GSA
diff --git a/‎.github/workflows/508-compliance.yml‎
Lines changed: 126 additions & 0 deletions b/‎.github/workflows/508-compliance.yml‎
Lines changed: 126 additions & 0 deletions
diff --git a/‎.github/workflows/workflow-generate-website.yml‎
Lines changed: 9 additions & 6 deletions b/‎.github/workflows/workflow-generate-website.yml‎
Lines changed: 9 additions & 6 deletions
diff --git a/‎.gitignore‎
Lines changed: 4 additions & 1 deletion b/‎.gitignore‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎.pa11yci‎
Lines changed: 12 additions & 0 deletions b/‎.pa11yci‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎.tool-versions‎
Lines changed: 1 addition & 0 deletions b/‎.tool-versions‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎config/_default/hugo.yaml‎
Lines changed: 1 addition & 0 deletions b/‎config/_default/hugo.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎content/collaborate/_index.md‎
Lines changed: 1 addition & 1 deletion b/‎content/collaborate/_index.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/documentation/_index.md‎
Lines changed: 11 additions & 9 deletions b/‎content/documentation/_index.md‎
Lines changed: 11 additions & 9 deletions
diff --git a/‎content/documentation/changes.md‎
Lines changed: 18 additions & 0 deletions b/‎content/documentation/changes.md‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎content/documentation/common-fedramp-elements/_index.md‎
Lines changed: 17 additions & 0 deletions b/‎content/documentation/common-fedramp-elements/_index.md‎
Lines changed: 17 additions & 0 deletions
@@ -0,0 +1,126 @@
+name: 508 Compliance
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+      - "release/*"
+      - "feature/*"
+  workflow_dispatch:
+    inputs:
+      linkcheck_fail_on_error:
+        description: 'A boolean flag that determines if bad links found by the link checker fail fast'
+        required: false
+        default: true
+        type: boolean
+      linkcheck_create_issue:
+        description: 'Create new GitHub issue if broken links are found'
+        required: false
+        default: false
+        type: boolean
+
+env:
+  GH_TOKEN: ${{ secrets.GH_TOKEN }}
+  INPUT_FAIL_ON_ERROR: ${{ github.event.inputs.linkcheck_fail_on_error || 'true' }}
+  INPUT_ISSUE_ON_ERROR: ${{ github.event.inputs.linkcheck_create_issue || 'false' }}
+
+jobs:
+  build-and-push-website:
+    name: Build, Push, and 508 Compliance Test
+    runs-on: ubuntu-22.04
+    env:
+      BUILD_PATH: ./build
+    permissions:
+      contents: write
+    steps:
+      - name: Manage GH_TOKEN
+        if: env.GH_TOKEN == ''
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+        run: echo "GH_TOKEN=${GITHUB_TOKEN}" >> $GITHUB_ENV
+
+      - name: Checkout Latest
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          submodules: recursive
+
+      - name: Setup Swap Space
+        uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c
+        with:
+          swap-size-gb: 10
+
+      - name: Set up NodeJS
+        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e
+        with:
+          node-version-file: '.nvmrc'
+          cache: 'npm'
+          cache-dependency-path: package-lock.json
+
+      - name: Setup Dependencies
+        run: |
+          # (Optional OSCAL commands omitted for brevity)
+          npm install --loglevel verbose
+          echo "$PWD/node_modules/.bin/" >> $GITHUB_PATH
+          sudo snap install dart-sass
+
+      - name: Cache Hugo Modules
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684
+        with:
+          path: /tmp/hugo_cache
+          key: ${{ runner.os }}-hugomod-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-hugomod-
+
+      - name: Run Hugo
+        run: |
+          hugo -e staging --logLevel debug -d _site-test
+
+      - name: Zip Artifacts for Upload
+        run: |
+          zip ${{ runner.temp }}/website.zip -r _site-test
+
+      - name: Upload Generated Site
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        with:
+          name: website
+          path: ${{ runner.temp }}/website.zip
+          retention-days: 5
+
+      # === Begin 508 (accessibility) Compliance Testing using pa11y-ci via sitemap ===
+
+      - name: Serve site for 508 Compliance Test
+        run: |
+          # Serve the built site (_site-test) on port 8080
+          npx http-server _site-test -p 8080 &
+          sleep 5
+
+      - name: Install pa11y-ci
+        run: npm install -g pa11y-ci
+
+      - name: Run pa11y-ci for 508 Compliance
+        id: pa11y
+        run: |
+          # This command tells pa11y-ci to fetch all URLs from the sitemap,
+          # excluding any URLs matching "/*.pdf", and use the settings in .pa11yci.
+          pa11y-ci \
+            --sitemap http://localhost:8080/sitemap.xml \
+            --sitemap-find "https://automate.fedramp.gov" \
+            --sitemap-replace "http://localhost:8080" \
+            --sitemap-exclude "/*.pdf" \
+            --config .pa11yci > pa11y_report.md
+          echo "pa11y_exit_code=$?" >> $GITHUB_ENV
+
+      - name: Upload 508 Compliance Report
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        with:
+          name: pa11y-report
+          path: pa11y_report.md
+          retention-days: 5
+
+      - name: Fail on 508 Compliance Issues
+        if: ${{ env.pa11y_exit_code != '0' }}
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
+        with:
+          script: |
+            core.setFailed('508 compliance test failed; please review the pa11y report.')
@@ -25,7 +25,7 @@ env:
 jobs:
   build-and-push-website:
     name: Build and Push Website
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     env:
       BUILD_PATH: ./build
     permissions:
@@ -47,7 +47,7 @@ jobs:
       with:
         swap-size-gb: 10
     - name: Set up NodeJS
-      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
+      uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e
       with:
         node-version-file: '.nvmrc'
         cache: 'npm'
@@ -62,12 +62,15 @@ jobs:
         # - ajv-formats
         # - markdown-link-check
         # - yaml-convert
+        npx oscal@latest use latest
+        npx oscal-cli metaschema convert --to=JSON -m=https://raw.githubusercontent.com/usnistgov/OSCAL/refs/heads/main/src/metaschema/oscal_complete_metaschema.xml https://raw.githubusercontent.com/GSA/fedramp-automation/refs/heads/develop/src/validations/constraints/fedramp-external-constraints.xml ../static/json/fedramp_external_constraints.json --overwrite
+        npx oscal-cli metaschema convert --to=JSON -m=https://raw.githubusercontent.com/usnistgov/OSCAL/refs/heads/main/src/metaschema/oscal_complete_metaschema.xml https://raw.githubusercontent.com/GSA/fedramp-automation/refs/heads/develop/src/validations/constraints/fedramp-external-allowed-values.xml ../static/json/fedramp_allowed_values.json --overwrite
         npm install --loglevel verbose
         echo "$PWD/node_modules/.bin/" >> $GITHUB_PATH
         # Dart-Sass
         sudo snap install dart-sass
     # cache hugo modules
-    - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57
+    - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684
       with:
         path: /tmp/hugo_cache
         key: ${{ runner.os }}-hugomod-${{ hashFiles('**/go.sum') }}
@@ -81,15 +84,15 @@ jobs:
       run: |
         zip ${{ runner.temp }}/website.zip -r _site-test
     - name: Upload generated site
-      uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
       with:
         name: website
         path: |
           ${{ runner.temp }}/website.zip
         retention-days: 5
     - id: linkchecker
       name: Link Checker
-      uses: lycheeverse/lychee-action@f81112d0d2814ded911bd23e3beaa9dda9093915
+      uses: lycheeverse/lychee-action@f613c4a64e50d792e0b31ec34bbcbba12263c6a6
       with:
         args: --exclude-file .github/workflows/config/.lycheeignore --verbose --no-progress --accept 200,206,429 './_site-test/**/*.html' --remap "https://automate.fedramp.gov/ file://${GITHUB_WORKSPACE}/_site-test/" --exclude-mail
         format: markdown
@@ -100,7 +103,7 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       continue-on-error: true
     - name: Upload link check report
-      uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
       with:
         name: html-link-report
         path: html-link-report.md
 
@@ -2,4 +2,7 @@
 /.hugo_build.lock
 /hugo_stats.json
 
-/node_modules
+/node_modules
+.vscode
+.DS_Store
+pa11y_report.md
@@ -0,0 +1,12 @@
+{
+    "defaults": {
+      "standard": "WCAG2AA",
+      "runners": ["axe"],
+      "concurrency": 1,
+      "threshold": 5
+
+    },
+    "urls": [
+      "http://localhost:8080"
+    ]
+  }
@@ -0,0 +1 @@
+hugo 0.124.1
@@ -41,6 +41,7 @@ params:
   sidenav:
   custom_css:
   - css/site.css
+  - css/accessibility.css
   searchAffiliate: fedramp-automation
 #    debug: true
 markup:
 
@@ -16,6 +16,6 @@ cascade:
 
 You can collaborate with FedRAMP and its automation initiatives in multiple ways.
 
-- You can participate in [pilots](https://www.fedramp.gov/fedramp-pilots/), like the [Digital Authorization Pilot](https://www.fedramp.gov/digital-authorization-package-pilot/). You will use the FedRAMP Automation Team's tools, data, and documentation, evaluate them, and provide feedback.
+- You can participate in [pilots](https://www.fedramp.gov/updates/pilots/), like the [Digital Authorization Pilot](https://www.fedramp.gov/updates/pilots/digital-authorization-package/). You will use the FedRAMP Automation Team's tools, data, and documentation, evaluate them, and provide feedback.
 - You can attend FedRAMP Automation Team [meetings](./meetings/). You can provide feedback or directly propose changes.
 - You can provide feedback or propose changes via GitHub or email. See [the contact page](../contact/) for more information.
@@ -24,21 +24,23 @@ It provides guidance and examples intended to guide an organization in the produ
 
 XML and JSON use different terminology. Instead of repeatedly clarifying format-specific terminology, this document uses the following format-agnostic terminology through the document. 
 
-|**TERM**|**XML EQUIVALENT**|**JSON EQUIVALENT**|
-| :- | :- | :- |
-|**Field**|A single element or text value that can hold a value or an attribute|A single object that can hold a value or property|
-|**Flag**|Attribute|Property|
-|**Assembly**|A collection of elements. Typically, a parent node with one or more child nodes.|A collection of objects. Typically, a parent object with one or more child objects.|
+|**OSCAL<br />TERM**|**XML EQUIVALENT**|**JSON EQUIVALENT**|
+| :-: | :- | :- |
+|**Field**|An atomic xml element that can contain a value.<br/>An OSCAL field may have OSCAL Flags (XML attributes) associated with it. | An atomic JSON object that can contain a value.<br /> An OSCAL field may have OSCAL Flags (atomic JSON child objects) associated with it. |
+|**Flag**| An XML Attribute | An atomic JSON child object |
+|**Assembly**|A collection of related XML elements under a parent element.|A collection of related JSON objects under a parent object.|
 
-These terms are used by the National Institute of Standards and Technology (NIST) in the creation of OSCAL syntax.
+These terms are used by the National Institute of Standards and Technology (NIST) in the definition of OSCAL syntax.
 
 Throughout this document, the following words are used to differentiate between requirements, recommendations, and options.
 
 |**TERM**|**MEANING**|
 | :- | :- |
-|**must**|Indicates a required action.|
-|**should**|Indicates an action that is very important and strongly recommended, but is not required.|
-|**may**|Indicates an optional action.|
+|**MUST**|Indicates a required action.|
+|**MUST NOT**|Indicates a prohibited action.|
+|**SHOULD**|Indicates an action that is very important and strongly recommended, but is not required.|
+|**SHOULD NOT**|Indicates an action that carries risks, and avoidance is strongly recommended; however, the action is not strictly prohibited.|
+|**MAY**|Indicates an optional action.|
 
 
 ## XML, JSON and YAML Formats
 
@@ -0,0 +1,18 @@
+---
+title: Significant Changes
+weight: 100
+menu:
+  primary:
+    name: Significant Changes
+    parent: Documentation
+    weight: 50
+---
+# Significant Changes
+
+FedRAMP Designation
+
+- FedRAMP namespace designation change for `part` and `prop`
+  - from `https://fedramp.gov/ns/oscal` to `http://fedramp.gov/ns/oscal` (dropping the `s` in `https`)
+- FedRAMP system identifier change
+  - from `???` to `http://fedramp.gov/ns/oscal` (dropping the `s` in `https`)
+- others?
@@ -0,0 +1,17 @@
+---
+title: Common FedRAMP Content
+weight: 300
+suppresstopiclist: false
+menu:
+  primary:
+    name: Common FedRAMP Content
+    parent: Documentation
+    weight: 300
+---
+# Common FedRAMP Content
+
+While each FedRAMP template has a unique purpose, they share common
+information elements, such as title and publication date. These common
+elements are expressed using the same OSCAL syntax for the SSP, SAP,
+SAR, and POA&M. This section provides OSCAL syntax for these common
+elements.