Added standalone mapping model.

usnistgov · Apr 14, 2022 · 7869eab · 7869eab
1 parent 8547750
commit 7869eab
Show file tree

Hide file tree

Showing 5 changed files with 101 additions and 58 deletions.
diff --git a/build/metaschema b/build/metaschema
diff --git a/src/metaschema/examples/cis-sp-800-53-mapping.xml b/src/metaschema/examples/cis-sp-800-53-mapping.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- This is a mapping example used for development. This file should be moved to the oscal-content repo when this feature is ready. -->
+<mapping-collection xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 oscal-complete.xsd" uuid="3559d200-4849-41ac-a420-28b2ffa22c52">
+    <metadata>
+        <title>Example mapping between CIS controls and SP 800-53 rev5</title>
+        <last-modified>2022-04-13T08:37:21.323321800-04:00</last-modified>
+        <version>0.0.1</version>
+        <oscal-version>1.0.3</oscal-version>
+    </metadata>
+    <mapping uuid="9eb2019c-f3be-4f96-947e-58876a46b2a9">
+        <source-resource type="catalog" href="#a84961de-55ae-4bf3-a2d3-86cc32b651af"></source-resource>
+        <target-resource type="catalog" href="#711085f6-c390-4b25-b5f1-30066a56073d"></target-resource>
+        <map uuid="6a9a1161-770e-4556-9740-41e1809e14ea">
+            <relationship>equal-to</relationship>
+            <source type="control" id-ref="#cis-1.1"/>
+            <target type="control" id-ref="#cm-8">
+                <!-- TODO: consider a way to reference parameters allowing the review period of at least bi-annually to be described -->
+                <!-- <using-param id="cm-08_odp.02">at least bi-annually</using-param>-->
+            </target>
+            <target type="control" id-ref="#cm-8.1"/>
+            <remarks>
+                <p>The combination of SP 800-53 CM-8 and CM-8(1) describe similar implementation requirements to CIS 1.1.</p>
+            </remarks>
+        </map>
+    </mapping>
+    <back-matter>
+        <resource uuid="a84961de-55ae-4bf3-a2d3-86cc32b651af">
+            <rlink href="cis-catalog.xml" media-type="application/oscal+xml"/>
+        </resource>
+        <resource uuid="711085f6-c390-4b25-b5f1-30066a56073d">
+            <rlink href="https://github.com/usnistgov/oscal-content/raw/main/nist.gov/SP800-53/rev5/xml/NIST_SP-800-53_rev5_catalog.xml" media-type="application/oscal+xml"/>
+        </resource>
+    </back-matter>
+</mapping-collection>
diff --git a/src/metaschema/examples/computer-build_metaschema.xml b/src/metaschema/examples/computer-build_metaschema.xml
diff --git a/src/metaschema/oscal_complete_metaschema.xml b/src/metaschema/oscal_complete_metaschema.xml
@@ -15,6 +15,7 @@
             <p>This format represents a combination of all of the OSCAL models.</p>
       </remarks>
       <import href="oscal_catalog_metaschema.xml"/>
+      <import href="oscal_mapping_metaschema.xml"/>
       <import href="oscal_profile_metaschema.xml"/>
       <import href="oscal_component_metaschema.xml"/>
       <import href="oscal_ssp_metaschema.xml"/>

diff --git a/src/metaschema/oscal_mapping_metaschema.xml b/src/metaschema/oscal_mapping_metaschema.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-model href="../../build/metaschema/toolchains/xslt-M4/validate/metaschema-composition-check.sch" type="application/xml" schematypens="http://purl.oclc.org/dsdl/schematron"?>
+<!-- OSCAL CATALOG METASCHEMA -->
+<!-- validate with XSD and Schematron (linked) -->
+<!DOCTYPE METASCHEMA [
+   <!ENTITY allowed-values-control-group-property-name SYSTEM "shared-constraints/allowed-values-control-group-property-name.ent">
+]>
+<METASCHEMA xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xmlns:meta="http://csrc.nist.gov/ns/oscal/metaschema/1.0"
+      xmlns="http://csrc.nist.gov/ns/oscal/metaschema/1.0" xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/metaschema/1.0 ../../build/metaschema/toolchains/xslt-M4/validate/metaschema.xsd">
+      <schema-name>OSCAL Control Mapping Model</schema-name>
+      <schema-version>1.0.3</schema-version>
+      <short-name>oscal-mapping</short-name>
+      <namespace>http://csrc.nist.gov/ns/oscal/1.0</namespace>
+      <json-base-uri>http://csrc.nist.gov/ns/oscal</json-base-uri>
+      <remarks>
+            <p>The OSCAL Control mapping format can be used to describe how a collection of security controls and related control enhancements relate to another collection of controls. The root of the Control Catalog format is <code>mapping-collection</code>.
+            </p>
+      </remarks>
+      <import href="oscal_metadata_metaschema.xml"/>
+      <import href="oscal_mapping-common_metaschema.xml"/>
+
+      <define-assembly name="mapping-collection">
+            <formal-name>Mapping Collection</formal-name>
+            <description>A collection of control mappings.</description>
+            <root-name>mapping-collection</root-name>
+            <define-flag name="uuid" as-type="uuid" required="yes">
+                  <formal-name>Mapping Collection Universally Unique Identifier</formal-name>
+                  <description>A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised.</description>
+            </define-flag>
+
+            <model>
+                  <assembly ref="metadata" min-occurs="1"/>
+                  <assembly ref="mapping" min-occurs="1" max-occurs="unbounded">
+                        <group-as name="mappings"/>
+                  </assembly>
+                  <assembly ref="back-matter">
+                        <remarks>
+                              <p>Back matter including references and resources.</p>
+                        </remarks>
+                  </assembly>
+            </model>
+      </define-assembly>
+      <define-assembly name="mapping">
+            <formal-name>Control Mapping</formal-name>
+            <description>A mapping between two target resources.</description>
+            <define-flag name="uuid" as-type="uuid" required="yes">
+                  <formal-name>Mapping Universally Unique Identifier</formal-name>
+                  <description>A <a href="/concepts/identifier-use/#machine-oriented">machine-oriented</a>, <a href="/concepts/identifier-use/#globally-unique">globally unique</a> identifier with <a href="/concepts/identifier-use/#cross-instance">cross-instance</a> scope that can be used to reference this mapping definition elsewhere in this or other OSCAL instances. The locally defined <em>UUID</em> of the <code>mapping</code> can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned <a href="/concepts/identifier-use/#consistency">per-subject</a>, which means it should be consistently used to identify the same subject across revisions of the document.</description>
+            </define-flag>
+            <model>
+                  <assembly ref="mapping-resource-reference" min-occurs="1">
+                        <use-name>source-resource</use-name>
+                  </assembly>
+                  <assembly ref="mapping-resource-reference" min-occurs="1">
+                        <use-name>target-resource</use-name>
+                  </assembly>
+                  <assembly ref="map" min-occurs="1" max-occurs="unbounded">
+                        <group-as name="maps" in-json="ARRAY"/>
+                  </assembly>
+            </model>
+      </define-assembly>
+</METASCHEMA>