Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data type for duration #1003

Closed
4 tasks
GaryGapinski opened this issue Jul 30, 2021 · 2 comments
Closed
4 tasks

Data type for duration #1003

GaryGapinski opened this issue Jul 30, 2021 · 2 comments
Assignees
@wendellpiez @david-waltermire
Labels
enhancement User Story
Milestone
v1.1.0

Comments

@GaryGapinski
Copy link

User Story:

As an OSCAL user, I value temporal data types which conform to a standard and are suitable for automated evaluation.

Goals:

While OSCAL defines data types for dates and times, it currently neglects to define one for durations, intervals, and cadences. This allows parameters frequently used in catalogs such as "organization-defined time period" and "organization-defined frequency" to be specified quite arbitrarily, such as "every other full moon", "upon closest approach of the planet Venus", "every so often", and "a long time".

A suggestion is to adopt ISO 8601 format for duration (which is in accord with xs:duration) as a data type for duration as well as a delta relative to a date or dateTime.

Acceptance Criteria

  • A suitable data type is established.
  • All OSCAL website and readme documentation affected by the changes in this issue have been updated. Changes to the OSCAL website can be made in the docs/content directory of your branch.
  • A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
  • The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.
@GaryGapinski
Copy link
Author

Here is a list of 238 800-53r5 ODPs related to time:

ac-1_prm_4 organization-defined frequency
ac-1_prm_6 organization-defined frequency
ac-2_prm_6 organization-defined time period
ac-2_prm_7 organization-defined time period
ac-2_prm_8 organization-defined time period
ac-2_prm_10 organization-defined frequency
ac-2.2_prm_2 organization-defined time period for each type of account
ac-2.3_prm_1 organization-defined time period
ac-2.3_prm_2 organization-defined time period
ac-2.5_prm_1 organization-defined time period of expected inactivity or description of when to log out
ac-2.13_prm_1 organization-defined time period
ac-3.8_prm_1 organization-defined rules governing the timing of revocations of access authorizations
ac-6.7_prm_1 organization-defined frequency
ac-7_prm_2 organization-defined time period
ac-7_prm_4 organization-defined time period
ac-7.4_prm_3 organization-defined time period
ac-9.2_prm_2 organization-defined time period
ac-9.3_prm_2 organization-defined time period
ac-11_prm_2 organization-defined time period
ac-12.3_prm_1 organization-defined time until end of session
ac-16_prm_7 organization-defined frequency
ac-17.9_prm_1 organization-defined time period
ac-22_prm_1 organization-defined frequency
at-1_prm_4 organization-defined frequency
at-1_prm_6 organization-defined frequency
at-2_prm_1 organization-defined frequency
at-2_prm_4 organization-defined frequency
at-3_prm_2 organization-defined frequency
at-3_prm_3 organization-defined frequency
at-3.1_prm_2 organization-defined frequency
at-3.2_prm_2 organization-defined frequency
at-3.5_prm_2 organization-defined frequency
at-4_prm_1 organization-defined time period
at-6_prm_1 organization-defined frequency
au-1_prm_4 organization-defined frequency
au-1_prm_6 organization-defined frequency
au-2_prm_2 organization-defined event types (subset of the event types defined in AU-2a.) along with the frequency of (or situation requiring) logging for each identified event type
au-2_prm_3 organization-defined frequency
au-4.1_prm_1 organization-defined frequency
au-5_prm_2 organization-defined time period
au-5.1_prm_2 organization-defined time period
au-5.2_prm_1 organization-defined real-time period
au-5.2_prm_3 organization-defined audit logging failure events requiring real-time alerts
au-6_prm_1 organization-defined frequency
au-8_prm_1 organization-defined granularity of time measurement
au-9.2_prm_1 organization-defined frequency
au-10.2_prm_1 organization-defined frequency
au-11_prm_1 organization-defined time period consistent with records retention policy
au-12.1_prm_2 organization-defined level of tolerance for the relationship between time stamps of individual records in the audit trail
au-12.3_prm_4 organization-defined time thresholds
au-13_prm_2 organization-defined frequency
au-13.2_prm_1 organization-defined frequency
ca-1_prm_4 organization-defined frequency
ca-1_prm_6 organization-defined frequency
ca-2_prm_1 organization-defined frequency
ca-2.2_prm_1 organization-defined frequency
ca-3_prm_3 organization-defined frequency
ca-5_prm_1 organization-defined frequency
ca-6_prm_1 organization-defined frequency
ca-7_prm_5 organization-defined frequency
ca-8_prm_1 organization-defined frequency
ca-8.3_prm_1 organization-defined frequency
ca-9_prm_3 organization-defined frequency
cm-1_prm_4 organization-defined frequency
cm-1_prm_6 organization-defined frequency
cm-2_prm_1 organization-defined frequency
cm-3_prm_1 organization-defined time period
cm-3_prm_4 organization-defined frequency
cm-3.1_prm_3 organization-defined time period
cm-3.7_prm_1 organization-defined frequency
cm-5.5_prm_1 organization-defined frequency
cm-7.1_prm_1 organization-defined frequency
cm-7.4_prm_2 organization-defined frequency
cm-7.5_prm_2 organization-defined frequency
cm-7.9_prm_2 organization-defined frequency
cm-8_prm_2 organization-defined frequency
cm-8.3_prm_2 organization-defined frequency
cm-11_prm_3 organization-defined frequency
cp-1_prm_4 organization-defined frequency
cp-1_prm_6 organization-defined frequency
cp-2_prm_3 organization-defined frequency
cp-2.3_prm_2 organization-defined time period
cp-3_prm_1 organization-defined time period
cp-3_prm_2 organization-defined frequency
cp-3_prm_3 organization-defined frequency
cp-4_prm_1 organization-defined frequency
cp-7_prm_2 organization-defined time period consistent with recovery time and recovery point objectives
cp-8_prm_2 organization-defined time period
cp-8.4_prm_1 organization-defined frequency
cp-8.5_prm_1 organization-defined frequency
cp-9_prm_2 organization-defined frequency consistent with recovery time and recovery point objectives
cp-9_prm_3 organization-defined frequency consistent with recovery time and recovery point objectives
cp-9_prm_4 organization-defined frequency consistent with recovery time and recovery point objectives
cp-9.1_prm_1 organization-defined frequency
cp-9.5_prm_1 organization-defined time period and transfer rate consistent with the recovery time and recovery point objectives
cp-10_prm_1 organization-defined time period consistent with recovery time and recovery point objectives
cp-10.4_prm_1 organization-defined restoration time periods
ia-1_prm_4 organization-defined frequency
ia-1_prm_6 organization-defined frequency
ia-4_prm_2 organization-defined time period
ia-5_prm_1 organization-defined time period by authenticator type
ia-5.1_prm_1 organization-defined frequency
ia-5.13_prm_1 organization-defined time period
ir-1_prm_4 organization-defined frequency
ir-1_prm_6 organization-defined frequency
ir-2_prm_1 organization-defined time period
ir-2_prm_2 organization-defined frequency
ir-2_prm_3 organization-defined frequency
ir-3_prm_1 organization-defined frequency
ir-4.11_prm_1 organization-defined time period
ir-6_prm_1 organization-defined time period
ir-8_prm_2 organization-defined frequency
ir-9.2_prm_1 organization-defined frequency
ma-1_prm_4 organization-defined frequency
ma-1_prm_6 organization-defined frequency
ma-3_prm_1 organization-defined frequency
ma-6_prm_2 organization-defined time period
ma-6.1_prm_2 organization-defined time intervals
ma-6.2_prm_2 organization-defined time intervals
mp-1_prm_4 organization-defined frequency
mp-1_prm_6 organization-defined frequency
mp-6.2_prm_1 organization-defined frequency
mp-8.2_prm_1 organization-defined frequency
pe-1_prm_4 organization-defined frequency
pe-1_prm_6 organization-defined frequency
pe-2_prm_1 organization-defined frequency
pe-3_prm_8 organization-defined frequency
pe-3_prm_9 organization-defined frequency
pe-3.2_prm_1 organization-defined frequency
pe-6_prm_1 organization-defined frequency
pe-6.3_prm_2 organization-defined frequency
pe-6.3_prm_3 organization-defined time period
pe-8_prm_1 organization-defined time period
pe-8_prm_2 organization-defined frequency
pe-13.4_prm_1 organization-defined frequency
pe-13.4_prm_2 organization-defined time period
pe-14_prm_4 organization-defined frequency
pl-1_prm_4 organization-defined frequency
pl-1_prm_6 organization-defined frequency
pl-2_prm_3 organization-defined frequency
pl-4_prm_1 organization-defined frequency
pl-4_prm_3 organization-defined frequency
pl-7_prm_1 organization-defined frequency
pl-8_prm_1 organization-defined frequency
pm-1_prm_1 organization-defined frequency
pm-5_prm_1 organization-defined frequency
pm-5.1_prm_1 organization-defined frequency
pm-9_prm_1 organization-defined frequency
pm-11_prm_1 organization-defined frequency
pm-17_prm_1 organization-defined frequency
pm-18_prm_1 organization-defined frequency
pm-25_prm_1 organization-defined frequency
pm-26_prm_1 organization-defined time period
pm-26_prm_2 organization-defined time period
pm-26_prm_3 organization-defined time period
pm-27_prm_4 organization-defined frequency
pm-28_prm_2 organization-defined frequency
pm-30_prm_1 organization-defined frequency
pm-31_prm_5 organization-defined frequency
ps-1_prm_4 organization-defined frequency
ps-1_prm_6 organization-defined frequency
ps-2_prm_1 organization-defined frequency
ps-3_prm_1 organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of rescreening
ps-4_prm_1 organization-defined time period
ps-5_prm_2 organization-defined time period following the formal transfer action
ps-5_prm_4 organization-defined time period
ps-6_prm_1 organization-defined frequency
ps-6_prm_2 organization-defined frequency
ps-7_prm_2 organization-defined time period
ps-8_prm_2 organization-defined time period
pt-1_prm_4 organization-defined frequency
pt-1_prm_6 organization-defined frequency
pt-4.2_prm_2 organization-defined frequency
pt-5_prm_1 organization-defined frequency
pt-5.1_prm_1 organization-defined frequency
pt-6.1_prm_1 organization-defined frequency
pt-6.2_prm_1 organization-defined frequency
ra-1_prm_4 organization-defined frequency
ra-1_prm_6 organization-defined frequency
ra-3_prm_3 organization-defined frequency
ra-3_prm_5 organization-defined frequency
ra-3.1_prm_2 organization-defined frequency
ra-5_prm_1 organization-defined frequency and/or randomly in accordance with organization-defined process
ra-5_prm_2 organization-defined response times
ra-5.2_prm_2 organization-defined frequency
ra-5.8_prm_2 organization-defined time period
ra-6_prm_3 organization-defined frequency
ra-10_prm_1 organization-defined frequency
sa-1_prm_4 organization-defined frequency
sa-1_prm_6 organization-defined frequency
sa-4.12_prm_1 organization-defined time frame
sa-11_prm_2 organization-defined frequency
sa-15_prm_1 organization-defined frequency
sa-15.1_prm_2 organization-defined frequency
sa-15.7_prm_1 organization-defined frequency
sc-1_prm_4 organization-defined frequency
sc-1_prm_6 organization-defined frequency
sc-7.4_prm_1 organization-defined frequency
sc-7.10_prm_1 organization-defined frequency
sc-10_prm_1 organization-defined time period
sc-29.1_prm_1 organization-defined frequency
sc-30_prm_2 organization-defined time periods
sc-30.3_prm_2 at random time intervals
sc-30.3_prm_3 organization-defined time frequency
sc-31_prm_1 storage timing
sc-31.2_prm_1 storage timing
sc-45.1_prm_1 organization-defined frequency
sc-45.1_prm_2 organization-defined authoritative time source
sc-45.1_prm_3 organization-defined time period
si-1_prm_4 organization-defined frequency
si-1_prm_6 organization-defined frequency
si-2_prm_1 organization-defined time period
si-2.2_prm_2 organization-defined frequency
si-3_prm_2 organization-defined frequency
si-3.6_prm_1 organization-defined frequency
si-4_prm_6 organization-defined frequency
si-4.4_prm_1 organization-defined frequency
si-4.9_prm_1 organization-defined frequency
si-4.21_prm_1 organization-defined probationary period
si-6_prm_4 organization-defined frequency
si-7.1_prm_4 organization-defined frequency
si-7.16_prm_1 organization-defined time period
si-8.2_prm_1 organization-defined frequency
si-10.2_prm_1 organization-defined time period
si-13.4_prm_1 organization-defined time period
si-13.5_prm_1 real-time near real-time
si-14_prm_2 upon end of session of use periodically at
si-14_prm_3 organization-defined frequency
si-14.2_prm_3 organization-defined frequency
si-14.3_prm_1 completion of a request a period of non-use
si-18_prm_1 organization-defined frequency
si-19_prm_2 organization-defined frequency
sr-1_prm_4 organization-defined frequency
sr-1_prm_6 organization-defined frequency
sr-2_prm_2 organization-defined frequency
sr-6_prm_1 organization-defined frequency
sr-10_prm_2 organization-defined frequency
sr-11.3_prm_1 organization-defined frequency

@david-waltermire david-waltermire mentioned this issue Feb 24, 2022
Closed
5 tasks
@david-waltermire
Copy link
Contributor

This requires adjustments to the Metaschema syntax to support the necessary data types.

@david-waltermire david-waltermire added this to the OSCAL 1.1.0 milestone Mar 4, 2022
david-waltermire added a commit to david-waltermire/metaschema-java-old that referenced this issue Mar 7, 2022
@david-waltermire
Implemented JSON schema generation. Resolves usnistgov/OSCAL#1145. Re…
2f39592 
…solves usnistgov/OSCAL#1132. Resolves usnistgov/OSCAL#1131. Resolves usnistgov/OSCAL#1003.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wendellpiez wendellpiez

@david-waltermire david-waltermire

Labels
enhancement User Story
Projects
None yet
Milestone
v1.1.0
Development

No branches or pull requests
3 participants
@GaryGapinski @wendellpiez @david-waltermire