Create FedRAMP/non-FedRAMP split

[delnaweil]

Extended Description

• As a FedRAMP PMO manager, in order to extend the use of fedramp-automation to other US government entities, I want to segregate FedRAMP-specific validations from ones which are not FedRAMP-specific.

Preconditions
None.

Acceptance Criteria

• All Schematron assertion messages are declarative statements which affirm the positive test outcome.
• All Schematron assertion diagnostic messages are declarative statements which explain the negative test outcome.
• The Schematron code has no assertion failures when validated using src/validations/styleguides/sch.sch using the basic phase.
• XSpec unit tests for positive and negative Schematron assertion outcomes accompany all Schematron assertions (where feasible).
• Story tasks are completed.

Story Tasks

• Declare an XML Namespace xmlns:fedramp="https://fedramp.gov/ns/oscal" in ssp.sch.
• For each FedRAMP-specific Schematron assertion in ssp.sch - i.e., assertions which are peculiar to FedRAMP - add an attribute fedramp:specific="true".
• Create an XSLT transform which uses ssp.sch and fedramp_values.xml as inputs and produces two XML documents: one which includes only non-FedRAMP-specific value-set elements (ones used in assertions that are non-FedRAMP-specific), and one which includes only FedRAMP-specific value-set elements (ones used in assertions that are FedRAMP-specific). Use <xsl:output indent="true" method="xml" saxon:indent-spaces="3" saxon:line-length="200" /> in the transform in order to approximate previously-used formatting. Update the metadata in each appropriately.
• Create an XSLT transform which uses ssp.sch as input and produces two Schematron documents: one which includes only non-FedRAMP-specific constructs and references the non-FedRAMP-specific value-set document, and one which includes only FedRAMP-specific constructs and references the FedRAMP-specific value-set document. Validate the result documents.
• Create an XSLT transform which uses ssp.sch and ssp.xspec as inputs and produces two XSpec documents: one which includes only non-FedRAMP-specific constructs and references the non-FedRAMP-specific Schematron document, and one which includes only FedRAMP-specific constructs and references the FedRAMP-specific Schematron document. Validate the result documents. Apply the XSpec unit tests to the respective Schematron documents.
• Create an XSLT transform which consumes two or more Schematron documents and combines them into a single document (for use within the UI).
• Decide how FedRAMP-specific validations, related unit tests, and related value-set documents should be separately maintained within the fedramp-automation repository. Create a draft descriptive ADR. Solicit agreement for the ADR. Once agreement is reached, the proposed split will require multiple separate issues to be created in order to adopt the changes.
• Update the repository with the new document segregation scheme while retaining the original (pre-split) documents while related issues are completed.
• Update any related documentation files.

Definition of Done

• Acceptance criteria met
• Unit test coverage of our code > 95%
• Automated code quality checks passed
• Security reviewed and reported
• Reviewed against plain language guidelines
• Code must be self-documenting
• No local tech debt
• Load/performance tests passed – needs to be created/automated
• Documentation updated
• Architectural Decision Record completed as necessary for significant design choices
• PR reviewed & approved
• Source code merged