diff --git a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
index e70c03786..0f0dc6f7b 100644
--- a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+++ b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
@@ -2535,8 +2535,9 @@ SSP authors must add implmentations for all required controls.
         <value>at least every 3 years</value>
       </set-parameter><set-parameter param-id="ac-01_odp.07">
         <value>at least annually</value>
-      </set-parameter><statement statement-id="ac-1_smt.a.1" uuid="11111111-2222-4000-8000-013000000001">
-        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000001">
+      </set-parameter>
+      <statement statement-id="ac-1_smt" uuid="11111117-2222-4000-8000-013000000001">
+<by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000001">
           <description>
             <p>Describe how Part a is satisfied within the system.</p>
             <p>Legacy approach. If no policy component is defined, describe here how the policy satisfies part a.</p>
@@ -2566,6 +2567,37 @@ SSP authors must add implmentations for all required controls.
                     </responsible-role>
         </by-component>
       </statement>
+      <statement statement-id="ac-1_smt.a.1" uuid="11111111-2222-4000-8000-013000000001">
+        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8880-014000000001">
+          <description>
+            <p>Describe how Part a is satisfied within the system.</p>
+            <p>Legacy approach. If no policy component is defined, describe here how the policy satisfies part a.</p>
+            <p>In this case, a link must be provided to the policy.</p>
+            <p>FedRAMP prefers all policies and procedures be attached as a resource in the back-matter. The link points to a resource.</p>
+          </description>
+          <link href="#11111111-2222-4000-8000-001000000005" rel="policy"/>
+          <link href="#11111111-2222-4000-8000-001000000023" rel="procedure"/>
+          <implementation-status state="operational"/>
+                    <responsible-role role-id="system-admin">
+                        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+                    </responsible-role>
+          <remarks>
+            <p>The specified component is the system itself.</p>
+            <p>Any control implementation response that can not be associated with another component is associated with the component representing the system.</p>
+          </remarks>
+        </by-component>
+        <by-component component-uuid="11111111-2222-4000-8000-009000000012" uuid="11111111-2222-4000-8000-014000000012">
+          <description>
+            <p>Describe how this policy component satisfies part a.</p>
+            <p>Component approach. This links to a component representing the Identity Management and Access Control Policy.</p>
+            <p>That component contains a link to the policy, so it does not have to be linked here too.</p>
+          </description>
+          <implementation-status state="operational"/>
+                    <responsible-role role-id="system-admin">
+                        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+                    </responsible-role>
+        </by-component>
+      </statement>
       <statement statement-id="ac-1_smt.a.2" uuid="11111111-2222-4000-8000-013000000002">
         <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000003">
           <description>
@@ -2799,7 +2831,7 @@ SSP authors must add implmentations for all required controls.
                     </responsible-role>
         </by-component>
       </statement><statement statement-id="at-1_smt.a" uuid="11111111-2222-4000-8000-013000000008">
-        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000012">
+        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000017">
           <description>
             <p>Describe how Part a is satisfied.</p>
           </description>
@@ -2869,7 +2901,7 @@ SSP authors must add implmentations for all required controls.
       </set-parameter><responsible-role role-id="information-system-security-officer">
         <party-uuid>11111111-2222-4000-8000-004000000011</party-uuid>
       </responsible-role><statement statement-id="au-1_smt" uuid="11111111-2222-4000-8000-013000000011">
-        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000017">
+        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8800-004000000017">
           <description>
             <p>Describe how the control is satisfied within the system.</p>
           </description>
@@ -3769,7 +3801,7 @@ SSP authors must add implmentations for all required controls.
         <value>All employees, contractors, and third-party vendors who handle sensitive information or have access to organizational media.</value>
       </set-parameter><responsible-role role-id="information-system-security-officer">
         <party-uuid>11111111-2222-4000-8000-004000000011</party-uuid>
-      </responsible-role><statement statement-id="_smt" uuid="11111111-2222-4000-8000-013000000039">
+      </responsible-role><statement statement-id="mp-1_smt" uuid="11111111-2222-4000-8000-013000000039">
         <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000059">
           <description>
             <p>Describe how the control is satisfied within the system.</p>
@@ -3784,7 +3816,9 @@ SSP authors must add implmentations for all required controls.
                         <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
                     </responsible-role>
         </by-component>
-      </statement><statement statement-id="mp-1_smt.a" uuid="11111111-2222-4000-8000-013000000040">
+      </statement>
+      
+      <statement statement-id="mp-1_smt.a" uuid="11111111-2222-4000-8000-013000000040">
         <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000060">
           <description>
             <p>For the portion of the control satisfied by the service provider, describe <strong>how</strong> the control is met.</p>
@@ -3854,7 +3888,7 @@ SSP authors must add implmentations for all required controls.
         <value>All personnel with access to company facilities or systems, including employees, contractors, and third-party vendors.</value>
       </set-parameter><responsible-role role-id="information-system-security-officer">
         <party-uuid>11111111-2222-4000-8000-004000000011</party-uuid>
-      </responsible-role><statement statement-id="_smt" uuid="11111111-2222-4000-8000-013000000043">
+      </responsible-role><statement statement-id="pe-1_smt" uuid="11111111-2222-4000-8000-013000000043">
         <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000065">
           <description>
             <p>Describe how the control is satisfied within the system.</p>
diff --git a/src/validations/constraints/content/resolved-example-profile.xml b/src/validations/constraints/content/resolved-example-profile.xml
new file mode 100644
index 000000000..ce2dd5bc1
--- /dev/null
+++ b/src/validations/constraints/content/resolved-example-profile.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="2a1553a7-2ae5-4669-a260-7c6fe6215170">
+    <metadata>
+        <title>Sample</title>
+        <last-modified>2025-01-08T00:00:00Z</last-modified>
+        <version>1.0</version>
+        <oscal-version>1.1.3</oscal-version>
+    </metadata>
+    <control id="sample-1">
+        <title>Sample 1</title>
+        <part name="statement" id="sample-1_smt">
+            <part name="item" id="sample-1_smt.a">
+                <prop ns="https://fedramp.gov/ns/oscal" name="response-point" value="You must fill in this response point." />
+                <p>Should be INCLUDED (sample-1_smt.a)</p>
+                <part name="item" id="sample-1_smt.a.1">
+                    <prop ns="https://fedramp.gov/ns/oscal" name="response-point" value="You must fill in this response point." />
+                    <p>Should be INCLUDED (sample-1_smt.a.1)</p>
+                </part>
+            </part>
+        </part>
+
+        <part id="sample-1_obj" name="assessment-objective">
+            <part id="sample-1_obj.a" name="assessment-objective">
+                <prop ns="https://fedramp.gov/ns/oscal" name="response-point" value="You must fill in this response point."/>
+                <p>this should be EXCLUDED (sample-1_obj.a)</p>
+                <part id="sample-1_obj.a-1" name="assessment-objective">
+                    <prop ns="https://fedramp.gov/ns/oscal" name="response-point" value="You must fill in this response point."/>
+                    <p>this should be EXCLUDED (sample-1_obj.a-1)</p>
+                </part>
+            </part>
+        </part>
+    </control>
+</catalog>
\ No newline at end of file
diff --git a/src/validations/constraints/content/ssp-has-required-response-points-VALID.xml b/src/validations/constraints/content/ssp-has-required-response-points-VALID.xml
new file mode 100644
index 000000000..c32acfbf1
--- /dev/null
+++ b/src/validations/constraints/content/ssp-has-required-response-points-VALID.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-model href="https://raw.githubusercontent.com/usnistgov/OSCAL/v1.0.4/xml/schema/oscal_complete_schema.xsd" schematypens="http://www.w3.org/2001/XMLSchema" title="OSCAL complete schema"?>
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="11111111-2222-4000-8000-000000000000">
+<metadata></metadata>
+     <import-profile href="resolved-example-profile.xml"/>
+     <control-implementation>
+     <description></description>
+         <implemented-requirement uuid="11111111-2222-4000-8000-012000000001" control-id="unsupported-id">
+            <prop name="control-origination" ns="http://fedramp.gov/ns/oscal" value="sp-system"/>
+            <link href="#11111111-2222-4000-8000-001000000005" rel="policy"/>
+            <link href="#11111111-2222-4000-8000-001000000023" rel="procedure"/>
+            <set-parameter param-id="ac-1_prm_1">
+                <value>organization-defined personnel or roles</value>
+            </set-parameter>
+                        <set-parameter param-id="mp-2_prm_2">
+                <value>Chief Information Security Officer, Information System Security Officers, and System Administrators</value>
+            </set-parameter>
+                        <statement statement-id="sample-1_smt" uuid="11111111-2222-4000-8000-013000000008">
+                <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000003">
+                    <description>
+                        <p>There</p>
+                    </description>
+                    <prop name="planned-completion-date" ns="http://fedramp.gov/ns/oscal" value="2024-01-31Z"/>
+                    <implementation-status state="partial">
+                        <remarks>
+                            <p>Describe the plan to complete the implementation.</p>
+                        </remarks>
+                    </implementation-status>
+                </by-component>
+                <by-component component-uuid="11111111-2222-4000-8000-009000000013" uuid="11111111-2222-4000-8000-014000000004">
+                    <description>
+                        <p>Describe how this policy currently satisfies part a.</p>
+                    </description>
+                    <prop name="planned-completion-date" ns="http://fedramp.gov/ns/oscal" value="2024-01-31Z">
+                        <remarks>
+                            <p>Describe the plan for addressing the missing policy elements.</p>
+                        </remarks>
+                    </prop>
+                    <implementation-status state="partial">
+                        <remarks>
+                            <p>Identify what is currently missing from this policy.</p>
+                        </remarks>
+                    </implementation-status>
+                </by-component>
+            </statement>
+            <statement statement-id="ac-1_smt.a.1" uuid="11111111-2222-4000-8000-013000000001">
+                <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000001">
+                    <description>
+                        <p>Describe how Part a is satisfied within the system.</p>
+                        <p>Legacy approach. If no policy component is defined, describe here how the policy satisfies part a.</p>
+                        <p>In this case, a link must be provided to the policy.</p>
+                        <p>FedRAMP prefers all policies and procedures be attached as a resource in the back-matter. The link points to a resource.</p>
+                    </description>
+                    <link href="#11111111-2222-4000-8000-001000000005" rel="policy"/>
+                    <link href="#11111111-2222-4000-8000-001000000023" rel="procedure"/>
+                    <implementation-status state="operational"/>
+                    <remarks>
+                        <p>The specified component is the system itself.</p>
+                        <p>Any control implementation response that can not be associated with another component is associated with the component representing the system.</p>
+                    </remarks>
+                </by-component>
+                <by-component component-uuid="11111111-2222-4000-8000-009000000012" uuid="11111111-2222-4000-8000-014000000002">
+                    <description>
+                        <p>Describe how this policy component satisfies part a.</p>
+                        <p>Component approach. This links to a component representing the Identity Management and Access Control Policy.</p>
+                        <p>That component contains a link to the policy, so it does not have to be linked here too.</p>
+                    </description>
+                    <implementation-status state="operational"/>
+                </by-component>
+            </statement>
+            <statement statement-id="sample-1_smt.a" uuid="11111111-2222-4000-8000-013000000002">
+                <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000003">
+                    <description>
+                        <p>There</p>
+                    </description>
+                    <prop name="planned-completion-date" ns="http://fedramp.gov/ns/oscal" value="2024-01-31Z"/>
+                    <implementation-status state="partial">
+                        <remarks>
+                            <p>Describe the plan to complete the implementation.</p>
+                        </remarks>
+                    </implementation-status>
+                </by-component>
+                <by-component component-uuid="11111111-2222-4000-8000-009000000013" uuid="11111111-2222-4000-8000-014000000004">
+                    <description>
+                        <p>Describe how this policy currently satisfies part a.</p>
+                    </description>
+                    <prop name="planned-completion-date" ns="http://fedramp.gov/ns/oscal" value="2024-01-31Z">
+                        <remarks>
+                            <p>Describe the plan for addressing the missing policy elements.</p>
+                        </remarks>
+                    </prop>
+                    <implementation-status state="partial">
+                        <remarks>
+                            <p>Identify what is currently missing from this policy.</p>
+                        </remarks>
+                    </implementation-status>
+                </by-component>
+            </statement>
+
+            <statement statement-id="sample-1_smt.a.1" uuid="11111111-2222-4000-8000-013000000003">
+                <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000005">
+                    <description>
+                        <p>Describe how Part b-1 is satisfied.</p>
+                    </description>
+                    <implementation-status state="operational"/>
+                </by-component>
+            </statement>
+            <statement statement-id="ac-1_smt.b.2" uuid="11111111-2222-4000-8000-013000000004">
+                <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000006">
+                    <description>
+                        <p>Describe how Part b-2 is satisfied.</p>
+                    </description>
+                    <implementation-status state="operational"/>
+                </by-component>
+            </statement>
+        </implemented-requirement>
+    </control-implementation>
+</system-security-plan>
\ No newline at end of file
diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
index 4faa4ca04..d51e74a76 100644
--- a/src/validations/constraints/fedramp-external-constraints.xml
+++ b/src/validations/constraints/fedramp-external-constraints.xml
@@ -66,7 +66,7 @@
             <let var="aggregate-parameters" expression="$resolved-profile//param[prop[@name='aggregates']]/@id"/>
             <let var="implemented-parameters-map" expression="map:merge(//set-parameter ! map:entry(@param-id,.))?*"/>          
             <let var="implemented-statements-map" expression="map:merge(//statement ! map:entry(@statement-id,.))?*"/>          
-            <let var="required-response-points-map" expression="map:merge($resolved-profile//part[@name='statement' and (prop[@name='response-point'])] ! map:entry(@id,.))?*"/>          
+            <let var="required-response-points-map" expression="map:merge($resolved-profile//part[@name='statement' and (.//prop[@name='response-point'])] ! map:entry(@id,.))?*"/>          
             <index name="index-implemented-statements" target="$implemented-statements-map">
                 <formal-name>Statements implimented in SSP</formal-name>
                 <description>This index includes all statements defined in a FedRAMP SSP</description>
diff --git a/src/validations/constraints/unit-tests/has-required-response-points-PASS.yaml b/src/validations/constraints/unit-tests/has-required-response-points-PASS.yaml
index 719e673d1..0f80b159d 100644
--- a/src/validations/constraints/unit-tests/has-required-response-points-PASS.yaml
+++ b/src/validations/constraints/unit-tests/has-required-response-points-PASS.yaml
@@ -3,7 +3,9 @@ test-case:
   description: >-
     This test case validates the behavior of constraint
     has-required-response-points
-  content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+  content: 
+    - ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+    - ../content/ssp-has-required-response-points-VALID.xml
   expectations:
     - constraint-id: has-required-response-points
       result: pass