Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

clarified the semantics of implemented-requirement in a component def… #1232

Merged
merged 1 commit into from
May 5, 2022
Merged

clarified the semantics of implemented-requirement in a component def… #1232

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion src/metaschema/oscal_component_metaschema.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,7 @@
<model>
<define-field name="description" as-type="markup-multiline" min-occurs="1" in-xml="WITH_WRAPPER">
<formal-name>Control Implementation Description</formal-name>
<description>A description of how the specified control is implemented for the containing component or capability.</description>
<description>A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan.</description>
</define-field>
<assembly ref="property" max-occurs="unbounded">
<group-as name="props" in-json="ARRAY"/>
Expand Down Expand Up @@ -397,6 +397,9 @@
</remarks>
</is-unique>
</constraint>
<remarks>
<p>Implemented requirements within a component or capability in a component definition provide a means to suggest possible control implementation details, which may be used by a different party when authoring a system security plan. Thus, these requirements defined in a component definition are only a suggestion of how to implement, which may be adopted wholesale, changed, or ignored by a person defining an information system implementation.</p>
</remarks>
</define-assembly>
<define-assembly name="statement" scope="local">
<formal-name>Control Statement Implementation</formal-name>
Expand Down
2 changes: 1 addition & 1 deletion src/metaschema/oscal_ssp_metaschema.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -690,7 +690,7 @@
</define-assembly>
<define-assembly name="implemented-requirement" scope="local">
<formal-name>Control-based Requirement</formal-name>
<description>Describes how the system satisfies an individual control.</description>
<description>Describes how the system satisfies the requirements of an individual control.</description>
<define-flag name="uuid" as-type="uuid" required="yes">
<formal-name>Control Requirement Universally Unique Identifier</formal-name>
<!-- Identifier Declaration -->
Expand Down