[DO NOT MERGE] 980 last accessed

features/fedramp_extensions.feature

@@ -117,6 +117,7 @@ Examples:
   | inventory-item-allows-authenticated-scan |
   | inventory-item-public |
   | inventory-item-virtual |
+  | last-accessed-is-datetime |
   | leveraged-authorization-has-authorization-type |
   | leveraged-authorization-has-impact-level |
   | leveraged-authorization-has-system-identifier |
@@ -358,6 +359,8 @@ Examples:
   | inventory-item-public-PASS.yaml |
   | inventory-item-virtual-FAIL.yaml |
   | inventory-item-virtual-PASS.yaml |
+  | last-accessed-is-datetime-FAIL.yaml |
+  | last-accessed-is-datetime-PASS.yaml |
   | leveraged-authorization-has-authorization-type-FAIL.yaml |
   | leveraged-authorization-has-authorization-type-PASS.yaml |
   | leveraged-authorization-has-impact-level-FAIL.yaml |

src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml

@@ -8247,6 +8247,7 @@ FedRAMP PMO.</p>
     <resource uuid="11111111-2222-4000-8000-001000000003">
       <title>FedRAMP Applicable Laws and Regulations</title>
       <prop name="type" class="fedramp-citations" value="citation"/>
+      <prop name="last-accessed" ns="http://fedramp.gov/ns/oscal" value="2024-12-23T14:30:00-05:00"/>
       <rlink href="https://www.fedramp.gov/assets/resources/templates/FedRAMP-Laws-Regulations-Standards-and-Guidance-Reference.xlsx"/>
       <remarks>
         <p>Must be present in a FedRAMP SSP.</p>
@@ -8333,7 +8334,7 @@ FedRAMP PMO.</p>
         <p>CM Policy document</p>
       </description>
       <prop name="type" value="policy"/>
-      <prop name="published" value="2023-01-01T00:00:00Z"/>
+      <prop name="last-accessed" ns="http://fedramp.gov/ns/oscal" value="2023-01-01T00:00:00Z"/>
       <!-- document date -->
       <prop name="version" value="Document Version"/>
       <rlink media-type="application/pdf" href="./attachments/policies/sample_CM_policy.pdf"/>

src/validations/constraints/content/ssp-last-accessed-is-datetime-INVALID.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-model href="https://github.com/usnistgov/OSCAL/releases/download/v1.1.3/oscal_ssp_schema.xsd" schematypens="http://www.w3.org/2001/XMLSchema" title="OSCAL complete schema"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="11111111-2222-4000-8000-000000000000">
+  <!-- SSP Attachments -->
+  <back-matter>
+    <!-- FedRAMP Laws -->
+    <resource uuid="11111111-2222-4000-8000-001000000003">
+      <title>FedRAMP Applicable Laws and Regulations</title>
+      <prop name="type" class="fedramp-citations" value="citation"/>
+      <!--Incorrect format for last-accessed, not a datetime with timezone-->
+      <prop name="last-accessed" ns="http://fedramp.gov/ns/oscal" value="January 1, 2024"/>
+      <rlink href="https://www.fedramp.gov/assets/resources/templates/FedRAMP-Laws-Regulations-Standards-and-Guidance-Reference.xlsx"/>
+      <remarks>
+        <p>Must be present in a FedRAMP SSP.</p>
+      </remarks>
+    </resource>
+  </back-matter>
+</system-security-plan>

src/validations/constraints/fedramp-external-constraints.xml

@@ -740,4 +740,15 @@
         </constraints>
     </context>
 
+    <context>
+        <metapath target="//back-matter/resource"/>
+        <constraints>
+            <matches id="last-accessed-is-datetime" target="prop[@ns='http://fedramp.gov/ns/oscal' and @name='last-accessed']/@value" datatype="dateTime-with-timezone" level="ERROR">
+                <formal-name>Last Accessed is Type DateTime</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="add-help-url-here"/>
+                <message>FedRAMP Back Matter MUST specify the last accessed date as a "full-date" per RFC3339 with the addition of a timezone.</message>
+            </matches>
+        </constraints>
+    </context>
+
 </metaschema-meta-constraints>

src/validations/constraints/unit-tests/last-accessed-is-datetime-FAIL.yaml

@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for last-accessed-is-datetime
+  description: >-
+    This test case validates the behavior of constraint
+    last-accessed-is-datetime
+  content: ../content/ssp-last-accessed-is-datetime-INVALID.xml
+  expectations:
+    - constraint-id: last-accessed-is-datetime
+      result: fail

src/validations/constraints/unit-tests/last-accessed-is-datetime-PASS.yaml

@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for last-accessed-is-datetime
+  description: >-
+    This test case validates the behavior of constraint
+    last-accessed-is-datetime
+  content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+  expectations:
+    - constraint-id: last-accessed-is-datetime
+      result: pass