Assessment Plan, Result, and POA&M Models (#681)

* Renamed group-as names to make them more consistent. * Moved levergaed-authorizations to system-implementation. Made system-implementation and control-implementation required. * Added metadata and fixed other front matter in content * Updated examples with AU-5 mock-up data * Filled in missing titles and descriptions. Added role/user. * Updates to examples. Tweak to SSP Metaschema * Adding metaschema support for UUIDs. Implemented uuids addressing issue #676. * Fixed broken schema and schematron paths. * Fixed content to use new uuid-based flags. * Profile resolution test set update to M3 models * Updating profile resolver; renaming uuid support XSLT (#42) * Removed SSL certificate check for wget to deal with broken SSL cert on apache archive site. * Updated OSCAL version in metaschema files. * Migrated definition of a system interconnection and service into components. The "service" and "interconnection" component types are now used to define these. (#498) * Flattened party -> org/person to be just party. Party now has a type which identifies if the party is a person or organization. * Added SHA-3 algorithms to the hash algorithm list. (#632) * Fixed Docker container to run scripts that require in-place editing. * Fixed SSP elements that reference a component UUID, but lacked the correct type. * Added a location title. * Updating metaschema support to fix bug (usnistgov/metaschema#56). * Added "homepage" link relation. * Fixed message error in round-trip validation which indicated the wrong type of conversion as compared to what was actually happening. Fixed remaining round-trip issues. * Updated Assessment Metaschemas * Updated FedRAMP Profiles * WIP - UUID transition prep * WIP assessment * Finished UUID Transition * Significant assessment metaschema updates * Assessment metaschema changes * Assessment metaschema changes * party assembly tweaks * Assessment Metaschema Updates * Updated FedRAMP Profiles * additional assessment model tweaks * SAR and POA&M Model Adjustments * Metaschema gymnastics * Fixed invalid content. * SSP Example - Remove Schema Line * Baselines with relative path to catalog * Baseline path tweaks Co-authored-by: David Waltermire <[email protected]> Co-authored-by: Wendell Piez <[email protected]> Co-authored-by: Wendell Piez <[email protected]>
usnistgov · Aug 31, 2020 · d620cf1 · d620cf1
1 parent 3ffa1f9
commit d620cf1
Show file tree

Hide file tree

Showing 11 changed files with 42,178 additions and 70,405 deletions.
diff --git a/fedramp.gov/xml/FedRAMP_HIGH-baseline_profile.xml b/fedramp.gov/xml/FedRAMP_HIGH-baseline_profile.xml
diff --git a/fedramp.gov/xml/FedRAMP_LI-SaaS-baseline_profile.xml b/fedramp.gov/xml/FedRAMP_LI-SaaS-baseline_profile.xml
diff --git a/fedramp.gov/xml/FedRAMP_LOW-baseline_profile.xml b/fedramp.gov/xml/FedRAMP_LOW-baseline_profile.xml
diff --git a/fedramp.gov/xml/FedRAMP_MODERATE-baseline_profile.xml b/fedramp.gov/xml/FedRAMP_MODERATE-baseline_profile.xml
diff --git a/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_HIGH-baseline_profile.xml b/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_HIGH-baseline_profile.xml
@@ -1,38 +1,34 @@
 <!-- Produced by SP800-53-profile-with-filter.xsl 2018-05-14-04:00
         runtime parameter settings: $baseline='HIGH' -->
-<profile
-   xmlns="http://csrc.nist.gov/ns/oscal/1.0"
-   id="uuid-9d0593f5-c6ed-44b8-9127-ad5c310f8e34">
+<profile xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="9d0593f5-c6ed-44b8-9127-ad5c310f8e34">
    <metadata>
       <title>NIST Special Publication 800-53 Revision 4 HIGH IMPACT BASELINE</title>
 
-      <last-modified>2019-09-23T14:22:55.113-04:00</last-modified>
+      <last-modified>2020-05-29T23:29:27.272-04:00</last-modified>
       <version>2015-01-22</version>
-      <oscal-version>1.0.0-milestone1</oscal-version>
+      <oscal-version>1.0.0-milestone3</oscal-version>
 
       <role id="creator"><title>Document Creator</title></role>
       <role id="contact"><title>Contact</title></role>
 
-      <party id="IT-JTF">
-         <org>
-            <org-name>Joint Task Force, Transformation Initiative</org-name>
-            <address>
-               <addr-line>National Institute of Standards and Technology</addr-line>
-               <addr-line>Attn: Computer Security Division</addr-line>
-               <addr-line>Information Technology Laboratory</addr-line>
-               <addr-line>100 Bureau Drive (Mail Stop 8930)</addr-line>
-               <city>Gaithersburg</city>
-               <state>MD</state>
-               <postal-code>20899-8930</postal-code>
-            </address>
-            <email>[email protected]</email>
-         </org>
+      <party uuid="31a5dd8f-978a-4558-8ade-846211607d40" type="organization">
+         <party-name>Joint Task Force, Transformation Initiative</party-name>
+         <address>
+            <addr-line>National Institute of Standards and Technology</addr-line>
+            <addr-line>Attn: Computer Security Division</addr-line>
+            <addr-line>Information Technology Laboratory</addr-line>
+            <addr-line>100 Bureau Drive (Mail Stop 8930)</addr-line>
+            <city>Gaithersburg</city>
+            <state>MD</state>
+            <postal-code>20899-8930</postal-code>
+         </address>
+         <email>[email protected]</email>
       </party>
       <responsible-party role-id="creator">
-         <party-id>IT-JTF</party-id>
+         <party-uuid>31a5dd8f-978a-4558-8ade-846211607d40</party-uuid>
       </responsible-party>
       <responsible-party role-id="contact">
-         <party-id>IT-JTF</party-id>
+         <party-uuid>31a5dd8f-978a-4558-8ade-846211607d40</party-uuid>
       </responsible-party>
    </metadata>
    <import href="#catalog">
@@ -1238,7 +1234,7 @@
       </alter>
    </modify>
    <back-matter>
-      <resource id="catalog">
+      <resource uuid="catalog">
          <desc>NIST Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal
             Information Systems and Organizations</desc>
          <rlink href="NIST_SP-800-53_rev4_catalog.xml" media-type="application/oscal.catalog+xml"/>

diff --git a/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_LOW-baseline_profile.xml b/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_LOW-baseline_profile.xml
@@ -1,38 +1,34 @@
 <!-- Produced by SP800-53-profile-with-filter.xsl 2018-05-14-04:00
         runtime parameter settings: $baseline='LOW'-->
-<profile
-   xmlns="http://csrc.nist.gov/ns/oscal/1.0"
-   id="uuid-13172679-d468-4a88-8d7f-3afdeffedff8">
+<profile xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="13172679-d468-4a88-8d7f-3afdeffedff8">
    <metadata>
       <title>NIST Special Publication 800-53 Revision 4 LOW IMPACT BASELINE</title>
 
-      <last-modified>2019-09-23T14:24:06.243-04:00</last-modified>
+      <last-modified>2020-05-29T23:29:27.272-04:00</last-modified>
       <version>2015-01-22</version>
-      <oscal-version>1.0.0-milestone1</oscal-version>
+      <oscal-version>1.0.0-milestone3</oscal-version>
 
       <role id="creator"><title>Document Creator</title></role>
       <role id="contact"><title>Contact</title></role>
 
-      <party id="IT-JTF">
-         <org>
-            <org-name>Joint Task Force, Transformation Initiative</org-name>
-            <address>
-               <addr-line>National Institute of Standards and Technology</addr-line>
-               <addr-line>Attn: Computer Security Division</addr-line>
-               <addr-line>Information Technology Laboratory</addr-line>
-               <addr-line>100 Bureau Drive (Mail Stop 8930)</addr-line>
-               <city>Gaithersburg</city>
-               <state>MD</state>
-               <postal-code>20899-8930</postal-code>
-            </address>
-            <email>[email protected]</email>
-         </org>
+      <party uuid="fcde62b1-8cce-4a57-a26b-b07ad2865ae1" type="organization">
+         <party-name>Joint Task Force, Transformation Initiative</party-name>
+         <address>
+            <addr-line>National Institute of Standards and Technology</addr-line>
+            <addr-line>Attn: Computer Security Division</addr-line>
+            <addr-line>Information Technology Laboratory</addr-line>
+            <addr-line>100 Bureau Drive (Mail Stop 8930)</addr-line>
+            <city>Gaithersburg</city>
+            <state>MD</state>
+            <postal-code>20899-8930</postal-code>
+         </address>
+         <email>[email protected]</email>
       </party>
       <responsible-party role-id="creator">
-         <party-id>IT-JTF</party-id>
+         <party-uuid>fcde62b1-8cce-4a57-a26b-b07ad2865ae1</party-uuid>
       </responsible-party>
       <responsible-party role-id="contact">
-         <party-id>IT-JTF</party-id>
+         <party-uuid>fcde62b1-8cce-4a57-a26b-b07ad2865ae1</party-uuid>
       </responsible-party>
    </metadata>
    <import href="#catalog">
@@ -744,7 +740,7 @@
       </alter>
    </modify>
    <back-matter>
-      <resource id="catalog">
+      <resource uuid="catalog">
          <desc>NIST Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal
             Information Systems and Organizations</desc>
          <rlink href="NIST_SP-800-53_rev4_catalog.xml" media-type="application/oscal.catalog+xml"/>

diff --git a/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_MODERATE-baseline_profile.xml b/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_MODERATE-baseline_profile.xml
@@ -1,38 +1,34 @@
 <!-- Produced by SP800-53-profile-with-filter.xsl 2018-05-14-04:00
         runtime parameter settings: $baseline='MODERATE'-->
-<profile
-   xmlns="http://csrc.nist.gov/ns/oscal/1.0"
-   id="uuid-f5c7fb3c-b4d8-49ff-9ebf-cd6d484c2d7b">
+<profile xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="f5c7fb3c-b4d8-49ff-9ebf-cd6d484c2d7b">
    <metadata>
       <title>NIST Special Publication 800-53 Revision 4 MODERATE IMPACT BASELINE</title>
 
-      <last-modified>2019-09-23T14:25:40.027-04:00</last-modified>
+      <last-modified>2020-05-29T23:29:27.272-04:00</last-modified>
       <version>2015-01-22</version>
-      <oscal-version>1.0.0-milestone1</oscal-version>
+      <oscal-version>1.0.0-milestone3</oscal-version>
 
       <role id="creator"><title>Document Creator</title></role>
       <role id="contact"><title>Contact</title></role>
 
-      <party id="IT-JTF">
-         <org>
-            <org-name>Joint Task Force, Transformation Initiative</org-name>
-            <address>
-               <addr-line>National Institute of Standards and Technology</addr-line>
-               <addr-line>Attn: Computer Security Division</addr-line>
-               <addr-line>Information Technology Laboratory</addr-line>
-               <addr-line>100 Bureau Drive (Mail Stop 8930)</addr-line>
-               <city>Gaithersburg</city>
-               <state>MD</state>
-               <postal-code>20899-8930</postal-code>
-            </address>
-            <email>[email protected]</email>
-         </org>
+      <party uuid="316876e2-5c7b-4a60-a488-2ed977238f04" type="organization">
+         <party-name>Joint Task Force, Transformation Initiative</party-name>
+         <address>
+            <addr-line>National Institute of Standards and Technology</addr-line>
+            <addr-line>Attn: Computer Security Division</addr-line>
+            <addr-line>Information Technology Laboratory</addr-line>
+            <addr-line>100 Bureau Drive (Mail Stop 8930)</addr-line>
+            <city>Gaithersburg</city>
+            <state>MD</state>
+            <postal-code>20899-8930</postal-code>
+         </address>
+         <email>[email protected]</email>
       </party>
       <responsible-party role-id="creator">
-         <party-id>IT-JTF</party-id>
+         <party-uuid>316876e2-5c7b-4a60-a488-2ed977238f04</party-uuid>
       </responsible-party>
       <responsible-party role-id="contact">
-         <party-id>IT-JTF</party-id>
+         <party-uuid>316876e2-5c7b-4a60-a488-2ed977238f04</party-uuid>
       </responsible-party>
    </metadata>
 
@@ -1102,7 +1098,7 @@
       </alter>
    </modify>
    <back-matter>
-      <resource id="catalog">
+      <resource uuid="catalog">
          <desc>NIST Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal
             Information Systems and Organizations</desc>
          <rlink href="NIST_SP-800-53_rev4_catalog.xml" media-type="application/oscal.catalog+xml"/>