From 9a8bb359495814e85a6918fd05b5d8335c965ae7 Mon Sep 17 00:00:00 2001
From: Guy Zylberberg <guyzyl@gmail.com>
Date: Sun, 13 Mar 2022 19:01:24 +0200
Subject: [PATCH] Create`<define-assembly name="impact">`

This fixes issues #1129
---
 src/metaschema/oscal_ssp_metaschema.xml | 69 +++++++++----------------
 1 file changed, 24 insertions(+), 45 deletions(-)

diff --git a/src/metaschema/oscal_ssp_metaschema.xml b/src/metaschema/oscal_ssp_metaschema.xml
index cef0cd27ed..435f60d9a1 100644
--- a/src/metaschema/oscal_ssp_metaschema.xml
+++ b/src/metaschema/oscal_ssp_metaschema.xml
@@ -235,51 +235,15 @@
           <assembly ref="link" max-occurs="unbounded">
             <group-as name="links" in-json="ARRAY"/>
           </assembly>
-          <define-assembly name="confidentiality-impact" min-occurs="1">
-            <formal-name>Confidentiality Impact Level</formal-name>
-            <description>The expected level of impact resulting from the unauthorized disclosure of the described information.</description>
-            <model>
-              <assembly ref="property" max-occurs="unbounded">
-                <group-as name="props" in-json="ARRAY"/>
-              </assembly>
-              <assembly ref="link" max-occurs="unbounded">
-                <group-as name="links" in-json="ARRAY"/>
-              </assembly>
-              <field ref="base" min-occurs="1"/>
-              <field ref="selected"/>
-              <field ref="adjustment-justification" in-xml="WITH_WRAPPER"/>
-            </model>
-          </define-assembly>
-          <define-assembly name="integrity-impact" min-occurs="1">
-            <formal-name>Integrity Impact Level</formal-name>
-            <description>The expected level of impact resulting from the unauthorized modification of the described information.</description>
-            <model>
-              <assembly ref="property" max-occurs="unbounded">
-                <group-as name="props" in-json="ARRAY"/>
-              </assembly>
-              <assembly ref="link" max-occurs="unbounded">
-                <group-as name="links" in-json="ARRAY"/>
-              </assembly>
-              <field ref="base" min-occurs="1"/>
-              <field ref="selected"/>
-              <field ref="adjustment-justification" in-xml="WITH_WRAPPER"/>
-            </model>
-          </define-assembly>
-          <define-assembly name="availability-impact" min-occurs="1">
-            <formal-name>Availability Impact Level</formal-name>
-            <description>The expected level of impact resulting from the disruption of access to or use of the described information or the information system.</description>
-            <model>
-              <assembly ref="property" max-occurs="unbounded">
-                <group-as name="props" in-json="ARRAY"/>
-              </assembly>
-              <assembly ref="link" max-occurs="unbounded">
-                <group-as name="links" in-json="ARRAY"/>
-              </assembly>
-              <field ref="base" min-occurs="1"/>
-              <field ref="selected"/>
-              <field ref="adjustment-justification" in-xml="WITH_WRAPPER"/>
-            </model>
-          </define-assembly>
+          <assembly ref="impact">
+            <use-name>confidentiality-impact</use-name>
+          </assembly>
+          <assembly ref="impact">
+            <use-name>integrity-impact</use-name>
+          </assembly>
+          <assembly ref="impact">
+            <use-name>availability-impact</use-name>
+          </assembly>
         </model>
         <constraint>
           <expect level="WARNING" target="." test="@uuid">
@@ -317,6 +281,21 @@
       </allowed-values>
     </constraint>
   </define-assembly>
+  <define-assembly name="impact">
+    <formal-name>Impact Level</formal-name>
+    <description>The expected level of impact resulting from the described information.</description>
+    <model>
+      <assembly ref="property" max-occurs="unbounded">
+        <group-as name="props" in-json="ARRAY"/>
+      </assembly>
+      <assembly ref="link" max-occurs="unbounded">
+        <group-as name="links" in-json="ARRAY"/>
+      </assembly>
+      <field ref="base" min-occurs="1"/>
+      <field ref="selected"/>
+      <field ref="adjustment-justification" in-xml="WITH_WRAPPER"/>
+    </model>
+  </define-assembly>
   <define-field name="base" as-type="string" scope="local">
     <formal-name>Base Level (Confidentiality, Integrity, or Availability)</formal-name>
     <description>The prescribed base (Confidentiality, Integrity, or Availability) security impact level.</description>