diff --git a/src/metaschema/oscal_assessment-common_metaschema.xml b/src/metaschema/oscal_assessment-common_metaschema.xml index cb8943a3e0..cffea79932 100644 --- a/src/metaschema/oscal_assessment-common_metaschema.xml +++ b/src/metaschema/oscal_assessment-common_metaschema.xml @@ -1,9 +1,10 @@ OSCAL Assessment Layer Format -- Common Modules - 1.0.0-rc2 + 1.0.0 oscal-assessment-common http://csrc.nist.gov/ns/oscal/1.0 + http://csrc.nist.gov/ns/oscal

This contains all modules common to the assessment plan, assessment results, and POAM models.

The root of the OSCAL Assessment Plan format is assessment-plan.

@@ -214,7 +215,7 @@ Task Universally Unique Identifier Uniquely identifies this assessment task. - + Task Type The type of task. @@ -493,7 +494,7 @@ Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope. - + Include Specific Statements Used to constrain the selection to only specificity identified statements. @@ -543,7 +544,7 @@ Subject of Assessment Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope. - + Subject Type Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement. @@ -626,7 +627,7 @@ A pointer to a component, inventory-item, location, party, user, or resource using it's UUID. - + Subject Universally Unique Identifier Reference Type Used to indicate the type of object pointed to by the uuid-ref within a subject. @@ -764,7 +765,7 @@

The target will always be a reference to: 1) a control statement, or 2) a control objective. In the former case, there is always a single top-level statement within a control. Thus, if the entire control is targeted, this statement identifier can be used.

 - + Finding Target Identifier Reference Identifies the specific target qualified by the type. @@ -784,7 +785,7 @@ - + Objective Status A brief indication as to whether the objective is satisfied or not within a given system. @@ -845,7 +846,7 @@ - + Observation Type Identifies the nature of the observation. More than one may be used to further qualify and enable filtering. @@ -945,7 +946,7 @@ Originating Actor The actor that produces an observation, a finding, or a risk. One or more actor type can be used to specify a person that is using a tool. - + Actor Type The kind of actor. @@ -961,7 +962,7 @@ Actor Universally Unique Identifier Reference A pointer to the tool or person based on the associated type. - + Actor Role For a party, this can optionally be used to specify the role the actor was performing. @@ -1084,7 +1085,7 @@ - + Status Describes the status of the associated risk. @@ -1286,13 +1287,13 @@ Party UUID Reference A pointer to the party who is making the log entry. - + Actor Role A point to the role-id of the role in which the party is making the log entry. - + Risk Status Describes the status of the associated risk. @@ -1327,7 +1328,7 @@ Facet An individual characteristic that is part of a larger set produced by the same actor. - + Facet Name The name of the risk metric within the specified system. @@ -1574,7 +1575,7 @@ Uniquely identifies this remediation. This UUID may be referenced elsewhere in an OSCAL document when referring to this information. Once assigned, a UUID should be consistently used for a given remediation across revisions. - + Remediation Intent Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner. @@ -1674,7 +1675,7 @@ - + Objective ID Points to an assessment objective. @@ -1690,7 +1691,7 @@ Part Identifier A unique identifier for a specific part instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same part across minor revisions of the document. - + Part Name A textual label that uniquely identifies the part's semantic type. @@ -1712,7 +1713,7 @@

When a ns is not provided, its value should be assumed to be http://csrc.nist.gov/ns/oscal and the name should be a name defined by the associated OSCAL model.

 - + Part Class A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. diff --git a/src/metaschema/oscal_assessment-plan_metaschema.xml b/src/metaschema/oscal_assessment-plan_metaschema.xml index ad130ebcb0..13a5ff80b1 100644 --- a/src/metaschema/oscal_assessment-plan_metaschema.xml +++ b/src/metaschema/oscal_assessment-plan_metaschema.xml @@ -1,9 +1,10 @@ OSCAL Assessment Plan Model - 1.0.0-rc2 + 1.0.0 oscal-ap http://csrc.nist.gov/ns/oscal/1.0 + http://csrc.nist.gov/ns/oscal

The OSCAL assessment plan format is used to describe the information typically provided by an assessor during the preparation for an assessment.

The root of the OSCAL assessment plan format is assessment-plan. diff --git a/src/metaschema/oscal_assessment-results_metaschema.xml b/src/metaschema/oscal_assessment-results_metaschema.xml index 4c3f3a2803..adfe858a31 100644 --- a/src/metaschema/oscal_assessment-results_metaschema.xml +++ b/src/metaschema/oscal_assessment-results_metaschema.xml @@ -3,9 +3,10 @@ OSCAL Assessment Results Model - 1.0.0-rc2 + 1.0.0 oscal-ar http://csrc.nist.gov/ns/oscal/1.0 + http://csrc.nist.gov/ns/oscal

The OSCAL assessment results format is used to describe the information typically provided by an assessor following an assessment.

The root of the OSCAL assessment results format is assessment-results. diff --git a/src/metaschema/oscal_catalog_metaschema.xml b/src/metaschema/oscal_catalog_metaschema.xml index 9d83f9232e..c40f334116 100644 --- a/src/metaschema/oscal_catalog_metaschema.xml +++ b/src/metaschema/oscal_catalog_metaschema.xml @@ -8,9 +8,10 @@ OSCAL Control Catalog Model - 1.0.0-rc2 + 1.0.0 oscal-catalog http://csrc.nist.gov/ns/oscal/1.0 + http://csrc.nist.gov/ns/oscal

The OSCAL Control Catalog format can be used to describe a collection of security controls and related control enhancements, along with contextualizing documentation and metadata. The root of the Control Catalog format is catalog.

@@ -64,12 +65,12 @@ Control Group A group of controls, or of groups of controls. - + Group Identifier A unique identifier for a specific group instance that can be used to reference the group within this and in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same group across minor revisions of the document. - + Group Class A textual label that provides a sub-type or characterization of the group. @@ -129,12 +130,12 @@ Control A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance. - + Control Identifier A unique identifier for a specific control instance that can be used to reference the control in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same control across minor revisions of the document. - + Control Class A textual label that provides a sub-type or characterization of the control. diff --git a/src/metaschema/oscal_complete_metaschema.xml b/src/metaschema/oscal_complete_metaschema.xml index 400697532d..e35e8c19a8 100644 --- a/src/metaschema/oscal_complete_metaschema.xml +++ b/src/metaschema/oscal_complete_metaschema.xml @@ -1,16 +1,26 @@ - - OSCAL System Security Plan (SSP) Model - 1.0.0-rc2 - oscal-complete - http://csrc.nist.gov/ns/oscal/1.0 - - - - - - - - + + + + +]> + + OSCAL Unified Model of Models + 1.0.0 + oscal-complete + http://csrc.nist.gov/ns/oscal/1.0 + http://csrc.nist.gov/ns/oscal + +

The OSCAL Control Catalog format can be used to describe a collection of security controls and related control enhancements, along with contextualizing documentation and metadata. The root of the Control Catalog format is catalog. +

+ + + + + + + + + diff --git a/src/metaschema/oscal_component_metaschema.xml b/src/metaschema/oscal_component_metaschema.xml index 622b4c1fbd..ccd3cd8818 100644 --- a/src/metaschema/oscal_component_metaschema.xml +++ b/src/metaschema/oscal_component_metaschema.xml @@ -14,9 +14,10 @@ OSCAL Component Definition Model - 1.0.0-rc1 + 1.0.0 oscal-component-definition http://csrc.nist.gov/ns/oscal/1.0 + http://csrc.nist.gov/ns/oscal

The OSCAL Component Definition Model can be used to describe the implementation of controls in a component or a set of components grouped as a capability. A component can be either a technical component, or a documentary component. A technical component is a component that is implemented in hardware (physical or virtual) or software. A documentary component is a component implemented in a document, such as a process, procedure, or policy.

The root of the OSCAL Implementation Component format is component-definition. diff --git a/src/metaschema/oscal_control-common_metaschema.xml b/src/metaschema/oscal_control-common_metaschema.xml index 9e1bf441d0..373fb83473 100644 --- a/src/metaschema/oscal_control-common_metaschema.xml +++ b/src/metaschema/oscal_control-common_metaschema.xml @@ -8,24 +8,23 @@ OSCAL Control Catalog Format -- Common Models - 1.0.0-rc2 + 1.0.0 oscal-catalog-common http://csrc.nist.gov/ns/oscal/1.0 + http://csrc.nist.gov/ns/oscal - - Part A partition of a control's definition or a child of another part. - + Part Identifier A unique identifier for a specific part instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same part across minor revisions of the document. - + Part Name A textual label that uniquely identifies the part's semantic type. @@ -51,7 +50,7 @@

When a ns is not provided, its value should be assumed to be http://csrc.nist.gov/ns/oscal and the name should be a name defined by the associated OSCAL model.

 - + Part Class A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. @@ -122,13 +121,13 @@ Parameters provide a mechanism for the dynamic assignment of value(s) in a control. param - + Parameter Identifier A unique identifier for a specific parameter instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same parameter across minor revisions of the document. - + Parameter Class A textual label that provides a characterization of the parameter. @@ -226,7 +225,7 @@ - + Parameter Value A parameter value or set of values. @@ -235,9 +234,15 @@ Selection Presenting a choice among alternatives - + Parameter Cardinality - Describes the number of selections that must occur. + Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted. + + + Only one value is permitted. + One or more values are permitted. + + @@ -254,12 +259,12 @@

A set of parameter value choices, that may be picked from to set the parameter value.

 - + Depends on Another parameter invoking this one - + Control Identifier Reference A reference to a control with a corresponding id value. diff --git a/src/metaschema/oscal_implementation-common_metaschema.xml b/src/metaschema/oscal_implementation-common_metaschema.xml index 405d11c1ef..a6dd0b6bf7 100644 --- a/src/metaschema/oscal_implementation-common_metaschema.xml +++ b/src/metaschema/oscal_implementation-common_metaschema.xml @@ -14,9 +14,10 @@ OSCAL Implementation Common Information - 1.0.0-rc2 + 1.0.0 oscal-implementation-common http://csrc.nist.gov/ns/oscal/1.0 + http://csrc.nist.gov/ns/oscal @@ -57,7 +58,7 @@ Status Describes the operational status of the system component. - + State The operational status. @@ -285,7 +286,7 @@

Should be a number within a permitted range

 - + Transport Indicates the transport type. @@ -310,7 +311,7 @@ Implementation Status Indicates the degree to which the a given control is implemented. - + Implementation State Identifies the implementation status of the control or control objective. @@ -628,7 +629,7 @@ --> - + Control Statement Reference A reference to a control statement by its identifier @@ -667,7 +668,7 @@ - + Parameter ID A reference to a parameter within a control, who's catalog has been imported into the current implementation context. diff --git a/src/metaschema/oscal_metadata_metaschema.xml b/src/metaschema/oscal_metadata_metaschema.xml index 28a0a3ec76..ae5fda9745 100644 --- a/src/metaschema/oscal_metadata_metaschema.xml +++ b/src/metaschema/oscal_metadata_metaschema.xml @@ -5,9 +5,10 @@ OSCAL Document Metadata Description - 1.0.0-rc2 + 1.0.0 oscal-metadata http://csrc.nist.gov/ns/oscal/1.0 + http://csrc.nist.gov/ns/oscal @@ -345,7 +346,7 @@ Role Defines a function assumed or expected to be assumed by a party in a specific situation. - + Role Identifier A unique identifier for a specific role instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same role across minor revisions of the document. @@ -380,7 +381,7 @@ - + Role Identifier Reference A reference to the roles served by the user. @@ -584,7 +585,7 @@ Property An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. prop - + Property Name A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. @@ -612,7 +613,7 @@ Property Value Indicates the value of the attribute, characteristic, or quality. - + Property Class A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. @@ -643,7 +644,7 @@

If an internet resource is used, the href value will be an absolute or relative URI pointing to the location of the referenced resource. A relative URI will be resolved relative to the location of the document containing the link.

 - + Relation Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. @@ -703,7 +704,7 @@ Responsible Party A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. - + Responsible Role The role that the party is responsible for. @@ -735,7 +736,7 @@ Responsible Role A reference to one or more roles with responsibility for performing a function relative to the containing object. - + Responsible Role ID The role that is responsible for the business function. @@ -901,7 +902,7 @@ A single line of an address. - + Address Type Indicates the type of address. diff --git a/src/metaschema/oscal_poam_metaschema.xml b/src/metaschema/oscal_poam_metaschema.xml index e405ff7f4c..8b899625de 100644 --- a/src/metaschema/oscal_poam_metaschema.xml +++ b/src/metaschema/oscal_poam_metaschema.xml @@ -3,9 +3,10 @@ OSCAL Plan of Action and Milestones (POA&M) Model - 1.0.0-rc2 + 1.0.0 oscal-poam http://csrc.nist.gov/ns/oscal/1.0 + http://csrc.nist.gov/ns/oscal

The OSCAL Plan of Action and Milestones (POA&M) format is used to describe the information typically provided by an assessor during the preparation for an assessment.

The root of the OSCAL Plan of Action and Milestones (POA&M) format is plan-action-milestones. diff --git a/src/metaschema/oscal_profile_metaschema.xml b/src/metaschema/oscal_profile_metaschema.xml index 3effee3557..2066fb9ff0 100644 --- a/src/metaschema/oscal_profile_metaschema.xml +++ b/src/metaschema/oscal_profile_metaschema.xml @@ -6,9 +6,10 @@ OSCAL Profile Model - 1.0.0-rc2 + 1.0.0 oscal-profile http://csrc.nist.gov/ns/oscal/1.0 + http://csrc.nist.gov/ns/oscal

A profile designates a selection and configuration of controls from one or more catalogs, along with a series of operations over them. The topmost element in the OSCAL profile XML schema is profile.

 @@ -142,12 +143,12 @@ Control group A group of (selected) controls or of groups of controls - + Group Identifier A unique identifier for a specific group instance that can be used to reference the group within this and in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same group across minor revisions of the document. - + Group Class A textual label that provides a sub-type or characterization of the group. @@ -193,12 +194,12 @@ Parameter Setting A parameter setting, to be propagated to points of insertion - + Parameter ID Indicates the value of the 'id' flag on a target parameter; i.e. which parameter to set - + Parameter Class A textual label that provides a characterization of the parameter. @@ -262,7 +263,7 @@ Select controls Specifies which controls to use in the containing context. - + Order A designation of how a selection of controls in a profile is to be ordered. @@ -307,7 +308,7 @@ Call a control by its ID - + Match Controls by Identifier @@ -344,23 +345,23 @@ Removal Specifies objects to be removed from a control based on specific aspects of the object that must all match. - + Reference by (assigned) name Identify items to remove by matching their assigned name - + Reference by class Identify items to remove by matching their class. - + Reference by ID Identify items to remove indicated by their id. - + Item Name Reference Identify items to remove by the name of the item's information element name, e.g. title or prop - + Item Namespace Reference Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. @@ -372,7 +373,7 @@ Addition Specifies contents to be added into controls, in resolution - + Position Where to add the new content with respect to the targeted element (beside it or inside it) @@ -384,7 +385,7 @@ - + Reference by ID Target location of the addition. @@ -418,7 +419,7 @@

id-ref, when given, should indicate, by its ID, an element inside the control to serve as the anchor point for the addition. In this case, position value may be any of the permitted values.

 - + Include contained controls with control When a control is included, whether its child (dependent) controls are also included. diff --git a/src/metaschema/oscal_ssp_metaschema.xml b/src/metaschema/oscal_ssp_metaschema.xml index a920e57d32..acdb41896b 100644 --- a/src/metaschema/oscal_ssp_metaschema.xml +++ b/src/metaschema/oscal_ssp_metaschema.xml @@ -13,13 +13,13 @@ OSCAL System Security Plan (SSP) Model - 1.0.0-rc2 + 1.0.0 oscal-ssp http://csrc.nist.gov/ns/oscal/1.0 + http://csrc.nist.gov/ns/oscal

The OSCAL Control SSP format can be used to describe the information typically specified in a system security plan, such as those defined in NIST SP 800-18.

-

The root of the OSCAL System Security Plan (SSP) format is system-security-plan. -

+

The root of the OSCAL System Security Plan (SSP) format is system-security-plan.