From 03ee283702be920e31c8bc69633ebc9ea458d52c Mon Sep 17 00:00:00 2001 From: Michaela Iorga Date: Wed, 14 Jan 2026 18:42:22 -0500 Subject: [PATCH 1/6] Updating the OSCAL submosule to the v1.2.0 which has all submodules updated including the relocated ones. --- build/oscal | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/oscal b/build/oscal index f24dd56d..8064bf7f 160000 --- a/build/oscal +++ b/build/oscal @@ -1 +1 @@ -Subproject commit f24dd56d5569ade8489924cf6fc2640dc297bfbe +Subproject commit 8064bf7f09648505c57c5ca54a1ac409c98f92a0 From 800fe93037532673f70bf7e009fe4128064c1df3 Mon Sep 17 00:00:00 2001 From: Michaela Iorga Date: Thu, 15 Jan 2026 18:21:36 -0500 Subject: [PATCH 2/6] Undated wrong uuid for publisher --- .../SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml b/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml index 2fe517c8..84176057 100644 --- a/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml +++ b/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml @@ -60,10 +60,10 @@ 98c78f9b-5d50-4b01-b47f-d16801e8d0ab - 985fea3e-a6e5-4a57-ba3d-74f063bc8fa2 + 4809f9d2-fdb1-47b0-b444-11271f09ff22 - 985fea3e-a6e5-4a57-ba3d-74f063bc8fa2 + 4809f9d2-fdb1-47b0-b444-11271f09ff22 98c78f9b-5d50-4b01-b47f-d16801e8d0ab From 82e971e83648c61a6a3a2c6226a660e0f3f2c514 Mon Sep 17 00:00:00 2001 From: Michaela Iorga Date: Fri, 16 Jan 2026 10:00:49 -0500 Subject: [PATCH 3/6] Corrected empty labels (CPRT errors) on A.03.01.10.ODP[02] and A.03.01.08.ODP[04]. --- .../SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml b/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml index 84176057..47e59885 100644 --- a/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml +++ b/src/nist.gov/SP800-171/rev3/xml/NIST_SP800-171_rev3_catalog.xml @@ -982,7 +982,7 @@ - +

organization-defined time period

@@ -1130,7 +1130,7 @@ - +

organization-defined time period

From 772fd853f1bdc9511c1059131293587fb6bc4a10 Mon Sep 17 00:00:00 2001 From: Michaela Iorga Date: Sat, 7 Feb 2026 20:58:48 -0500 Subject: [PATCH 4/6] Corrected the profile example to resolve to a valid catalog and updated the oscal-cli command in Makefile. --- build/Makefile | 9 +++++++-- .../xml/{basic-catalog.xml => basic_catalog.xml} | 6 +++--- .../xml/{basic-profile.xml => basic_profile.xml} | 2 +- ...lved.xml => basic_resolved-profile_catalog.xml} | 14 +++++++------- 4 files changed, 18 insertions(+), 13 deletions(-) rename src/examples/catalog/xml/{basic-catalog.xml => basic_catalog.xml} (98%) rename src/examples/profile/xml/{basic-profile.xml => basic_profile.xml} (96%) rename src/examples/profile/xml/{basic-profile-resolved.xml => basic_resolved-profile_catalog.xml} (95%) diff --git a/build/Makefile b/build/Makefile index 048447a3..32c49b56 100644 --- a/build/Makefile +++ b/build/Makefile @@ -190,9 +190,14 @@ validate-xml-by-cli: $(OSCAL_CLI_INSTALL_PATH) ## Validate XML files by director @echo "Validating OSCAL content with $(OSCAL_CLI_INSTALL_PATH)/bin/oscal-cli version $(OSCAL_CLI_VERSION)" @find $(SRC_DIR)/examples -mindepth 1 -maxdepth 1 -type d | while read example_dir; do \ example_type=$$(basename "$$example_dir"); \ - echo "Processing example type: $$example_type"; \ find "$$example_dir" -name '*.xml' | while read xml_file; do \ - echo "Validating $$xml_file with OSCAL CLI as $$example_type"; \ + if [[ "$$xml_file" == *"resolved-profile_catalog.xml" ]]; then \ + example_type="catalog"; \ + fi; \ + if [[ "$$xml_file" == *"profile.xml" ]]; then \ + example_type="profile"; \ + fi; \ + echo "=== Validating $$xml_file with OSCAL CLI as $$example_type"; \ $(OSCAL_CLI_INSTALL_PATH)/bin/oscal-cli "$$example_type" validate "$$xml_file"; \ done \ done diff --git a/src/examples/catalog/xml/basic-catalog.xml b/src/examples/catalog/xml/basic_catalog.xml similarity index 98% rename from src/examples/catalog/xml/basic-catalog.xml rename to src/examples/catalog/xml/basic_catalog.xml index c37e8a02..bb7c4887 100644 --- a/src/examples/catalog/xml/basic-catalog.xml +++ b/src/examples/catalog/xml/basic_catalog.xml @@ -39,13 +39,13 @@

A cross link has been established with a choppy syntax: (choppy).

- +

Allocation of information security responsibilities should be done in accordance with the information security policies. Responsibilities for the protection of individual assets and for carrying out specific information security processes should be identified. Responsibilities for information security risk management activities and in particular for acceptance of residual risks should be defined. These responsibilities should be supplemented, where necessary, with more detailed guidance for specific sites and information processing facilities. Local responsibilities for the protection of assets and for carrying out specific security processes should be defined.

- +

Individuals with allocated information security responsibilities may delegate security tasks to others. Nevertheless they remain accountable and should determine that any delegated tasks have been correctly performed.

- +

Areas for which individuals are responsible should be stated. In particular the following should take place:

  1. the assets and information security processes should be identified and defined;
  2. diff --git a/src/examples/profile/xml/basic-profile.xml b/src/examples/profile/xml/basic_profile.xml similarity index 96% rename from src/examples/profile/xml/basic-profile.xml rename to src/examples/profile/xml/basic_profile.xml index 9d042f12..3a5257e4 100644 --- a/src/examples/profile/xml/basic-profile.xml +++ b/src/examples/profile/xml/basic_profile.xml @@ -10,7 +10,7 @@

    The following document is used in the OSCAL Profile Tutorial and builds on the catalog created for the OSCAL Catalog Tutorial

    - + diff --git a/src/examples/profile/xml/basic-profile-resolved.xml b/src/examples/profile/xml/basic_resolved-profile_catalog.xml similarity index 95% rename from src/examples/profile/xml/basic-profile-resolved.xml rename to src/examples/profile/xml/basic_resolved-profile_catalog.xml index 02132523..618eb27e 100644 --- a/src/examples/profile/xml/basic-profile-resolved.xml +++ b/src/examples/profile/xml/basic_resolved-profile_catalog.xml @@ -1,14 +1,14 @@ - + Sample Security Profile <em>For Demonstration</em> and Testing - 2025-08-26T22:08:53.936316Z + 2026-02-08T01:25:19.668313Z 1.0 1.1.3 - + Information security roles and responsibilities @@ -38,13 +38,13 @@

    - +

    Allocation of information security responsibilities should be done in accordance with the information security policies. Responsibilities for the protection of individual assets and for carrying out specific information security processes should be identified. Responsibilities for information security risk management activities and in particular for acceptance of residual risks should be defined. These responsibilities should be supplemented, where necessary, with more detailed guidance for specific sites and information processing facilities. Local responsibilities for the protection of assets and for carrying out specific security processes should be defined.

    - +

    Individuals with allocated information security responsibilities may delegate security tasks to others. Nevertheless they remain accountable and should determine that any delegated tasks have been correctly performed.

    - +

    Areas for which individuals are responsible should be stated. In particular the following should take place:

    1. the assets and information security processes should be identified and defined;
    2. @@ -54,7 +54,7 @@
    3. coordination and oversight of information security aspects of supplier relationships should be identified and documented.
    - +

    Users of devices running Gnome can adjust the inactivity timeout using the following link: https://help.gnome.org/admin/system-admin-guide/stable/desktop-lockscreen.html.en

    From 491d2addf6987d50d5fc7e86e8946edb70b17b5a Mon Sep 17 00:00:00 2001 From: Michaela Iorga Date: Tue, 24 Mar 2026 22:02:28 -0400 Subject: [PATCH 5/6] Updated OSCAL submodule to v1.2.1 --- .gitmodules | 1 + build/oscal | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index 30647a56..e3a5b4e6 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,4 @@ [submodule "build/oscal"] path = build/oscal url = https://github.com/usnistgov/OSCAL.git + branch = v1.2.1 diff --git a/build/oscal b/build/oscal index 8064bf7f..26df0501 160000 --- a/build/oscal +++ b/build/oscal @@ -1 +1 @@ -Subproject commit 8064bf7f09648505c57c5ca54a1ac409c98f92a0 +Subproject commit 26df0501ccbd8cf0dad2a5f06f5f8e6237e2cd94 From 7c401de2e5c946ed530ad66f195f82ccee8879b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 18:28:06 +0000 Subject: [PATCH 6/6] Bump actions/upload-artifact from 4.6.2 to 7.0.1 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 7.0.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/content-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/content-artifacts.yml b/.github/workflows/content-artifacts.yml index 73962d1f..85172e9a 100644 --- a/.github/workflows/content-artifacts.yml +++ b/.github/workflows/content-artifacts.yml @@ -52,7 +52,7 @@ jobs: run: | zip ${{ runner.temp }}/generated-content.zip -r README.md examples/ nist.gov/ working-directory: ${{ github.workspace }} - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a if: always() with: name: generated-content