From 03ee283702be920e31c8bc69633ebc9ea458d52c Mon Sep 17 00:00:00 2001
From: Michaela Iorga
Date: Wed, 14 Jan 2026 18:42:22 -0500
Subject: [PATCH 1/6] Updating the OSCAL submosule to the v1.2.0 which has all
submodules updated including the relocated ones.
---
build/oscal | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build/oscal b/build/oscal
index f24dd56d..8064bf7f 160000
--- a/build/oscal
+++ b/build/oscal
@@ -1 +1 @@
-Subproject commit f24dd56d5569ade8489924cf6fc2640dc297bfbe
+Subproject commit 8064bf7f09648505c57c5ca54a1ac409c98f92a0
From 800fe93037532673f70bf7e009fe4128064c1df3 Mon Sep 17 00:00:00 2001
From: Michaela Iorga
Date: Thu, 15 Jan 2026 18:21:36 -0500
Subject: [PATCH 2/6] Undated wrong uuid for publisher
---
.../SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml b/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml
index 2fe517c8..84176057 100644
--- a/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml
+++ b/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml
@@ -60,10 +60,10 @@
98c78f9b-5d50-4b01-b47f-d16801e8d0ab
- 985fea3e-a6e5-4a57-ba3d-74f063bc8fa2
+ 4809f9d2-fdb1-47b0-b444-11271f09ff22
- 985fea3e-a6e5-4a57-ba3d-74f063bc8fa2
+ 4809f9d2-fdb1-47b0-b444-11271f09ff2298c78f9b-5d50-4b01-b47f-d16801e8d0ab
From 82e971e83648c61a6a3a2c6226a660e0f3f2c514 Mon Sep 17 00:00:00 2001
From: Michaela Iorga
Date: Fri, 16 Jan 2026 10:00:49 -0500
Subject: [PATCH 3/6] Corrected empty labels (CPRT errors) on
A.03.01.10.ODP[02] and A.03.01.08.ODP[04].
---
.../SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml b/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml
index 84176057..47e59885 100644
--- a/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml
+++ b/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml
@@ -982,7 +982,7 @@
-
+
organization-defined time period
@@ -1130,7 +1130,7 @@
-
+
organization-defined time period
From 772fd853f1bdc9511c1059131293587fb6bc4a10 Mon Sep 17 00:00:00 2001
From: Michaela Iorga
Date: Sat, 7 Feb 2026 20:58:48 -0500
Subject: [PATCH 4/6] Corrected the profile example to resolve to a valid
catalog and updated the oscal-cli command in Makefile.
---
build/Makefile | 9 +++++++--
.../xml/{basic-catalog.xml => basic_catalog.xml} | 6 +++---
.../xml/{basic-profile.xml => basic_profile.xml} | 2 +-
...lved.xml => basic_resolved-profile_catalog.xml} | 14 +++++++-------
4 files changed, 18 insertions(+), 13 deletions(-)
rename src/examples/catalog/xml/{basic-catalog.xml => basic_catalog.xml} (98%)
rename src/examples/profile/xml/{basic-profile.xml => basic_profile.xml} (96%)
rename src/examples/profile/xml/{basic-profile-resolved.xml => basic_resolved-profile_catalog.xml} (95%)
diff --git a/build/Makefile b/build/Makefile
index 048447a3..32c49b56 100644
--- a/build/Makefile
+++ b/build/Makefile
@@ -190,9 +190,14 @@ validate-xml-by-cli: $(OSCAL_CLI_INSTALL_PATH) ## Validate XML files by director
@echo "Validating OSCAL content with $(OSCAL_CLI_INSTALL_PATH)/bin/oscal-cli version $(OSCAL_CLI_VERSION)"
@find $(SRC_DIR)/examples -mindepth 1 -maxdepth 1 -type d | while read example_dir; do \
example_type=$$(basename "$$example_dir"); \
- echo "Processing example type: $$example_type"; \
find "$$example_dir" -name '*.xml' | while read xml_file; do \
- echo "Validating $$xml_file with OSCAL CLI as $$example_type"; \
+ if [[ "$$xml_file" == *"resolved-profile_catalog.xml" ]]; then \
+ example_type="catalog"; \
+ fi; \
+ if [[ "$$xml_file" == *"profile.xml" ]]; then \
+ example_type="profile"; \
+ fi; \
+ echo "=== Validating $$xml_file with OSCAL CLI as $$example_type"; \
$(OSCAL_CLI_INSTALL_PATH)/bin/oscal-cli "$$example_type" validate "$$xml_file"; \
done \
done
diff --git a/src/examples/catalog/xml/basic-catalog.xml b/src/examples/catalog/xml/basic_catalog.xml
similarity index 98%
rename from src/examples/catalog/xml/basic-catalog.xml
rename to src/examples/catalog/xml/basic_catalog.xml
index c37e8a02..bb7c4887 100644
--- a/src/examples/catalog/xml/basic-catalog.xml
+++ b/src/examples/catalog/xml/basic_catalog.xml
@@ -39,13 +39,13 @@
A cross link has been established with a choppy syntax: (choppy).
-
+
Allocation of information security responsibilities should be done in accordance with the information security policies. Responsibilities for the protection of individual assets and for carrying out specific information security processes should be identified. Responsibilities for information security risk management activities and in particular for acceptance of residual risks should be defined. These responsibilities should be supplemented, where necessary, with more detailed guidance for specific sites and information processing facilities. Local responsibilities for the protection of assets and for carrying out specific security processes should be defined.
-
+
Individuals with allocated information security responsibilities may delegate security tasks to others. Nevertheless they remain accountable and should determine that any delegated tasks have been correctly performed.
-
+
Areas for which individuals are responsible should be stated. In particular the following should take place:
the assets and information security processes should be identified and defined;
diff --git a/src/examples/profile/xml/basic-profile.xml b/src/examples/profile/xml/basic_profile.xml
similarity index 96%
rename from src/examples/profile/xml/basic-profile.xml
rename to src/examples/profile/xml/basic_profile.xml
index 9d042f12..3a5257e4 100644
--- a/src/examples/profile/xml/basic-profile.xml
+++ b/src/examples/profile/xml/basic_profile.xml
@@ -10,7 +10,7 @@
The following document is used in the OSCAL Profile Tutorial and builds on the catalog created for the OSCAL Catalog Tutorial
-
+
diff --git a/src/examples/profile/xml/basic-profile-resolved.xml b/src/examples/profile/xml/basic_resolved-profile_catalog.xml
similarity index 95%
rename from src/examples/profile/xml/basic-profile-resolved.xml
rename to src/examples/profile/xml/basic_resolved-profile_catalog.xml
index 02132523..618eb27e 100644
--- a/src/examples/profile/xml/basic-profile-resolved.xml
+++ b/src/examples/profile/xml/basic_resolved-profile_catalog.xml
@@ -1,14 +1,14 @@
-
+Sample Security Profile
For Demonstration and Testing
- 2025-08-26T22:08:53.936316Z
+ 2026-02-08T01:25:19.668313Z1.01.1.3
-
+
Information security roles and responsibilities
@@ -38,13 +38,13 @@
-
+
Allocation of information security responsibilities should be done in accordance with the information security policies. Responsibilities for the protection of individual assets and for carrying out specific information security processes should be identified. Responsibilities for information security risk management activities and in particular for acceptance of residual risks should be defined. These responsibilities should be supplemented, where necessary, with more detailed guidance for specific sites and information processing facilities. Local responsibilities for the protection of assets and for carrying out specific security processes should be defined.
-
+
Individuals with allocated information security responsibilities may delegate security tasks to others. Nevertheless they remain accountable and should determine that any delegated tasks have been correctly performed.
-
+
Areas for which individuals are responsible should be stated. In particular the following should take place:
the assets and information security processes should be identified and defined;
@@ -54,7 +54,7 @@
coordination and oversight of information security aspects of supplier relationships should be identified and documented.
-
+
Users of devices running Gnome can adjust the inactivity timeout using the following link: https://help.gnome.org/admin/system-admin-guide/stable/desktop-lockscreen.html.en