OSCAL website - typos ( collection of typos found during website review) #947
Labels
Milestone
Comments
iMichaela
changed the title
david-waltermire
added
the
Scope: Website
|
Issue #954 will address the profile resolution content. |
david-waltermire
added a commit
to david-waltermire/OSCAL
that referenced
this issue
Jun 8, 2021
8 tasks
david-waltermire
added a commit
that referenced
this issue
Jun 8, 2021
david-waltermire
added a commit
that referenced
this issue
Jun 8, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
PAGE: https://pages.nist.gov/OSCAL/about/
in the Why OSCAL section, the text reads To address information security and privacy risks, the implementation of selected controls need to be verified and needs to read To address information security and privacy risks, the implementation of selected controls needs to be verified (implementation ... needs)
PAGE: https://pages.nist.gov/OSCAL/about/use-cases/
In the Machine-Readable System Security Plan (SSP)s section, the text data consistency and standardization allows for innovation should read data consistency and standardization allow for innovation
PAGE: https://pages.nist.gov/OSCAL/about/news/
Do we keep the date of the release June 7 or make it June 8? Also, the link is obviously broken now, before the release is posted.
PAGE: https://pages.nist.gov/OSCAL/learn/presentations/ I think that RSAConference should be RSA Conference
PAGE: https://pages.nist.gov/OSCAL/learn/tutorials/catalog/
The text This part is also assigns the identifier should read: This part is also assigning the identifier
The text This represents the minimum information for defining a control. The next section discuss how to provide additional control-related information. should read This represents the minimum information for defining a control. The next section discusses how to provide additional control-related information.
PAGE: https://pages.nist.gov/OSCAL/concepts/terminology/
Text _Using the OSCAL profile model to express a baselines makes the mappings between the control catalog and the profile explicit and machine readable. _ should read _Using the OSCAL profile model to express a baseline makes the mappings between the control catalog and the profile explicit and machine-readable. _
PAGE: https://pages.nist.gov/OSCAL/concepts/layer/overview/
Text Fields containing UUIDs tend to be named uuid in OSCAL. When an associated subject is created that has a uuidfield, then a tool should automatically generate a UUId for this field. should read Fields containing UUIDs tend to be named uuid in OSCAL. When an associated subject is created that has a uuid field, then a tool should automatically generate a UUID for this field.
Text Every OSCAL document has a metadata section that shares the same structure. The required fields in metadataas as follows: should read Every OSCAL document has a metadata section that shares the same structure. The required fields in metadata as as follows:
Text Note that successful deployment of version control through link requires the document creator to maintain a well-structured static set of ersolvable resources that are reachable from where ever the document is to be consumed (usually on the public web). should read Note that successful deployment of version control through link requires the document creator to maintain a well-structured static set of resolvable resources that are reachable from wherever the document is to be consumed (usually on the public web).
Text _For any property or annotation identified with the organization's namespace, the organization may use any NCNamevalue in the property/annotation's name. _ should read _For any property or annotation identified with the organization's namespace, the organization may use any NCName value in the property/annotation's name. _
I am not sure the best place of the page (an example) is amongst the OSCA models
The text • Component #1 (11111111-0000-4000-a000-000000000001) is a hardware component, which was has achieved a FIPS 140-2 validation from NIST Labs. should read • Component #1 (11111111-0000-4000-a000-000000000001) is a hardware component, which has achieved a FIPS 140-2 validation from NIST Labs.
Adjustment: converted this into a tutorial.
Text : _Note: Full versions of the NIST SP 800-53 revision 4 catalog are available in OSCAL XML, JSON, and YAMLformats in the OSCAL content GitHub repository. _ should read _Note: Full versions of the NIST SP 800-53 revision 4 catalog are available in OSCAL XML, JSON, and YAML formats in the OSCAL content GitHub repository. _
I couldn't find this error. The current content seems right..
THIS PAGE NEEDS A LOT OF WORK: it has text highlighted in blue that appears to be notes or reminders. One mentioned Brian's name and it is not ok. The code is highlighted in pink and yellow without a legend (not to mention the choice of colors that is not great.
The following appear to be generation/styling issues I created issue #954 to focus on updates to this specification.
Text _The term directive is used in these specifications to refer to an element or combination of elements in source data, which is designed to effect a particular outcome _ should probably read _The term directive is used in these specifications to refer to an element or combination of elements in source data, which is designed to affect a particular outcome _ but the sentence is still not reading well.
Text _So for example, on a JSON object, a links object and a
partsobject may be given as properties on a controlobject. _ shoud read _So for example, on a JSON object, a links object and apartsobject may be given as properties on acontrolobject. _Text _OSCAL profiles provide three different modes for handling clashing controls or replicas in general, where replicarefers to any element _ should read _OSCAL profiles provide three different modes for handling clashing controls or replicas in general, where replica refers to any element _
Text _A central problem in profile resolution is determining when two controls are both representations of the samecontrol, even when _ should read A central problem in profile resolution is determining when two controls are both representations of the same control, even when
Text _Conforming with canonical order of metadata in the target, It must be placed into metadata structure after any title, published, last-modified, version, oscal-version, or doc-id elements, and before any prop, link, role, party, or responsible-partyelements. _ should read _Conforming with canonical order of metadata in the target, it must be placed into metadata structure after any title, published, last-modified, version, oscal-version, or doc-id elements, and before any prop, link, role, party, or responsible-party elements. _
In the text Conforming with canonical order, the target catalog has the content model (metadata, param*, control*, group*, back-matter?) where group has the model (title?, prop*, part*, param*, control*, group*). what is hte meaning of the ?
Text _In both catalogs and profiles, back-matter is comprised of (multiple uses of either)citation or resource. _ should read _In both catalogs and profiles, back-matter is comprised of (multiple uses of either) citation or resource. _
Text • The element is referenced from a link or anchor (link or a element) inside controls, parameters, or any contents should read • The element is referenced from a link or anchor (link or an element) inside controls, parameters, or any contents
Text If the subcontrol is included by call or matchperhaps the 'shells' of its ancestors should be included despite their nominal exclusion should read If the subcontrol is included by call or match perhaps the 'shells' of its ancestors should be included despite their nominal exclusion
Text "An empy importdirective" should read An empty import directive
Text Two mergedirectives are used to introduce structure into the target catalog, as-is and custom. should read Two merge directives are used to introduce structure into the target catalog, as-is and custom.
Text _An as-isdirective is used to reproduce the structure of a source catalog in the target _ should read _An as-is directive is used to reproduce the structure of a source catalog in the target _
Text It combines callor match directives, which work as they do in selection, into groups, which provide the target with its structure. should read It combines
call ormatchdirectives, which work as they do in selection, into groups, which provide the target with its structure.Text of all parameters defined within the source catalog, which are referenced from insertdirectives anywhere should read _of all parameters defined within the source catalog, which are referenced from insert directives anywhere _
Text When add has no @ref-id (has an implicit binding), the position values before and after are treated likestarting and ending, respectively. should read _When add has no @ref-id (has an implicit binding), the position values before and after, are treated like starting and ending, respectively. _
Text Additionally, with an explicit binding given by a @ref-id, @position may have any of the values starting,ending, before and after. should rea Additionally, with an explicit binding given by a @ref-id, @position may have any of the values starting, ending, before and after.
Text A better result can be obtained (a better target may be defined) by using two add directives, to insert the new propseparately before any part elements in the target. should read A better result can be obtained (a better target may be defined) by using two add directives, to insert the new
propseparately before any part elements in the target.Text _In addition to selecting, merging and modifying, certainl operations _ should read _In addition to selecting, merging and modifying, certain operations _
Text o Any resource given in either an imported catalog (baseline), or in the back-matter of the soruce profile, is kept (appears in the result) if it is marked in source with a prop element whose @name is given as keepand whose value is always. should read o Any resource given in either an imported catalog (baseline) or in the back-matter of the source profile, is kept (appears in the result) if it is marked in source with a prop element whose @name is given as keep and whose value is always.
Text Such features could include offering warning or process exception handling (appropriate to workflow) not described here; outputs provided with comments or extra structure to support tracing or analytics; or gateway orDraconian modes that would provide user assistance or refuse to deliver results for inputs considered erroneous in a workflow. should read Such features could include offering warning or process exception handling (appropriate to workflow) not described here; outputs provided with comments or extra structure to support tracing or analytics, or gateway or Draconian modes that would provide user assistance or refuse to deliver results for inputs considered erroneous in a workflow.
OSCAL Content -> Layers and Models left navigation bar presents the models NEITHER in their logical order top-to-bottom or bottom to top, NOR in the alphabetical order:
Layers and Models
OSCAL Model Overview
Assessment Layer
Assessment Plan Model
Assessment Results Model
Plan of Action and Milestones Model
Implementation Layer
Component Definition Model
System Security Plan Model (SSP)
Representing Test Validation Information <--- neither a model nor a layer. this is an example!
Control Layer
Catalog Model
Profile Model
PAGE https://pages.nist.gov/OSCAL/concepts/relations-to-other/
Text _Ubiquitous as an application format, these formats are tractable using tools built to the applications' APIs and data models, but they are not designed to support application-independepent data exchange. _ should read _Ubiquitous as an application format, these formats are tractable using tools built to the applications' APIs and data models, but they are not designed to support application-independent data exchange. _
Text The OSCAL Markdown syntax is loosely based on CommonMark. When in doubt about Markdown features and syntax, we look to CommonMark for guidance, largely because it is more rigorously tested than many others forms of Markdown. should read The OSCAL Markdown syntax is loosely based on CommonMark. When in doubt about Markdown features and syntax, we look to CommonMark for guidance, largely because it is more rigorously tested than many other forms of Markdown.
Text The following table describes the equavalent constructs in HTML and Markdown used in OSCAL within the markup-line data type. should read The following table describes the equivalent constructs in HTML and Markdown used in OSCAL within the markup-line data type.
Text This lead to updates to the string data types in XML and JSON. The ncname data type was also replaced by token (see issue #911). should read This leads to updates to the string data types in XML and JSON. The ncname data type was also replaced by token (see issue #911).
Who is the bug affecting?
What is affected by this bug?
{Describe the impact the bug is having.}
When does this occur?
{Describe the conditions under which the bug is occurring.}
How do we replicate the issue?
{What are the steps to reproduce the behavior?
If applicable, add screenshots to help explain your problem.}
Expected behavior (i.e. solution)
{A clear and concise description of what you expected to happen.}
Other Comments
{Add any other context about the problem here.}
The text was updated successfully, but these errors were encountered: