Skip to content

Commit

Permalink
Feedback from AJ during 20220718-20220722. (usnistgov#48)
Browse files Browse the repository at this point in the history
  • Loading branch information
@aj-stein-nist @david-waltermire
aj-stein-nist authored and david-waltermire committed Aug 1, 2022
1 parent 5c28718 commit d05ed55
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 28 deletions.
11 changes: 4 additions & 7 deletions src/metaschema/oscal_catalog_metaschema.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@
<enum value="resolution-tool">The tool used to produce a resolved profile.</enum>
</allowed-values>
<allowed-values target="metadata/link/@rel">
<enum value="source-profile">The profile from which a tailored catalog was produced using <a href="https://pages.nist.gov/OSCAL/concepts/processing/profile-resolution/">profile resolution</a>.</enum>
<enum value="source-profile">The profile from which the catalog was produced by <a href="https://pages.nist.gov/OSCAL/concepts/processing/profile-resolution/">profile resolution</a>.</enum>
</allowed-values>
<index name="catalog-parts" target="//part" >
<key-field target="@id"/>
Expand All @@ -77,7 +77,7 @@
</remarks>
<example>
<description>A small catalog with a single control.</description>
<catalog xmlns="http://csrc.nist.gov/ns/oscal/example" uuid="35566cd4-7331-43ba-b023-988c38d62673">
<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="35566cd4-7331-43ba-b023-988c38d62673">
<title>A Miniature Catalog</title>
<control id="single">
<title>A Single Control</title>
Expand Down Expand Up @@ -114,7 +114,6 @@
<description>A name given to the group, which may be used by a tool for display and navigation.</description>
</define-field>
<assembly ref="parameter" max-occurs="unbounded">
<!-- CHANGED: "parameters" to "params" -->
<group-as name="params" in-json="ARRAY"/>
</assembly>

Expand All @@ -138,7 +137,6 @@
<!--<any/>-->
</model>
<constraint>
<!-- CHANGE: added allowed values for a property/@name -->
<allowed-values target="prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name">
&allowed-values-control-group-property-name;
</allowed-values>
Expand All @@ -151,7 +149,7 @@
<p>A <code>group</code> may have its own properties, statements, parameters, and references, which are inherited by all members of that group.</p>
</remarks>
<example>
<group xmlns="http://csrc.nist.gov/ns/oscal/example" id="xyz">
<group xmlns="http://csrc.nist.gov/ns/oscal/1.0" id="xyz">
<title>My Group</title>
<prop name="required" value="some value"/>
<control id="xyz1">
Expand Down Expand Up @@ -183,7 +181,6 @@
<description>A name given to the control, which may be used by a tool for display and navigation.</description>
</define-field>
<assembly ref="parameter" max-occurs="unbounded">
<!-- CHANGED: "parameters" to "params" -->
<group-as name="params" in-json="ARRAY"/>
</assembly>
<!-- TODO: Need to be able to add valid values in context -->
Expand Down Expand Up @@ -268,7 +265,7 @@
<p>A control must have a part with the name "statement", which represents the textual narrative of the control. This "statement" part must occur only once, but may have nested parts to allow for multiple paragraphs or sections of text.</p>
</remarks>
<example>
<control xmlns="http://csrc.nist.gov/ns/oscal/example" id="x">
<control xmlns="http://csrc.nist.gov/ns/oscal/1.0" id="x">
<title>Control 1</title>
</control>
</example>
Expand Down
27 changes: 9 additions & 18 deletions src/metaschema/oscal_control-common_metaschema.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
xmlns="http://csrc.nist.gov/ns/oscal/metaschema/1.0" xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/metaschema/1.0 ../../build/metaschema/toolchains/xslt-M4/validate/metaschema.xsd" abstract="yes">
<schema-name>OSCAL Control Catalog Format -- Common Models</schema-name>
<schema-version>1.0.4</schema-version>
<short-name>oscal-catalog-common</short-name>
<short-name>oscal-control-common</short-name>
<namespace>http://csrc.nist.gov/ns/oscal/1.0</namespace>
<json-base-uri>http://csrc.nist.gov/ns/oscal</json-base-uri>
<import href="oscal_metadata_metaschema.xml"/>
Expand Down Expand Up @@ -74,6 +74,9 @@
<allowed-values target="prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name">
&allowed-values-control-group-property-name;
</allowed-values>
<allowed-values target="prop[has-oscal-namespace('http://csrc.nist.gov/ns/rmf')]/@name">
<enum xmlns="https://csrc.nist.gov/ns/rmf" value="method">Type of The Risk Management Framework 800-53A method to be use for assessment.</enum>
</allowed-values>
</constraint>
<remarks>
<p>A <code>part</code> provides for logical partitioning of prose, and can be thought of as a grouping structure (e.g., section). A <code>part</code> can have child parts allowing for arbitrary nesting of prose content (e.g., statement hierarchy). A <code>part</code> can contain <code>prop</code> objects that allow for enriching prose text with structured name/value information.</p>
Expand All @@ -84,10 +87,10 @@
</remarks>
<example>
<description>Multiple Parts with Different Organization-Specific Names</description>
<o:part xmlns:o="http://csrc.nist.gov/ns/oscal/example" name="statement" id="statement-A">
<o:part ns="http://fedramp.gov/ns/oscal" name="status" id="statement-A-FedRAMP">Something FedRAMP Cares About</o:part>
<o:part ns="https://defense.gov" name="status" id="statement-A-DoD">Something DoD Cares About</o:part>
</o:part>
<part xmlns="http://csrc.nist.gov/ns/oscal/1.0" name="statement" id="statement-A">
<part ns="http://fedramp.gov/ns/oscal" name="status" id="statement-A-FedRAMP">A requirement specific to FedRAMP stakeholders.</part>
<part ns="https://defense.gov" name="status" id="statement-A-DoD">A requirement specific to the Department of Defense stakeholders.</part>
</part>
</example>
</define-assembly>

Expand All @@ -98,12 +101,10 @@
<define-assembly name="parameter">
<formal-name>Parameter</formal-name>
<description>Parameters provide a mechanism for the dynamic assignment of value(s) in a control.</description>
<!-- It is worth it abbreviate "param" in XML, while keeping "parameters" in JSON. -->
<use-name>param</use-name>
<define-flag name="id" as-type="token" required="yes">
<!-- This is an id because the idenfier is intended to be human-readable. -->
<formal-name>Parameter Identifier</formal-name>
<!-- Identifier Declaration -->
<description>A <a href="/concepts/identifier-use/#human-oriented">human-oriented</a>, <a href="/concepts/identifier-use/#locally-unique">locally unique</a> identifier with <a href="/concepts/identifier-use/#cross-instance">cross-instance</a> scope that can be used to reference this defined parameter elsewhere in <a href="/concepts/identifier-use/#scope">this or other OSCAL instances</a>. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned <a href="/concepts/identifier-use/#consistency">per-subject</a>, which means it should be consistently used to identify the same subject across revisions of the document.</description>
</define-flag>
<!-- TODO: What is the semantics of class here? -->
Expand Down Expand Up @@ -143,16 +144,14 @@
</assembly>
<assembly ref="parameter-guideline" max-occurs="unbounded">
<use-name>guideline</use-name>
<!-- CHANGED from "guidance" to "guidelines" -->
<group-as name="guidelines" in-json="ARRAY"/>
</assembly>
<choice>
<field ref="parameter-value" max-occurs="unbounded">
<!-- CHANGED cardinality to allow for multiple values -->
<use-name>value</use-name>
<group-as name="values" in-json="ARRAY"/>
<remarks>
<p>A set of values provided in a catalog can be redefined at any higher layer of OSCAL (e.g., Profile).</p>
<p>A set of values provided in a catalog can be redefined in OSCAL's <code>profile</code> or <code>system-security-plan</code> models.</p>
</remarks>
</field>
<assembly ref="parameter-selection">
Expand All @@ -163,7 +162,6 @@
</assembly>
</choice>
<field ref="remarks" in-xml="WITH_WRAPPER"/>
<!-- <any/> -->
</model>
<constraint>
<allowed-values target="prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name">
Expand All @@ -184,16 +182,13 @@
</define-assembly>

<define-assembly name="parameter-constraint">
<!-- CHANGED from field to assembly to allow for future extension -->
<formal-name>Constraint</formal-name>
<description>A formal or informal expression of a constraint or test</description>
<model>
<!-- CHANGED: renamed "detail" to "description" -->
<define-field name="description" as-type="markup-multiline" in-xml="WITH_WRAPPER">
<formal-name>Constraint Description</formal-name>
<description>A textual summary of the constraint to be applied.</description>
</define-field>
<!-- CHANGED from flag to assembly to allow for future extension -->
<define-assembly name="test" max-occurs="unbounded">
<formal-name>Constraint Test</formal-name>
<description>A test expression which is expected to be evaluated by a tool.</description>
Expand All @@ -216,12 +211,10 @@
<formal-name>Guideline Text</formal-name>
<description>Prose permits multiple paragraphs, lists, tables etc.</description>
</define-field>
<!-- <any/> -->
</model>
</define-assembly>

<define-field name="parameter-value">
<!-- CHANGED type from "markup-line" to "string" since this is intended to be a scalar value -->
<formal-name>Parameter Value</formal-name>
<description>A parameter value or set of values.</description>
</define-field>
Expand All @@ -245,10 +238,8 @@
<description>A value selection among several such options</description>
<use-name>choice</use-name>
<json-value-key>value</json-value-key>
<!-- CHANGED "alternatives" to "choices" -->
<group-as name="choice" in-json="ARRAY"/>
</define-field>
<!-- <any/> -->
</model>
<remarks>
<p>A set of parameter value choices, that may be picked from to set the parameter value.</p>
Expand Down
6 changes: 3 additions & 3 deletions src/metaschema/oscal_profile_metaschema.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@
</constraint>
</define-flag>
<constraint>
<expect id="expect-profile-combine-method-merge-unused" target="." test="not(exists(combine[@method='merge']))"/>
<expect id="req-merge-combine" target="." test="not(@method='merge')"/>
</constraint>
<remarks>
<p>Whenever combining controls from multiple (import) pathways, an issue arises of what to do with clashing invocations (multiple competing versions of a control). </p>
Expand All @@ -124,7 +124,7 @@
</define-assembly>
<define-field name="as-is" as-type="boolean" min-occurs="1">
<formal-name>As-Is Structuring Directive</formal-name>
<description>An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes.</description>
<description>An As-Is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes.</description>
</define-field>
<define-assembly name="custom">
<formal-name>Custom grouping</formal-name>
Expand All @@ -150,7 +150,7 @@
</remarks>
</define-assembly>
<define-assembly name="group">
<formal-name>Control group</formal-name>
<formal-name>Control Group</formal-name>
<description>A group of (selected) controls or of groups of controls</description>
<define-flag name="id" as-type="token">
<!-- This is an id because the idenfier is assigned and managed externally by humans. -->
Expand Down

0 comments on commit d05ed55

Please sign in to comment.