diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature
index aecf898bf..efb4bb984 100644
--- a/features/fedramp_extensions.feature
+++ b/features/fedramp_extensions.feature
@@ -63,6 +63,8 @@ Examples:
   | has-authorization-boundary-diagram-description-PASS.yaml |
   | has-authorization-boundary-diagram-link-FAIL.yaml |
   | has-authorization-boundary-diagram-link-PASS.yaml |
+  | has-authorization-boundary-diagram-link-href-target-FAIL.yaml |
+  | has-authorization-boundary-diagram-link-href-target-PASS.yaml |
   | has-authorization-boundary-diagram-link-rel-FAIL.yaml |
   | has-authorization-boundary-diagram-link-rel-PASS.yaml |
   | has-authorization-boundary-diagram-link-rel-allowed-value-FAIL.yaml |
@@ -89,6 +91,8 @@ Examples:
   | has-data-flow-diagram-description-PASS.yaml |
   | has-data-flow-diagram-link-FAIL.yaml |
   | has-data-flow-diagram-link-PASS.yaml |
+  | has-data-flow-diagram-link-href-target-FAIL.yaml |
+  | has-data-flow-diagram-link-href-target-PASS.yaml |
   | has-data-flow-diagram-link-rel-FAIL.yaml |
   | has-data-flow-diagram-link-rel-PASS.yaml |
   | has-data-flow-diagram-link-rel-allowed-value-FAIL.yaml |
@@ -113,6 +117,8 @@ Examples:
   | has-network-architecture-diagram-description-PASS.yaml |
   | has-network-architecture-diagram-link-FAIL.yaml |
   | has-network-architecture-diagram-link-PASS.yaml |
+  | has-network-architecture-diagram-link-href-target-FAIL.yaml |
+  | has-network-architecture-diagram-link-href-target-PASS.yaml |
   | has-network-architecture-diagram-link-rel-FAIL.yaml |
   | has-network-architecture-diagram-link-rel-PASS.yaml |
   | has-network-architecture-diagram-link-rel-allowed-value-FAIL.yaml |
@@ -232,6 +238,7 @@ Examples:
   | has-authorization-boundary-diagram-caption |
   | has-authorization-boundary-diagram-description |
   | has-authorization-boundary-diagram-link |
+  | has-authorization-boundary-diagram-link-href-target |
   | has-authorization-boundary-diagram-link-rel |
   | has-authorization-boundary-diagram-link-rel-allowed-value |
   | has-cloud-deployment-model |
@@ -245,6 +252,7 @@ Examples:
   | has-data-flow-diagram-caption |
   | has-data-flow-diagram-description |
   | has-data-flow-diagram-link |
+  | has-data-flow-diagram-link-href-target |
   | has-data-flow-diagram-link-rel |
   | has-data-flow-diagram-link-rel-allowed-value |
   | has-data-flow-diagram-uuid |
@@ -257,6 +265,7 @@ Examples:
   | has-network-architecture-diagram-caption |
   | has-network-architecture-diagram-description |
   | has-network-architecture-diagram-link |
+  | has-network-architecture-diagram-link-href-target |
   | has-network-architecture-diagram-link-rel |
   | has-network-architecture-diagram-link-rel-allowed-value |
   | has-rules-of-behavior |
diff --git a/package-lock.json b/package-lock.json
index 401162427..462475c1b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15,7 +15,7 @@
         "inquirer": "^10.1.8",
         "js-yaml": "^4.1.0",
         "jsdom": "^25.0.0",
-        "oscal": "^2.0.5-rc-3",
+        "oscal": "2.0.5",
         "ts-node": "^10.9.2",
         "xml-formatter": "^3.6.3",
         "xml2js": "^0.6.2"
@@ -2694,9 +2694,9 @@
       }
     },
     "node_modules/oscal": {
-      "version": "2.0.5-rc-3",
-      "resolved": "https://registry.npmjs.org/oscal/-/oscal-2.0.5-rc-3.tgz",
-      "integrity": "sha512-cbJb+XX//rt5WuLxCBmYKA2huSLh560O3Z0jmqLjWxuh+Tb0T+zndZVQ6YvjIJo2rmASCVdjGKdBm4lok8epEQ==",
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/oscal/-/oscal-2.0.5.tgz",
+      "integrity": "sha512-S19CxjK9dYAE/5CYGFF/M1J9z24oIA/WX5Lkk84BzTvmeAa6qWzwIYEnmoeXRCnJnsLP5sNh/9VSFGfvY97omw==",
       "license": "MIT",
       "dependencies": {
         "@terascope/fetch-github-release": "^0.8.10",
diff --git a/src/validations/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-INVALID.xml b/src/validations/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-INVALID.xml
new file mode 100644
index 000000000..64369d745
--- /dev/null
+++ b/src/validations/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-INVALID.xml
@@ -0,0 +1,13 @@
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd" uuid="12345678-1234-4321-8765-123456789012">
+  <system-characteristics>
+    <authorization-boundary>
+      <diagram uuid="dbf46c27-52a9-49c4-beb6-b6399cd75497">
+        <link href="#d2eb3c18-6754-4e3a-a933-03d289e3fad5" rel="diagram"/>
+      </diagram>
+    </authorization-boundary>
+  </system-characteristics>
+  <back-matter>
+    <resource uuid="e2eb3c18-6754-4e3a-a933-03d289e3fad5">
+    </resource>
+  </back-matter>
+</system-security-plan>
\ No newline at end of file
diff --git a/src/validations/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-VALID-1.xml b/src/validations/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-VALID-1.xml
new file mode 100644
index 000000000..f2df4e7d7
--- /dev/null
+++ b/src/validations/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-VALID-1.xml
@@ -0,0 +1,449 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                      xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+                      uuid="12345678-1234-4321-8765-123456789012">
+  <metadata>
+    <title>Enhanced Example System Security Plan</title>
+    <published>2024-08-01T14:30:00Z</published>
+    <last-modified>2024-08-01T14:30:00Z</last-modified>
+    <version>1.1</version>
+    <oscal-version>1.1.2</oscal-version>
+    <document-id scheme="https://example.com/identifiers">SSP-2024-002</document-id>
+    <prop name="fedramp-version" ns="https://fedramp.gov/ns/oscal" value="fedramp-3.0.0rc1-oscal-1.1.2"/>
+    
+    <role id="creator">
+      <title>Document Creator</title>
+    </role>
+    <role id="content-approver">
+      <title>Content Approver</title>
+    </role>
+    <role id="system-admin">
+      <title>System Administrator</title>
+    </role>
+    <role id="asset-owner">
+      <title>Asset Owner</title>
+    </role>
+    <role id="system-owner">
+      <title>System Owner</title>
+    </role>
+     <role id="authorizing-official-poc">
+       <title>Authorizing Official Point of Contact</title>
+     </role>
+     <role id="information-system-security-officer">
+       <title>Information System Security Officer (or Equivalent)</title>
+     </role>
+     <role id="system-poc-management">
+      <title>Information System Management Point of Contact (POC)</title>
+      <description>
+         <p>The highest level manager who is responsible for system operation on behalf of the System Owner.</p>
+      </description>
+      </role>
+      <role id="system-poc-technical">
+          <title>Information System Technical Point of Contact</title>
+          <description>
+            <p>The individual or individuals leading the technical operation of the system.</p>
+          </description>
+      </role>
+      <role id="system-poc-other">
+          <title>General Point of Contact (POC)</title>
+          <description>
+            <p>A general point of contact for the system, designated by the system owner.</p>
+          </description>
+      </role>
+
+    <location uuid="11111112-0000-4000-9001-000000000009">
+      <address >
+        <country>US</country>
+      </address>
+      <prop name="type" value="data-center" class="primary"/>
+    </location>
+    <location uuid="11111112-0000-4000-9000-000000000003">
+      <address >
+        <country>US</country>
+      </address>
+      <prop name="type" value="data-center" class="alternate"/>
+    </location>
+    <party uuid="11111111-0000-4000-9000-000000000001" type="organization">
+      <name>Example Organization</name>
+      <short-name>ExOrg</short-name>
+      <link rel="website" href="https://example.com"/>
+    </party>
+    <party uuid="22222222-0000-4000-9000-000000000002" type="person">
+      <name>Jane Doe</name>
+      <email-address>jane.doe@example.com</email-address>
+    <address type="work"  />
+    </party>
+
+    <responsible-party role-id="creator">
+      <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="content-approver">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+
+    <responsible-party role-id="system-owner">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="authorizing-official">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="authorizing-official-poc">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="system-poc-management">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="system-poc-technical">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="system-poc-other">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="information-system-security-officer">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+
+    <remarks>
+      <p>This SSP is an example for demonstration purposes.</p>
+    </remarks>
+  </metadata>
+  
+  <import-profile href="../../../../dist/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.xml"/>
+  
+  <system-characteristics>
+    <system-id identifier-type="https://fedramp.gov">F00000001</system-id>
+    <system-name>Enhanced Example System</system-name>
+    <system-name-short>System's Short Name or Acronym</system-name-short>
+    <description>
+      <p>This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.</p>
+    </description>
+    <prop name='cloud-deployment-model' value='government-only-cloud' ns="https://fedramp.gov/ns/oscal"/>
+    <prop name='cloud-service-model' value='other' ns="https://fedramp.gov/ns/oscal"/>
+    <prop name='authorization-type' value='fedramp-agency' ns="https://fedramp.gov/ns/oscal"/>
+    <prop name="identity-assurance-level" value="2"/>
+    <prop name="authenticator-assurance-level" value="2"/>
+    <prop name="federation-assurance-level" value="2"/>
+    <security-sensitivity-level>fips-199-moderate</security-sensitivity-level>
+    <system-information>
+      <information-type  uuid="33333333-0000-4000-9000-000000000003">
+        <title>Financial Information</title>
+        <description>
+          <p>Contains sensitive financial data related to organizational operations.</p>
+        </description>
+        <categorization system="https://doi.org/10.6028/NIST.SP.800-60v2r1">
+          <information-type-id>C.2.8.12</information-type-id>
+        </categorization>
+        <confidentiality-impact>
+          <base>fips-199-high</base>
+          <selected>fips-199-high</selected>
+          <!-- adjustment-justification removed to ensure cia-impact-has-adjustment-justification passes when base and selected have the same impact level -->
+        </confidentiality-impact>
+        <integrity-impact>
+          <base>fips-199-moderate</base>
+          <selected>fips-199-low</selected>
+          <adjustment-justification>
+            <p>Required if the base and selected values do not match.</p>
+          </adjustment-justification>
+        </integrity-impact>
+        <availability-impact>
+          <base>fips-199-high</base>
+          <selected>fips-199-low</selected>
+          <adjustment-justification>
+            <p>Required if the base and selected values do not match.</p>
+          </adjustment-justification>
+        </availability-impact>
+      </information-type>
+    </system-information>
+    <security-impact-level>
+      <security-objective-confidentiality>fips-199-moderate</security-objective-confidentiality>
+      <security-objective-integrity>fips-199-moderate</security-objective-integrity>
+      <security-objective-availability>fips-199-moderate</security-objective-availability>
+    </security-impact-level>
+    <status state="operational"/>
+    <authorization-boundary>
+      <description>
+        <p>The authorization boundary includes all components within the main data center and the disaster recovery site.</p>
+      </description>
+      <diagram uuid="dbf46c27-52a9-49c4-beb6-b6399cd75497">
+            <description>
+               <p>A diagram-specific explanation.</p>
+            </description>
+            <link href="./diagram.png" rel="diagram"/>
+            <caption>Authorization Boundary Diagram</caption>
+         </diagram>
+    </authorization-boundary>
+    <network-architecture>
+      <description>
+        <p>A holistic, top-level explanation of the network architecture.</p>
+      </description>
+      <diagram uuid="e97c3395-433a-48c1-8cc7-dd1e1555941c">
+        <description>
+          <p>A diagram-specific explanation.</p>
+        </description>
+        <link href="#61081e81-850b-43c1-bf43-1ecbddcb9e7f" rel="diagram"/>
+        <caption>Network Diagram</caption>
+      </diagram>
+    </network-architecture>
+    <data-flow>
+      <description>
+        <p>A holistic, top-level explanation of the system's data flows.</p>
+      </description>
+      <diagram uuid="e3b98448-4219-46a5-b229-412423c566f3">
+        <description>
+          <p>A diagram-specific explanation.</p>
+        </description>
+        <link href="#ac5d7535-f3b8-45d3-bf3b-735c82c64547" rel="diagram"/>
+        <caption>Data Flow Diagram</caption>
+      </diagram>
+    </data-flow>
+  </system-characteristics>
+  
+  <system-implementation>
+    <user uuid="44444444-0000-4000-9000-000000000004">
+      <title>System Administrator</title>
+      <prop name="type" value="internal"/>
+      <prop ns="https://fedramp.gov/ns/oscal" name="privilege-level" value="read-write"/>
+      <prop ns="https://fedramp.gov/ns/oscal" name="sensitivity" value="high-risk"/>
+      <role-id>system-admin</role-id>
+      <authorized-privilege>
+        <title>Admin</title>
+        <description><p>admin user</p></description>
+        <function-performed>administration</function-performed>
+      </authorized-privilege>
+
+    </user>
+    
+    <component uuid="55555555-0000-4000-9000-000000000005" type="this-system">
+      <title>Primary Application Server</title>
+      <description>
+        <p>Main application server hosting the core system functionality.</p>
+      </description>
+      <purpose>main line</purpose>
+      <status state="operational"/>
+      <responsible-role role-id="system-admin">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-role>
+      <remarks>
+        <p>This is the primary application server for the system.</p>
+      </remarks>
+    </component>
+    
+    <component uuid="66666666-0000-4000-9000-000000000006" type="interconnection">
+      <title>External API Connection</title>
+      <description>
+        <p>Secure connection to an external API for data enrichment.</p>
+      </description>
+      <prop name="interconnection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
+      <prop name="interconnection-direction" value="in/out" ns="https://fedramp.gov/ns/oscal"/>
+      <status state="operational"/>
+      <responsible-role role-id="system-admin">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-role>
+      <remarks>
+        <p>This connection is used for secure data exchange with external systems.</p>
+      </remarks>
+    </component>
+    
+    <inventory-item uuid="77777777-0000-4000-9000-000000000007">
+      <description>
+        <p>Primary database server</p>
+      </description>
+      <prop name="asset-id" value="DB-001" ns="http://csrc.nist.gov/ns/oscal"/>
+      <prop name="asset-type" value="database"/>
+      <prop name="allows-authenticated-scan" value="yes"/>
+      <prop name="public" value="no"/>
+      <prop name="virtual" value="yes"/>
+      <prop name="scan-type" value="database" ns="https://fedramp.gov/ns/oscal"/>
+      <responsible-party role-id="asset-owner">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-party>
+      <implemented-component component-uuid="55555555-0000-4000-9000-000000000005">
+        <prop name="asset-id" value="DB-001" ns="http://csrc.nist.gov/ns/oscal"/>
+      </implemented-component>
+    </inventory-item>
+  </system-implementation>
+  
+  <control-implementation>
+    <description>
+      <p>Implementation of controls for the Enhanced Example System</p>
+    </description>
+    <implemented-requirement uuid="88888888-0000-4000-9000-000000000008" control-id="ac-1">
+      <prop name="control-origination" value="sp-system" ns="https://fedramp.gov/ns/oscal"/>
+      <prop name="implementation-status" value="partial" ns="https://fedramp.gov/ns/oscal"/>
+      <statement statement-id="ac-1_stmt.a" uuid="99999999-0000-4000-9000-000000000009">
+      </statement>
+      <by-component component-uuid="55555555-0000-4000-9000-000000000005" uuid="aaaaaaaa-0000-4000-9000-00000000000a">
+        <description>
+          <p>Access Control Policy and Procedures (AC-1) is fully implemented in our system.</p>
+        </description>
+        <prop ns="https://fedramp.gov/ns/oscal" name="implementation-status" value="implemented"/>
+        <responsible-role role-id="system-admin">
+          <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+        </responsible-role>
+      </by-component>
+    </implemented-requirement>
+    
+    <implemented-requirement uuid="bbbbbbbb-0000-4000-9000-00000000000b" control-id="cm-8">
+      <prop name="control-origination" value="sp-system" ns="https://fedramp.gov/ns/oscal"/>
+      <statement statement-id="cm-8_stmt.a" uuid="cccccccc-0000-4000-9000-00000000000c">
+      </statement>
+      <by-component component-uuid="55555555-0000-4000-9000-000000000005" uuid="dddddddd-0000-4000-9000-00000000000d">
+        <description>
+          <p>Information System Component Inventory (CM-8) is partially implemented.</p>
+        </description>
+        <prop ns="https://fedramp.gov/ns/oscal" name="implementation-status" value="partial"/>
+        <responsible-role role-id="system-admin">
+          <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+        </responsible-role>
+      </by-component>
+    </implemented-requirement>
+  </control-implementation>
+  
+  <back-matter>
+    <resource uuid="eeeeeeee-0000-4000-9000-00000000000e">
+      <title>Access Control Policy</title>
+      <description>
+        <p>Detailed access control policy document</p>
+      </description>
+      <prop name="type" value="policy" ns="https://fedramp.gov/ns/oscal"/>
+      <rlink href="https://example.com/policies/access-control.pdf"/>
+    </resource>
+    <resource uuid="90a128ac-c850-48f6-8fff-a55692f80b41">
+      <title>User's Guide</title>
+      <description>
+         <p>User's Guide</p>
+      </description>
+      <prop name="type" value="users-guide"/>
+      <prop name="published" value="2023-01-01T00:00:00Z"/>
+      <rlink href="./documents/guides/sample_guide.pdf"/>
+      <remarks>
+         <p>Table 12-1 Attachments: User's Guide Attachment</p>
+         <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+      </remarks>
+   </resource>
+   <resource uuid="489112e1-57f2-4c29-8dd0-95b1442fbf3b">
+    <title>Document Title</title>
+    <description>
+       <p>Rules of Behavior</p>
+    </description>
+    <prop name="type" value="rules-of-behavior"/>
+    <prop name="published" value="2023-01-01T00:00:00Z"/>
+    <prop name="version" value="Document Version"/>
+    <rlink href="./documents/rob.docx" media-type="application/msword"/>
+    <base64 filename="rob.docx" media-type="application/msword">00000000</base64>
+    <remarks>
+       <p>Table 12-1 Attachments: Rules of Behavior (ROB)</p>
+       <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+    </remarks>
+ </resource>
+ <resource uuid="c7860916-f2f4-43aa-b578-d48cf8e6d381">
+  <title>Document Title</title>
+  <description>
+     <p>Contingency Plan (CP)</p>
+  </description>
+  <prop name="type" value="plan" class="information-system-contingency-plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/cp.docx" media-type="application/msword"/>
+  <base64 filename="cp.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>Table 12-1 Attachments: Contingency Plan (CP) Attachment</p>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+<resource uuid="ab56cf27-0dae-40d6-89b7-d750137309af">
+  <title>Document Title</title>
+  <description>
+     <p>Configuration Management (CM) Plan</p>
+  </description>
+  <prop name="type" value="plan" class="configuration-management-plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/CM_Plan.docx" media-type="application/msword"/>
+  <base64 filename="CM_Plan.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>Table 12-1 Attachments: Configuration Management (CM) Plan Attachment</p>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+<resource uuid="3f771ab5-8016-4571-98d1-f0fb962e15e2">
+  <title>Document Title</title>
+  <description>
+     <p>Incident Response (IR) Plan</p>
+  </description>
+  <prop name="type" value="plan" class="incident-response-plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/IR_Plan.docx" media-type="application/msword"/>
+  <base64 filename="IR_Plan.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>Table 12-1 Attachments: Incident Response (IR) Plan Attachment</p>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+<resource uuid="49fb4631-1da2-41ca-b0b3-e1b1006d4025">
+  <title>Separation of Duties Matrix</title>
+  <description>
+     <p>Separation of Duties Matrix</p>
+  </description>
+  <prop ns="https://fedramp.gov/ns/oscal" name="type" value="separation-of-duties-matrix"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/Sep_Matrix.docx" media-type="application/msword"/>
+  <base64 filename="Sep_Matrix.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+
+
+<resource uuid="d2eb3c18-6754-4e3a-a933-03d289e3fad5">
+  <title>Authorization Boundary</title>
+  <description>
+     <p>Authorization Boundary Diagram</p>
+  </description>
+  <prop ns="https://fedramp.gov/ns/oscal" name="type" value="plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/AuthBoundary.docx" media-type="application/msword"/>
+  <base64 filename="AuthBoundary.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+
+<resource uuid="61081e81-850b-43c1-bf43-1ecbddcb9e7f">
+  <title>Network Architecture</title>
+  <description>
+     <p>Network Architecture Diagram</p>
+  </description>
+  <prop ns="https://fedramp.gov/ns/oscal" name="type" value="plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/NetworkArchitecture.docx" media-type="application/msword"/>
+  <base64 filename="NetworkArchitecture.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+
+<resource uuid="ac5d7535-f3b8-45d3-bf3b-735c82c64547">
+  <title>Data Flow</title>
+  <description>
+     <p>Data flow Diagram</p>
+  </description>
+  <prop ns="https://fedramp.gov/ns/oscal" name="type" value="plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/Dataflo.docx" media-type="application/msword"/>
+  <base64 filename="Dataflow.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+
+
+
+  </back-matter>
+</system-security-plan>
diff --git a/src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-INVALID.xml b/src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-INVALID.xml
new file mode 100644
index 000000000..0e2128eb5
--- /dev/null
+++ b/src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-INVALID.xml
@@ -0,0 +1,13 @@
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd" uuid="12345678-1234-4321-8765-123456789012">
+  <system-characteristics>
+    <data-flow>
+      <diagram uuid="e3b98448-4219-46a5-b229-412423c566f3">
+        <link href="#ac5d7535-f3b8-45d3-bf3b-735c82c64547" rel="diagram"/>
+      </diagram>
+    </data-flow>
+  </system-characteristics>
+  <back-matter>
+    <resource uuid="bc5d7535-f3b8-45d3-bf3b-735c82c64547">
+    </resource>
+  </back-matter>
+</system-security-plan>
\ No newline at end of file
diff --git a/src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-VALID-1.xml b/src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-VALID-1.xml
new file mode 100644
index 000000000..e747c4e5d
--- /dev/null
+++ b/src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-VALID-1.xml
@@ -0,0 +1,449 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                      xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+                      uuid="12345678-1234-4321-8765-123456789012">
+  <metadata>
+    <title>Enhanced Example System Security Plan</title>
+    <published>2024-08-01T14:30:00Z</published>
+    <last-modified>2024-08-01T14:30:00Z</last-modified>
+    <version>1.1</version>
+    <oscal-version>1.1.2</oscal-version>
+    <document-id scheme="https://example.com/identifiers">SSP-2024-002</document-id>
+    <prop name="fedramp-version" ns="https://fedramp.gov/ns/oscal" value="fedramp-3.0.0rc1-oscal-1.1.2"/>
+    
+    <role id="creator">
+      <title>Document Creator</title>
+    </role>
+    <role id="content-approver">
+      <title>Content Approver</title>
+    </role>
+    <role id="system-admin">
+      <title>System Administrator</title>
+    </role>
+    <role id="asset-owner">
+      <title>Asset Owner</title>
+    </role>
+    <role id="system-owner">
+      <title>System Owner</title>
+    </role>
+     <role id="authorizing-official-poc">
+       <title>Authorizing Official Point of Contact</title>
+     </role>
+     <role id="information-system-security-officer">
+       <title>Information System Security Officer (or Equivalent)</title>
+     </role>
+     <role id="system-poc-management">
+      <title>Information System Management Point of Contact (POC)</title>
+      <description>
+         <p>The highest level manager who is responsible for system operation on behalf of the System Owner.</p>
+      </description>
+      </role>
+      <role id="system-poc-technical">
+          <title>Information System Technical Point of Contact</title>
+          <description>
+            <p>The individual or individuals leading the technical operation of the system.</p>
+          </description>
+      </role>
+      <role id="system-poc-other">
+          <title>General Point of Contact (POC)</title>
+          <description>
+            <p>A general point of contact for the system, designated by the system owner.</p>
+          </description>
+      </role>
+
+    <location uuid="11111112-0000-4000-9001-000000000009">
+      <address >
+        <country>US</country>
+      </address>
+      <prop name="type" value="data-center" class="primary"/>
+    </location>
+    <location uuid="11111112-0000-4000-9000-000000000003">
+      <address >
+        <country>US</country>
+      </address>
+      <prop name="type" value="data-center" class="alternate"/>
+    </location>
+    <party uuid="11111111-0000-4000-9000-000000000001" type="organization">
+      <name>Example Organization</name>
+      <short-name>ExOrg</short-name>
+      <link rel="website" href="https://example.com"/>
+    </party>
+    <party uuid="22222222-0000-4000-9000-000000000002" type="person">
+      <name>Jane Doe</name>
+      <email-address>jane.doe@example.com</email-address>
+    <address type="work"  />
+    </party>
+
+    <responsible-party role-id="creator">
+      <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="content-approver">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+
+    <responsible-party role-id="system-owner">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="authorizing-official">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="authorizing-official-poc">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="system-poc-management">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="system-poc-technical">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="system-poc-other">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="information-system-security-officer">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+
+    <remarks>
+      <p>This SSP is an example for demonstration purposes.</p>
+    </remarks>
+  </metadata>
+  
+  <import-profile href="../../../../dist/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.xml"/>
+  
+  <system-characteristics>
+    <system-id identifier-type="https://fedramp.gov">F00000001</system-id>
+    <system-name>Enhanced Example System</system-name>
+    <system-name-short>System's Short Name or Acronym</system-name-short>
+    <description>
+      <p>This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.</p>
+    </description>
+    <prop name='cloud-deployment-model' value='government-only-cloud' ns="https://fedramp.gov/ns/oscal"/>
+    <prop name='cloud-service-model' value='other' ns="https://fedramp.gov/ns/oscal"/>
+    <prop name='authorization-type' value='fedramp-agency' ns="https://fedramp.gov/ns/oscal"/>
+    <prop name="identity-assurance-level" value="2"/>
+    <prop name="authenticator-assurance-level" value="2"/>
+    <prop name="federation-assurance-level" value="2"/>
+    <security-sensitivity-level>fips-199-moderate</security-sensitivity-level>
+    <system-information>
+      <information-type  uuid="33333333-0000-4000-9000-000000000003">
+        <title>Financial Information</title>
+        <description>
+          <p>Contains sensitive financial data related to organizational operations.</p>
+        </description>
+        <categorization system="https://doi.org/10.6028/NIST.SP.800-60v2r1">
+          <information-type-id>C.2.8.12</information-type-id>
+        </categorization>
+        <confidentiality-impact>
+          <base>fips-199-high</base>
+          <selected>fips-199-high</selected>
+          <!-- adjustment-justification removed to ensure cia-impact-has-adjustment-justification passes when base and selected have the same impact level -->
+        </confidentiality-impact>
+        <integrity-impact>
+          <base>fips-199-moderate</base>
+          <selected>fips-199-low</selected>
+          <adjustment-justification>
+            <p>Required if the base and selected values do not match.</p>
+          </adjustment-justification>
+        </integrity-impact>
+        <availability-impact>
+          <base>fips-199-high</base>
+          <selected>fips-199-low</selected>
+          <adjustment-justification>
+            <p>Required if the base and selected values do not match.</p>
+          </adjustment-justification>
+        </availability-impact>
+      </information-type>
+    </system-information>
+    <security-impact-level>
+      <security-objective-confidentiality>fips-199-moderate</security-objective-confidentiality>
+      <security-objective-integrity>fips-199-moderate</security-objective-integrity>
+      <security-objective-availability>fips-199-moderate</security-objective-availability>
+    </security-impact-level>
+    <status state="operational"/>
+    <authorization-boundary>
+      <description>
+        <p>The authorization boundary includes all components within the main data center and the disaster recovery site.</p>
+      </description>
+      <diagram uuid="dbf46c27-52a9-49c4-beb6-b6399cd75497">
+            <description>
+               <p>A diagram-specific explanation.</p>
+            </description>
+            <link href="#d2eb3c18-6754-4e3a-a933-03d289e3fad5" rel="diagram"/>
+            <caption>Authorization Boundary Diagram</caption>
+         </diagram>
+    </authorization-boundary>
+    <network-architecture>
+      <description>
+        <p>A holistic, top-level explanation of the network architecture.</p>
+      </description>
+      <diagram uuid="e97c3395-433a-48c1-8cc7-dd1e1555941c">
+        <description>
+          <p>A diagram-specific explanation.</p>
+        </description>
+        <link href="#61081e81-850b-43c1-bf43-1ecbddcb9e7f" rel="diagram"/>
+        <caption>Network Diagram</caption>
+      </diagram>
+    </network-architecture>
+    <data-flow>
+      <description>
+        <p>A holistic, top-level explanation of the system's data flows.</p>
+      </description>
+      <diagram uuid="e3b98448-4219-46a5-b229-412423c566f3">
+        <description>
+          <p>A diagram-specific explanation.</p>
+        </description>
+        <link href="./diagram.png" rel="diagram"/>
+        <caption>Data Flow Diagram</caption>
+      </diagram>
+    </data-flow>
+  </system-characteristics>
+  
+  <system-implementation>
+    <user uuid="44444444-0000-4000-9000-000000000004">
+      <title>System Administrator</title>
+      <prop name="type" value="internal"/>
+      <prop ns="https://fedramp.gov/ns/oscal" name="privilege-level" value="read-write"/>
+      <prop ns="https://fedramp.gov/ns/oscal" name="sensitivity" value="high-risk"/>
+      <role-id>system-admin</role-id>
+      <authorized-privilege>
+        <title>Admin</title>
+        <description><p>admin user</p></description>
+        <function-performed>administration</function-performed>
+      </authorized-privilege>
+
+    </user>
+    
+    <component uuid="55555555-0000-4000-9000-000000000005" type="this-system">
+      <title>Primary Application Server</title>
+      <description>
+        <p>Main application server hosting the core system functionality.</p>
+      </description>
+      <purpose>main line</purpose>
+      <status state="operational"/>
+      <responsible-role role-id="system-admin">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-role>
+      <remarks>
+        <p>This is the primary application server for the system.</p>
+      </remarks>
+    </component>
+    
+    <component uuid="66666666-0000-4000-9000-000000000006" type="interconnection">
+      <title>External API Connection</title>
+      <description>
+        <p>Secure connection to an external API for data enrichment.</p>
+      </description>
+      <prop name="interconnection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
+      <prop name="interconnection-direction" value="in/out" ns="https://fedramp.gov/ns/oscal"/>
+      <status state="operational"/>
+      <responsible-role role-id="system-admin">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-role>
+      <remarks>
+        <p>This connection is used for secure data exchange with external systems.</p>
+      </remarks>
+    </component>
+    
+    <inventory-item uuid="77777777-0000-4000-9000-000000000007">
+      <description>
+        <p>Primary database server</p>
+      </description>
+      <prop name="asset-id" value="DB-001" ns="http://csrc.nist.gov/ns/oscal"/>
+      <prop name="asset-type" value="database"/>
+      <prop name="allows-authenticated-scan" value="yes"/>
+      <prop name="public" value="no"/>
+      <prop name="virtual" value="yes"/>
+      <prop name="scan-type" value="database" ns="https://fedramp.gov/ns/oscal"/>
+      <responsible-party role-id="asset-owner">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-party>
+      <implemented-component component-uuid="55555555-0000-4000-9000-000000000005">
+        <prop name="asset-id" value="DB-001" ns="http://csrc.nist.gov/ns/oscal"/>
+      </implemented-component>
+    </inventory-item>
+  </system-implementation>
+  
+  <control-implementation>
+    <description>
+      <p>Implementation of controls for the Enhanced Example System</p>
+    </description>
+    <implemented-requirement uuid="88888888-0000-4000-9000-000000000008" control-id="ac-1">
+      <prop name="control-origination" value="sp-system" ns="https://fedramp.gov/ns/oscal"/>
+      <prop name="implementation-status" value="partial" ns="https://fedramp.gov/ns/oscal"/>
+      <statement statement-id="ac-1_stmt.a" uuid="99999999-0000-4000-9000-000000000009">
+      </statement>
+      <by-component component-uuid="55555555-0000-4000-9000-000000000005" uuid="aaaaaaaa-0000-4000-9000-00000000000a">
+        <description>
+          <p>Access Control Policy and Procedures (AC-1) is fully implemented in our system.</p>
+        </description>
+        <prop ns="https://fedramp.gov/ns/oscal" name="implementation-status" value="implemented"/>
+        <responsible-role role-id="system-admin">
+          <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+        </responsible-role>
+      </by-component>
+    </implemented-requirement>
+    
+    <implemented-requirement uuid="bbbbbbbb-0000-4000-9000-00000000000b" control-id="cm-8">
+      <prop name="control-origination" value="sp-system" ns="https://fedramp.gov/ns/oscal"/>
+      <statement statement-id="cm-8_stmt.a" uuid="cccccccc-0000-4000-9000-00000000000c">
+      </statement>
+      <by-component component-uuid="55555555-0000-4000-9000-000000000005" uuid="dddddddd-0000-4000-9000-00000000000d">
+        <description>
+          <p>Information System Component Inventory (CM-8) is partially implemented.</p>
+        </description>
+        <prop ns="https://fedramp.gov/ns/oscal" name="implementation-status" value="partial"/>
+        <responsible-role role-id="system-admin">
+          <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+        </responsible-role>
+      </by-component>
+    </implemented-requirement>
+  </control-implementation>
+  
+  <back-matter>
+    <resource uuid="eeeeeeee-0000-4000-9000-00000000000e">
+      <title>Access Control Policy</title>
+      <description>
+        <p>Detailed access control policy document</p>
+      </description>
+      <prop name="type" value="policy" ns="https://fedramp.gov/ns/oscal"/>
+      <rlink href="https://example.com/policies/access-control.pdf"/>
+    </resource>
+    <resource uuid="90a128ac-c850-48f6-8fff-a55692f80b41">
+      <title>User's Guide</title>
+      <description>
+         <p>User's Guide</p>
+      </description>
+      <prop name="type" value="users-guide"/>
+      <prop name="published" value="2023-01-01T00:00:00Z"/>
+      <rlink href="./documents/guides/sample_guide.pdf"/>
+      <remarks>
+         <p>Table 12-1 Attachments: User's Guide Attachment</p>
+         <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+      </remarks>
+   </resource>
+   <resource uuid="489112e1-57f2-4c29-8dd0-95b1442fbf3b">
+    <title>Document Title</title>
+    <description>
+       <p>Rules of Behavior</p>
+    </description>
+    <prop name="type" value="rules-of-behavior"/>
+    <prop name="published" value="2023-01-01T00:00:00Z"/>
+    <prop name="version" value="Document Version"/>
+    <rlink href="./documents/rob.docx" media-type="application/msword"/>
+    <base64 filename="rob.docx" media-type="application/msword">00000000</base64>
+    <remarks>
+       <p>Table 12-1 Attachments: Rules of Behavior (ROB)</p>
+       <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+    </remarks>
+ </resource>
+ <resource uuid="c7860916-f2f4-43aa-b578-d48cf8e6d381">
+  <title>Document Title</title>
+  <description>
+     <p>Contingency Plan (CP)</p>
+  </description>
+  <prop name="type" value="plan" class="information-system-contingency-plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/cp.docx" media-type="application/msword"/>
+  <base64 filename="cp.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>Table 12-1 Attachments: Contingency Plan (CP) Attachment</p>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+<resource uuid="ab56cf27-0dae-40d6-89b7-d750137309af">
+  <title>Document Title</title>
+  <description>
+     <p>Configuration Management (CM) Plan</p>
+  </description>
+  <prop name="type" value="plan" class="configuration-management-plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/CM_Plan.docx" media-type="application/msword"/>
+  <base64 filename="CM_Plan.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>Table 12-1 Attachments: Configuration Management (CM) Plan Attachment</p>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+<resource uuid="3f771ab5-8016-4571-98d1-f0fb962e15e2">
+  <title>Document Title</title>
+  <description>
+     <p>Incident Response (IR) Plan</p>
+  </description>
+  <prop name="type" value="plan" class="incident-response-plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/IR_Plan.docx" media-type="application/msword"/>
+  <base64 filename="IR_Plan.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>Table 12-1 Attachments: Incident Response (IR) Plan Attachment</p>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+<resource uuid="49fb4631-1da2-41ca-b0b3-e1b1006d4025">
+  <title>Separation of Duties Matrix</title>
+  <description>
+     <p>Separation of Duties Matrix</p>
+  </description>
+  <prop ns="https://fedramp.gov/ns/oscal" name="type" value="separation-of-duties-matrix"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/Sep_Matrix.docx" media-type="application/msword"/>
+  <base64 filename="Sep_Matrix.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+
+
+<resource uuid="d2eb3c18-6754-4e3a-a933-03d289e3fad5">
+  <title>Authorization Boundary</title>
+  <description>
+     <p>Authorization Boundary Diagram</p>
+  </description>
+  <prop ns="https://fedramp.gov/ns/oscal" name="type" value="plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/AuthBoundary.docx" media-type="application/msword"/>
+  <base64 filename="AuthBoundary.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+
+<resource uuid="61081e81-850b-43c1-bf43-1ecbddcb9e7f">
+  <title>Network Architecture</title>
+  <description>
+     <p>Network Architecture Diagram</p>
+  </description>
+  <prop ns="https://fedramp.gov/ns/oscal" name="type" value="plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/NetworkArchitecture.docx" media-type="application/msword"/>
+  <base64 filename="NetworkArchitecture.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+
+<resource uuid="ac5d7535-f3b8-45d3-bf3b-735c82c64547">
+  <title>Data Flow</title>
+  <description>
+     <p>Data flow Diagram</p>
+  </description>
+  <prop ns="https://fedramp.gov/ns/oscal" name="type" value="plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/Dataflo.docx" media-type="application/msword"/>
+  <base64 filename="Dataflow.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+
+
+
+  </back-matter>
+</system-security-plan>
diff --git a/src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-INVALID.xml b/src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-INVALID.xml
new file mode 100644
index 000000000..81e8df8d3
--- /dev/null
+++ b/src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-INVALID.xml
@@ -0,0 +1,16 @@
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd" uuid="12345678-1234-4321-8765-123456789012">
+  <system-characteristics>
+    <network-architecture>
+      <description>
+        <p>A holistic, top-level explanation of the network architecture.</p>
+      </description>
+      <diagram uuid="e97c3395-433a-48c1-8cc7-dd1e1555941c">
+        <link href="#61081e81-850b-43c1-bf43-1ecbddcb9e7f" rel="diagram"/>
+      </diagram>
+    </network-architecture>
+  </system-characteristics>
+  <back-matter>
+    <resource uuid="51081e81-850b-43c1-bf43-1ecbddcb9e7f">
+    </resource>
+  </back-matter>
+</system-security-plan>
\ No newline at end of file
diff --git a/src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml b/src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml
new file mode 100644
index 000000000..4b144a341
--- /dev/null
+++ b/src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml
@@ -0,0 +1,449 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                      xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+                      uuid="12345678-1234-4321-8765-123456789012">
+  <metadata>
+    <title>Enhanced Example System Security Plan</title>
+    <published>2024-08-01T14:30:00Z</published>
+    <last-modified>2024-08-01T14:30:00Z</last-modified>
+    <version>1.1</version>
+    <oscal-version>1.1.2</oscal-version>
+    <document-id scheme="https://example.com/identifiers">SSP-2024-002</document-id>
+    <prop name="fedramp-version" ns="https://fedramp.gov/ns/oscal" value="fedramp-3.0.0rc1-oscal-1.1.2"/>
+    
+    <role id="creator">
+      <title>Document Creator</title>
+    </role>
+    <role id="content-approver">
+      <title>Content Approver</title>
+    </role>
+    <role id="system-admin">
+      <title>System Administrator</title>
+    </role>
+    <role id="asset-owner">
+      <title>Asset Owner</title>
+    </role>
+    <role id="system-owner">
+      <title>System Owner</title>
+    </role>
+     <role id="authorizing-official-poc">
+       <title>Authorizing Official Point of Contact</title>
+     </role>
+     <role id="information-system-security-officer">
+       <title>Information System Security Officer (or Equivalent)</title>
+     </role>
+     <role id="system-poc-management">
+      <title>Information System Management Point of Contact (POC)</title>
+      <description>
+         <p>The highest level manager who is responsible for system operation on behalf of the System Owner.</p>
+      </description>
+      </role>
+      <role id="system-poc-technical">
+          <title>Information System Technical Point of Contact</title>
+          <description>
+            <p>The individual or individuals leading the technical operation of the system.</p>
+          </description>
+      </role>
+      <role id="system-poc-other">
+          <title>General Point of Contact (POC)</title>
+          <description>
+            <p>A general point of contact for the system, designated by the system owner.</p>
+          </description>
+      </role>
+
+    <location uuid="11111112-0000-4000-9001-000000000009">
+      <address >
+        <country>US</country>
+      </address>
+      <prop name="type" value="data-center" class="primary"/>
+    </location>
+    <location uuid="11111112-0000-4000-9000-000000000003">
+      <address >
+        <country>US</country>
+      </address>
+      <prop name="type" value="data-center" class="alternate"/>
+    </location>
+    <party uuid="11111111-0000-4000-9000-000000000001" type="organization">
+      <name>Example Organization</name>
+      <short-name>ExOrg</short-name>
+      <link rel="website" href="https://example.com"/>
+    </party>
+    <party uuid="22222222-0000-4000-9000-000000000002" type="person">
+      <name>Jane Doe</name>
+      <email-address>jane.doe@example.com</email-address>
+    <address type="work"  />
+    </party>
+
+    <responsible-party role-id="creator">
+      <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="content-approver">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+
+    <responsible-party role-id="system-owner">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="authorizing-official">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="authorizing-official-poc">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="system-poc-management">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="system-poc-technical">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="system-poc-other">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+    <responsible-party role-id="information-system-security-officer">
+      <party-uuid>22222222-0000-4000-9000-000000000002</party-uuid>
+    </responsible-party>
+
+    <remarks>
+      <p>This SSP is an example for demonstration purposes.</p>
+    </remarks>
+  </metadata>
+  
+  <import-profile href="../../../../dist/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.xml"/>
+  
+  <system-characteristics>
+    <system-id identifier-type="https://fedramp.gov">F00000001</system-id>
+    <system-name>Enhanced Example System</system-name>
+    <system-name-short>System's Short Name or Acronym</system-name-short>
+    <description>
+      <p>This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.</p>
+    </description>
+    <prop name='cloud-deployment-model' value='government-only-cloud' ns="https://fedramp.gov/ns/oscal"/>
+    <prop name='cloud-service-model' value='other' ns="https://fedramp.gov/ns/oscal"/>
+    <prop name='authorization-type' value='fedramp-agency' ns="https://fedramp.gov/ns/oscal"/>
+    <prop name="identity-assurance-level" value="2"/>
+    <prop name="authenticator-assurance-level" value="2"/>
+    <prop name="federation-assurance-level" value="2"/>
+    <security-sensitivity-level>fips-199-moderate</security-sensitivity-level>
+    <system-information>
+      <information-type  uuid="33333333-0000-4000-9000-000000000003">
+        <title>Financial Information</title>
+        <description>
+          <p>Contains sensitive financial data related to organizational operations.</p>
+        </description>
+        <categorization system="https://doi.org/10.6028/NIST.SP.800-60v2r1">
+          <information-type-id>C.2.8.12</information-type-id>
+        </categorization>
+        <confidentiality-impact>
+          <base>fips-199-high</base>
+          <selected>fips-199-high</selected>
+          <!-- adjustment-justification removed to ensure cia-impact-has-adjustment-justification passes when base and selected have the same impact level -->
+        </confidentiality-impact>
+        <integrity-impact>
+          <base>fips-199-moderate</base>
+          <selected>fips-199-low</selected>
+          <adjustment-justification>
+            <p>Required if the base and selected values do not match.</p>
+          </adjustment-justification>
+        </integrity-impact>
+        <availability-impact>
+          <base>fips-199-high</base>
+          <selected>fips-199-low</selected>
+          <adjustment-justification>
+            <p>Required if the base and selected values do not match.</p>
+          </adjustment-justification>
+        </availability-impact>
+      </information-type>
+    </system-information>
+    <security-impact-level>
+      <security-objective-confidentiality>fips-199-moderate</security-objective-confidentiality>
+      <security-objective-integrity>fips-199-moderate</security-objective-integrity>
+      <security-objective-availability>fips-199-moderate</security-objective-availability>
+    </security-impact-level>
+    <status state="operational"/>
+    <authorization-boundary>
+      <description>
+        <p>The authorization boundary includes all components within the main data center and the disaster recovery site.</p>
+      </description>
+      <diagram uuid="dbf46c27-52a9-49c4-beb6-b6399cd75497">
+            <description>
+               <p>A diagram-specific explanation.</p>
+            </description>
+            <link href="#d2eb3c18-6754-4e3a-a933-03d289e3fad5" rel="diagram"/>
+            <caption>Authorization Boundary Diagram</caption>
+         </diagram>
+    </authorization-boundary>
+    <network-architecture>
+      <description>
+        <p>A holistic, top-level explanation of the network architecture.</p>
+      </description>
+      <diagram uuid="e97c3395-433a-48c1-8cc7-dd1e1555941c">
+        <description>
+          <p>A diagram-specific explanation.</p>
+        </description>
+        <link href="./diagram.png" rel="diagram"/>
+        <caption>Network Diagram</caption>
+      </diagram>
+    </network-architecture>
+    <data-flow>
+      <description>
+        <p>A holistic, top-level explanation of the system's data flows.</p>
+      </description>
+      <diagram uuid="e3b98448-4219-46a5-b229-412423c566f3">
+        <description>
+          <p>A diagram-specific explanation.</p>
+        </description>
+        <link href="#ac5d7535-f3b8-45d3-bf3b-735c82c64547" rel="diagram"/>
+        <caption>Data Flow Diagram</caption>
+      </diagram>
+    </data-flow>
+  </system-characteristics>
+  
+  <system-implementation>
+    <user uuid="44444444-0000-4000-9000-000000000004">
+      <title>System Administrator</title>
+      <prop name="type" value="internal"/>
+      <prop ns="https://fedramp.gov/ns/oscal" name="privilege-level" value="read-write"/>
+      <prop ns="https://fedramp.gov/ns/oscal" name="sensitivity" value="high-risk"/>
+      <role-id>system-admin</role-id>
+      <authorized-privilege>
+        <title>Admin</title>
+        <description><p>admin user</p></description>
+        <function-performed>administration</function-performed>
+      </authorized-privilege>
+
+    </user>
+    
+    <component uuid="55555555-0000-4000-9000-000000000005" type="this-system">
+      <title>Primary Application Server</title>
+      <description>
+        <p>Main application server hosting the core system functionality.</p>
+      </description>
+      <purpose>main line</purpose>
+      <status state="operational"/>
+      <responsible-role role-id="system-admin">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-role>
+      <remarks>
+        <p>This is the primary application server for the system.</p>
+      </remarks>
+    </component>
+    
+    <component uuid="66666666-0000-4000-9000-000000000006" type="interconnection">
+      <title>External API Connection</title>
+      <description>
+        <p>Secure connection to an external API for data enrichment.</p>
+      </description>
+      <prop name="interconnection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
+      <prop name="interconnection-direction" value="in/out" ns="https://fedramp.gov/ns/oscal"/>
+      <status state="operational"/>
+      <responsible-role role-id="system-admin">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-role>
+      <remarks>
+        <p>This connection is used for secure data exchange with external systems.</p>
+      </remarks>
+    </component>
+    
+    <inventory-item uuid="77777777-0000-4000-9000-000000000007">
+      <description>
+        <p>Primary database server</p>
+      </description>
+      <prop name="asset-id" value="DB-001" ns="http://csrc.nist.gov/ns/oscal"/>
+      <prop name="asset-type" value="database"/>
+      <prop name="allows-authenticated-scan" value="yes"/>
+      <prop name="public" value="no"/>
+      <prop name="virtual" value="yes"/>
+      <prop name="scan-type" value="database" ns="https://fedramp.gov/ns/oscal"/>
+      <responsible-party role-id="asset-owner">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-party>
+      <implemented-component component-uuid="55555555-0000-4000-9000-000000000005">
+        <prop name="asset-id" value="DB-001" ns="http://csrc.nist.gov/ns/oscal"/>
+      </implemented-component>
+    </inventory-item>
+  </system-implementation>
+  
+  <control-implementation>
+    <description>
+      <p>Implementation of controls for the Enhanced Example System</p>
+    </description>
+    <implemented-requirement uuid="88888888-0000-4000-9000-000000000008" control-id="ac-1">
+      <prop name="control-origination" value="sp-system" ns="https://fedramp.gov/ns/oscal"/>
+      <prop name="implementation-status" value="partial" ns="https://fedramp.gov/ns/oscal"/>
+      <statement statement-id="ac-1_stmt.a" uuid="99999999-0000-4000-9000-000000000009">
+      </statement>
+      <by-component component-uuid="55555555-0000-4000-9000-000000000005" uuid="aaaaaaaa-0000-4000-9000-00000000000a">
+        <description>
+          <p>Access Control Policy and Procedures (AC-1) is fully implemented in our system.</p>
+        </description>
+        <prop ns="https://fedramp.gov/ns/oscal" name="implementation-status" value="implemented"/>
+        <responsible-role role-id="system-admin">
+          <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+        </responsible-role>
+      </by-component>
+    </implemented-requirement>
+    
+    <implemented-requirement uuid="bbbbbbbb-0000-4000-9000-00000000000b" control-id="cm-8">
+      <prop name="control-origination" value="sp-system" ns="https://fedramp.gov/ns/oscal"/>
+      <statement statement-id="cm-8_stmt.a" uuid="cccccccc-0000-4000-9000-00000000000c">
+      </statement>
+      <by-component component-uuid="55555555-0000-4000-9000-000000000005" uuid="dddddddd-0000-4000-9000-00000000000d">
+        <description>
+          <p>Information System Component Inventory (CM-8) is partially implemented.</p>
+        </description>
+        <prop ns="https://fedramp.gov/ns/oscal" name="implementation-status" value="partial"/>
+        <responsible-role role-id="system-admin">
+          <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+        </responsible-role>
+      </by-component>
+    </implemented-requirement>
+  </control-implementation>
+  
+  <back-matter>
+    <resource uuid="eeeeeeee-0000-4000-9000-00000000000e">
+      <title>Access Control Policy</title>
+      <description>
+        <p>Detailed access control policy document</p>
+      </description>
+      <prop name="type" value="policy" ns="https://fedramp.gov/ns/oscal"/>
+      <rlink href="https://example.com/policies/access-control.pdf"/>
+    </resource>
+    <resource uuid="90a128ac-c850-48f6-8fff-a55692f80b41">
+      <title>User's Guide</title>
+      <description>
+         <p>User's Guide</p>
+      </description>
+      <prop name="type" value="users-guide"/>
+      <prop name="published" value="2023-01-01T00:00:00Z"/>
+      <rlink href="./documents/guides/sample_guide.pdf"/>
+      <remarks>
+         <p>Table 12-1 Attachments: User's Guide Attachment</p>
+         <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+      </remarks>
+   </resource>
+   <resource uuid="489112e1-57f2-4c29-8dd0-95b1442fbf3b">
+    <title>Document Title</title>
+    <description>
+       <p>Rules of Behavior</p>
+    </description>
+    <prop name="type" value="rules-of-behavior"/>
+    <prop name="published" value="2023-01-01T00:00:00Z"/>
+    <prop name="version" value="Document Version"/>
+    <rlink href="./documents/rob.docx" media-type="application/msword"/>
+    <base64 filename="rob.docx" media-type="application/msword">00000000</base64>
+    <remarks>
+       <p>Table 12-1 Attachments: Rules of Behavior (ROB)</p>
+       <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+    </remarks>
+ </resource>
+ <resource uuid="c7860916-f2f4-43aa-b578-d48cf8e6d381">
+  <title>Document Title</title>
+  <description>
+     <p>Contingency Plan (CP)</p>
+  </description>
+  <prop name="type" value="plan" class="information-system-contingency-plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/cp.docx" media-type="application/msword"/>
+  <base64 filename="cp.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>Table 12-1 Attachments: Contingency Plan (CP) Attachment</p>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+<resource uuid="ab56cf27-0dae-40d6-89b7-d750137309af">
+  <title>Document Title</title>
+  <description>
+     <p>Configuration Management (CM) Plan</p>
+  </description>
+  <prop name="type" value="plan" class="configuration-management-plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/CM_Plan.docx" media-type="application/msword"/>
+  <base64 filename="CM_Plan.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>Table 12-1 Attachments: Configuration Management (CM) Plan Attachment</p>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+<resource uuid="3f771ab5-8016-4571-98d1-f0fb962e15e2">
+  <title>Document Title</title>
+  <description>
+     <p>Incident Response (IR) Plan</p>
+  </description>
+  <prop name="type" value="plan" class="incident-response-plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/IR_Plan.docx" media-type="application/msword"/>
+  <base64 filename="IR_Plan.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>Table 12-1 Attachments: Incident Response (IR) Plan Attachment</p>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+<resource uuid="49fb4631-1da2-41ca-b0b3-e1b1006d4025">
+  <title>Separation of Duties Matrix</title>
+  <description>
+     <p>Separation of Duties Matrix</p>
+  </description>
+  <prop ns="https://fedramp.gov/ns/oscal" name="type" value="separation-of-duties-matrix"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/Sep_Matrix.docx" media-type="application/msword"/>
+  <base64 filename="Sep_Matrix.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+
+
+<resource uuid="d2eb3c18-6754-4e3a-a933-03d289e3fad5">
+  <title>Authorization Boundary</title>
+  <description>
+     <p>Authorization Boundary Diagram</p>
+  </description>
+  <prop ns="https://fedramp.gov/ns/oscal" name="type" value="plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/AuthBoundary.docx" media-type="application/msword"/>
+  <base64 filename="AuthBoundary.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+
+<resource uuid="61081e81-850b-43c1-bf43-1ecbddcb9e7f">
+  <title>Network Architecture</title>
+  <description>
+     <p>Network Architecture Diagram</p>
+  </description>
+  <prop ns="https://fedramp.gov/ns/oscal" name="type" value="plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/NetworkArchitecture.docx" media-type="application/msword"/>
+  <base64 filename="NetworkArchitecture.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+
+<resource uuid="ac5d7535-f3b8-45d3-bf3b-735c82c64547">
+  <title>Data Flow</title>
+  <description>
+     <p>Data flow Diagram</p>
+  </description>
+  <prop ns="https://fedramp.gov/ns/oscal" name="type" value="plan"/>
+  <prop name="published" value="2023-01-01T00:00:00Z"/>
+  <prop name="version" value="Document Version"/>
+  <rlink href="./documents/Dataflo.docx" media-type="application/msword"/>
+  <base64 filename="Dataflow.docx" media-type="application/msword">00000000</base64>
+  <remarks>
+     <p>May use <code>rlink</code> with a relative path, or embedded as <code>base64</code>.</p>
+  </remarks>
+</resource>
+
+
+
+  </back-matter>
+</system-security-plan>
diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
index 8bcfe5503..9ae385a40 100644
--- a/src/validations/constraints/fedramp-external-constraints.xml
+++ b/src/validations/constraints/fedramp-external-constraints.xml
@@ -71,8 +71,26 @@
     <context>
         <metapath target="/system-security-plan"/>
         <constraints>
+            <let var="authorization-boundary-link" expression="system-characteristics/authorization-boundary/diagram/link/@href"/>
+            <let var="data-flow-link" expression="system-characteristics/data-flow/diagram/link/@href"/>
+            <let var="network-architecture-link" expression="system-characteristics/network-architecture/diagram/link/@href"/>
             <let var="import-profile-href" expression="import-profile/@href"/>
             <let var="resolved-import-profile-href" expression="if (starts-with($import-profile-href, '#')) then back-matter/resource[@uuid = substring($import-profile-href, 2)]/rlink/@href else $import-profile-href"/>
+            <expect id="has-authorization-boundary-diagram-link-href-target" target="." test="not(starts-with(system-characteristics/authorization-boundary/diagram/link/@href, '#')) or exists(//resource[@uuid eq substring-after($authorization-boundary-link, '#')])" level="ERROR">
+                <formal-name>Has Authorization Boundary Diagram Link Href Target</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#authorization-boundary"/>
+                <message>A FedRAMP SSP MUST include an authorization boundary diagram.</message>
+            </expect>
+            <expect id="has-data-flow-diagram-link-href-target" target="." test="not(starts-with(system-characteristics/data-flow/diagram/link/@href, '#')) or exists(//resource[@uuid eq substring-after($data-flow-link, '#')])" level="ERROR">
+                <formal-name>Has Data Flow Diagram Link Href Target</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#data-flow"/>
+                <message>A FedRAMP SSP MUST include a data flow diagram.</message>
+            </expect>
+            <expect id="has-network-architecture-diagram-link-href-target" target="." test="not(starts-with(system-characteristics/network-architecture/diagram/link/@href, '#')) or exists(//resource[@uuid eq substring-after($network-architecture-link, '#')])" level="ERROR">
+                <formal-name>Has Network Architecture Diagram Link Href Target</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#network-architecture"/>
+                <message>A FedRAMP SSP MUST include a network architecture diagram.</message>
+            </expect>
             <expect id="import-profile-has-available-document" target="import-profile" test="doc-available(resolve-uri($resolved-import-profile-href))" level="CRITICAL">
                 <formal-name>Import Profile has available document</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/3-working-with-oscal-files/#importing-the-fedramp-baseline"/>
diff --git a/src/validations/constraints/unit-tests/has-authorization-boundary-diagram-link-href-target-FAIL.yaml b/src/validations/constraints/unit-tests/has-authorization-boundary-diagram-link-href-target-FAIL.yaml
new file mode 100644
index 000000000..ad47bf55b
--- /dev/null
+++ b/src/validations/constraints/unit-tests/has-authorization-boundary-diagram-link-href-target-FAIL.yaml
@@ -0,0 +1,10 @@
+test-case:
+  name: Negative Test for has-authorization-boundary-diagram-link-href-target
+  description: >-
+    This test case validates the behavior of constraint
+    has-authorization-boundary-diagram-link-href-target
+  content: >-
+    ../content/ssp-has-authorization-boundary-diagram-link-href-target-INVALID.xml
+  expectations:
+    - constraint-id: has-authorization-boundary-diagram-link-href-target
+      result: fail
diff --git a/src/validations/constraints/unit-tests/has-authorization-boundary-diagram-link-href-target-PASS.yaml b/src/validations/constraints/unit-tests/has-authorization-boundary-diagram-link-href-target-PASS.yaml
new file mode 100644
index 000000000..ae5162476
--- /dev/null
+++ b/src/validations/constraints/unit-tests/has-authorization-boundary-diagram-link-href-target-PASS.yaml
@@ -0,0 +1,12 @@
+test-case:
+  name: Positive Test for has-authorization-boundary-diagram-link-href-target
+  description: >-
+    This test case validates the behavior of constraint has-authorization-boundary-diagram-link-href-target.
+    Scenario 1: Tests an @href that references a resource in the back-matter.
+    Scenario 2: Tests a link provided directly in the @href.
+  content: 
+    - ../content/ssp-all-VALID.xml
+    - ../content/ssp-has-authorization-boundary-diagram-link-href-target-VALID-1.xml
+  expectations:
+    - constraint-id: has-authorization-boundary-diagram-link-href-target
+      result: pass
diff --git a/src/validations/constraints/unit-tests/has-data-flow-diagram-link-href-target-FAIL.yaml b/src/validations/constraints/unit-tests/has-data-flow-diagram-link-href-target-FAIL.yaml
new file mode 100644
index 000000000..2ac7fe6dd
--- /dev/null
+++ b/src/validations/constraints/unit-tests/has-data-flow-diagram-link-href-target-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for has-data-flow-diagram-link-href-target
+  description: >-
+    This test case validates the behavior of constraint
+    has-data-flow-diagram-link-href-target
+  content: ../content/ssp-has-data-flow-diagram-link-href-target-INVALID.xml
+  expectations:
+    - constraint-id: has-data-flow-diagram-link-href-target
+      result: fail
diff --git a/src/validations/constraints/unit-tests/has-data-flow-diagram-link-href-target-PASS.yaml b/src/validations/constraints/unit-tests/has-data-flow-diagram-link-href-target-PASS.yaml
new file mode 100644
index 000000000..7e4f098ab
--- /dev/null
+++ b/src/validations/constraints/unit-tests/has-data-flow-diagram-link-href-target-PASS.yaml
@@ -0,0 +1,12 @@
+test-case:
+  name: Positive Test for has-data-flow-diagram-link-href-target
+  description: >-
+    This test case validates the behavior of constraint has-data-flow-diagram-link-href-target.
+    Scenario 1: Tests an @href that references a resource in the back-matter.
+    Scenario 2: Tests a link provided directly in the @href.
+  content: 
+    - ../content/ssp-all-VALID.xml
+    - ../content/ssp-has-data-flow-diagram-link-href-target-VALID-1.xml
+  expectations:
+    - constraint-id: has-data-flow-diagram-link-href-target
+      result: pass
diff --git a/src/validations/constraints/unit-tests/has-network-architecture-diagram-link-href-target-FAIL.yaml b/src/validations/constraints/unit-tests/has-network-architecture-diagram-link-href-target-FAIL.yaml
new file mode 100644
index 000000000..cc137ad7b
--- /dev/null
+++ b/src/validations/constraints/unit-tests/has-network-architecture-diagram-link-href-target-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for has-network-architecture-diagram-link-href-target
+  description: >-
+    This test case validates the behavior of constraint
+    has-network-architecture-diagram-link-href-target
+  content: ../content/ssp-has-network-architecture-diagram-link-href-target-INVALID.xml
+  expectations:
+    - constraint-id: has-network-architecture-diagram-link-href-target
+      result: fail
diff --git a/src/validations/constraints/unit-tests/has-network-architecture-diagram-link-href-target-PASS.yaml b/src/validations/constraints/unit-tests/has-network-architecture-diagram-link-href-target-PASS.yaml
new file mode 100644
index 000000000..0de200640
--- /dev/null
+++ b/src/validations/constraints/unit-tests/has-network-architecture-diagram-link-href-target-PASS.yaml
@@ -0,0 +1,12 @@
+test-case:
+  name: Positive Test for has-network-architecture-diagram-link-href-target
+  description: >-
+    This test case validates the behavior of constraint has-network-architecture-diagram-link-href-target.
+    Scenario 1: Tests an @href that references a resource in the back-matter.
+    Scenario 2: Tests a link provided directly in the @href.
+  content: 
+    - ../content/ssp-all-VALID.xml
+    - ../content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml
+  expectations:
+    - constraint-id: has-network-architecture-diagram-link-href-target
+      result: pass