Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/content-artifacts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ jobs:
run: |
zip ${{ runner.temp }}/generated-content.zip -r README.md examples/ nist.gov/
working-directory: ${{ github.workspace }}
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
if: always()
with:
name: generated-content
Expand Down
1 change: 1 addition & 0 deletions .gitmodules
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
[submodule "build/oscal"]
path = build/oscal
url = https://github.com/usnistgov/OSCAL.git
branch = v1.2.1
9 changes: 7 additions & 2 deletions build/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -190,9 +190,14 @@ validate-xml-by-cli: $(OSCAL_CLI_INSTALL_PATH) ## Validate XML files by director
@echo "Validating OSCAL content with $(OSCAL_CLI_INSTALL_PATH)/bin/oscal-cli version $(OSCAL_CLI_VERSION)"
@find $(SRC_DIR)/examples -mindepth 1 -maxdepth 1 -type d | while read example_dir; do \
example_type=$$(basename "$$example_dir"); \
echo "Processing example type: $$example_type"; \
find "$$example_dir" -name '*.xml' | while read xml_file; do \
echo "Validating $$xml_file with OSCAL CLI as $$example_type"; \
if [[ "$$xml_file" == *"resolved-profile_catalog.xml" ]]; then \
example_type="catalog"; \
fi; \
if [[ "$$xml_file" == *"profile.xml" ]]; then \
example_type="profile"; \
fi; \
echo "=== Validating $$xml_file with OSCAL CLI as $$example_type"; \
$(OSCAL_CLI_INSTALL_PATH)/bin/oscal-cli "$$example_type" validate "$$xml_file"; \
done \
done
Expand Down
2 changes: 1 addition & 1 deletion build/oscal
Submodule oscal updated 67 files
+8 −12 .github/CODEOWNERS
+1 −1 .github/PULL_REQUEST_TEMPLATE.md
+8 −17 .github/workflows/issue-triage.yml
+3 −3 .github/workflows/periodic.yml
+3 −3 .github/workflows/release.yml
+6 −4 .github/workflows/status.yml
+6 −0 .gitmodules
+0 −2 CONTRIBUTING.md
+1 −1 build/.nvmrc
+3 −2 build/Makefile
+11 −2 build/markdown-link-check.json
+1 −1 build/metaschema-xslt
+1,001 −211 build/package-lock.json
+2 −2 build/package.json
+2 −2 build/pom.xml
+78 −0 build/resolve-entities.xspec
+46 −0 build/resolve-entities3.xsl
+1 −0 build/xspec
+1 −1 decisions/0002-communicating-nist-oscal-events-to-the-public.md
+2 −2 decisions/0004-issue-triage.md
+1 −1 decisions/0005-repository-reorganization.md
+80 −0 decisions/0007-implementation-agnostic-tests.md
+65 −0 decisions/0008-oscal-content-management.md
+46 −0 decisions/0009-tutorials-system-lifecycle.md
+325 −122 src/metaschema/oscal_assessment-common_metaschema.xml
+5 −5 src/metaschema/oscal_assessment-plan_metaschema.xml
+8 −8 src/metaschema/oscal_assessment-results_metaschema.xml
+88 −28 src/metaschema/oscal_catalog_metaschema.xml
+2 −1 src/metaschema/oscal_complete_metaschema.xml
+28 −26 src/metaschema/oscal_component_metaschema.xml
+54 −8 src/metaschema/oscal_control-common_metaschema.xml
+80 −97 src/metaschema/oscal_implementation-common_metaschema.xml
+665 −0 src/metaschema/oscal_mapping-common_metaschema.xml
+50 −0 src/metaschema/oscal_mapping_metaschema.xml
+68 −84 src/metaschema/oscal_metadata_metaschema.xml
+16 −16 src/metaschema/oscal_poam_metaschema.xml
+35 −24 src/metaschema/oscal_profile_metaschema.xml
+73 −82 src/metaschema/oscal_ssp_metaschema.xml
+7 −0 src/metaschema/shared-constraints/allowed-values-component_inventory-item_property-name.ent
+5 −0 src/metaschema/shared-constraints/allowed-values-property-name-networked-components.ent
+0 −241 src/specifications/profile-resolution/metaschema-datatypes.xsd
+42 −0 src/specifications/profile-resolution/profile-resolution-examples/catalogs/abc-multiple-children_catalog.xml
+6 −6 ...ecifications/profile-resolution/profile-resolution-examples/output-expected/merge-keep_profile_RESOLVED.xml
+33 −0 ...ications/profile-resolution/profile-resolution-examples/output-expected/without-parent_profile_RESOLVED.xml
+18 −0 src/specifications/profile-resolution/profile-resolution-examples/without-parent_profile.xml
+2 −2 src/specifications/profile-resolution/profile-resolution-specml-requirements.xspec
+5 −5 src/specifications/profile-resolution/profile-resolution-specml-working.xml
+3 −3 src/specifications/profile-resolution/profile-resolution-specml.xml
+1 −1 src/specifications/profile-resolution/profile-resolution-unit-tests.xml
+1 −1 src/specifications/profile-resolution/readme.md
+2 −2 src/specifications/profile-resolution/resolution-testing.xml
+472 −0 src/specifications/profile-resolution/spec-tester.py
+17 −0 src/specifications/profile-resolution/spec-tests.json
+1 −1 src/specifications/profile-resolution/unit-tests.xsd
+3 −1 src/utils/resolver-pipeline/Makefile
+1 −1 src/utils/resolver-pipeline/oscal-profile-resolve-metadata.xsl
+8 −20 src/utils/resolver-pipeline/select-or-custom-merge.xsl
+1 −1 src/utils/resolver-pipeline/testing/1_selected/resource-media-type.xml
+1 −1 src/utils/resolver-pipeline/testing/1_selected/resource-multiple-rlinks.xml
+2 −2 src/utils/resolver-pipeline/testing/1_selected/select-mapping-controls.xspec
+2 −2 src/utils/resolver-pipeline/testing/1_selected/select-rlink.xspec
+16 −202 src/utils/resolver-pipeline/testing/1_selected/select.xspec
+13 −6 src/utils/resolver-pipeline/testing/2_metadata/uuid-method-choice.xspec
+2 −1 src/utils/resolver-pipeline/testing/3_merged/merge-custom.xspec
+2 −2 src/utils/resolver-pipeline/testing/4_modified/modify.xspec
+2 −2 src/utils/resolver-pipeline/testing/pathological-profile.xml
+1 −1 versioning-and-branching.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,13 +39,13 @@
<p>A cross link has been established with a choppy syntax: <a href="#s1.1.2">(choppy)</a>.</p>
</part>
<part id="s1.1.1_gdn" name="guidance">
<part id="s1.1.1_gdn.1" name="objective">
<part id="s1.1.1_gdn.1" name="assessment-objective">
<p>Allocation of information security responsibilities should be done in accordance with the information security policies. Responsibilities for the protection of individual assets and for carrying out specific information security processes should be identified. Responsibilities for information security risk management activities and in particular for acceptance of residual risks should be defined. These responsibilities should be supplemented, where necessary, with more detailed guidance for specific sites and information processing facilities. Local responsibilities for the protection of assets and for carrying out specific security processes should be defined.</p>
</part>
<part id="s1.1.1_gdn.2" name="objective">
<part id="s1.1.1_gdn.2" name="assessment-objective">
<p>Individuals with allocated information security responsibilities may delegate security tasks to others. Nevertheless they remain accountable and should determine that any delegated tasks have been correctly performed.</p>
</part>
<part id="s1.1.1_gdn.3" name="objective">
<part id="s1.1.1_gdn.3" name="assessment-objective">
<p>Areas for which individuals are responsible should be stated. In particular the following should take place:</p>
<ol>
<li>the assets and information security processes should be identified and defined;</li>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
<p>The following document is used in the OSCAL Profile Tutorial and builds on the catalog created for the OSCAL Catalog Tutorial</p>
</remarks>
</metadata>
<import href="../../catalog/xml/basic-catalog.xml">
<import href="../../catalog/xml/basic_catalog.xml">
<include-controls>
<matching pattern="s1.1.*"/>
</include-controls>
Expand Down
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="3e580e28-a4b3-48a0-96bd-38f3429de413">
<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="bb89b98c-2fe4-46be-9b26-7b4a8b476107">
<metadata>
<title>Sample Security Profile
<em>For Demonstration</em> and Testing
</title>
<last-modified>2025-08-26T22:08:53.936316Z</last-modified>
<last-modified>2026-02-08T01:25:19.668313Z</last-modified>
<version>1.0</version>
<oscal-version>1.1.3</oscal-version>
<prop name="resolution-tool" value="libOSCAL-Java"/>
<link href="file:///Users/miorga/Desktop/ALL_PROJECTS/GH/_usnistgov/oscal-content/src/examples/profile/xml/basic-profile.xml" rel="source-profile"/>
<link href="basic_profile.xml" rel="source-profile"/>
</metadata>
<control id="s1.1.1">
<title>Information security roles and responsibilities</title>
Expand Down Expand Up @@ -38,13 +38,13 @@
</p>
</part>
<part id="s1.1.1_gdn" name="guidance">
<part id="s1.1.1_gdn.1" name="objective">
<part id="s1.1.1_gdn.1" name="assessment-objective">
<p>Allocation of information security responsibilities should be done in accordance with the information security policies. Responsibilities for the protection of individual assets and for carrying out specific information security processes should be identified. Responsibilities for information security risk management activities and in particular for acceptance of residual risks should be defined. These responsibilities should be supplemented, where necessary, with more detailed guidance for specific sites and information processing facilities. Local responsibilities for the protection of assets and for carrying out specific security processes should be defined.</p>
</part>
<part id="s1.1.1_gdn.2" name="objective">
<part id="s1.1.1_gdn.2" name="assessment-objective">
<p>Individuals with allocated information security responsibilities may delegate security tasks to others. Nevertheless they remain accountable and should determine that any delegated tasks have been correctly performed.</p>
</part>
<part id="s1.1.1_gdn.3" name="objective">
<part id="s1.1.1_gdn.3" name="assessment-objective">
<p>Areas for which individuals are responsible should be stated. In particular the following should take place:</p>
<ol>
<li>the assets and information security processes should be identified and defined;</li>
Expand All @@ -54,7 +54,7 @@
<li>coordination and oversight of information security aspects of supplier relationships should be identified and documented.</li>
</ol>
</part>
<part id="s1.1.1_gdn.4" name="item">
<part id="s1.1.1_gdn.4" name="assessment-objective">
<p>Users of devices running Gnome can adjust the inactivity timeout using the following link: https://help.gnome.org/admin/system-admin-guide/stable/desktop-lockscreen.html.en</p>
</part>
</part>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,10 +60,10 @@
<party-uuid>98c78f9b-5d50-4b01-b47f-d16801e8d0ab</party-uuid>
</responsible-party>
<responsible-party role-id="publisher">
<party-uuid>985fea3e-a6e5-4a57-ba3d-74f063bc8fa2</party-uuid>
<party-uuid>4809f9d2-fdb1-47b0-b444-11271f09ff22</party-uuid>
</responsible-party>
<responsible-party role-id="contact-publisher">
<party-uuid>985fea3e-a6e5-4a57-ba3d-74f063bc8fa2</party-uuid>
<party-uuid>4809f9d2-fdb1-47b0-b444-11271f09ff22</party-uuid>
</responsible-party>
<responsible-party role-id="contact-creator">
<party-uuid>98c78f9b-5d50-4b01-b47f-d16801e8d0ab</party-uuid>
Expand Down Expand Up @@ -982,7 +982,7 @@
</param>
<param id="A.03.01.08.ODP.04">
<prop name="label" value="A.03.01.08.ODP[04]" />
<label></label>
<label>time period</label>
<usage>
<p>organization-defined time period</p>
</usage>
Expand Down Expand Up @@ -1130,7 +1130,7 @@
</param>
<param id="A.03.01.10.ODP.02">
<prop name="label" value="A.03.01.10.ODP[02]" />
<label></label>
<label>time period</label>
<usage>
<p>organization-defined time period</p>
</usage>
Expand Down
Loading