From fa25a3990f0e92a15982647be4647bf477c82f1e Mon Sep 17 00:00:00 2001
From: Gabeblis <gabriel.rodriguez@gsa.gov>
Date: Wed, 20 Nov 2024 20:21:19 +0000
Subject: [PATCH 1/2] Add leveraged authorization entry constraints and tests

---
 features/fedramp_extensions.feature           |  8 ++++++++
 ...ization-has-authorization-type-INVALID.xml |  8 ++++++++
 ...authorization-has-impact-level-INVALID.xml |  9 +++++++++
 ...rization-has-system-identifier-INVALID.xml |  7 +++++++
 ...zation-has-user-authentication-INVALID.xml | 13 ++++++++++++
 .../fedramp-external-constraints.xml          | 20 +++++++++++++++++++
 ...orization-has-authorization-type-FAIL.yaml |  9 +++++++++
 ...orization-has-authorization-type-PASS.yaml |  9 +++++++++
 ...d-authorization-has-impact-level-FAIL.yaml |  9 +++++++++
 ...d-authorization-has-impact-level-PASS.yaml |  9 +++++++++
 ...horization-has-system-identifier-FAIL.yaml |  9 +++++++++
 ...horization-has-system-identifier-PASS.yaml |  9 +++++++++
 ...rization-has-user-authentication-FAIL.yaml |  9 +++++++++
 ...rization-has-user-authentication-PASS.yaml |  9 +++++++++
 14 files changed, 137 insertions(+)
 create mode 100644 src/validations/constraints/content/ssp-leveraged-authorization-has-authorization-type-INVALID.xml
 create mode 100644 src/validations/constraints/content/ssp-leveraged-authorization-has-impact-level-INVALID.xml
 create mode 100644 src/validations/constraints/content/ssp-leveraged-authorization-has-system-identifier-INVALID.xml
 create mode 100644 src/validations/constraints/content/ssp-leveraged-authorization-has-user-authentication-INVALID.xml
 create mode 100644 src/validations/constraints/unit-tests/leveraged-authorization-has-authorization-type-FAIL.yaml
 create mode 100644 src/validations/constraints/unit-tests/leveraged-authorization-has-authorization-type-PASS.yaml
 create mode 100644 src/validations/constraints/unit-tests/leveraged-authorization-has-impact-level-FAIL.yaml
 create mode 100644 src/validations/constraints/unit-tests/leveraged-authorization-has-impact-level-PASS.yaml
 create mode 100644 src/validations/constraints/unit-tests/leveraged-authorization-has-system-identifier-FAIL.yaml
 create mode 100644 src/validations/constraints/unit-tests/leveraged-authorization-has-system-identifier-PASS.yaml
 create mode 100644 src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-FAIL.yaml
 create mode 100644 src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-PASS.yaml

diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature
index cf7407a31..a5a9793de 100644
--- a/features/fedramp_extensions.feature
+++ b/features/fedramp_extensions.feature
@@ -303,6 +303,14 @@ Examples:
   | inventory-item-virtual-PASS.yaml |
   | leveraged-authorization-nature-of-agreement-FAIL.yaml |
   | leveraged-authorization-nature-of-agreement-PASS.yaml |
+  | leveraged-authorization-has-authorization-type-FAIL.yaml |
+  | leveraged-authorization-has-authorization-type-PASS.yaml |
+  | leveraged-authorization-has-impact-level-FAIL.yaml |
+  | leveraged-authorization-has-impact-level-PASS.yaml |
+  | leveraged-authorization-has-system-identifier-FAIL.yaml |
+  | leveraged-authorization-has-system-identifier-PASS.yaml |
+  | leveraged-authorization-has-user-authentication-FAIL.yaml |
+  | leveraged-authorization-has-user-authentication-PASS.yaml |
   | marking-FAIL.yaml |
   | marking-PASS.yaml |
   | missing-response-components-FAIL.yaml |
diff --git a/src/validations/constraints/content/ssp-leveraged-authorization-has-authorization-type-INVALID.xml b/src/validations/constraints/content/ssp-leveraged-authorization-has-authorization-type-INVALID.xml
new file mode 100644
index 000000000..856d651fc
--- /dev/null
+++ b/src/validations/constraints/content/ssp-leveraged-authorization-has-authorization-type-INVALID.xml
@@ -0,0 +1,8 @@
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" uuid="12345678-1234-4321-8765-123456789012">
+  <system-implementation>
+    <leveraged-authorization uuid="5a9c98ab-8e5e-433d-a7bd-515c07cd1497">
+      <!-- <prop ns="http://fedramp.gov/ns/oscal" name="authorization-type" value="fedramp-agency"/> Missing authorization-type -->
+      <date-authorized>2015-01-01</date-authorized>
+    </leveraged-authorization>
+  </system-implementation>
+</system-security-plan>
\ No newline at end of file
diff --git a/src/validations/constraints/content/ssp-leveraged-authorization-has-impact-level-INVALID.xml b/src/validations/constraints/content/ssp-leveraged-authorization-has-impact-level-INVALID.xml
new file mode 100644
index 000000000..0dd1e6641
--- /dev/null
+++ b/src/validations/constraints/content/ssp-leveraged-authorization-has-impact-level-INVALID.xml
@@ -0,0 +1,9 @@
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" uuid="12345678-1234-4321-8765-123456789012">
+  <system-implementation>
+    <leveraged-authorization uuid="5a9c98ab-8e5e-433d-a7bd-515c07cd1497">
+      <!-- <prop ns="http://fedramp.gov/ns/oscal" name="impact-level" value="moderate"/> Missing impact-level -->
+      <party-uuid>f0bc13a4-3303-47dd-80d3-380e159c8362</party-uuid>
+      <date-authorized>2015-01-01</date-authorized>
+    </leveraged-authorization>
+  </system-implementation>
+</system-security-plan>
\ No newline at end of file
diff --git a/src/validations/constraints/content/ssp-leveraged-authorization-has-system-identifier-INVALID.xml b/src/validations/constraints/content/ssp-leveraged-authorization-has-system-identifier-INVALID.xml
new file mode 100644
index 000000000..9e9f16edf
--- /dev/null
+++ b/src/validations/constraints/content/ssp-leveraged-authorization-has-system-identifier-INVALID.xml
@@ -0,0 +1,7 @@
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" uuid="12345678-1234-4321-8765-123456789012">
+  <system-implementation>
+    <leveraged-authorization uuid="5a9c98ab-8e5e-433d-a7bd-515c07cd1497">
+      <!-- <prop ns="http://fedramp.gov/ns/oscal" name="leveraged-system-identifier" value="F1603047866"/> Missing leveraged-system-identifier -->
+    </leveraged-authorization>
+  </system-implementation>
+</system-security-plan>
\ No newline at end of file
diff --git a/src/validations/constraints/content/ssp-leveraged-authorization-has-user-authentication-INVALID.xml b/src/validations/constraints/content/ssp-leveraged-authorization-has-user-authentication-INVALID.xml
new file mode 100644
index 000000000..b16b4bbfa
--- /dev/null
+++ b/src/validations/constraints/content/ssp-leveraged-authorization-has-user-authentication-INVALID.xml
@@ -0,0 +1,13 @@
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" uuid="12345678-1234-4321-8765-123456789012">
+  <system-implementation>
+    <leveraged-authorization uuid="5a9c98ab-8e5e-433d-a7bd-515c07cd1497">
+      <prop ns="http://fedramp.gov/ns/oscal" name="user-authentication" value="yes">
+        <!-- <remarks>
+          <p>If 'yes', describe the user authentication method.</p>
+          <p>If 'no', explain why no user authentication is used.</p>
+          <p>If 'not-applicable', attest that no users access the leveraged system.</p>
+        </remarks> No remarks provided to support the value-->
+      </prop>
+    </leveraged-authorization>
+  </system-implementation>
+</system-security-plan>
\ No newline at end of file
diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
index ad58b98e4..a988d503f 100644
--- a/src/validations/constraints/fedramp-external-constraints.xml
+++ b/src/validations/constraints/fedramp-external-constraints.xml
@@ -517,6 +517,26 @@
 				<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
 				<message>A FedRAMP SSP system implementation section MUST have at least two inventory items.</message>
 			</expect>
+            <expect id="leveraged-authorization-has-authorization-type" target="leveraged-authorization" test="count(prop[@name='authorization-type'][@ns='http://fedramp.gov/ns/oscal']) = 1" level="ERROR">
+                <formal-name>Leveraged Authorization Has Authorization Type</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>
+                <message>A FedRAMP SSP MUST define exactly one authorization type for each leveraged authorization entry.</message>
+            </expect>
+            <expect id="leveraged-authorization-has-impact-level" target="leveraged-authorization" test="count(prop[@name='impact-level'][@ns='http://fedramp.gov/ns/oscal']) = 1" level="ERROR">
+                <formal-name>Leveraged Authorization Has Impact Level</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>
+                <message>A FedRAMP SSP MUST define exactly one impact level for each leveraged authorization entry.</message>
+            </expect>
+            <expect id="leveraged-authorization-has-system-identifier" target="leveraged-authorization" test="count(prop[@name='leveraged-system-identifier'][@ns='http://fedramp.gov/ns/oscal']) = 1" level="ERROR">
+                <formal-name>Leveraged Authorization Has System Identifier</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>
+                <message>A FedRAMP SSP MUST define exactly one system identifier for each leveraged authorization entry.</message>
+            </expect>
+            <expect id="leveraged-authorization-has-user-authentication" target="leveraged-authorization" test="count(prop[@name='user-authentication'][@ns='http://fedramp.gov/ns/oscal']/remarks) = 1" level="ERROR">
+                <formal-name>Leveraged Authorization Has User Authentication</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>
+                <message>A FedRAMP SSP MUST provide exactly one explanation of the user authentication for each leveraged authorization entry.</message>
+            </expect>
 		</constraints>
 	</context>    
     <context>
diff --git a/src/validations/constraints/unit-tests/leveraged-authorization-has-authorization-type-FAIL.yaml b/src/validations/constraints/unit-tests/leveraged-authorization-has-authorization-type-FAIL.yaml
new file mode 100644
index 000000000..6ef165824
--- /dev/null
+++ b/src/validations/constraints/unit-tests/leveraged-authorization-has-authorization-type-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for leveraged-authorization-has-authorization-type
+  description: >-
+    This test case validates the behavior of constraint
+    leveraged-authorization-has-authorization-type
+  content: ../content/ssp-leveraged-authorization-has-authorization-type-INVALID.xml
+  expectations:
+    - constraint-id: leveraged-authorization-has-authorization-type
+      result: fail
diff --git a/src/validations/constraints/unit-tests/leveraged-authorization-has-authorization-type-PASS.yaml b/src/validations/constraints/unit-tests/leveraged-authorization-has-authorization-type-PASS.yaml
new file mode 100644
index 000000000..fb4222996
--- /dev/null
+++ b/src/validations/constraints/unit-tests/leveraged-authorization-has-authorization-type-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for leveraged-authorization-has-authorization-type
+  description: >-
+    This test case validates the behavior of constraint
+    leveraged-authorization-has-authorization-type
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: leveraged-authorization-has-authorization-type
+      result: pass
diff --git a/src/validations/constraints/unit-tests/leveraged-authorization-has-impact-level-FAIL.yaml b/src/validations/constraints/unit-tests/leveraged-authorization-has-impact-level-FAIL.yaml
new file mode 100644
index 000000000..c3ad1fc63
--- /dev/null
+++ b/src/validations/constraints/unit-tests/leveraged-authorization-has-impact-level-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for leveraged-authorization-has-impact-level
+  description: >-
+    This test case validates the behavior of constraint
+    leveraged-authorization-has-impact-level
+  content: ../content/ssp-leveraged-authorization-has-impact-level-INVALID.xml
+  expectations:
+    - constraint-id: leveraged-authorization-has-impact-level
+      result: fail
diff --git a/src/validations/constraints/unit-tests/leveraged-authorization-has-impact-level-PASS.yaml b/src/validations/constraints/unit-tests/leveraged-authorization-has-impact-level-PASS.yaml
new file mode 100644
index 000000000..f6bd88ccc
--- /dev/null
+++ b/src/validations/constraints/unit-tests/leveraged-authorization-has-impact-level-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for leveraged-authorization-has-impact-level
+  description: >-
+    This test case validates the behavior of constraint
+    leveraged-authorization-has-impact-level
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: leveraged-authorization-has-impact-level
+      result: pass
diff --git a/src/validations/constraints/unit-tests/leveraged-authorization-has-system-identifier-FAIL.yaml b/src/validations/constraints/unit-tests/leveraged-authorization-has-system-identifier-FAIL.yaml
new file mode 100644
index 000000000..d7e128ac9
--- /dev/null
+++ b/src/validations/constraints/unit-tests/leveraged-authorization-has-system-identifier-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for leveraged-authorization-has-system-identifier
+  description: >-
+    This test case validates the behavior of constraint
+    leveraged-authorization-has-system-identifier
+  content: ../content/ssp-leveraged-authorization-has-system-identifier-INVALID.xml
+  expectations:
+    - constraint-id: leveraged-authorization-has-system-identifier
+      result: fail
diff --git a/src/validations/constraints/unit-tests/leveraged-authorization-has-system-identifier-PASS.yaml b/src/validations/constraints/unit-tests/leveraged-authorization-has-system-identifier-PASS.yaml
new file mode 100644
index 000000000..586992873
--- /dev/null
+++ b/src/validations/constraints/unit-tests/leveraged-authorization-has-system-identifier-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for leveraged-authorization-has-system-identifier
+  description: >-
+    This test case validates the behavior of constraint
+    leveraged-authorization-has-system-identifier
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: leveraged-authorization-has-system-identifier
+      result: pass
diff --git a/src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-FAIL.yaml b/src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-FAIL.yaml
new file mode 100644
index 000000000..2599056a3
--- /dev/null
+++ b/src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for leveraged-authorization-has-user-authentication
+  description: >-
+    This test case validates the behavior of constraint
+    leveraged-authorization-has-user-authentication
+  content: ../content/ssp-leveraged-authorization-has-user-authentication-INVALID.xml
+  expectations:
+    - constraint-id: leveraged-authorization-has-user-authentication
+      result: fail
diff --git a/src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-PASS.yaml b/src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-PASS.yaml
new file mode 100644
index 000000000..15c061eff
--- /dev/null
+++ b/src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for leveraged-authorization-has-user-authentication
+  description: >-
+    This test case validates the behavior of constraint
+    leveraged-authorization-has-user-authentication
+  content: ../content/ssp-all-VALID.xml
+  expectations:
+    - constraint-id: leveraged-authorization-has-user-authentication
+      result: pass

From ed97692a16e4c2676961341ef8f11cae96d01c7a Mon Sep 17 00:00:00 2001
From: Gabeblis <gabriel.rodriguez@gsa.gov>
Date: Mon, 25 Nov 2024 14:20:59 +0000
Subject: [PATCH 2/2] remove user-authentication check

---
 features/fedramp_extensions.feature                 |  9 +++++----
 ...uthorization-has-user-authentication-INVALID.xml | 13 -------------
 .../constraints/fedramp-external-constraints.xml    | 11 +++--------
 ...-authorization-has-user-authentication-FAIL.yaml |  9 ---------
 ...-authorization-has-user-authentication-PASS.yaml |  9 ---------
 5 files changed, 8 insertions(+), 43 deletions(-)
 delete mode 100644 src/validations/constraints/content/ssp-leveraged-authorization-has-user-authentication-INVALID.xml
 delete mode 100644 src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-FAIL.yaml
 delete mode 100644 src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-PASS.yaml

diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature
index a5a9793de..237e029dc 100644
--- a/features/fedramp_extensions.feature
+++ b/features/fedramp_extensions.feature
@@ -102,6 +102,9 @@ Examples:
   | inventory-item-allows-authenticated-scan |
   | inventory-item-public |
   | inventory-item-virtual |
+  | leveraged-authorization-has-authorization-type |
+  | leveraged-authorization-has-impact-level |
+  | leveraged-authorization-has-system-identifier |
   | leveraged-authorization-nature-of-agreement |
   | marking |
   | missing-response-components |
@@ -301,16 +304,14 @@ Examples:
   | inventory-item-public-PASS.yaml |
   | inventory-item-virtual-FAIL.yaml |
   | inventory-item-virtual-PASS.yaml |
-  | leveraged-authorization-nature-of-agreement-FAIL.yaml |
-  | leveraged-authorization-nature-of-agreement-PASS.yaml |
   | leveraged-authorization-has-authorization-type-FAIL.yaml |
   | leveraged-authorization-has-authorization-type-PASS.yaml |
   | leveraged-authorization-has-impact-level-FAIL.yaml |
   | leveraged-authorization-has-impact-level-PASS.yaml |
   | leveraged-authorization-has-system-identifier-FAIL.yaml |
   | leveraged-authorization-has-system-identifier-PASS.yaml |
-  | leveraged-authorization-has-user-authentication-FAIL.yaml |
-  | leveraged-authorization-has-user-authentication-PASS.yaml |
+  | leveraged-authorization-nature-of-agreement-FAIL.yaml |
+  | leveraged-authorization-nature-of-agreement-PASS.yaml |
   | marking-FAIL.yaml |
   | marking-PASS.yaml |
   | missing-response-components-FAIL.yaml |
diff --git a/src/validations/constraints/content/ssp-leveraged-authorization-has-user-authentication-INVALID.xml b/src/validations/constraints/content/ssp-leveraged-authorization-has-user-authentication-INVALID.xml
deleted file mode 100644
index b16b4bbfa..000000000
--- a/src/validations/constraints/content/ssp-leveraged-authorization-has-user-authentication-INVALID.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" uuid="12345678-1234-4321-8765-123456789012">
-  <system-implementation>
-    <leveraged-authorization uuid="5a9c98ab-8e5e-433d-a7bd-515c07cd1497">
-      <prop ns="http://fedramp.gov/ns/oscal" name="user-authentication" value="yes">
-        <!-- <remarks>
-          <p>If 'yes', describe the user authentication method.</p>
-          <p>If 'no', explain why no user authentication is used.</p>
-          <p>If 'not-applicable', attest that no users access the leveraged system.</p>
-        </remarks> No remarks provided to support the value-->
-      </prop>
-    </leveraged-authorization>
-  </system-implementation>
-</system-security-plan>
\ No newline at end of file
diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
index a988d503f..be2252ba8 100644
--- a/src/validations/constraints/fedramp-external-constraints.xml
+++ b/src/validations/constraints/fedramp-external-constraints.xml
@@ -517,25 +517,20 @@
 				<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
 				<message>A FedRAMP SSP system implementation section MUST have at least two inventory items.</message>
 			</expect>
-            <expect id="leveraged-authorization-has-authorization-type" target="leveraged-authorization" test="count(prop[@name='authorization-type'][@ns='http://fedramp.gov/ns/oscal']) = 1" level="ERROR">
+            <expect id="leveraged-authorization-has-authorization-type" target="leveraged-authorization" test="count(prop[@name='authorization-type'][@ns='https://fedramp.gov/ns/oscal']) = 1" level="ERROR">
                 <formal-name>Leveraged Authorization Has Authorization Type</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>
                 <message>A FedRAMP SSP MUST define exactly one authorization type for each leveraged authorization entry.</message>
             </expect>
-            <expect id="leveraged-authorization-has-impact-level" target="leveraged-authorization" test="count(prop[@name='impact-level'][@ns='http://fedramp.gov/ns/oscal']) = 1" level="ERROR">
+            <expect id="leveraged-authorization-has-impact-level" target="leveraged-authorization" test="count(prop[@name='impact-level'][@ns='https://fedramp.gov/ns/oscal']) = 1" level="ERROR">
                 <formal-name>Leveraged Authorization Has Impact Level</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>
                 <message>A FedRAMP SSP MUST define exactly one impact level for each leveraged authorization entry.</message>
             </expect>
-            <expect id="leveraged-authorization-has-system-identifier" target="leveraged-authorization" test="count(prop[@name='leveraged-system-identifier'][@ns='http://fedramp.gov/ns/oscal']) = 1" level="ERROR">
+            <expect id="leveraged-authorization-has-system-identifier" target="leveraged-authorization" test="count(prop[@name='leveraged-system-identifier'][@ns='https://fedramp.gov/ns/oscal']) = 1" level="ERROR">
                 <formal-name>Leveraged Authorization Has System Identifier</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>
                 <message>A FedRAMP SSP MUST define exactly one system identifier for each leveraged authorization entry.</message>
-            </expect>
-            <expect id="leveraged-authorization-has-user-authentication" target="leveraged-authorization" test="count(prop[@name='user-authentication'][@ns='http://fedramp.gov/ns/oscal']/remarks) = 1" level="ERROR">
-                <formal-name>Leveraged Authorization Has User Authentication</formal-name>
-                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>
-                <message>A FedRAMP SSP MUST provide exactly one explanation of the user authentication for each leveraged authorization entry.</message>
             </expect>
 		</constraints>
 	</context>    
diff --git a/src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-FAIL.yaml b/src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-FAIL.yaml
deleted file mode 100644
index 2599056a3..000000000
--- a/src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-FAIL.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-test-case:
-  name: Negative Test for leveraged-authorization-has-user-authentication
-  description: >-
-    This test case validates the behavior of constraint
-    leveraged-authorization-has-user-authentication
-  content: ../content/ssp-leveraged-authorization-has-user-authentication-INVALID.xml
-  expectations:
-    - constraint-id: leveraged-authorization-has-user-authentication
-      result: fail
diff --git a/src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-PASS.yaml b/src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-PASS.yaml
deleted file mode 100644
index 15c061eff..000000000
--- a/src/validations/constraints/unit-tests/leveraged-authorization-has-user-authentication-PASS.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-test-case:
-  name: Positive Test for leveraged-authorization-has-user-authentication
-  description: >-
-    This test case validates the behavior of constraint
-    leveraged-authorization-has-user-authentication
-  content: ../content/ssp-all-VALID.xml
-  expectations:
-    - constraint-id: leveraged-authorization-has-user-authentication
-      result: pass