Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Misleading XML Schema documentation for control-implementation implemented-requirement #1194

Closed
GaryGapinski opened this issue Apr 1, 2022 · 1 comment · Fixed by #1232
Closed

Misleading XML Schema documentation for control-implementation implemented-requirement #1194

GaryGapinski opened this issue Apr 1, 2022 · 1 comment · Fixed by #1232
Assignees
@david-waltermire
Labels
bug
Milestone
OSCAL 1.0.3

Comments

@GaryGapinski
Copy link

Describe the bug

This was recently discussed and an issue was requested.

See the 1.0.2 complete XML schema line 2672.

The prose statement implies semantic equivalency of <implemented-requirement> in both <system-security-plan> and <component-definition>. The element name assists with such an interpretation.

Who is the bug affecting?

Developers who rely on XML Schema documentation.

What is affected by this bug?

Despite the element name equality, the semantic import is supposedly different.

When does this occur?

Durably (unless the documentation were to be changed).

Expected behavior (i.e. solution)

Identically named elements in different OSCAL documents have identical semantic import.
@david-waltermire david-waltermire self-assigned this Apr 5, 2022
@david-waltermire david-waltermire added this to the OSCAL 1.0.3 milestone Apr 5, 2022
@david-waltermire
Copy link
Contributor

The relevant objects in the component definition need to be clarified that the control details are suggestions for possible implementations in the component definition. In the SSP, the relevant objects document what was actually implemented.

This needs to be clarified in the relevant metaschemas.

david-waltermire added a commit to david-waltermire/OSCAL that referenced this issue May 4, 2022
@david-waltermire
clarified the semantics of implemented-requirement in a component def…
50c0945 
…inition as only a suggestion of how to implement. Resolves usnistgov#1194.
@david-waltermire david-waltermire mentioned this issue May 4, 2022
Merged
9 tasks
@david-waltermire david-waltermire linked a pull request May 4, 2022 that will close this issue
clarified the semantics of implemented-requirement in a component def… #1232
Merged
9 tasks
david-waltermire added a commit that referenced this issue May 5, 2022
@david-waltermire
clarified the semantics of implemented-requirement in a component def…
d858a67 
…inition as only a suggestion of how to implement. Resolves #1194. (#1232)
david-waltermire added a commit that referenced this issue May 5, 2022
@david-waltermire
clarified the semantics of implemented-requirement in a component def…
c654a11 
…inition as only a suggestion of how to implement. Resolves #1194. (#1232)
Rene2mt pushed a commit to Rene2mt/OSCAL that referenced this issue May 17, 2022
@david-waltermire @Rene2mt
clarified the semantics of implemented-requirement in a component def…
dc3360c 
…inition as only a suggestion of how to implement. Resolves usnistgov#1194. (usnistgov#1232)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@david-waltermire david-waltermire

Labels
bug
Projects
None yet
Milestone
OSCAL 1.0.3
Development

Successfully merging a pull request may close this issue.

clarified the semantics of implemented-requirement in a component def… david-waltermire/OSCAL
2 participants
@GaryGapinski @david-waltermire