-
Notifications
You must be signed in to change notification settings - Fork 6
As an OSCAL SSP validation developer, in order to ensure consistency with OSCAL changes, I want to ensure validations work against updated versions of the OSCAL information model and data model schemas. #39
Comments
Initiated conversation with @mike-stern, @brianrufgsa, and Zach Baldwin, we have begun review of potential changes between revision changes between M3 and RC1 now that usnistgov/OSCAL#758 has landed. Minor changes to FedRAMP extensions will need an update, in advance of documentation and example SSP changes that are forth coming upstream. Per direction, from @brianrufgsa, will begin validation work against upstream content in oscal-content repo until FedRAMP automation resources are fixed. |
Per conversation Gitter it seems a lot of the churn in the FedRAMP extensions is around the |
Also per updates in OSCAL Gitter channel yesterday, definitely need to review the changelog updates for M3->RC1 but might be too general. |
So I was able to review the release notes (particularly around this part around the OSCAL SSP XML model changes, the converter, and used the 🤷 - does not impact us yet Changes affecting the catalog and profile XML formats
Changes to the SSP XML format
|
Other issues outside the release notes that did or will cause issues:
<part id="ac-1_smt.b" name="item">
<prop name="label">b.</prop>
<p>Reviews and updates the current:</p>
<part id="ac-1_smt.b.1" name="item">
<prop name="response-point" ns="https://fedramp.gov/ns/oscal"/>
<prop name="label">1.</prop>
<p>Access control policy <insert param-id="ac-1_prm_2"/>; and</p>
</part>
<part id="ac-1_smt.b.2" name="item">
<prop name="response-point" ns="https://fedramp.gov/ns/oscal"/>
<prop name="label">2.</prop>
<p>Access control procedures <insert param-id="ac-1_prm_3"/>.</p>
</part>
</part> <part id="ac-1_smt.b" name="item">
<prop name="label">b.</prop>
<p>Reviews and updates the current:</p>
<part id="ac-1_smt.b.1" name="item">
<prop name="label">1.</prop>
<p>Access control policy <insert param-id="ac-1_prm_2"/>; and</p>
</part>
<part id="ac-1_smt.b.2" name="item">
<prop name="label">2.</prop>
<p>Access control procedures <insert param-id="ac-1_prm_3"/>.</p>
</part>
</part> This not a major problem, but I picked |
OK, so per discussion this morning, @mike-stern, I will ask for feedback on Gitter, at least for |
Per discussion from David Waltermire from NIST, it appears we Continuing the FedRAMP-specific conversation here. cc @brianrufgsa |
We now need to refresh this story, RC1 is a thing of the pass and RC2 will be dropping shortly. |
Context:
There have been changes from when the validations were completed with the
1.0.0-milestone3
version of OSCAL was published. At the conclusion of the the 10x Phase 2 Project, we had to pause as1.0.0-rc1
was released. In the interim, NIST developers have updated the information model and XML data model schemas in1.0.0-rc2
. We will need to port changes in our validations to accommodate for that.Acceptance Criteria:
o:allowed-values
currently in use by the ruleso:allowed-values
1.0.0-milestone3
to1.0.0-rc1
to1.0.0-rc2
to completion: Task Refresh mapping differences from RC1 to RC2. #60The text was updated successfully, but these errors were encountered: