apprehension</enum>
+                <enum value="D.16.2">Criminal Investigation and Surveillance</enum>
+                <enum value="D.16.3">Citizen Protection</enum>
+                <enum value="D.16.4">Leadership Protection</enum>
+                <enum value="D.16.5">Property Protection</enum>
+                <enum value="D.16.6">Substance Control</enum>
+                <enum value="D.16.7">Crime Prevention</enum>
+                <enum value="D.16.8">Trade Law Enforcement</enum>
+                <enum value="D.17.1">Judicial Hearings</enum>
+                <enum value="D.17.2">Legal Defense</enum>
+                <enum value="D.17.3">Legal Investigation</enum>
+                <enum value="D.17.4">Legal Prosecution and Litigation</enum>
+                <enum value="D.17.5">Resolution Facilitation</enum>
+                <enum value="D.18.1">Criminal Incarceration</enum>
+                <enum value="D.18.2">Criminal Rehabilitation</enum>
+                <enum value="D.19.1">Scientific and Technological Research and Innovation</enum>
+                <enum value="D.19.2">Space Exploration and Innovation</enum>
+                <enum value="D.2.1">Border and Transportation Security</enum>
+                <enum value="D.2.2">Key Asset and Critical Infrastructure Protection</enum>
+                <enum value="D.2.3">Catastrophic Defense</enum>
+                <enum value="D.2.4">Executive Functions of the Executive Office of the President</enum>
+                <enum value="D.20.1">Research and Development</enum>
+                <enum value="D.20.2">General Purpose Data and Statistics</enum>
+                <enum value="D.20.3">Advising and Consulting</enum>
+                <enum value="D.20.4">Knowledge Dissemination</enum>
+                <enum value="D.21.1">Inspections and Auditing</enum>
+                <enum value="D.21.2">Standards Setting/Reporting Guideline Development</enum>
+                <enum value="D.21.3">Permits and Licensing</enum>
+                <enum value="D.22.1">Manufacturing</enum>
+                <enum value="D.22.2">Construction</enum>
+                <enum value="D.22.3">Public Resources, Facility and Infrastructure Management</enum>
+                <enum value="D.22.4">Information Infrastructure Management</enum>
+                <enum value="D.23.1">Federal Grants (Non-State)</enum>
+                <enum value="D.23.2">Direct Transfers to Individuals</enum>
+                <enum value="D.23.3">Subsidies Information</enum>
+                <enum value="D.23.4">Tax Credits</enum>
+                <enum value="D.24.1">Direct Loans</enum>
+                <enum value="D.24.2">Loan Guarantees</enum>
+                <enum value="D.24.3">General Insurance</enum>
+                <enum value="D.25.1">Formula Grants</enum>
+                <enum value="D.25.2">Project/Competitive Grants</enum>
+                <enum value="D.25.3">Earmarked Grants</enum>
+                <enum value="D.25.4">State Loans</enum>
+                <enum value="D.26.1">Military Operations</enum>
+                <enum value="D.26.2">Civilian Operations</enum>
+                <enum value="D.3.1">Domestic Intelligence</enum>
+                <enum value="D.4.1">Disaster Monitoring and Prediction</enum>
+                <enum value="D.4.2">Disaster Preparedness and Planning</enum>
+                <enum value="D.4.3">Disaster Repair and Restoration</enum>
+                <enum value="D.4.4">Emergency Response</enum>
+                <enum value="D.5.1">Foreign Affairs</enum>
+                <enum value="D.5.2">International Development and Humanitarian Aid</enum>
+                <enum value="D.5.3">Global Trade</enum>
+                <enum value="D.6.1">Water Resource Management</enum>
+                <enum value="D.6.2">Conservation, Marine and Land Management</enum>
+                <enum value="D.6.3">Recreational Resource Management and Tourism</enum>
+                <enum value="D.6.4">Agricultural Innovation and Services</enum>
+                <enum value="D.7.1">Energy Supply</enum>
+                <enum value="D.7.2">Energy Conservation and Preparedness</enum>
+                <enum value="D.7.3">Energy Resource Management</enum>
+                <enum value="D.7.4">Energy Production</enum>
+                <enum value="D.8.1">Environmental Monitoring and Forecasting</enum>
+                <enum value="D.8.2">Environmental Remediation</enum>
+                <enum value="D.9.1">Business and Industry Development</enum>
+                <enum value="D.9.2">Intellectual Property Protection</enum>
+                <enum value="D.9.3">Financial Sector Oversight</enum>
+                <enum value="D.9.4">Industry Sector Income Stabilization</enum>
+            </allowed-values>
 
         </constraints>
 

@@ -0,0 +1,8 @@
+# Driver for the information-type-800-60-v2r1 constraint unit test.
+test-case:
+  name: The information-type-800-60-v2r1 constraint unit test.
+  description: Test that the SSP "information-type-id" element contains an invalid value.
+  content: ../content/ssp-information-type-id-INVALID.xml
+  expectations:
+  - constraint-id: information-type-800-60-v2r1
+    result: fail
@@ -0,0 +1,8 @@
+# Driver for the valid information-type-800-60-v2r1 constraint unit test.
+test-case:
+  name: The valid information-type-800-60-v2r1 constraint unit test.
+  description: Test that the SSP "information-type-id" element contains a valid value.
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+  - constraint-id: information-type-800-60-v2r1
+    result: pass