From 7ed2bd2e8d4ce22eeae810c4d3073ea199345a0a Mon Sep 17 00:00:00 2001 From: Alexander Stein Date: Thu, 28 Jul 2022 13:31:59 -0400 Subject: [PATCH] Feedback from AJ during 20220718-20220722. (#48) --- src/metaschema/oscal_catalog_metaschema.xml | 11 +++----- .../oscal_control-common_metaschema.xml | 27 +++++++------------ src/metaschema/oscal_profile_metaschema.xml | 6 ++--- 3 files changed, 16 insertions(+), 28 deletions(-) diff --git a/src/metaschema/oscal_catalog_metaschema.xml b/src/metaschema/oscal_catalog_metaschema.xml index 547f129057..9256bc14c8 100644 --- a/src/metaschema/oscal_catalog_metaschema.xml +++ b/src/metaschema/oscal_catalog_metaschema.xml @@ -54,7 +54,7 @@ The tool used to produce a resolved profile. - The profile from which a tailored catalog was produced using profile resolution. + The profile from which the catalog was produced by profile resolution. @@ -77,7 +77,7 @@ A small catalog with a single control. - + A Miniature Catalog A Single Control @@ -114,7 +114,6 @@ A name given to the group, which may be used by a tool for display and navigation. - @@ -138,7 +137,6 @@ - &allowed-values-control-group-property-name; @@ -151,7 +149,7 @@

A group may have its own properties, statements, parameters, and references, which are inherited by all members of that group.

- + My Group @@ -183,7 +181,6 @@ A name given to the control, which may be used by a tool for display and navigation. - @@ -268,7 +265,7 @@

A control must have a part with the name "statement", which represents the textual narrative of the control. This "statement" part must occur only once, but may have nested parts to allow for multiple paragraphs or sections of text.

- + Control 1 diff --git a/src/metaschema/oscal_control-common_metaschema.xml b/src/metaschema/oscal_control-common_metaschema.xml index 764d5f21da..af7afa4739 100644 --- a/src/metaschema/oscal_control-common_metaschema.xml +++ b/src/metaschema/oscal_control-common_metaschema.xml @@ -9,7 +9,7 @@ xmlns="http://csrc.nist.gov/ns/oscal/metaschema/1.0" xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/metaschema/1.0 ../../build/metaschema/toolchains/xslt-M4/validate/metaschema.xsd" abstract="yes"> OSCAL Control Catalog Format -- Common Models 1.0.4 - oscal-catalog-common + oscal-control-common http://csrc.nist.gov/ns/oscal/1.0 http://csrc.nist.gov/ns/oscal @@ -74,6 +74,9 @@ &allowed-values-control-group-property-name; + + Type of The Risk Management Framework 800-53A method to be use for assessment. +

A part provides for logical partitioning of prose, and can be thought of as a grouping structure (e.g., section). A part can have child parts allowing for arbitrary nesting of prose content (e.g., statement hierarchy). A part can contain prop objects that allow for enriching prose text with structured name/value information.

@@ -84,10 +87,10 @@
Multiple Parts with Different Organization-Specific Names - - Something FedRAMP Cares About - Something DoD Cares About - + + A requirement specific to FedRAMP stakeholders. + A requirement specific to the Department of Defense stakeholders. + @@ -98,12 +101,10 @@ Parameter Parameters provide a mechanism for the dynamic assignment of value(s) in a control. - param Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -143,16 +144,14 @@ guideline - - value -

A set of values provided in a catalog can be redefined at any higher layer of OSCAL (e.g., Profile).

+

A set of values provided in a catalog can be redefined in OSCAL's profile or system-security-plan models.

@@ -163,7 +162,6 @@
- @@ -184,16 +182,13 @@
- Constraint A formal or informal expression of a constraint or test - Constraint Description A textual summary of the constraint to be applied. - Constraint Test A test expression which is expected to be evaluated by a tool. @@ -216,12 +211,10 @@ Guideline Text Prose permits multiple paragraphs, lists, tables etc. - - Parameter Value A parameter value or set of values. @@ -245,10 +238,8 @@ A value selection among several such options choice value - -

A set of parameter value choices, that may be picked from to set the parameter value.

diff --git a/src/metaschema/oscal_profile_metaschema.xml b/src/metaschema/oscal_profile_metaschema.xml index 6ed1d5bf7b..78ed9eafcc 100644 --- a/src/metaschema/oscal_profile_metaschema.xml +++ b/src/metaschema/oscal_profile_metaschema.xml @@ -109,7 +109,7 @@ - +

Whenever combining controls from multiple (import) pathways, an issue arises of what to do with clashing invocations (multiple competing versions of a control).

@@ -124,7 +124,7 @@ As-Is Structuring Directive - An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes. + An As-Is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes. Custom grouping @@ -150,7 +150,7 @@
- Control group + Control Group A group of (selected) controls or of groups of controls