diff --git a/.circleci/config.yml b/.circleci/config.yml index 1587b1c0f1..f9affe8361 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -58,7 +58,7 @@ commands: - mvn-m2-cache-V2 - run: name: Get Saxon-HE - command: | + command: | mvn org.apache.maven.plugins:maven-dependency-plugin:2.10:get -DartifactId=Saxon-HE -DgroupId=net.sf.saxon -Dversion=$SAXON_VERSION - run: name: Build JSON Validation CLI @@ -158,20 +158,20 @@ executors: java-executor: docker: # run the java jobs with Docker - image: circleci/openjdk:11-jdk-node-browsers - <<: *common_environment + <<: *common_environment ruby-node-executor: docker: # run the ruby jobs with Docker - image: circleci/ruby:2.4.6-node-browsers - <<: *common_environment + <<: *common_environment python-executor: docker: #run the python jobs with Docker - image: circleci/python:3.7.3-node-browsers - <<: *common_environment + <<: *common_environment go-executor: docker: # run the steps with Docker - image: circleci/golang:1.12.5 - <<: *common_environment -jobs: # a collection of + <<: *common_environment +jobs: # a collection of job-ci-skip-check: executor: java-executor steps: @@ -287,7 +287,7 @@ jobs: # a collection of bash "$CICD_DIR/validate-content.sh" "$OSCAL_BUILD_DIR" job-roundtrip-conversions: executor: python-executor - steps: + steps: - *checkout - *attach_build_workspace - check-skip-build @@ -347,7 +347,7 @@ jobs: # a collection of git add -f --all content # check for changes echo "Changed files:" - + if ! $(git diff --exit-code --name-only HEAD~1 xml json content); then # Only deploy if something relevant has changed # Setup deployment @@ -376,10 +376,15 @@ jobs: # a collection of cp -vr "$OSCAL_BUILD_DIR"/* "$OSCAL_REPO_DIR" cd "$OSCAL_REPO_DIR/docs" bundle exec jekyll build -d _site/OSCAL - htmlproofer --assume-extension ./_site + htmlproofer --allow-hash-href --url-ignore "/\/OSCAL\/docs\/schemas\//,/#/,/https:\/\/raw\.githubusercontent\.com/" --assume-extension --log-level :debug ./_site environment: JEKYLL_ENV: production - *save_gem_cache + - run: + name: Compress build docs + command: | + tar -zcvf "${OSCAL_BUILD_DIR}/docs.tar.gz" "${OSCAL_BUILD_DIR}/docs" + rm -rf "${OSCAL_BUILD_DIR}/docs" - *publish_artifacts job-build-and-deploy-website: executor: ruby-node-executor diff --git a/.gitignore b/.gitignore index 060631bc18..4b1af9f804 100644 --- a/.gitignore +++ b/.gitignore @@ -27,6 +27,7 @@ xspec/*.html /xml /json /svrl +/metaschema/unit-testing /.skipbuild /.runbuild diff --git a/README.md b/README.md index 84f60cf399..4609431734 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ OSCAL is comprised of multiple components which have been highlighted in the arc ## Project Status -OSCAL 1.0.0 Milestone 1 was released on June 15, 2019. The full announcement can be find below: +OSCAL 1.0.0 Milestone 1 was released on June 15, 2019. The full announcement can be found below:
We are pleased to announce the release of OSCAL 1.0.0 Milestone 1. This release marks an important milestone for the OSCAL project, as this represents the first official release of OSCAL. @@ -36,4 +36,4 @@ The OSCAL team will continue the development of OSCAL focusing our full attentio Our current experimental OSCAL implementation layer is being validated as part of a pilot with GSA/FedRAMP, to ensure the necessary functionality and enough flexibility is provided to support a wide variety of SSPs provided by different organizations. To further validate the implementation layer's functionality and flexibility, NIST is seeking software and service providers that are willing to work with us to represent control implementation information about their products. Please email us at oscal@nist.gov if you are interested. If you have any questions about OSCAL in general or the Milestone 1 release specifically, or if you would like to get involved in the OSCAL project, please contact us at: oscal@nist.gov. -
\ No newline at end of file + diff --git a/build/ci-cd/README.md b/build/ci-cd/README.md index 5035a99515..5d0832bef5 100644 --- a/build/ci-cd/README.md +++ b/build/ci-cd/README.md @@ -30,7 +30,7 @@ The bash scripts used in the CI/CD workflow can be run locally in the correct en - [Apache Maven](https://maven.apache.org/) 3.6.1 or greater - [Node.js and Node Package Manager (NPM)](https://nodejs.org/en/) 10.15.3 or greater - 'Another Json Validator' Command Line Interface ([ajv-cli](https://github.com/jessedc/ajv-cli)) v3.0.0 or greater -- [Python](https://www.python.org/) 3.7.3 or greater +- [Python](https://www.python.org/) tested with 3.7.3 Additionally, the following packages need to be installed. @@ -38,9 +38,11 @@ NodeJS Packages: ``` npm install -g ajv-cli +``` Python Packages: +``` pip install lxml ``` @@ -68,3 +70,111 @@ git clone --depth 1 --no-checkout https://github.com/Schematron/schematron.git " cd "$SCHEMATRON_HOME" git checkout master -- trunk/schematron/code ``` + +## Further installation notes + +Setting up to run in WSL (Windows subsystem for Linux) avoids many Windows-related configuration issues, but requires the entire environment be available from within the subsystem. The easiest way to accomplish this is to install the components into the subsystem directly. + +To check whether xmllint is installed: + +``` +xmllint -version +``` + +To install it + +``` +sudo apt install libxml2-utils +``` + +To install Java: + +``` +sudo apt install openjdk-11-jre-headless +``` + +To install NodeJS: + +``` +sudo apt install nodejs +``` + +And npm (Node package manager, separate from NodeJS): + +``` +sudo apt install npm +``` + + +To install AJV (nodeJS JSON validator) + +``` +npm install -g ajv-cli +``` + + +or if you want to install globally (for all users): + +``` +sudo npm install -g ajv-cli +``` + +Ubuntu comes with Python. To check the version: + +``` +python3 -V +``` + +Scripts were tested with version 3.7.3 but 3.6.8 (the default in Ubuntu under WSL) should work. + +Along with Python you also need a library, for which you need pip (a Python installer): + +``` +sudo apt install python-pip +pip install lxml + +``` + + +To install Maven: + +``` +sudo apt install maven +``` + +Then run Maven to acquire Saxon: + + +``` +export SAXON_VERSION=9.9.1-3 +mvn org.apache.maven.plugins:maven-dependency-plugin:2.10:get -DartifactId=Saxon-HE -DgroupId=net.sf.saxon -Dversion=$SAXON_VERSION +``` + +mkdir $HOME/oscal-oss + +export SCHEMATRON_HOME=$HOME/oscal-oss/git-schematron +git clone --depth 1 --no-checkout https://github.com/Schematron/schematron.git "$SCHEMATRON_HOME" +cd "$SCHEMATRON_HOME" +git checkout master -- trunk/schematron/code + + +export OSCAL_TOOLS_DIR=$HOME/oscal-oss/oscal_tools +git clone --depth 1 https://github.com/usnistgov/oscal-tools.git "${OSCAL_TOOLS_DIR}" +cd $OSCAL_TOOLS_DIR/json-cli +mvn clean install + +Finally, export instructions in the preceding must also be copied into .bashrc so they persist in your environment. + +prettyson + +``` +sudo npm install -g prettyjson +``` + + +jq + +``` +sudo apt-get install jq +``` + diff --git a/build/ci-cd/common-environment.sh b/build/ci-cd/common-environment.sh old mode 100644 new mode 100755 diff --git a/build/ci-cd/config/metaschema b/build/ci-cd/config/metaschema index 5cd80002c1..4366041dd6 100644 --- a/build/ci-cd/config/metaschema +++ b/build/ci-cd/config/metaschema @@ -1,4 +1,7 @@ # path to metaschema source|generate schema format(s)|generate converter target format(s)|generate docs format(s) src/metaschema/oscal_catalog_metaschema.xml|xml,json|xml,json|xml,json src/metaschema/oscal_profile_metaschema.xml|xml,json|xml,json|xml,json -src/metaschema/oscal_ssp_metaschema.xml|xml,json|xml,json| +src/metaschema/oscal_component_metaschema.xml|xml,json|xml,json|xml,json +src/metaschema/oscal_ssp_metaschema.xml|xml,json|xml,json|xml,json + + diff --git a/build/ci-cd/copy-and-convert-content.sh b/build/ci-cd/copy-and-convert-content.sh old mode 100644 new mode 100755 index e435dcf460..ae69e97c48 --- a/build/ci-cd/copy-and-convert-content.sh +++ b/build/ci-cd/copy-and-convert-content.sh @@ -69,9 +69,10 @@ while IFS="|" read path format model converttoformats || [[ -n "$path" ]]; do # validate generated file schema="$working_dir/json/schema/oscal_${model}_schema.json" - validate_json "$schema" "$dest" + result=$(validate_json "$schema" "$dest") cmd_exitcode=$? if [ $cmd_exitcode -ne 0 ]; then + echo "${P_ERROR}${result}${P_END}" echo "${P_ERROR}Validation of '${dest}' failed.${P_END}" exitcode=1 fi @@ -79,9 +80,10 @@ while IFS="|" read path format model converttoformats || [[ -n "$path" ]]; do # produce pretty JSON dest_pretty="$working_dir/${newpath}.${altformat}" jq . "$dest" > "$dest_pretty" - validate_json "$schema" "$dest_pretty" + result=$(validate_json "$schema" "$dest_pretty") cmd_exitcode=$? if [ $cmd_exitcode -ne 0 ]; then + echo "${P_ERROR}${result}${P_END}" echo "${P_ERROR}Validation of '${dest_pretty}' failed.${P_END}" exitcode=1 fi diff --git a/build/ci-cd/generate-content-converters.sh b/build/ci-cd/generate-content-converters.sh old mode 100644 new mode 100755 diff --git a/build/ci-cd/generate-model-documentation.sh b/build/ci-cd/generate-model-documentation.sh old mode 100644 new mode 100755 index 56559f18cd..b9b437c1c6 --- a/build/ci-cd/generate-model-documentation.sh +++ b/build/ci-cd/generate-model-documentation.sh @@ -17,6 +17,9 @@ echo "${P_INFO}Working in '${P_END}${working_dir}${P_INFO}'.${P_END}" # the stylesheet used to generate the documentation stylesheet="$OSCALDIR/build/metaschema/xml/produce-and-run-either-documentor.xsl" +# the URL of the github repo where generated artifacts will be accessible +github_url="https://github.com/raw/usnistgov/OSCAL/master" + # the directory to generate the documentation in schema_doc_dir="${working_dir}/docs/content/documentation/schemas" mkdir -p "$schema_doc_dir" # ensure this directory exists @@ -37,7 +40,7 @@ while IFS="|" read path gen_schema gen_converter gen_docs || [[ -n "$path" ]]; d files_to_process="$OSCALDIR"/"$path" - IFS= # disable word splitting + IFS= # disable word splitting for metaschema in $files_to_process do filename=$(basename -- "$metaschema") @@ -61,12 +64,16 @@ while IFS="|" read path gen_schema gen_converter gen_docs || [[ -n "$path" ]]; d # skip blanks continue; fi - + # Run the XSL template for the format case $format in xml) + # determine web location of schema + schema_url="${github_url}/xml/schema/${base}_schema.xsd" ;; json) + # determine web location of schema + schema_url="${github_url}/json/schema/${base}_schema.json" ;; *) echo "${P_WARN}Generating documentation for '${format^^}' is unsupported for '$metaschema'.${P_END}" @@ -78,7 +85,8 @@ while IFS="|" read path gen_schema gen_converter gen_docs || [[ -n "$path" ]]; d xsl_transform "$stylesheet_path" "$metaschema_path" "" \ "target-format=${format}" \ "example-converter-xslt-path=${converter_path}" \ - "output-path=${output_path}" + "output-path=${output_path}" \ + "schema-path=${schema_url}" cmd_exitcode=$? if [ $cmd_exitcode -ne 0 ]; then echo "${P_ERROR}Generating ${format^^} model documentation failed for '${P_END}${metaschema_path}${P_ERROR}'.${P_END}" diff --git a/build/ci-cd/generate-schema.sh b/build/ci-cd/generate-schema.sh old mode 100644 new mode 100755 index b28b6b6dbb..5b94b00ae8 --- a/build/ci-cd/generate-schema.sh +++ b/build/ci-cd/generate-schema.sh @@ -75,7 +75,7 @@ while IFS="|" read path gen_schema gen_converter gen_docs || [[ -n "$path" ]]; d # xml) # TODO: Add support for XML schema validation json) - validate_json "$OSCALDIR/build/ci-cd/json-schema-schema.json" "$schema" + result=$(validate_json "$OSCALDIR/build/ci-cd/json-schema-schema.json" "$schema") cmd_exitcode=$? ;; *) @@ -85,6 +85,7 @@ while IFS="|" read path gen_schema gen_converter gen_docs || [[ -n "$path" ]]; d esac if [ $cmd_exitcode -ne 0 ]; then + echo "${P_ERROR}${result}${P_END}" echo "${P_ERROR}Invalid ${format^^} schema '$schema'.${P_END}" exitcode=1 fi diff --git a/build/ci-cd/init-validate-json.sh b/build/ci-cd/init-validate-json.sh old mode 100644 new mode 100755 index feb917b129..152779b202 --- a/build/ci-cd/init-validate-json.sh +++ b/build/ci-cd/init-validate-json.sh @@ -36,10 +36,14 @@ validate_json() { fi java -cp "$classpath" gov.nist.oscal.json.JsonCLI "$@" "${extra_params[@]}" - - if [ "$?" -ne 0 ]; then - echo "${P_ERROR}Error running JsonCLI.${P_END}" - return 3 + exitcode=$? + if [ "$exitcode" -ne 0 ]; then + if [ "$exitcode" -gt 1 ]; then + echo "${P_ERROR}Error running JsonCLI.${P_END}" + else + echo "${json_file} is invalid." + fi + return $exitcode fi return 0 } diff --git a/build/ci-cd/package-release.sh b/build/ci-cd/package-release.sh old mode 100644 new mode 100755 diff --git a/build/ci-cd/run-all.sh b/build/ci-cd/run-all.sh old mode 100644 new mode 100755 index ed62a400b6..0dc8fe464e --- a/build/ci-cd/run-all.sh +++ b/build/ci-cd/run-all.sh @@ -74,3 +74,4 @@ echo WORKING DIR = "${WORKING_DIR}" [[ "$PERFORM_GENERATION" == "YES" ]] && ("$CIDIR/generate-content-converters.sh" "$WORKING_DIR" "$@" || ("Failed to generate content converters" && exit 4) ) [[ "$PERFORM_CONVERSION" == "YES" ]] && ("$CIDIR/copy-and-convert-content.sh" "$WORKING_DIR" "$@" || ("Failed to convert content" && exit 5) ) [[ "$PERFORM_VALIDATION" == "YES" ]] && ("$CIDIR/validate-round-trips.sh" "$WORKING_DIR" "$@" || ("Failed to validate XML->JSON->XML round-trips" && exit 6) ) +[[ "$PERFORM_GENERATION" == "YES" ]] && ("$CIDIR/generate-model-documentation.sh" "$WORKING_DIR" "$@" || ("Failed to generate website schema model content" && exit 7) ) diff --git a/build/ci-cd/saxon-init.sh b/build/ci-cd/saxon-init.sh old mode 100644 new mode 100755 diff --git a/build/ci-cd/schematron-init.sh b/build/ci-cd/schematron-init.sh old mode 100644 new mode 100755 index 3c4c63a9a4..584084f977 --- a/build/ci-cd/schematron-init.sh +++ b/build/ci-cd/schematron-init.sh @@ -38,18 +38,18 @@ validate_with_schematron() { xsl_transform "$compiled_schematron" "$source_file" "$svrl_result" cmd_exitcode=$? if [ $cmd_exitcode -ne 0 ]; then - echo "${P_ERROR}Processing Schematron '$compiled_schematron' failed for target file '$source_file'${P_END}" + echo "Processing Schematron '$compiled_schematron' failed for target file '$source_file'" return 3 fi # check if the SVRL result contains errors if grep --quiet "failed-assert" "$svrl_result"; then - echo "${P_ERROR}The file '$source_file' has the following Schematron errors:" + echo "The file '$source_file' has the following Schematron errors:" # display the errors xsl_transform "$OSCALDIR/build/ci-cd/svrl-to-plaintext.xsl" "$svrl_result" - echo -n "${P_END}" + echo "" return 1 else - echo "${P_OK}File '$source_file' passed Schematron validation.${P_END}" + echo "File '$source_file' passed Schematron validation." fi } diff --git a/build/ci-cd/setup-ubuntu.sh b/build/ci-cd/setup-ubuntu.sh new file mode 100644 index 0000000000..d1bc00d728 --- /dev/null +++ b/build/ci-cd/setup-ubuntu.sh @@ -0,0 +1,29 @@ +#!/bin/bash +# The following commands will install all build dependencies on Ubuntu. + +sudo apt-get update + +sudo apt-get -y install libxml2-utils nodejs npm python-pip jq + +sudo apt-get -y install openjdk-11-jre-headless maven + +sudo npm install -g ajv-cli prettyjson + +pip install --user lxml + +export SAXON_VERSION=9.9.1-3 +export GITHUB_DIR="$HOME/github" +export SCHEMATRON_HOME="$GITHUB_DIR/Schematron/schematron" +export OSCAL_TOOLS_DIR="$GITHUB_DIR/usnistgov/oscal-tools" + + +mvn org.apache.maven.plugins:maven-dependency-plugin:2.10:get -DartifactId=Saxon-HE -DgroupId=net.sf.saxon -Dversion=$SAXON_VERSION + +git clone --depth 1 --no-checkout https://github.com/Schematron/schematron.git "$SCHEMATRON_HOME" +cd "$SCHEMATRON_HOME" +git checkout master -- trunk/schematron/code + +git clone --depth 1 https://github.com/usnistgov/oscal-tools.git "${OSCAL_TOOLS_DIR}" +cd "$OSCAL_TOOLS_DIR/json-cli" +mvn clean install + diff --git a/build/ci-cd/validate-content.sh b/build/ci-cd/validate-content.sh old mode 100644 new mode 100755 index f801c9e61d..107f683308 --- a/build/ci-cd/validate-content.sh +++ b/build/ci-cd/validate-content.sh @@ -36,18 +36,20 @@ while IFS="|" read path format model converttoformats || [ -n "$path" ]; do case $format in xml) schema="$working_dir/xml/schema/oscal_${model}_schema.xsd" - xmllint --noout --schema "$schema" "$file" + result=$(xmllint --noout --schema "$schema" "$file") cmd_exitcode=$? if [ $cmd_exitcode -ne 0 ]; then + echo "${P_ERROR}${result}${P_END}" echo "${P_ERROR}XML schema validation failed for '$file'.${P_END}" exitcode=1 fi ;; json) schema="$working_dir/json/schema/oscal_${model}_schema.json" - validate_json "$schema" "$file" + result=$(validate_json "$schema" "$file") cmd_exitcode=$? if [ $cmd_exitcode -ne 0 ]; then + echo "${P_ERROR}${result}${P_END}" echo "${P_ERROR}JSON schema validation failed for '$file'.${P_END}" exitcode=1 fi diff --git a/build/ci-cd/validate-metaschema.sh b/build/ci-cd/validate-metaschema.sh old mode 100644 new mode 100755 index d8d3acff6e..4df6a958fa --- a/build/ci-cd/validate-metaschema.sh +++ b/build/ci-cd/validate-metaschema.sh @@ -46,18 +46,20 @@ while IFS="|" read path gen_schema gen_converter gen_docs || [[ -n "$path" ]]; d for metaschema in $files_to_process do echo "${P_INFO}Validating metaschema '$metaschema'${P_END}" - xmllint --noout --schema "$metaschema_lib/metaschema.xsd" "$metaschema" + result=$(xmllint --nowarning --noout --schema "$metaschema_lib/metaschema.xsd" "$metaschema" 2>&1) cmd_exitcode=$? if [ $cmd_exitcode -ne 0 ]; then + echo "${P_ERROR}${result}${P_END}" echo "${P_ERROR}Metaschema '$metaschema' is not valid.${P_END}" exitcode=1 else svrl_result="$working_dir/svrl/${file/$OSCALDIR\/src\//}.svrl" svrl_result_dir=${svrl_result%/*} mkdir -p "$svrl_result_dir" - validate_with_schematron "$compiled_schematron" "$metaschema" "$svrl_result" + result=$(validate_with_schematron "$compiled_schematron" "$metaschema" "$svrl_result") cmd_exitcode=$? if [ $cmd_exitcode -ne 0 ]; then + echo "${P_ERROR}${result}${P_END}" exitcode=1 fi fi diff --git a/build/ci-cd/validate-round-trips.sh b/build/ci-cd/validate-round-trips.sh old mode 100644 new mode 100755 diff --git a/build/metaschema/json/json-schema-metamap.xsl b/build/metaschema/json/json-schema-metamap.xsl index d697a24215..abbfce9a21 100644 --- a/build/metaschema/json/json-schema-metamap.xsl +++ b/build/metaschema/json/json-schema-metamap.xsl @@ -26,6 +26,7 @@ STRVALUE RICHTEXT + PROSE @@ -36,7 +37,7 @@ http://json-schema.org/draft-07/schema# - http://csrc.nist.gov/ns/oscal/{ $composed-metaschema/METASCHEMA/schema-version }/{ short-name }-schema.json + { $composed-metaschema/METASCHEMA/namespace }-schema.json { . }: JSON Schema @@ -46,9 +47,9 @@ - + @@ -64,7 +65,41 @@ --> - + + + + + http://json-schema.org/draft-07/schema# + { namespace }-schema.json + + { . }: JSON Schema + + + + object + + + + + + + + + #/definitions/{ @root } + + + + + + + + - + #/definitions/{@name} object + + + + - - - - - - - - - + + - + + + select="flag[not((@name|@ref) = $value-key-name)] | model//(field | assembly)"/> + we require an unspecified property, with any key, to carry the nominal value - + @@ -124,41 +159,62 @@ + + + + + + + + + + + + + + + + + + + + - + - + - + - - + + - + + + + + + - - matching { @name } - - - #/definitions/{@group-as} - object - - object - #/definitions/{ @name } - - 1 - - + + + + + + #/definitions/{@name} @@ -166,23 +222,22 @@ + false - - - + + #/definitions/{@name} - - - + + @@ -199,18 +254,25 @@ - + - + + - + + + - + @@ -219,77 +281,254 @@ - + - - + + string - + - + - - string + + + + + + + - - + + + + + string + + + + + + + + + + + + + + + + object + 1 + + + + object + #/definitions/{ @ref } + + + + string + + + + + + + + + + + + #/definitions/{ @ref } + + + + + + + array + + { max((@min-occurs/number(),1)) } + + + { . } + + + #/definitions/{ @ref } + + + + + + + - object - #/definitions/{ @named } + #/definitions/{ @ref } array + + { @max-occurs } + - #/definitions/{ @named } + #/definitions/{ @ref } + 2 - - - - object - #/definitions/{ $group-name } + + + + object - + - + string - + + + + string + + + array + + + string + + + 2 + + + + + + + + + + + + + + string + + + + + + boolean - - - - #/definitions/{ @named } - + + integer + - - - #/definitions/prose - + + integer + 1.0 + 1 + + + + integer + 1.0 + 0 + + + + + + - + + + + number + (\+|-)?([0-9]+(\.[0-9]*)?|\.[0-9]+) + + + + string + + + ((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))(Z|[+-][0-9]{2}:[0-9]{2}) + + + string + date-time + + ((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2}) + + + string + email + + .+@.+ + + + string + ipv4 + + ((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9]).){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9]) + + + string + ipv6 + + (([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|[fF][eE]80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::([fF]{4}(:0{1,4}){0,1}:){0,1}((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9]).){3,3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9]).){3,3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])) + + + string + idn-hostname + + .+ + + + string + uri + + + + string + uri-reference + + + + diff --git a/build/metaschema/json/md-oscal-converter.xsl b/build/metaschema/json/md-oscal-converter.xsl index cf5dbc501f..52bb262fab 100644 --- a/build/metaschema/json/md-oscal-converter.xsl +++ b/build/metaschema/json/md-oscal-converter.xsl @@ -135,8 +135,7 @@ - + @@ -365,7 +364,7 @@ "" !\[{{$text}}\] - + \(\) `` @@ -448,16 +447,16 @@ Paragraph, \n\nand new paragraph Bit of `code` here and there, such as one might have along with *italics*. - { ac-4.4_prm_2 } +no insertion here: { ac-4.4_prm_2 } Extra long x y and z -Here's a text with a parameter insertion: { insert } +Here's a text with a *parameter* insertion: {{ insert }} -{insert-me} +{{insert-me}} And interesting. diff --git a/build/metaschema/json/produce-json-converter.xsl b/build/metaschema/json/produce-json-converter.xsl index dc82db78b9..87da416d68 100644 --- a/build/metaschema/json/produce-json-converter.xsl +++ b/build/metaschema/json/produce-json-converter.xsl @@ -23,8 +23,9 @@ - - + + + @@ -62,30 +63,66 @@ - - - 000 Handling flag "{ @name }" 000 + + + + + + + 000 Handling flag "{ ../@name}/@{ @name }" 000 - + suppressing when matched in json2xml traversal + *[@key='{@name}'] - + + *[@key='{@name}']/{$match-step} - - | *[@key='{@group-as}']/{$match-step} - | array[@key='{@group-as}']/*/{$match-step} - + + | *[@key='{ . }']/{$match-step} + | array[@key='{ . }']/*/{$match-step} + - + - + + + + 000 Handling flag @{ @name } 000 + + + + *[@key='{@name}'] + + + + + *[@key='{@name}']/{$match-step} + + | *[@key='{ . }']/{$match-step} + | array[@key='{ . }']/*/{$match-step} + + + + + + + + + + + + + @@ -96,42 +133,68 @@ - - + - + - + - - + + + + + - - + + + + + *[@key='{@name}'] + + + + { $field-match } + + + + + { local-name()} is ignored on field { ../@name } of type 'markup-multiline' " + + + + - *[@key='{@name}']{ + + + *[@key='{@name}'] + + + + + 000 Handling field "{ @name }" 000 000 NB - template matching 'array' overrides this one 000 - - { $callers/(@name, @group-as) } - + + + + { $field-match } - + - - + + - + + + + + + + + + - - + + + + + + + + + + + + - + @@ -170,31 +255,41 @@ - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -214,14 +309,15 @@ - - + + + - + @@ -230,6 +326,15 @@ + + + + + + + + + @@ -237,53 +342,48 @@ - - - - - - - - - - - + + + *[@key='{@name}'] + + - *[@key='{@name}']{ - @group-as/(' | *[@key=''' || . || ''']') }{ - if (@name=../@root) then ' | /map[empty(@key)]' else ()} + 000 Handling assembly "{ @name }" 000 000 NB - template matching 'array' overrides this one 000 - - + + - + - - - - - - - - - - *[@key='{@group-as}']/* - - - - + + + + + Mapping object with key to element with attribute + + + + + + + + + + + + + + + @@ -320,27 +420,6 @@ - - - - - - - - - - - - - - - - @@ -354,10 +433,6 @@ - - diff --git a/build/metaschema/json/pull-datatypes.xsl b/build/metaschema/json/pull-datatypes.xsl new file mode 100644 index 0000000000..76e78f5d49 --- /dev/null +++ b/build/metaschema/json/pull-datatypes.xsl @@ -0,0 +1,77 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + string + + + + + date + date-time + email + ipv4 + ipv6 + uri + uri-reference + + + + { @name } + + + + idn-hostname + + + + string + + + + + + { @value } + + + + \ No newline at end of file diff --git a/build/metaschema/lib/metaschema-author.css b/build/metaschema/lib/metaschema-author.css index 5f536d8c8a..b9513bfd05 100644 --- a/build/metaschema/lib/metaschema-author.css +++ b/build/metaschema/lib/metaschema-author.css @@ -28,11 +28,7 @@ define-field[group-as]:before, define-flag[group-as]:before { content: oxy_name() - oxy_textfield(edit, '@name', columns, 12) - ', group as ' - oxy_textfield(edit, '@group-as', columns, 12) - } - + oxy_textfield(edit, '@name', columns, 12) } define-assembly *, define-field *, define-flag * { margin: 0em } @@ -76,17 +72,22 @@ example *:after { content: ''; font-family: monospace; font-siz model { padding-left: 0.5em; border-left: medium solid blue; font-size: 80%; padding-right: 2em } -flag:after { content: +flag:before { content: oxy_name() - oxy_textfield(edit, '@name', columns, 12) - - } + ' name: ' oxy_textfield(edit, '@name', columns, 12) + ' ref: ' oxy_textfield(edit, '@name', columns, 12) + } + +assembly:before, field:before { + content: + oxy_name() ' named ' + oxy_textfield(edit, '@ref', columns, 12) } + +group-as { margin-left: 2em } + +group-as:before { content: 'group as ' + oxy_textfield(edit, '@name', columns, 12) } -assembly:after, field:after, assemblies:after, fields:after { content: - oxy_name() ' named ' - oxy_textfield(edit, '@named', columns, 12) - - } choice:before { content: 'a choice between' diff --git a/build/metaschema/lib/metaschema-check.sch b/build/metaschema/lib/metaschema-check.sch index 9949ed3a69..222bec1bba 100644 --- a/build/metaschema/lib/metaschema-check.sch +++ b/build/metaschema/lib/metaschema-check.sch @@ -3,19 +3,23 @@ xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" xmlns:sqf="http://www.schematron-quickfix.com/validator/process" - xmlns:oscal="http://csrc.nist.gov/ns/oscal/1.0"> + xmlns:oscal="http://csrc.nist.gov/ns/oscal/1.0" + xmlns:of="http://csrc.nist.gov/ns/oscal/functions/1.0"> + + + @@ -30,101 +34,119 @@ + - + Definition for '' is not unique in this metaschema module (only the last one found will be used) formal-name missing from description missing from model missing from - Can't use name '': it's reserved for prose. - - Clashing name with group name: - Clashing group name with name: - Definition set to address by '', but no flag with that name is declared. - Assembly is used in groups ("assemblies") but has no grouping name (@group-as). See definition(s) for - Field is used in groups ("fields") but has no grouping name (@group-as). See definition(s) for - Property defined as boolean may not have flags. + Property defined as boolean may not have flags. + is assigned a json key, but no 'json-key' is given + Names "STRVALUE", "RICHTEXT" or "PROSE" (reserved names) + - - - - - - Only one flag (or key) may be named + + + + JSON key indicates no flag on this + Should be (one of) - - Inside a field definition, a value-key must be - given with a literal value - Inside a flag reference, a value-key must be empty - (serving to declare the flag as the value key) + + JSON value key may be set to a value or a flag's value, but not both. + flag '' not found for JSON value key + json-value-key flag is unnecessary here as without it, the field maps to a JSON scalar not an object + + Value '' may only be + specified once for flag ''. + + - - A flag declared as a value key must be required (@required='yes') - A flag may not be marked as a value key when its field has a (literal) value key. - Only one flag may be marked as a value key on a field. - Only one flag (or key or value-key) may be named - - No definition found for '' - Flag data type doesn't match: the definition has '' - Flag should not be named "STRVALUE" or "RICHTEXT" (reserved names) + + Flag declaration must have 'name' or 'ref' + Flag declaration may be by name or reference, not both (remove @name or @ref) + A flag referencing an existing declaration must not specify a data type + + A flag declared as a value key must be required (@required='yes') + Only one flag may be named + + No definition found for '' + Flag data type doesn't match: the definition has '' + Flag should not be named "STRVALUE", "RICHTEXT" or "PROSE" (reserved names) + - - Prose may not appear in more than once in a model - - - - No definition found for '' - Reference is made to '', but their definition does not give a group name. + + + + No definition found for '' + Target definition for { @ref} designates a json key, so + the invocation should have group-as/@json-behavior='BY_KEY' + Everything named the same must appear together + Clashing name with group name: - Everything named the same must appear together - Clashing name with group name: - Clashing group name with name: + Unless @max-occurs is 1, + a grouping name must be given + + A field referencing an existing declaration must not specify a data type + + + Only one field may be marked + as 'markup-multiline' (without xml wrapping) within a model. - + + + + + Name clash on '' + Grouping name is given but max-occurs is 1. + JSON behavior cannot be 'ARRAY' when max-occurs is 1. + Cannot group by key since the definition of + '' has no json-key specified. Consider adding a json-key to the '' definition, or using a different json-behavior. + + + Unexpected namespace: examples should use namespace '' + + + Empty paragraph (is likely to distort rendition) + - METASCHEMA/@root should be one of @@ -138,32 +160,52 @@ - Definition for assembly '' is not used. + Definition for assembly '' is not used. + + - Definition for field '' is not used. + Definition for field '' is not used. + + - Definition for flag '' is not used. + Definition for flag '' is not used. + + + Assembly '' invocation does not point to an assembly definition. + We expect one of + '' is a field, not an assembly. + '' is a flag, not an assembly. - - Assembly invocation does not point to an assembly definition. - We expect one of - '' is a field, not an assembly. - '' is a flag, not an assembly. + + Field invocation '' does not point to a field definition. + We expect one of + '' is an assembly, not a field. + '' is a flag, not an assembly. - - Field invocation does not point to a field definition. - We expect one of - '' is an assembly, not a field. - '' is a flag, not an assembly. + + + Flag invocation '' does not point to a flag definition. + + '' is a field, not a flag. + '' is an assembly, not a flag. + - Flag invocation does not point to a flag definition. - We expect one of - '' is a field, not a flag. - '' is an assembly, not a flag. + Named flag expects a 'formal-name' + Named flag expects a 'description' - + + + + + + + + + \ No newline at end of file diff --git a/build/metaschema/lib/metaschema-common-html.xsl b/build/metaschema/lib/metaschema-common-html.xsl index 0cb4adb443..4c0fddf36c 100644 --- a/build/metaschema/lib/metaschema-common-html.xsl +++ b/build/metaschema/lib/metaschema-common-html.xsl @@ -1,24 +1,38 @@ + xmlns="http://www.w3.org/1999/xhtml" + exclude-result-prefixes="xs m"> + -

The short name (file identifier) for this schema is . It is used internally when an - identifier is called for, and may appear in file names of schema artifacts.

+

+ Short name + + +

+ + + +

+ Schema version + + +

- : - +

+ +

-
- +

+ +

@@ -44,10 +58,10 @@ -

The value can be one of the following:

+

The value may be locally defined, or one of the following:

 -

The value can only be one of the following:

+

The value must be one of the following:
    @@ -59,8 +73,8 @@
  • :
    • - -
    + +
    @@ -122,7 +136,7 @@ - + < @@ -139,11 +153,11 @@ - + </ > @@ -177,4 +191,5 @@ + \ No newline at end of file diff --git a/build/metaschema/lib/metaschema-compose.xsl b/build/metaschema/lib/metaschema-compose.xsl index 4099a878ae..b05d910211 100644 --- a/build/metaschema/lib/metaschema-compose.xsl +++ b/build/metaschema/lib/metaschema-compose.xsl @@ -159,17 +159,17 @@ - Formal name override for { replace(local-name(),'^define-','')} '{ @name }': using "{ $me-and-mine[last()]/formal-name }" + + - @@ -200,17 +200,15 @@ - + - string - + - @@ -221,7 +219,7 @@ - + @@ -229,7 +227,7 @@ - + @@ -237,8 +235,8 @@ - - + + diff --git a/build/metaschema/lib/metaschema-docs-util.xsl b/build/metaschema/lib/metaschema-docs-util.xsl new file mode 100644 index 0000000000..f0a09dc06e --- /dev/null +++ b/build/metaschema/lib/metaschema-docs-util.xsl @@ -0,0 +1,422 @@ + + + + + + + + + + + + + + + + + + + + + + + 1 + + + + + + + + + + + + + + + + Schema ToC + + + + + + 
    +               
+
    + + + + + + +
    + +
    + + +     + + + + + + +
  • { @name } --
    • +     + + + + + + + + + + + + + yes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + OBJECT + + + + + SCALAR + ARRAY + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + [ + + { $minOccurs } + { $minOccurs } or { $maxOccurs } + { $minOccurs } to { $maxOccurs } + + ] + + + + + + optional + , + + one only + + + + required, one (1) only + + + + required, exactly { m:spell-number(@min-occurs) } + + + + optional + + + + + + required, at least + + + + + as many as needed + + + one only + + + { m:spell-number(.) } at most + + + + + + + + ({ $no }) + + + + + + + a + + + + + + + + + + + + + + + + + +
    + + + collapsed + +
    +
    + + + expanded + +
    +     +     + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + . + + + + + + +     \ No newline at end of file diff --git a/build/metaschema/lib/metaschema-element-map.xsl b/build/metaschema/lib/metaschema-element-map.xsl deleted file mode 100644 index ced7ed8690..0000000000 --- a/build/metaschema/lib/metaschema-element-map.xsl +++ /dev/null @@ -1,254 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - --- - title: Schema map test - description: Schema map test - permalink: /schema-map/ - layout: post --- - - - - - - - Schema ToC - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    -

    Schema map

    -

    Elements are optional unless noted as required, and repeatable unless noted as one only.

    -
    - -
    -
    -     - - - - - - - -

    - < - - - - - / - > - - - </ - - > - - -

    -     - - - - - -
    -

    - < - - - - - -

    - -

    - < - - > -

    -
    -     - - - - - - one only - - , - required - - - - ({ $note }) - - - - -
    - -
    -     - - - string value - - - - mixed content - - - - - - - - -

    Prose contents (paragraphs, lists, headers and tables)

    -     - - - - - - - =" - - { - - } - - " - - -     \ No newline at end of file diff --git a/build/metaschema/lib/metaschema-generate-outline.xsl b/build/metaschema/lib/metaschema-generate-outline.xsl new file mode 100644 index 0000000000..5c962f231b --- /dev/null +++ b/build/metaschema/lib/metaschema-generate-outline.xsl @@ -0,0 +1,78 @@ + + +]> + + + + + + + + + + + + + + + + + - + &nl; + + + + + + + + : + + + ( + + ) + + + + + + + : + ? + , + + + + + + + + + + + + * + + + ? + + + + + + + - + &nl; + + + + + + + + \ No newline at end of file diff --git a/build/metaschema/lib/metaschema-jsondocs-jekyll-uswds.xsl b/build/metaschema/lib/metaschema-jsondocs-jekyll-uswds.xsl index a7c0ac5b01..07665bba4b 100644 --- a/build/metaschema/lib/metaschema-jsondocs-jekyll-uswds.xsl +++ b/build/metaschema/lib/metaschema-jsondocs-jekyll-uswds.xsl @@ -1,23 +1,33 @@ - + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + exclude-result-prefixes="#all" + xmlns:fn="http://www.example.com/fn"> + - + + + + + - + + @@ -26,12 +36,12 @@ - + - - - + + + @@ -50,26 +60,22 @@
    +

    Schema download + + + +

    - -
    - The root object of this schema is - - - -
    - -     -
    +     - + -

    + @@ -80,160 +86,218 @@ define-field[not(@show-docs = 'xml' or @show-docs = 'xml json')] | define-assembly[not(@show-docs = 'xml' or @show-docs = 'xml json')]"/>--> - - - - -
    -

    - : + : object

    - - + + -

    This object appears as a property on: +

    Appears as a property on: , - + .

     - + +
    - + + https://github.com/usnistgov/OSCAL/tree/master + + + + + +

    + Module defined: + { + replace(.,'.*/','') }

    +     +     + + + +
    +
    Remarks
    + +
    +     +     + - - -
    -

    - : string object

    +

    + : + object

    - - - -

    Supports Markdown

    -     - -

    A Boolean value

    -     -     - - - - - must - may - - - - - (string) properties - a (string) property - - -
    -

    The {@name} object { $modal } have { $noun }:

    -
      - -
    -
    - + + + +

+ + - - - - -

This object appears as a property on: - - , - - .

- - + + + + + +
  • +

    A string property, labeled STRVALUE

    +
    • +     + +
  • +

    a string property to be processed as a Markdown line, labeled RICHTEXT

    +
    • +     + +

  • a string property to be processed as a Markdown page, labeled PROSE

    • +     + + +
  • +

    + + property + +

    +
    • +     + + + + a string property + + , not labeled + + , + or + + { . } + + , whose label can be taken as the value of (implicit) property + + + + + + + STRVALUE + RICHTEXT + PROSE + + + +

    This object appears as a property on: + + , + + .

    +     +     + - + +

    This object appears unlabelled in an array called { @group-as }.

     - - - +     - - -
    -
    -

    - : object

    - - -
    +
    +

    + : object

    + + +
    - { @name } is the root (containing) object of - this schema.
    + { @name } is the root (containing) object of this + schema.     - + - + - - - -

    This object appears as a property on: - - , - - .

    -     +
    - - + + @@ -252,12 +316,12 @@     )     - - - -

    Object of type

    + + + +

    A string conforming to constraints of type

    - + (addressable by @@ -273,16 +337,76 @@
  • - - - + + + + property - + (optional) - - + + + + +
    • +     + + + +
  • +

    + Implicitly + , a property + + + + + + : + this value will appear as the + key + (label) of a property of the parent + { ../@name } + JSON object, not labeled + + , + or + + { . } + + +

    + + + + + +
    • +     + + + { ../@name } +
  • +

    + Implicitly + , a property + + + + + + : + this value will appear as the key (label) of the parent { ../@name } JSON object +

    + + +
    • @@ -298,7 +422,10 @@

    The object has the following members (properties):

      - + + + +
    @@ -306,44 +433,106 @@
  • - - - - - object - - - - - +

    + + + + object + +

    + + +
    • - - - -
  • An array labelled - - , containing - - - - objects - - + , containing + + + objects, labelled + +

    + + +
    • - - (optional) - (required) - + + + +
  • +

    + Labelled + + + + , an array containing + + + + objects, or a single + + + + object + +

    + + + + +
    • +     + + + + + +

    + JSON + + +

    +     @@ -374,8 +563,6 @@ - - @@ -416,79 +603,52 @@     - - + + - + - - - string property - string property - array of string properties - - (may contain Markdown) - (with no value given) + + + + + + + + string property + string property + object, with labeled value + + array of { if ( m:has-properties(.)) then 'objects' else 'strings' }. + { if ( m:has-properties(.)) then 'object' else 'string' } (when a singleton) or array { if ( m:has-properties(.)) then 'objects' else 'strings' } (when multiple) + object (with label) + + array + object (when a singleton) or array (when multiple) + object (with label) object (with object properties) - array of objects - Reserved for prose ANY - + + (type ) + (may contain inline Markdown) + (may contain Markdown paragraphs) + (with no value given) + + Matching - - + + -     \ No newline at end of file + diff --git a/build/metaschema/lib/metaschema-jsonobject-map.xsl b/build/metaschema/lib/metaschema-jsonobject-map.xsl new file mode 100644 index 0000000000..b01dcdfe90 --- /dev/null +++ b/build/metaschema/lib/metaschema-jsonobject-map.xsl @@ -0,0 +1,374 @@ + + + + oscal-catalog-xml + + + + + + + + + + + + + + + + +
    + +
    +     + + +
    + + + + +
    +     + + + + + + + + + + +

    + + {{ "{{" }} + + }} + + + , labeling + + + + + + + + + : + + + + , +

    +     + + + +
    +

    + + + {{ "{{" }} + + }} + + + , labeling + + + + + + + + + objects: + + { + +

    + +

    + + } + , + +

    +
    +     + + + +
    +

    + + + + + : + + { +

    + +

    + + } + , + +

    +
    +     + + + + +
    +

    + + + + + : + + [ { +

    + +

    + + } ] + , + +

    +
    +     + + + + + + + + +

    + + + + : + + + + , +

    +     + + + +
    +

    + + + + + : + + { +

    + +

    } ,

    +
    +     + + + +

    + + {{ "{{" }} + + }}: + + + + , +

    +     + + + +

    + + + + : + + + , +

    +     + + + + + + + + + + + + + + + + +
    + + +
    +     + + + + + + + + + + +

    + STRVALUE: + + [0 or 1] + + , +

    +     + + +

    + RICHTEXT: + + [0 or 1] + + , + +

    +     + + + + + + string + + + + text, parsed as Markdown (multiple lines) + + + + + + + + + + + +     \ No newline at end of file diff --git a/build/metaschema/lib/metaschema-old.xsd b/build/metaschema/lib/metaschema-old.xsd new file mode 100644 index 0000000000..af07c65f48 --- /dev/null +++ b/build/metaschema/lib/metaschema-old.xsd @@ -0,0 +1,391 @@ + + + + + + + + Root element of an OSCAL Metaschema metaschema. Defines a family of data + structures. + + + + + + + + + + + + + + + + + + + + + + + + An element with structured element content in XML; in JSON, an object with + properties. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + In JSON, an object with a nominal string value (potentially with internal + inline - not fully structured - markup). In XML, an element with string or mixed + content. + + + + + + + + + + + + + + + + + + + + + + + + In the XML, produces an attribute with the given name, whose value is used as a key value (aka object property name) in the JSON, enabling objects to be 'lifted' out of arrays when such values are distinct. Implies that siblings will never share values. Overloading with datatype 'ID' and naming the key 'id' is legitimate and useful. Even without ID validation, uniqueness of these values among siblings is validable. + + + + + + + + + + + + + + + + + + + + + Used inside a flag reference, designates + the flag as a label (key) to be used for the field value in the JSON on + the field being defined. Used directly inside a field + definition with a literal value, indicates that the value of the field + is to be labeled in the JSON with this value. + + + + + + + A data point to be expressed as an attribute in the XML or a name/value pair + in the JSON. TBD: make flag definitions optional and implicit from their + calls. + + + + + + + + + + + + + + + + + + + A formal name for the data construct, to be presented in documentation. It + is permissible for a formal name to provide nothing but an expanson of what is already given + by a tag (for example, this element could have formal name "Formal name") but it should at + the very least confirm, not confuse. + + + + + The XML namespace governing the names of elements in XML documents, which + expect to be conformant to the schemas expressed by this metaschema. By using this + namespace, documents and document fragments used in mixed-format environments may be + distinguished from neighbor XML formats using other namespaces. NB this is only for the + convenience of XML users; this value is not reflected in OSCAL JSON, and OSCAL applications + should not rely on namespaces alone to disambiguate or resolve semantics – only for + something more important, namely to manage and expose the governance of relevant + specifications. + + + + + + + + + + + + + + + + A short description of the data construct, to be inserted into + documentation. Unlike 'formal-name' this should not simply repeat what is readily + discernable from a tag (element name or json label), but say a little more about + it. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/build/metaschema/lib/metaschema-update.xsl b/build/metaschema/lib/metaschema-update.xsl new file mode 100644 index 0000000000..b97518975c --- /dev/null +++ b/build/metaschema/lib/metaschema-update.xsl @@ -0,0 +1,166 @@ + + + + + + + + + + + + + + + + + + + + + + + + Prose + Prose permits multiple paragraphs, lists, tables etc. + + + + + + + + + + + + + + + + + + + + + uri-reference + + + markup-line + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + + + + + + + + + + + + + + WARNING: group-as not found in this module for { local-name() } named '{ @named|@ref }' + + + + + + + + + + + unbounded + + + + + + + + unbounded + + + + + + + + + + + + + + + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/build/metaschema/lib/metaschema-xml-html.xsl b/build/metaschema/lib/metaschema-xml-html.xsl deleted file mode 100644 index 593a996717..0000000000 --- a/build/metaschema/lib/metaschema-xml-html.xsl +++ /dev/null @@ -1,307 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - -
    -     - - -

    - - : XML Schema -

    -     - - - - -
    -

    - : - attribute

    - -
    -     - - -
    -

    - : - element

    - -

    Supports inline encoding

     -

    True whenever given (presence signifies Boolean value)

     -     - - -
    -

    The element supports:

    -
      - -
    -
    -     - - -
    -     - - -
    -

    - : - element

    - - - - - - -
    -     - - - <> - - - - @ - - - - (group as - - - ) - - - - - - (addressable by - - - ) - - - - (required) - - - - - -
  • - Attribute - - - - - - (optional) - - -
    • -     - - - - - - -
    -

    The element has the following contents (in order):

    -
      - - -
    -
    -     - - - - -
  • - A - n - - - element - - - - -
    • -     - - (zero or one) - - (one) - - -
  • - elements (zero or more) - - -
    • -     - - - - - - 
    -            

-           
-
    - - -     - - - - - - - - - - - - - - - < - > - - - - - - - - -     \ No newline at end of file diff --git a/build/metaschema/lib/metaschema-xmldocs-jekyll-uswds.xsl b/build/metaschema/lib/metaschema-xmldocs-jekyll-uswds.xsl index 92e9470ef6..238fe72fc2 100644 --- a/build/metaschema/lib/metaschema-xmldocs-jekyll-uswds.xsl +++ b/build/metaschema/lib/metaschema-xmldocs-jekyll-uswds.xsl @@ -1,23 +1,28 @@ - + exclude-result-prefixes="#all"> - + + + + - + @@ -26,14 +31,14 @@ - + - - - + + + @@ -45,180 +50,171 @@ - - - - - -
    +
    +

    Schema download + + + +

    - -
    - The root object (element) of this schema is - - - -
    - -     -
    + - -

    + -

    The XML namespace for elements conformant to this schema: -

    +

    XML namespace + + + +

    - - - - + - -
    -

    - : + : attribute

    - + +

    This attribute appears on: , - + .

     + +
    + https://github.com/usnistgov/OSCAL/tree/master + + + + + + +

    + Module defined: + { + replace(.,'.*/','') }

    +     +     + - + - -
    -

    - : element

    +

    + : + element

    - - - -

    Supports inline encoding

    -     - -

    True whenever given (presence signifies Boolean value)

    -     -     - - - - - must - may - - - - - attributes - the attribute - - -
    -

    The {@name} element { $modal } have { $noun }:

    -
      - -
    -
    - -     - - - -

    This element appears inside: - - , - - .

    -     -     + + + + + + + must + may + + + + + attributes + the attribute + + +
    +

    The {@name} element { $modal } have { $noun }:

    +
      + +
    +
    +     + + +
    + + +
    +
    Remarks
    + +
    +     +     + + + + +

    This element appears inside: + + , + + .

    +     +     + - - -
    -
    -

    - : element

    - -
    - - +
    +

    + : + element

    + +
    +
    { @name } is the root (containing) element of this schema.
    - + - + - - -

    This element appears inside: - - , - - .

    -     -     +
    - + @@ -230,49 +226,30 @@     - - (group as - - - ) - - - - - - (addressable by - - - ) - - - - (required) - - - +
  • - - - + + + + attribute - - (optional) + (optional) + - - + +
    • + + (required) + - @@ -280,35 +257,45 @@

    The element has the following contents (in order):

      - +

    - + +
  • Any element (in a foreign namespace)
    • +     + +
  • - - + + - element - - - - - + element{ if (@max-occurs != '1') then 's' else '' } + + + + +
    • - (zero or one) - (zero or more) - (one) - + + + + +

    + XML + + +

    +     @@ -326,34 +313,29 @@
    + 
                      
-
    + -
    - +     + + + + + + - - + + + < @@ -364,57 +346,21 @@ " > - + - + - + + </ > - - - - - - - - - yes - - - - - - - { $json-indent='yes' } - - - - - - - - - - - - - - - - - - Example for '{ parent::example/../@name }' not JSONized -- - - - - + @@ -436,74 +383,55 @@ - + - + - - - attribute - element (with text contents) - element (with mixed text and element contents) - element (with element contents) - Reserved for prose - ANY - - + + + + + + + +

    An attribute

    +     + + +

    An element

    +     + + + + + + + , type + + + string + + + + + , with text contents + , with mixed text and (inline prose) element contents + , as prose content: paragraphs, lists etc. + , with element contents + Matching - - + + - \ No newline at end of file + diff --git a/build/metaschema/lib/metaschema-xmlelement-map.xsl b/build/metaschema/lib/metaschema-xmlelement-map.xsl new file mode 100644 index 0000000000..87283fd95e --- /dev/null +++ b/build/metaschema/lib/metaschema-xmlelement-map.xsl @@ -0,0 +1,162 @@ + + + + oscal-catalog-xml + + + + + + + + + + + + + + + + + + +
    + +
    +     + + +
    + + + + +
    +     + + + + + + + + +

    + < + + + + + / + > + + + </ + + > + + +

    +     + + + + + + + +
    +

    + + < + + + + + > + +

    + +

    + </ + + > +

    +
    +     + + + + + + + =" + + + + " + + + + +

    + Prose contents (paragraphs, lists, headers and tables) +

    +     + + + + + + + + + + + +
    + +
    +     + + + + string + + + + + + + + + +     diff --git a/build/metaschema/lib/metaschema.xsd b/build/metaschema/lib/metaschema.xsd index 4dc9e92b05..d404925477 100644 --- a/build/metaschema/lib/metaschema.xsd +++ b/build/metaschema/lib/metaschema.xsd @@ -1,5 +1,6 @@ - @@ -13,7 +14,6 @@ structures. - @@ -32,6 +32,7 @@ + An element with structured element content in XML; in JSON, an object with @@ -39,31 +40,26 @@ - - - - + + - - - - - + + - @@ -76,63 +72,97 @@ - - - + + + + - + - - - - - - - - - - - - + + - + In the XML, produces an attribute with the given name, whose value is used as a key value (aka object property name) in the JSON, enabling objects to be 'lifted' out of arrays when such values are distinct. Implies that siblings will never share values. Overloading with datatype 'ID' and naming the key 'id' is legitimate and useful. Even without ID validation, uniqueness of these values among siblings is validable. - - - - - - - + + + + + Determines if a given referenced field or assembly should be wrapped in an outer grouping. + + + + + + + + + + + + Always use an array. + + + + + Use a singleton for when a single value occurs or an array when multiple values occur. + + + + + Use with a `json-key` in the referenced field or assembly. + + + + + + + + + Use a wrapper element. + + + + + Do not use a wrapper element. + + + + - - + - Used inside a flag reference, designates + Used inside a define-field, designates the flag as a label (key) to be used for the field value in the JSON on - the field being defined. Used directly inside a field - definition with a literal value, indicates that the value of the field - is to be labeled in the JSON with this value. + the field being defined. When a flag-name is provided, indicates that the value of the field + is to be labeled in the JSON with the value of the flag. - + + + - + A data point to be expressed as an attribute in the XML or a name/value pair @@ -145,10 +175,13 @@ - + - + + + @@ -199,7 +232,7 @@ - + @@ -239,51 +272,47 @@ + - - - - - - - - - - - - + + + + + + - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + @@ -307,38 +336,51 @@ + - - - - - + + + + + + + + + + + + + + + + + + + + - - - - - - - - - + + + + + + @@ -350,9 +392,78 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Synonym for 'true'. + + + Synonym for 'false'. + + + diff --git a/build/metaschema/lib/oscal-datatypes.xsd b/build/metaschema/lib/oscal-datatypes.xsd new file mode 100644 index 0000000000..1e7339a198 --- /dev/null +++ b/build/metaschema/lib/oscal-datatypes.xsd @@ -0,0 +1,103 @@ + + + + + + The ip-v4-address type specifies an IPv4 address in dot decimal notation. + + + + + + + + + + The ip-v6-address type specifies an IPv6 address represented in 8 hextets separated by colons. + This is based on the pattern provided here: https://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses with some customizations. + + + + + + + + + + The xs:dateTime with a required timezone. + + + + + + + + + The xs:date with a required timezone. + + + + + + + + + + + + + + + + + Need a better pattern. + + + + + + + + + + + + + + Need a better pattern + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/build/metaschema/metaschema-notes.md b/build/metaschema/metaschema-notes.md index 0e97487e60..c7b8c66806 100644 --- a/build/metaschema/metaschema-notes.md +++ b/build/metaschema/metaschema-notes.md @@ -1,6 +1,6 @@ # Metaschema Design and Terminology -OSCAL Metaschema is a descriptive format for the specification and support of OSCAL tagging. Each metaschema is used as the basis for producing schema files, conversion files, documentation and utilities in support of that format. For any given OSCAL format defined by a metaschema (such as **catalog** or **profile**), the XML Schema (XSD) and JSON Schema will be consistent because they are produced from the same source. +OSCAL Metaschema is a descriptive format for the specification and support of OSCAL tagging. A metaschema is used as the basis for producing schema files, conversion files, documentation and utilities in support of that format. For any given OSCAL format defined by a metaschema (such as **catalog** or **profile**), the XML Schema (XSD) and JSON Schema will be consistent because they are produced from the same source. However, the terminology used to describe data in either format will be different depending on whether XML or JSON is used. (As a notation for an object-oriented model, YAML will be similar to JSON.) While both data formats describe tree structures (directed graphs), each format (with its implicit data model) has its peculiar design, which requires specification in detail. A data point represented as an attribute on an element in XML, for example, might be a string property on a data object in JSON. The metaschema moderates this distinction by providing rules regarding its own semantic constructs and how they are to be represented in the target notation. Accordingly, a mapping between JSON and XML conceptual descriptions for any OSCAL format is possible, given the metaschema. @@ -10,16 +10,14 @@ Within OSCAL models, all constructs are optional unless marked otherwise. | OSCAL Metaschema | XML | JSON \| YAML | |------------------|-----|------| -| Assembly | A single element with element content (child of assembly element parent) | Object property (of parent assembly object) | -| Assemblies | A sequence of elements (element content) *each named as an individual* | Array property of parent object, with a key for the group, containing objects | +| Assembly | An element with element content | An object, either a property or a member of an array property | | Field (with no flags) | A single element with text content | String property | -| Field with one or more flags | An element with text content, flags as attributes | Object property with `STRVALUE` String property, flags as other properties | -| Field `as='mixed'`, no flags permitted | An element permitting mixed content inline | String property, parseable as markdown | -| Field `as='mixed'`, flag(s) permitted | idem | Object property with `RICHTEXT` String property parseable as markdown | -| Fields | A sequence elements each for a single field (as above), named singly | Array property, with a key *for the group*, containing objects or strings as above (for fields with and without flags) | +| Field with one or more flags | An element with text content, flags as attributes | An object property with a designated property for its nominal string value as well as properties for its flags | | Flag | Attribute | String property | -| Flag with type | Attribute with lexical constraints per type | String property with lexical constraints per type, or typed property such as `number` or URI (per type) | -| Prose | Sequence of markdown-convertible elements (`p`, `ul` etc.) | Array property with key=`prose` containing (markdown) strings | +| Flag with designated data type | Attribute with lexical constraints per type | String property with lexical constraints per type, or typed property such as `number` or URI (per type) | +| Field `as-type='simple-markup'`, no flags permitted | An element permitting mixed content inline | String property or map with string property, parseable as markdown (line only) | +| Field `as='complex-markup'`, flag(s) permitted | idem | Object property with `RICHTEXT` String property or object with string property, parseable as markdown (full blocks) | + ## Constraints imposed on the Metaschema diff --git a/build/metaschema/unit-testing/datatypes/datatypes-datetime_json-schema.json b/build/metaschema/unit-testing/datatypes/datatypes-datetime_json-schema.json new file mode 100644 index 0000000000..6bf76003a5 --- /dev/null +++ b/build/metaschema/unit-testing/datatypes/datatypes-datetime_json-schema.json @@ -0,0 +1,83 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://csrc.nist.gov/ns/metaschema/unit-test/datatypes-dateTime-schema.json", + "$comment": "Metaschema Unit Test: datatypes-dateTime: JSON Schema", + "type": "object", + "definitions": { + "parent": { + "title": "parent", + "description": "parent assembly", + "$id": "#/definitions/parent", + "type": "object", + "properties": { + "flag-datetime": { + "title": "Date and Time Flag", + "description": "datetime flag", + "type": "string", + "format": "date-time", + "pattern": "((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})" + }, + "field-datetimes": { + "anyOf": [ + { + "$ref": "#/definitions/field-datetime" + }, + { + "type": "array", + "items": { + "$ref": "#/definitions/field-datetime" + }, + "minItems": 2 + } + ] + }, + "children": { + "anyOf": [ + { + "$ref": "#/definitions/child" + }, + { + "type": "array", + "items": { + "$ref": "#/definitions/child" + }, + "minItems": 2 + } + ] + } + }, + "required": [ + "flag-datetime" + ], + "additionalProperties": false + }, + "child": { + "title": "child", + "description": "child assembly", + "$id": "#/definitions/child", + "type": "object", + "properties": { + "field-datetime": { + "$ref": "#/definitions/field-datetime" + } + }, + "required": [ + "field-datetime" + ], + "additionalProperties": false + }, + "field-datetime": { + "title": "Date and Time", + "description": "With time zone", + "$id": "#/definitions/field-datetime", + "type": "string", + "format": "date-time", + "pattern": "((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})" + } + }, + "properties": { + "parent": { + "$ref": "#/definitions/parent" + } + } +} diff --git a/build/metaschema/unit-testing/datatypes/datatypes-datetime_metaschema.xml b/build/metaschema/unit-testing/datatypes/datatypes-datetime_metaschema.xml new file mode 100644 index 0000000000..23f3e24200 --- /dev/null +++ b/build/metaschema/unit-testing/datatypes/datatypes-datetime_metaschema.xml @@ -0,0 +1,46 @@ + + + + + + + Metaschema Unit Test: datatypes-dateTime + 1.0-milestone1 + metaschema-datatypes-dateTime + http://csrc.nist.gov/ns/metaschema/unit-test/datatypes-dateTime + + + parent + parent assembly + + Date and Time Flag + datetime flag + + + + + + + + + + + + + child + child assembly + + + + + + + Date and Time + With time zone + + + diff --git a/build/metaschema/unit-testing/datatypes/datatypes-datetime_test_valid_PASS.json b/build/metaschema/unit-testing/datatypes/datatypes-datetime_test_valid_PASS.json new file mode 100644 index 0000000000..9f56668a83 --- /dev/null +++ b/build/metaschema/unit-testing/datatypes/datatypes-datetime_test_valid_PASS.json @@ -0,0 +1,14 @@ +{ + "parent": { + "flag-datetime": "2019-08-22T12:20:00-05:00", + "field-datetimes": [ + "2019-09-28T23:20:50.52Z", + "2019-12-02T16:39:57-08:00", + "2019-12-31T23:59:59Z", + "2016-02-29T23:59:59Z" + ], + "children": { + "field-datetime": "1990-08-22T12:20:00-05:00" + } + } +} diff --git a/build/metaschema/unit-testing/datatypes/datatypes-prose_json-schema.json b/build/metaschema/unit-testing/datatypes/datatypes-prose_json-schema.json new file mode 100644 index 0000000000..29266484ec --- /dev/null +++ b/build/metaschema/unit-testing/datatypes/datatypes-prose_json-schema.json @@ -0,0 +1,106 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://csrc.nist.gov/ns/metaschema/unit-test/datatypes-schema.json", + "$comment": "Metaschema Unit Test: datatypes: JSON Schema", + "type": "object", + "definitions": { + "parent": { + "title": "parent", + "description": "parent assembly", + "$id": "#/definitions/parent", + "type": "object", + "properties": { + "field-date": {"$ref": "#/definitions/field-date"}, + "field-plaintext": {"$ref": "#/definitions/field-plaintext"}, + "field-flag-plaintext": {"$ref": "#/definitions/field-flag-plaintext"}, + "field-richtext": {"$ref": "#/definitions/field-richtext"}, + "field-flag-richtext": {"$ref": "#/definitions/field-flag-richtext"}, + "field-prose": {"$ref": "#/definitions/field-prose"}, + "field-flag-prose": {"$ref": "#/definitions/field-flag-prose"} + }, + "additionalProperties": false + }, + "field-date": { + "title": "Date", + "description": "With time zone", + "$id": "#/definitions/field-date", + "type": "string", + "pattern": "((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))(Z|[+-][0-9]{2}:[0-9]{2})" + }, + "field-plaintext": { + "title": "Plain text", + "description": "plain text, no markup", + "$id": "#/definitions/field-plaintext", + "type": "string" + }, + "field-flag-plaintext": { + "title": "Plain text", + "description": "plain text, no markup", + "$id": "#/definitions/field-flag-plaintext", + "type": "object", + "properties": { + "length": { + "title": "Length", + "description": "The length.", + "type": "integer", + "minimum": 1, + "multipleOf": 1.0 + }, + "STRVALUE": {"type": "string"} + }, + "required": ["STRVALUE"], + "additionalProperties": false + }, + "field-richtext": { + "title": "Rich text", + "description": "Rich text supports markup", + "$id": "#/definitions/field-richtext", + "type": "string" + }, + "field-flag-richtext": { + "title": "Rich text", + "description": "Rich text supports markup", + "$id": "#/definitions/field-flag-richtext", + "type": "object", + "properties": { + "length": { + "title": "Length", + "description": "The length.", + "type": "integer", + "multipleOf": 1.0, + "minimum": 1 + }, + "RICHTEXT": {"type": "string"} + }, + "required": ["RICHTEXT"], + "additionalProperties": false + }, + "field-prose": { + "title": "Prose", + "description": "Prose permits multiple paragraphs, lists, tables etc.", + "$id": "#/definitions/field-prose", + "type": "string" + }, + "field-flag-prose": { + "title": "Prose", + "description": "Prose permits multiple paragraphs, lists, tables etc.", + "$id": "#/definitions/field-flag-prose", + "type" : "object", + "properties": { + "length": { + "title": "Length", + "description": "The length.", + "type": "integer", + "multipleOf": 1.0, + "minimum": 1 + }, + "PROSE": {"type": "string"} + }, + "required": ["PROSE"], + "additionalProperties": false + } + }, + "properties": { + "parent": {"$ref": "#/definitions/parent"} + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/datatypes/datatypes-prose_metaschema.xml b/build/metaschema/unit-testing/datatypes/datatypes-prose_metaschema.xml new file mode 100644 index 0000000000..d4e2c6821d --- /dev/null +++ b/build/metaschema/unit-testing/datatypes/datatypes-prose_metaschema.xml @@ -0,0 +1,77 @@ + + + + + + + Metaschema Unit Test: datatypes + 1.0-milestone1 + metaschema-datatypes + http://csrc.nist.gov/ns/metaschema/unit-test/datatypes + + + parent + parent assembly + + + + + + + + + + + + + Date + With time zone + + + + Plain text + plain text, no markup + + + + Plain text + plain text, no markup + + Length + The length. + + + + + Rich text + Rich text supports markup + + + + Rich text + Rich text supports markup + + Length + The length. + + + + + Prose + Prose permits multiple paragraphs, lists, tables etc. + + + + Prose + Prose permits multiple paragraphs, lists, tables etc. + + Length + The length. + + + + diff --git a/build/metaschema/unit-testing/datatypes/datatypes-prose_test-valid-PASS.json b/build/metaschema/unit-testing/datatypes/datatypes-prose_test-valid-PASS.json new file mode 100644 index 0000000000..33f2d30750 --- /dev/null +++ b/build/metaschema/unit-testing/datatypes/datatypes-prose_test-valid-PASS.json @@ -0,0 +1,8 @@ +{ + "parent": { + "field-date": "2019-07-08TZ", + "field-plaintext": "Some *plain* text", + "field-richtext": "Some *rich* text", + "field-prose": "Here's some *extra prose*" + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/datatypes/datatypes-prose_test_bad-date_FAIL.json b/build/metaschema/unit-testing/datatypes/datatypes-prose_test_bad-date_FAIL.json new file mode 100644 index 0000000000..f492734964 --- /dev/null +++ b/build/metaschema/unit-testing/datatypes/datatypes-prose_test_bad-date_FAIL.json @@ -0,0 +1,12 @@ +{ + "$schema": "datatypes-prose_json-schema.json", + "parent": { + "date": "2019-06-31", + "plaintext": "Some *plain* text", + "richtext": "Some *rich* text", + "prose": { + "RICHTEXT": "Here's some *extra prose*", + "big": "yes" + } + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/flag/flag-basic_json-schema.json b/build/metaschema/unit-testing/flag/flag-basic_json-schema.json new file mode 100644 index 0000000000..2b29163d56 --- /dev/null +++ b/build/metaschema/unit-testing/flag/flag-basic_json-schema.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://csrc.nist.gov/ns/oscal/unit-testing/flag-basic-schema.json", + "$comment": "Metaschema Unit Test: flag: basic flag: JSON Schema", + "type": "object", + "definitions": { + "parent": { + "title": "parent", + "description": "parent assembly", + "$id": "#/definitions/parent", + "type": "object", + "properties": { + "flag": { + "title": "Flag", + "description": "A basic flag", + "type": "string" + }, + "flag-required": { + "title": "Required Flag", + "description": "A basic required flag", + "type": "string" + } + }, + "required": [ "flag-required" ], + "additionalProperties": false + } + }, + "properties": { + "parent": {"$ref": "#/definitions/parent"} + } +} diff --git a/build/metaschema/unit-testing/flag/flag-basic_metaschema.xml b/build/metaschema/unit-testing/flag/flag-basic_metaschema.xml new file mode 100644 index 0000000000..087aaeef4f --- /dev/null +++ b/build/metaschema/unit-testing/flag/flag-basic_metaschema.xml @@ -0,0 +1,32 @@ + + + + + + + Metaschema Unit Test: flag: basic flag + 1.0-milestone1 + metaschema-group-as + http://csrc.nist.gov/ns/oscal/unit-testing/flag-basic + + + parent + parent assembly + + + + + + + Flag + A basic flag + + + Required Flag + A basic required flag + + diff --git a/build/metaschema/unit-testing/flag/flag-basic_test_simple_PASS.json b/build/metaschema/unit-testing/flag/flag-basic_test_simple_PASS.json new file mode 100644 index 0000000000..d3f6312d51 --- /dev/null +++ b/build/metaschema/unit-testing/flag/flag-basic_test_simple_PASS.json @@ -0,0 +1,5 @@ +{ + "parent": { + "flag-required": "string" + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-array-bounded_json-schema.json b/build/metaschema/unit-testing/group-as/group-as-array-bounded_json-schema.json new file mode 100644 index 0000000000..65245ea52e --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-array-bounded_json-schema.json @@ -0,0 +1,33 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://csrc.nist.gov/ns/metaschema/unit-test/group-as-array-bounded-schema.json", + "$comment": "Metaschema Unit Test: group-as: JSON Schema", + "type": "object", + "definitions": { + "parent": { + "title": "parent", + "description": "parent assembly", + "$id": "#/definitions/parent", + "type": "object", + "properties": { + "props": { + "type": "array", + "items": {"$ref": "#/definitions/prop"}, + "minItems": 2, + "maxItems": 3 + } + }, + "required": ["props"], + "additionalProperties": false + }, + "prop": { + "title": "prop", + "description": "prop field", + "$id": "#/definitions/prop", + "type": "string" + } + }, + "properties": { + "parent": {"$ref": "#/definitions/parent"} + } +} diff --git a/build/metaschema/unit-testing/group-as/group-as-array-bounded_metaschema.xml b/build/metaschema/unit-testing/group-as/group-as-array-bounded_metaschema.xml new file mode 100644 index 0000000000..23679fa85a --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-array-bounded_metaschema.xml @@ -0,0 +1,30 @@ + + + + + + + Metaschema Unit Test: group-as + 1.0-milestone1 + metaschema-group-as + http://csrc.nist.gov/ns/metaschema/unit-test/group-as-array-bounded + + + parent + parent assembly + + + + + + + + + prop + prop field + + diff --git a/build/metaschema/unit-testing/group-as/group-as-array-bounded_test_array-inside_PASS.json b/build/metaschema/unit-testing/group-as/group-as-array-bounded_test_array-inside_PASS.json new file mode 100644 index 0000000000..5cc14ea81a --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-array-bounded_test_array-inside_PASS.json @@ -0,0 +1,5 @@ +{ + "parent": { + "props": [ "test1", "test2", "test3" ] + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-array-bounded_test_array-singleton_FAIL.json b/build/metaschema/unit-testing/group-as/group-as-array-bounded_test_array-singleton_FAIL.json new file mode 100644 index 0000000000..a8ca337a32 --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-array-bounded_test_array-singleton_FAIL.json @@ -0,0 +1,5 @@ +{ + "parent": { + "props": [ "test1" ] + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-array-bounded_test_array-upper_FAIL.json b/build/metaschema/unit-testing/group-as/group-as-array-bounded_test_array-upper_FAIL.json new file mode 100644 index 0000000000..53009e998f --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-array-bounded_test_array-upper_FAIL.json @@ -0,0 +1,5 @@ +{ + "parent": { + "props": [ "test1", "test2", "test3", "test4" ] + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-array-invalid-max_metaschema.xml b/build/metaschema/unit-testing/group-as/group-as-array-invalid-max_metaschema.xml new file mode 100644 index 0000000000..3bca8d06f2 --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-array-invalid-max_metaschema.xml @@ -0,0 +1,30 @@ + + + + + + + Metaschema Unit Test: group-as + 1.0-milestone1 + metaschema-group-as + http://csrc.nist.gov/ns/metaschema/unit-test/group-as + + + parent + parent assembly + + + + + + + + + prop + prop field + + \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-array-invalid-max_validation-schematron-FAIL b/build/metaschema/unit-testing/group-as/group-as-array-invalid-max_validation-schematron-FAIL new file mode 100644 index 0000000000..e69de29bb2 diff --git a/build/metaschema/unit-testing/group-as/group-as-array-optional_json-schema.json b/build/metaschema/unit-testing/group-as/group-as-array-optional_json-schema.json new file mode 100644 index 0000000000..99e7dcef59 --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-array-optional_json-schema.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://csrc.nist.gov/ns/metaschema/unit-test/group-as-array-optional-schema.json", + "$comment": "Metaschema Unit Test: group-as: JSON Schema", + "type": "object", + "definitions": { + "parent": { + "title": "parent", + "description": "parent assembly", + "$id": "#/definitions/parent", + "type": "object", + "properties": { + "props": { + "type": "array", + "items": {"$ref": "#/definitions/prop"}, + "minItems": 1 + } + }, + "additionalProperties": false + }, + "prop": { + "title": "prop", + "description": "prop field", + "$id": "#/definitions/prop", + "type": "string" + } + }, + "properties": { + "parent": {"$ref": "#/definitions/parent"} + } +} diff --git a/build/metaschema/unit-testing/group-as/group-as-array-optional_metaschema.xml b/build/metaschema/unit-testing/group-as/group-as-array-optional_metaschema.xml new file mode 100644 index 0000000000..2ecb4e9d37 --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-array-optional_metaschema.xml @@ -0,0 +1,30 @@ + + + + + + + Metaschema Unit Test: group-as + 1.0-milestone1 + metaschema-group-as + http://csrc.nist.gov/ns/metaschema/unit-test/group-as-array-optional + + + parent + parent assembly + + + + + + + + + prop + prop field + + diff --git a/build/metaschema/unit-testing/group-as/group-as-array-optional_test_empty_FAIL.json b/build/metaschema/unit-testing/group-as/group-as-array-optional_test_empty_FAIL.json new file mode 100644 index 0000000000..856aada170 --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-array-optional_test_empty_FAIL.json @@ -0,0 +1,6 @@ +{ + "parent": { + "props": [ + ] + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-array-optional_test_valid_PASS.json b/build/metaschema/unit-testing/group-as/group-as-array-optional_test_valid_PASS.json new file mode 100644 index 0000000000..c039e833ac --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-array-optional_test_valid_PASS.json @@ -0,0 +1,7 @@ +{ + "parent": { + "props": [ + "test1" + ] + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-array_json-schema.json b/build/metaschema/unit-testing/group-as/group-as-array_json-schema.json new file mode 100644 index 0000000000..a617dff89b --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-array_json-schema.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://csrc.nist.gov/ns/metaschema/unit-test/group-as-array-schema.json", + "$comment": "Metaschema Unit Test: group-as: JSON Schema", + "type": "object", + "definitions": { + "parent": { + "title": "parent", + "description": "parent assembly", + "$id": "#/definitions/parent", + "type": "object", + "properties": { + "props": { + "type": "array", + "items": {"$ref": "#/definitions/prop"}, + "minItems": 1 + } + }, + "required": ["props"], + "additionalProperties": false + }, + "prop": { + "title": "prop", + "description": "prop field", + "$id": "#/definitions/prop", + "type": "string" + } + }, + "properties": { + "parent": {"$ref": "#/definitions/parent"} + } +} diff --git a/build/metaschema/unit-testing/group-as/group-as-array_metaschema.xml b/build/metaschema/unit-testing/group-as/group-as-array_metaschema.xml new file mode 100644 index 0000000000..f107cf0e4a --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-array_metaschema.xml @@ -0,0 +1,30 @@ + + + + + + + Metaschema Unit Test: group-as + 1.0-milestone1 + metaschema-group-as + http://csrc.nist.gov/ns/metaschema/unit-test/group-as-array + + + parent + parent assembly + + + + + + + + + prop + prop field + + diff --git a/build/metaschema/unit-testing/group-as/group-as-array_test_singleton_FAIL.json b/build/metaschema/unit-testing/group-as/group-as-array_test_singleton_FAIL.json new file mode 100644 index 0000000000..5b0ebbb75a --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-array_test_singleton_FAIL.json @@ -0,0 +1,5 @@ +{ + "parent": { + "props": "test1" + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-array_test_valid_PASS.json b/build/metaschema/unit-testing/group-as/group-as-array_test_valid_PASS.json new file mode 100644 index 0000000000..6a8a6114de --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-array_test_valid_PASS.json @@ -0,0 +1,9 @@ +{ + "parent": { + "props": [ + "test1", + "test2", + "test3" + ] + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-by-key_json-schema.json b/build/metaschema/unit-testing/group-as/group-as-by-key_json-schema.json new file mode 100644 index 0000000000..0ec93f7d8d --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-by-key_json-schema.json @@ -0,0 +1,47 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://csrc.nist.gov/ns/metaschema/unit-test/group-as-by-key-schema.json", + "$comment": "Metaschema Unit Test: group-as: JSON Schema", + "type": "object", + "definitions": { + "parent": { + "title": "parent", + "description": "parent assembly", + "$id": "#/definitions/parent", + "type": "object", + "properties": { + "props": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "type": "object", + "$ref": "#/definitions/prop" + }, + { "not": { "type": "string" } } + ] + } + } + }, + "required": ["props"], + "additionalProperties": false + }, + "prop": { + "title": "prop", + "description": "prop field", + "$id": "#/definitions/prop", + "type": "object", + "properties": { + "STRVALUE": { + "type": "string" + } + }, + "required": ["STRVALUE"], + "additionalProperties": false + } + }, + "properties": { + "parent": {"$ref": "#/definitions/parent"} + } +} diff --git a/build/metaschema/unit-testing/group-as/group-as-by-key_metaschema.xml b/build/metaschema/unit-testing/group-as/group-as-by-key_metaschema.xml new file mode 100644 index 0000000000..aaf5f5b192 --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-by-key_metaschema.xml @@ -0,0 +1,35 @@ + + + + + + + Metaschema Unit Test: group-as + 1.0-milestone1 + metaschema-group-as + http://csrc.nist.gov/ns/metaschema/unit-test/group-as-by-key + + + parent + parent assembly + + + + + + + + + prop + prop field + + + ID + Identifier + + + diff --git a/build/metaschema/unit-testing/group-as/group-as-by-key_test_invalid-child_FAIL.json b/build/metaschema/unit-testing/group-as/group-as-by-key_test_invalid-child_FAIL.json new file mode 100644 index 0000000000..3008f9513e --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-by-key_test_invalid-child_FAIL.json @@ -0,0 +1,8 @@ +{ + "parent": { + "props": { + "id1": {"STRVALUE": "test1"}, + "id2": "test2" + } + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-by-key_test_valid_PASS.json b/build/metaschema/unit-testing/group-as/group-as-by-key_test_valid_PASS.json new file mode 100644 index 0000000000..f0b784ed32 --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-by-key_test_valid_PASS.json @@ -0,0 +1,9 @@ +{ + "parent": { + "props": { + "id3": {"STRVALUE": "test3"}, + "id2": {"STRVALUE": ""}, + "id1": {"STRVALUE": "test1"} + } + } +} diff --git a/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_json-schema.json b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_json-schema.json new file mode 100644 index 0000000000..56ed50e02b --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_json-schema.json @@ -0,0 +1,38 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://csrc.nist.gov/ns/metaschema/unit-test/group-as-singleton-or-array-optional-schema.json", + "$comment": "Metaschema Unit Test: group-as: JSON Schema", + "type": "object", + "definitions": { + "parent": { + "title": "parent", + "description": "parent assembly", + "$id": "#/definitions/parent", + "type": "object", + "properties": { + "props": { + "anyOf": [ + { + "$ref": "#/definitions/prop" + }, + { + "type": "array", + "items": {"$ref": "#/definitions/prop"}, + "minItems": 2 + } + ] + } + }, + "additionalProperties": false + }, + "prop": { + "title": "prop", + "description": "prop field", + "$id": "#/definitions/prop", + "type": "string" + } + }, + "properties": { + "parent": {"$ref": "#/definitions/parent"} + } +} diff --git a/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_metaschema.xml b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_metaschema.xml new file mode 100644 index 0000000000..694b6c7275 --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_metaschema.xml @@ -0,0 +1,30 @@ + + + + + + + Metaschema Unit Test: group-as + 1.0-milestone1 + metaschema-group-as + http://csrc.nist.gov/ns/metaschema/unit-test/group-as-singleton-or-array-optional + + + parent + parent assembly + + + + + + + + + prop + prop field + + diff --git a/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_test_empty_FAIL.json b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_test_empty_FAIL.json new file mode 100644 index 0000000000..856aada170 --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_test_empty_FAIL.json @@ -0,0 +1,6 @@ +{ + "parent": { + "props": [ + ] + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_test_invalid-array-singleton_FAIL.json b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_test_invalid-array-singleton_FAIL.json new file mode 100644 index 0000000000..c039e833ac --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_test_invalid-array-singleton_FAIL.json @@ -0,0 +1,7 @@ +{ + "parent": { + "props": [ + "test1" + ] + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_test_valid-array_PASS.json b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_test_valid-array_PASS.json new file mode 100644 index 0000000000..76f187e010 --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_test_valid-array_PASS.json @@ -0,0 +1,7 @@ +{ + "parent": { + "props": [ + "test1", "test2" + ] + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_test_valid-singleton_PASS.json b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_test_valid-singleton_PASS.json new file mode 100644 index 0000000000..68f6dde04f --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array-optional_test_valid-singleton_PASS.json @@ -0,0 +1,5 @@ +{ + "parent": { + "props": "test1" + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-singleton-or-array_json-schema.json b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array_json-schema.json new file mode 100644 index 0000000000..16da60370c --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array_json-schema.json @@ -0,0 +1,39 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://csrc.nist.gov/ns/metaschema/unit-test/group-as-singleton-or-array-schema.json", + "$comment": "Metaschema Unit Test: group-as: JSON Schema", + "type": "object", + "definitions": { + "parent": { + "title": "parent", + "description": "parent assembly", + "$id": "#/definitions/parent", + "type": "object", + "properties": { + "props": { + "anyOf": [ + { + "$ref": "#/definitions/prop" + }, + { + "type": "array", + "items": {"$ref": "#/definitions/prop"}, + "minItems": 2 + } + ] + } + }, + "required": ["props"], + "additionalProperties": false + }, + "prop": { + "title": "prop", + "description": "prop field", + "$id": "#/definitions/prop", + "type": "string" + } + }, + "properties": { + "parent": {"$ref": "#/definitions/parent"} + } +} diff --git a/build/metaschema/unit-testing/group-as/group-as-singleton-or-array_metaschema.xml b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array_metaschema.xml new file mode 100644 index 0000000000..38375a94bc --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array_metaschema.xml @@ -0,0 +1,30 @@ + + + + + + + Metaschema Unit Test: group-as + 1.0-milestone1 + metaschema-group-as + http://csrc.nist.gov/ns/metaschema/unit-test/group-as-singleton-or-array + + + parent + parent assembly + + + + + + + + + prop + prop field + + diff --git a/build/metaschema/unit-testing/group-as/group-as-singleton-or-array_test_singleton_PASS.json b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array_test_singleton_PASS.json new file mode 100644 index 0000000000..5b0ebbb75a --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array_test_singleton_PASS.json @@ -0,0 +1,5 @@ +{ + "parent": { + "props": "test1" + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/group-as/group-as-singleton-or-array_test_valid-array_PASS.json b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array_test_valid-array_PASS.json new file mode 100644 index 0000000000..6a8a6114de --- /dev/null +++ b/build/metaschema/unit-testing/group-as/group-as-singleton-or-array_test_valid-array_PASS.json @@ -0,0 +1,9 @@ +{ + "parent": { + "props": [ + "test1", + "test2", + "test3" + ] + } +} \ No newline at end of file diff --git a/build/metaschema/unit-testing/json-value-key/json-value-key-field_json-schema.json b/build/metaschema/unit-testing/json-value-key/json-value-key-field_json-schema.json new file mode 100644 index 0000000000..b11a894c76 --- /dev/null +++ b/build/metaschema/unit-testing/json-value-key/json-value-key-field_json-schema.json @@ -0,0 +1,61 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://csrc.nist.gov/ns/metaschema/unit-test/json-value-key-field-schema.json", + "$comment": "Metaschema Unit Test: json-value-key-field: JSON Schema", + "type": "object", + "definitions": { + "parent": { + "title": "parent", + "description": "parent assembly", + "$id": "#/definitions/parent", + "type": "object", + "properties": { + "props": { + "anyOf": [ + { + "$ref": "#/definitions/prop" + }, + { + "type": "array", + "items": { + "$ref": "#/definitions/prop" + }, + "minItems": 2 + } + ] + } + }, + "additionalProperties": false + }, + "prop": { + "title": "Property", + "description": "A value with a name, attributed to the containing control, subcontrol, part, or group.", + "$id": "#/definitions/prop", + "type": "object", + "properties": { + "id": { + "type": "string", + "title": "Identifier", + "description": "Unique identifier of the containing object" + }, + "ns": { + "type": "string", + "title": "Namespace", + "description": "A namespace qualifying the name." + }, + "class": { + "type": "string", + "title": "Class", + "description": "Indicating the type or classification of the containing object" + } + }, + "minProperties": 1, + "maxProperties": 4 + } + }, + "properties": { + "parent": { + "$ref": "#/definitions/parent" + } + } +} diff --git a/build/metaschema/unit-testing/json-value-key/json-value-key-field_metaschema.xml b/build/metaschema/unit-testing/json-value-key/json-value-key-field_metaschema.xml new file mode 100644 index 0000000000..92623d7918 --- /dev/null +++ b/build/metaschema/unit-testing/json-value-key/json-value-key-field_metaschema.xml @@ -0,0 +1,53 @@ + + + + + + + Metaschema Unit Test: json-value-key-field + 1.0-milestone1 + json-value-key-field + http://csrc.nist.gov/ns/metaschema/unit-test/json-value-key-field + + + parent + parent assembly + + + + + + + + + Property + A value with a name, attributed to the containing control, subcontrol, part, + or group. + + + + + + + + + Name + Identifying the purpose and intended use of the property, part or other object. + + + Identifier + Unique identifier of the containing object + + + Namespace + A namespace qualifying the name. + + + Class + Indicating the type or classification of the containing object + + diff --git a/build/metaschema/unit-testing/json-value-key/json-value-key-field_test_valid_PASS.json b/build/metaschema/unit-testing/json-value-key/json-value-key-field_test_valid_PASS.json new file mode 100644 index 0000000000..d57eb4987a --- /dev/null +++ b/build/metaschema/unit-testing/json-value-key/json-value-key-field_test_valid_PASS.json @@ -0,0 +1,21 @@ +{ + "parent": { + "props": [ + { + "prop1": "value1" + }, + { + "prop1": "value1", + "id": "id2", + "ns": "https://nist.gov/blah", + "class": "class1" + }, + { + "prop1": "value1", + "id": "id2", + "blah": "https://nist.gov/blah", + "class": "class1" + } + ] + } +} diff --git a/build/metaschema/unit-testing/json-value-key/json-value-key-label_json-schema.json b/build/metaschema/unit-testing/json-value-key/json-value-key-label_json-schema.json new file mode 100644 index 0000000000..ffc1f07965 --- /dev/null +++ b/build/metaschema/unit-testing/json-value-key/json-value-key-label_json-schema.json @@ -0,0 +1,68 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://csrc.nist.gov/ns/metaschema/unit-test/json-value-key-label-schema.json", + "$comment": "Metaschema Unit Test: json-value-key-label: JSON Schema", + "type": "object", + "definitions": { + "parent": { + "title": "parent", + "description": "parent assembly", + "$id": "#/definitions/parent", + "type": "object", + "properties": { + "links": { + "anyOf": [ + { + "$ref": "#/definitions/link" + }, + { + "type": "array", + "items": { + "$ref": "#/definitions/link" + }, + "minItems": 2 + } + ] + } + }, + "additionalProperties": false + }, + "link": { + "title": "Link", + "description": "A reference to a local or remote resource", + "$id": "#/definitions/link", + "type": "object", + "properties": { + "href": { + "type": "string", + "format": "uri-reference", + "title": "hypertext reference", + "description": "A link to a document or document fragment (actual, nominal or projected)" + }, + "rel": { + "type": "string", + "title": "Relation", + "description": "Purpose of the link" + }, + "media-type": { + "type": "string", + "title": "Media type", + "description": "Describes the media type of a linked resource" + }, + "text": { + "type": "string" + } + }, + "required": [ + "text", + "href" + ], + "additionalProperties": false + } + }, + "properties": { + "parent": { + "$ref": "#/definitions/parent" + } + } +} diff --git a/build/metaschema/unit-testing/json-value-key/json-value-key-label_metaschema.xml b/build/metaschema/unit-testing/json-value-key/json-value-key-label_metaschema.xml new file mode 100644 index 0000000000..2012dd909c --- /dev/null +++ b/build/metaschema/unit-testing/json-value-key/json-value-key-label_metaschema.xml @@ -0,0 +1,48 @@ + + + + + + + Metaschema Unit Test: json-value-key-label + 1.0-milestone1 + json-value-key-label + http://csrc.nist.gov/ns/metaschema/unit-test/json-value-key-label + + + parent + parent assembly + + + + + + + + + Link + A reference to a local or remote resource + text + + + + + + + hypertext reference + A link to a document or document fragment (actual, nominal or projected) + + + + Relation + Purpose of the link + + + Media type + Describes the media type of a linked resource + + diff --git a/build/metaschema/unit-testing/run-tests.sh b/build/metaschema/unit-testing/run-tests.sh new file mode 100755 index 0000000000..6611530813 --- /dev/null +++ b/build/metaschema/unit-testing/run-tests.sh @@ -0,0 +1,180 @@ +#!/bin/bash + +if [[ -z "$OSCALDIR" ]]; then + DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" + source "$DIR/../../ci-cd/common-environment.sh" +fi +source $OSCALDIR/build/ci-cd/init-validate-json.sh +source $OSCALDIR/build/ci-cd/schematron-init.sh + +# configuration +DEFAULT_TEST_DIR="$OSCALDIR/build/metaschema/unit-testing" +TEST_BUILD_DIR="$OSCALDIR/build/metaschema/unit-testing" +METASCHEMA_LIB_DIR="$OSCALDIR/build/metaschema/lib" +METASCHEMA_SCHEMA="$METASCHEMA_LIB_DIR/metaschema.xsd" +METASCHEMA_SCHEMATRON="$METASCHEMA_LIB_DIR/metaschema-check.sch" +DEBUG="false" + +# Process arguments +OTHER_ARGS=() +while [ $# -gt 0 ]; do + arg="$1" + case "$arg" in + -d|--test-dir) + TEST_DIR="$(realpath "$2")" + shift # argument + shift # value + ;; + --scratch-dir) + SCRATCH_DIR="$(realpath "$2")" + shift # argument + shift # value + ;; + *) # unknown option + OTHER_ARGS+=("$1") # save the arg + shift # past argument + ;; + esac +done + +if [ -z "${SCRATCH_DIR}" ]; then + SCRATCH_DIR=$(mktemp -d) +fi +echo "${P_INFO}Using scratch dir '${P_END}${SCRATCH_DIR}${P_INFO}'.${P_END}" + +test_dirs=() +if [ -n "${TEST_DIR}" ]; then + test_dirs+=("${TEST_DIR}") +else + while IFS= read -r -d $'\0'; do + test_dirs+=("$REPLY") + done < <(find "$DEFAULT_TEST_DIR" -mindepth 1 -maxdepth 1 -type d -print0) +fi +echo "${P_INFO}Executing tests in '${P_END}${test_dirs[@]}${P_INFO}'.${P_END}" + +# Generate metaschema schematron +compiled_schematron="$SCRATCH_DIR/metaschema-check-compiled.xsl" +build_schematron "$METASCHEMA_SCHEMATRON" "$compiled_schematron" +cmd_exitcode=$? +if [ $cmd_exitcode -ne 0 ]; then + echo "${P_ERROR}Compilation of Schematron '$METASCHEMA_SCHEMATRON' failed.${P_END}" + exit 1 +fi +cp "$METASCHEMA_LIB_DIR/metaschema-compose.xsl" "$SCRATCH_DIR" + +exitcode=0 +for dir in "${test_dirs[@]}" +do + echo "$dir" + unit_test_dir=$(basename -- "$dir") + echo "${P_INFO}Processing unit test collection: ${unit_test_dir}.${P_END}" + + while IFS= read -d $'\0' -r metaschema ; do + metaschema_file=$(basename -- "$metaschema") + base="${metaschema_file/_metaschema.xml/}" + path=${metaschema%/*} # remove filename + + if [ ! "$DEBUG" == "true" ]; then + # first validate the metaschema + echo "${P_INFO}Validating Metaschema '$metaschema'.${P_END}" + xmllint --nowarning --noout --schema "$METASCHEMA_SCHEMA" "$metaschema" + cmd_exitcode=$? + if [ $cmd_exitcode -ne 0 ]; then + echo "${P_ERROR}Metaschema '$metaschema' is not schema valid.${P_END}" + exitcode=1 + else + svrl_result="$SCRATCH_DIR/$unit_test_dir/${metaschema_file}.svrl" + svrl_result_dir=${svrl_result%/*} + mkdir -p "$svrl_result_dir" + result=$(validate_with_schematron "$compiled_schematron" "$metaschema" "$svrl_result") + cmd_exitcode=$? + if [ $cmd_exitcode -ne 0 ]; then + if [ -f "$path/${base}_validation-schematron-FAIL" ]; then + echo "${P_OK}Metaschema '$metaschema' was expected to fail the schematron checks.${P_END}" + continue; + else + echo "${P_ERROR}${result}${P_END}" + echo "${P_ERROR}Metaschema '$metaschema' did not pass the schematron checks.${P_END}" + exitcode=1 + continue; + fi + fi + fi + + # Now generate the JSON schema + transform="$OSCALDIR/build/metaschema/json/produce-json-schema.xsl" + schema="$SCRATCH_DIR/$unit_test_dir/${base}_generated-json-schema.json" + + echo "${P_INFO}Generating JSON schema for '$metaschema' as '$schema'.${P_END}" + xsl_transform "$transform" "$metaschema" "$schema" + cmd_exitcode=$? + if [ $cmd_exitcode -ne 0 ]; then + echo "${P_ERROR}Generating JSON schema failed for '$metaschema'.${P_END}" + exitcode=1 + continue; + fi + validate_json "$OSCALDIR/build/ci-cd/json-schema-schema.json" "$schema" + cmd_exitcode=$? + if [ $cmd_exitcode -ne 0 ]; then + echo "${P_ERROR}Generating JSON schema failed for '$metaschema'.${P_END}" + exitcode=1 + continue; + fi + fi + + # diff the generated JSON schema with the expected JSON schema + expected_schema="$path/${base}_json-schema.json" + # Only perform this check if an expected schema exists + if [ -f "$expected_schema" ]; then + if [ "$DEBUG" == "true" ]; then + schema="$expected_schema" + fi + diff=$(json-diff "$expected_schema" "$schema") + cmd_exitcode=$? + if [ $cmd_exitcode -ne 0 ]; then + echo "${P_ERROR}Generated JSON schema '$schema' doesn't match expected schema '$expected_schema'.${P_END}" + echo -E "${P_ERROR}${diff}${P_END}" + exitcode=1 + continue; + fi + fi + + # now run test instances + while IFS= read -d $'\0' -r test_instance ; do + echo "$test_instance" + test_instance_file=$(basename -- "$test_instance") + echo "${P_INFO}Running test instance: ${test_instance_file}${P_END}" + test_instance_name="${test_instance_file/${base}_test_/}" + test_instance_name="${test_instance_name%%.json}" + condition="${test_instance_name##*_}" + test_instance_name="${test_instance_name%_*}" + + result=$(validate_json "$schema" "$test_instance") + cmd_exitcode=$? + case "$condition" in + PASS) + if [ $cmd_exitcode -ne 0 ]; then + echo "${P_ERROR}Test validation failed for for test instance '${test_instance_file}'. Expected PASS.${P_END}" + exitcode=1 + else + echo "${P_OK}Test validation passed.${P_END}" + fi + ;; + FAIL) + if [ $cmd_exitcode -eq 0 ]; then + echo "${P_ERROR}Test validation failed for for test instance '${test_instance_file}'. Expected FAIL.${P_END}" + exitcode=1 + else + echo "${P_OK}Test validation passed.${P_END}" + fi + ;; + *) + echo "${P_ERROR}Unsupported condition '$condition' for test instance '$test_instance'.${P_END}" + exitcode=1 + ;; + esac + done < <(find "$dir" -maxdepth 1 -name "${base}_test_*.json" -type f -print0) + done < <(find "$dir" -maxdepth 1 -name "*_metaschema.xml" -type f -print0) +done + +exit $exitcode diff --git a/build/metaschema/xml/oscal-datatypes.xsd b/build/metaschema/xml/oscal-datatypes.xsd new file mode 100644 index 0000000000..991fda9af8 --- /dev/null +++ b/build/metaschema/xml/oscal-datatypes.xsd @@ -0,0 +1,98 @@ + + + + + + The ip-v4-address type specifies an IPv4 address in dot decimal notation. + + + + + + + + + + The ip-v6-address type specifies an IPv6 address represented in 8 hextets separated by colons. + This is based on the pattern provided here: https://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses with some customizations. + + + + + + + + + + The xs:dateTime with a required timezone. + + + + + + + + + The xs:date with a required timezone. + + + + + + + + + + + + + + + Need a better pattern. + + + + + + + + + + + + + + Need a better pattern + + + + + + + + + + + + + + Requires a scheme with colon per RFC 3986 + + + + + + + + + + + + + + diff --git a/build/metaschema/xml/oscal-prose-module.xsd b/build/metaschema/xml/oscal-prose-module.xsd index b77c42f857..682d5ebfea 100644 --- a/build/metaschema/xml/oscal-prose-module.xsd +++ b/build/metaschema/xml/oscal-prose-module.xsd @@ -263,13 +263,15 @@ we used to distinguish btw @type and @name the latter for components now we overload 'class' every which way --> - + + + diff --git a/build/metaschema/xml/produce-and-run-either-documentor.xsl b/build/metaschema/xml/produce-and-run-either-documentor.xsl index fb36279b6c..8182f52328 100644 --- a/build/metaschema/xml/produce-and-run-either-documentor.xsl +++ b/build/metaschema/xml/produce-and-run-either-documentor.xsl @@ -5,7 +5,7 @@ xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0" xmlns:html="http://www.w3.org/1999/xhtml" version="3.0"> - + @@ -13,35 +13,71 @@ xml ../../../docs/content/documentation/schemas + + + + + + https://github.com/usnistgov/OSCAL/blob/master/xml/schema/oscal_catalog_schema.xsd + https://github.com/usnistgov/OSCAL/blob/master/xml/schema/oscal_profile_schema.xsd + https://github.com/usnistgov/OSCAL/blob/master/xml/schema/oscal_component_schema.xsd + NO XML SCHEMA PATH GIVEN FOR SCHEMA { /METASCHEMA/short-name } + + + + + https://github.com/usnistgov/OSCAL/blob/master/json/schema/oscal_catalog_schema.json + https://github.com/usnistgov/OSCAL/blob/master/json/schema/oscal_profile_schema.json + https://github.com/usnistgov/OSCAL/blob/master/xml/schema/oscal_component_schema.json + NO XML SCHEMA PATH GIVEN FOR SCHEMA { /METASCHEMA/short-name } + + + NO SCHEMA PATH - FORMAT NOT RECOGNIZED + + - + - + - + + 'xslt-version' : 3.0, + 'stylesheet-location' : 'produce-either-documentor.xsl', + 'source-node' : $source, + 'stylesheet-params' : map { xs:QName('target-format'): $target-format, + xs:QName('schema-path') : $schema-path, + xs:QName('example-converter-xslt'): $example-converter-xslt-path + } }" /> - + - + + + + + + + + + + + @@ -51,56 +87,104 @@ 'stylesheet-base-uri': $xslt-uri, 'stylesheet-node' : $xslt, 'source-node' : $source }" /> - + - + - + writing to {$result-path}/{ $metaschema-code }.html - + - - + + + + + {$result-path}/../../maps/{ $metaschema-code }-map.html + + + + + + + - + {$result-path}/{ $metaschema-code }_{@id}.html - + + - + - + + --- title: Schema Documentation - { $metaschema-code }{ $tagname ! (' - ' || .) } description: { $metaschema-code } schema documentation{ $tagname ! (' - ' || .) } - tagname: { $tagname } + tagname: { $tagname } - permalink: /docs/schemas/{ $metaschema-code }-{$target-format}/{ $tagname ! ($metaschema-code || '_' || .) } + permalink: /docs/schemas/{ $metaschema-code }-{$target-format}/{ $tagname ! ($metaschema-code || '_' || .) }/ layout: schemas model: { $metaschema-code }-{ $target-format } root: true overview: true + model-type: { $model-type } + --- + + + + --- + title: { upper-case($target-format) } model map - { $source/METASCHEMA/schema-name/string() } + description: { $source/METASCHEMA/schema-name/string() } Map + permalink: /docs/maps/{ $metaschema-code }-{$target-format}/ + layout: post + topnav: schemareference + sidenav: schemas + + subnav: true + --- - - - + + + + + + + + + + + + + http://www.w3.org/TR/xmlsec-algorithms/#digest-method + + + + + + yes + + + + + - + - + diff --git a/build/metaschema/xml/produce-either-documentor.xsl b/build/metaschema/xml/produce-either-documentor.xsl index dff1988d04..4785495ec3 100644 --- a/build/metaschema/xml/produce-either-documentor.xsl +++ b/build/metaschema/xml/produce-either-documentor.xsl @@ -57,6 +57,8 @@ XHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHX + + @@ -98,14 +100,16 @@ + + - + - + - No definition found for { $defining } in { $module } at { /METASCHEMA/import[@name=$module]/@href } - + --> @@ -132,7 +136,7 @@ - + diff --git a/build/metaschema/xml/produce-metaschema-documentor.xsl b/build/metaschema/xml/produce-metaschema-documentor.xsl deleted file mode 100644 index 6b7876d3c4..0000000000 --- a/build/metaschema/xml/produce-metaschema-documentor.xsl +++ /dev/null @@ -1,143 +0,0 @@ - - - - - - - - - - - - - - - - ../../util/convert/{/METASCHEMA/short-name}-xml-converter.xsl - - - - - - - - - - - METASCHEMA docs production - - XHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHX - - - XHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHXXHHX - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - No definition found for { $defining } in { $module } at { /METASCHEMA/import[@name=$module]/@href } - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/build/metaschema/xml/produce-xml-converter.xsl b/build/metaschema/xml/produce-xml-converter.xsl index ebe237f22e..960083895a 100644 --- a/build/metaschema/xml/produce-xml-converter.xsl +++ b/build/metaschema/xml/produce-xml-converter.xsl @@ -2,6 +2,7 @@ STRVALUE RICHTEXT + PROSE @@ -109,33 +111,6 @@     --> - - - - - - - - - - - - - - - - - - {@} - - - - - - - + + + - - + + - + + + + + + integer + double + decimal + float + double + integer + nonNegativeInteger + positiveInteger + + + + + + + + {@} + + + + + + + + + + + {@} + + + + + + + + + + + + + + - + {@} - - - - + + + + + + + + - - + + + + + + + + + + + + + + + + + + + - + - - - - - - - - - + @@ -220,27 +256,27 @@ - + - + + - - - {@} + + {@} @@ -250,78 +286,99 @@ + + + - - + + + + + + + + string + + boolean + + number - - + + + + + + - + - - - - + + + + + + - - - - - - - + + + + + + - + - + no Pass $diagnostic as 'rough' for first pass, 'rectified' for second pass - no - + no + { $json-indent='yes' } - + - + - + - + - + @@ -329,13 +386,21 @@ - - - - + + + + + + - - + + + @@ -344,30 +409,63 @@ - + - + + - - + + - + - - + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + @@ -375,14 +473,14 @@ - + - + @@ -397,12 +495,12 @@ #### ##### ###### - + - + - + @@ -416,14 +514,16 @@ - + | - + + + | - + ``` @@ -438,11 +538,11 @@ - + - + @@ -451,8 +551,9 @@ * - - + + + @@ -462,43 +563,44 @@ 1. - - - - - + + + + + + ` ` - + * * - + ** ** - + " " - + - { + {{ - } + }} - + - + [ @@ -507,14 +609,14 @@ ) - + - + - - + + \ No newline at end of file diff --git a/build/metaschema/xml/produce-xsd.xsl b/build/metaschema/xml/produce-xsd.xsl index 233d8d737d..ebfe708ba6 100644 --- a/build/metaschema/xml/produce-xsd.xsl +++ b/build/metaschema/xml/produce-xsd.xsl @@ -14,14 +14,13 @@ - + - - - - + + + @@ -35,118 +34,198 @@ - + - - + + + + - - + + + + + Running in 'debug' to show intermediate results + + + + + + + + - + + + - + + + + + + + + + - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - + - - short name: + + - - - - + + + + + + + + + + + + + - - + + + + + + + - - - + + + + + + + + - - + - - - - - + + - - + + + + + + + + yes + - + + + + + + + + + + + + + define-assembly[empty(formal-name | description)] | + flag[empty(formal-name | description)]"/> - + + + + @@ -154,10 +233,10 @@ - : + + : - @@ -169,27 +248,89 @@ - - - + + + + + + + - - - - - + + + + + required - - xs:{ . } - + + + + + + + - + + + + + + + + + + + + + + + + + string + + + + + + + + + + + + + string + + + + + + + + + + + + +

    + +

    +     +     +     +     +     + + @@ -198,15 +339,18 @@ - + + + http://csrc.nist.gov/ns/oscal/metaschema/1.0 @@ -214,7 +358,17 @@ - + + + http://csrc.nist.gov/ns/oscal/metaschema/1.0 + + + + + + + + diff --git a/docs/.gitignore b/docs/.gitignore index 8ce6261f73..c17095eb01 100644 --- a/docs/.gitignore +++ b/docs/.gitignore @@ -3,3 +3,4 @@ _site .jekyll-metadata node_modules/ # content/documentation/schemas/ +content/documentation/maps/ diff --git a/docs/Gemfile b/docs/Gemfile index f56a0acb38..aabcce20a6 100755 --- a/docs/Gemfile +++ b/docs/Gemfile @@ -20,6 +20,7 @@ gem 'uswds-jekyll', :git => 'https://github.com/18F/uswds-jekyll.git' # If you have any plugins, put them here! group :jekyll_plugins do gem "jekyll-feed", "~> 0.6" + gem 'octopress-debugger' end # Windows does not include zoneinfo files, so bundle the tzinfo-data gem diff --git a/docs/README.md b/docs/README.md index b25b3fa566..ca3f385f8a 100755 --- a/docs/README.md +++ b/docs/README.md @@ -2,21 +2,26 @@ This subdirectory contains source code for the OSCAL Pages web site. For development you may need to know how to run it. -## Developing with Ruby +## Developing with Jekyll -Jekyll, a Ruby application, is documented with a Quickstart here: https://jekyllrb.com/docs/ +Jekyll, a static web site generator implemented in Ruby, is documented with a Quickstart here: https://jekyllrb.com/docs/ The USWDS framework, a Jekyll customization we are using, is documented here: https://designsystem.digital.gov/ + On Windows 10, for best results, install a Linux subsystem (LSW) such as an Ubuntu VM. This avoids Windows-related Jekyll configuration madness. -The first time you run the installation, Ruby sources must be acquired and compiled: +``` +sudo gem install bundler -v 1.17.3 +``` + +Next after you have installed the bundler gem, Ruby sources for Jekyll (as configured in the Gemfile) must be acquired and compiled: ``` bundle install ``` -To build a site for preview, open a command line in the `docs` subdirectory (where the file you are reading is located): +Now you can run Jekyll. To build a site for preview (from the `docs` subdirectory): ``` bundle exec jekyll build @@ -32,7 +37,7 @@ JEKYLL_ENV=production bundle exec jekyll build To serve the site, rebuilding on changes to contents or templates: ``` -jekyll serve +JEKYLL_ENV=production bundle exec jekyll serve ``` or even diff --git a/docs/_config.yml b/docs/_config.yml index ce5c4e798b..94723c313e 100755 --- a/docs/_config.yml +++ b/docs/_config.yml @@ -31,6 +31,14 @@ collections: title: Profile XML oscal-profile-json: title: Profile JSON + oscal-component-xml: + title: Component XML + oscal-component-json: + title: Component JSON + oscal-ssp-xml: + title: System Security Plan XML + oscal-ssp-json: + title: System Security Plan JSON markdown: kramdown highlighter: rouge @@ -45,6 +53,7 @@ kramdown: theme: uswds-jekyll plugins: - jekyll-feed + - octopress-debugger exclude: - Gemfile diff --git a/docs/_data/navigation.yml b/docs/_data/navigation.yml index aca75f2f42..9e31b3317c 100755 --- a/docs/_data/navigation.yml +++ b/docs/_data/navigation.yml @@ -9,7 +9,7 @@ # `primary.links` to "primary": # # primary: -# links: primary +# links: primary # primary: - text: Home @@ -36,6 +36,15 @@ secondary: learnmore: - text: Learn More href: /learnmore/ + addnav: + - text: For Security Professionals + href: /learnmore/securitypros/ + - text: For Assessors + href: /learnmore/assessors/ + - text: For Tool Developers + href: /learnmore/tooldevelopers/ + - text: For Policy Authors + href: /learnmore/contentcreators/ - text: Challenges Addressed href: /learnmore/challenges/ - text: Project Goals @@ -51,8 +60,6 @@ architecture: - text: Architecture href: /docs/ subnav: true - - text: Schema Reference - href: /docs/schemas/ - text: Relations to Documentary Encoding Standards href: /docs/relations/ @@ -73,14 +80,56 @@ resources: schemas: - text: Schema Reference href: /docs/schemas/ - - text: Catalog Schema - href: /docs/schemas/oscal-catalog-xml/ - model: catalog - - text: Profile Schema - href: /docs/schemas/oscal-profile-xml/ - model: profile - - text: OSCAL Prose Model - href: /docs/schemas/oscal-prose/ + - text: OSCAL Data Types + href: /docs/schemas/datatypes/ + - text: Catalog Model + addnav: + - text: XML Model Map + href: /docs/maps/oscal-catalog-xml/ + - text: XML Schema + href: /docs/schemas/oscal-catalog-xml/ + model: oscal-catalog-xml + - text: JSON Model Map + href: /docs/maps/oscal-catalog-json/ + - text: JSON Schema + href: /docs/schemas/oscal-catalog-json/ + model: oscal-catalog-json + - text: Profile Model + addnav: + - text: XML Model Map + href: /docs/maps/oscal-profile-xml/ + - text: XML Schema + href: /docs/schemas/oscal-profile-xml/ + model: oscal-profile-xml + - text: JSON Model Map + href: /docs/maps/oscal-profile-json/ + - text: JSON Schema + href: /docs/schemas/oscal-profile-json/ + model: oscal-profile-json + - text: Component Model + addnav: + - text: XML Model Map + href: /docs/maps/oscal-component-xml/ + - text: XML Schema + href: /docs/schemas/oscal-component-xml/ + model: oscal-component-xml + - text: JSON Model Map + href: /docs/maps/oscal-component-json/ + - text: JSON Schema + href: /docs/schemas/oscal-component-json/ + model: oscal-component-json + - text: System Security Plan Model + addnav: + - text: XML Model Map + href: /docs/maps/oscal-ssp-xml/ + - text: XML Schema + href: /docs/schemas/oscal-ssp-xml/ + model: oscal-ssp-xml + - text: JSON Model Map + href: /docs/maps/oscal-ssp-json/ + - text: JSON Schema + href: /docs/schemas/oscal-ssp-json/ + model: oscal-ssp-json community: - text: Community @@ -88,8 +137,7 @@ community: - text: Contribute on Github href: https://github.com/usnistgov/OSCAL external: true - + footer: - text: Documentation href: /docs/ - diff --git a/docs/_includes/addnav.html b/docs/_includes/addnav.html new file mode 100644 index 0000000000..6f6abc874b --- /dev/null +++ b/docs/_includes/addnav.html @@ -0,0 +1,34 @@ + {% for link in include.links %} + {% assign _href = link.href %} + {% assign _current = false %} + {% assign _parent = false %} + {% if link.href == page.url or link.href == page.permalink %} + {% assign _current = true %} + {% endif %} +
  • + + {{ link.text }} + + {% if _current and page.subnav %} + +
      + {% include subnav.html links=page.subnav title=page.title %} +
    + {% endif %} + + {% if page.model == link.model %} + +
      + {% include schemamodel.html %} +
    + {% endif %} + + {% if link.addnav %} +
      + {% include addnav.html links=link.addnav %} +
    + {% endif %} +
    • + {% endfor %} diff --git a/docs/_includes/schemamodel.html b/docs/_includes/schemamodel.html new file mode 100644 index 0000000000..b206d4bdfc --- /dev/null +++ b/docs/_includes/schemamodel.html @@ -0,0 +1,30 @@ + +{% if page.layout == 'schemas' %} + {% assign collection = site.collections | where: "label", page.model | first %} + {% comment %} + {% for schema_element in collection.docs %} + {% if schema_element.overview %} +
  • + Overview +
    • + {% break %} + {% endif %} + {% endfor %} + {% endcomment %} + + {% for schema_element in collection.docs %} + {% if schema_element.root %} +
  • + {{ schema_element.tagname }} (root element) +
    • + {% endif %} + {% endfor %} + + {% for schema_element in collection.docs %} + {% if schema_element.overview != true and schema_element.root != true and (schema_element.model-type == nil or schema_element.model-type == 'assembly') %} +
  • + {{ schema_element.tagname }} +
    • + {% endif %} + {% endfor %} +{% endif %} diff --git a/docs/_includes/sidenav.html b/docs/_includes/sidenav.html index ccfe331cdb..fbdf24f7b5 100755 --- a/docs/_includes/sidenav.html +++ b/docs/_includes/sidenav.html @@ -1,28 +1,5 @@ diff --git a/docs/_includes/subnav.html b/docs/_includes/subnav.html index 5c9cbd1bf2..97a4044a6c 100755 --- a/docs/_includes/subnav.html +++ b/docs/_includes/subnav.html @@ -1,41 +1,5 @@ -{% if page.layout == 'schemas' %} -{% assign collection = site.collections | where: "label", page.model | first %} - {% comment %} - {% for schema_element in collection.docs %} - {% if schema_element.overview %} -
  • - Overview -
    • - {% break %} - {% endif %} - {% endfor %} - {% endcomment %} - -{% for schema_element in collection.docs %} -{% if schema_element.root %} -
  • - {{ schema_element.tagname }} (root element) -
    • -{% endif %} -{% endfor %} - -{% for schema_element in collection.docs %} -{% if schema_element.overview != true and schema_element.root != true %} -
  • - {{ schema_element.tagname }} -
    • -{% endif %} -{% endfor %} -{% else %} {% for link in include.links %} -{% assign _current = false %} -{% if link.href == page.url or link.href == page.permalink %} -{% assign _current = true %} -{% endif %} - -
  • - {{ link.text }} {{ link.class }} -
    • +
  • + {{ link.text }} {{ link.class }} +
    • {% endfor %} -{% endif %} \ No newline at end of file diff --git a/docs/_layouts/default.html b/docs/_layouts/default.html index 8c93bc2268..df980b933b 100755 --- a/docs/_layouts/default.html +++ b/docs/_layouts/default.html @@ -18,6 +18,7 @@ + diff --git a/docs/_layouts/page.html b/docs/_layouts/page.html index 94204d9526..4851bb6df9 100755 --- a/docs/_layouts/page.html +++ b/docs/_layouts/page.html @@ -12,21 +12,7 @@
    {% if page.title %} - {% if page.layout == 'schemas' %} - {% if page.permalink contains 'xml' %} -
    -

    {{ page.title }}

    -
    -
    - {% elsif page.permalink contains 'json' %} -
    -

    {{ page.title }}

    -
    -
    - {% endif %} - {% else %}

    {{ page.title }}

    - {% endif %} {% endif %} {{ content }} -
    \ No newline at end of file + diff --git a/docs/_layouts/schemas.html b/docs/_layouts/schemas.html index 9b36123f67..c9ccf62c90 100644 --- a/docs/_layouts/schemas.html +++ b/docs/_layouts/schemas.html @@ -12,4 +12,4 @@ {% if schema_element.position == 0 %}{% continue %}{% endif %} {{ schema_element.content | markdownify }} {% endfor %} -{% endif %} \ No newline at end of file +{% endif %} diff --git a/docs/_sass/components/_nist-combined.scss b/docs/_sass/components/_nist-combined.scss index ad6b528bc7..8a546dfa41 100755 --- a/docs/_sass/components/_nist-combined.scss +++ b/docs/_sass/components/_nist-combined.scss @@ -1,10 +1,52 @@ /** - * @file - * Header and Footer styles + * @file _nist-combined.scss + * Header and Footer styles * */ +/* Special button styles */ +button.button-xml-off { background-color: $color-cool-blue-lightest } +button.button-json-off { background-color: $color-green-lightest } +button.button-xml-on { background-color: $color-cool-blue } +button.button-json-on { background-color: $color-green } + + +/* Schema Model Map styles */ +div.OM-map { margin-top: 0ex; margin-bottom: 0ex; font-family: monospace; font-weight: bold; color: $color-base; } + +div.usa-layout-docs-main_content > div.OM-map { border: medium solid $color-gray-lighter } + +div.OM-map div.OM-map { margin-left: 2em } + +.OM-entry { border: medium solid $color-gray-lightest; background-color: $color-gray-lightest; padding-right: 0.5rem } + +.OM-entry:hover { border: medium solid $color-focus } + +.OM-entry.hide_me:hover { border: medium solid $color-gray-lightest } + +div.OM-map p { margin: 0ex } + +span.OM-lit { font-family: serif; font-weight: normal; font-style: normal } + +span.OM-emph { font-family: serif; font-weight: normal; font-style: italic } + +span.OM-cardinality { font-family: serif; font-weight: normal; font-style: normal; color: $color-primary-darker } + +.OM-name { color: $color-primary } + +.OM-map a { text-decoration: none; color: $color-primary } + +OM-map a:visited { color: $color-primary } + +a.OM-name:hover { text-decoration: underline } + +.hide_me { display: none } + +a.expander-collapser { font-size: 120%; font-weight: normal; width: 2em; color: $color-base; font-weight: bold } +a.expander-collapser:hover { text-decoration: none } + + /* Header Styles */ .nist-header { diff --git a/docs/assets/js/nist-header-footer.js b/docs/assets/js/nist-header-footer.js index 783c2c3f62..bf3ae4d369 100755 --- a/docs/assets/js/nist-header-footer.js +++ b/docs/assets/js/nist-header-footer.js @@ -22,4 +22,4 @@ $(document).ready(function () { success: function (data) { $('#nistfootergoeshere').append(data); }, }); -}); \ No newline at end of file +}); diff --git a/docs/assets/js/oscal-metaschema-map-expander.js b/docs/assets/js/oscal-metaschema-map-expander.js new file mode 100644 index 0000000000..b6373377cd --- /dev/null +++ b/docs/assets/js/oscal-metaschema-map-expander.js @@ -0,0 +1,13 @@ +/** + * Supporting expand/collapse view in metaschema mapping + * + */ + +function switch_view(who,flag) { + var view_here = document.getElementById(who); + var collapsed_view = view_here.children[0]; + var expanded_view = view_here.children[1]; + + collapsed_view.classList.toggle(flag); + expanded_view.classList.toggle(flag); +}; diff --git a/docs/content/documentation/oscal-and-others.html b/docs/content/documentation/oscal-and-others.html index d41e77b0fb..31bdf7b7ae 100644 --- a/docs/content/documentation/oscal-and-others.html +++ b/docs/content/documentation/oscal-and-others.html @@ -4,6 +4,6 @@ OSCAL-based format is possible.

    However, XML is only one vehicle. To the extent that relevant data sets exist (whether in standardized or non-standardized form), OSCAL can provide translation - and serialization services such as JSON or YAML to expose this data in a + and serialization services, leveraging formats including JSON or YAML, to expose this data in a standards-compliant way to downstream applications and services.

    \ No newline at end of file diff --git a/docs/content/documentation/oscal-and-sts.html b/docs/content/documentation/oscal-and-sts.html index 6c0e7772ae..731296d423 100644 --- a/docs/content/documentation/oscal-and-sts.html +++ b/docs/content/documentation/oscal-and-sts.html @@ -2,19 +2,18 @@

    NISO STS is an XML-based document model being adopted within the community of Standards Development Organizations (SDOs) for encoding technical standards. Since OSCAL has XML foundations, and STS is also XML-based and designed to use the - same or a similar stack of standards-conformant tools, they are highly - compatible.

    + same or a similar stack of standards-conformant tools, they are compatible in + many respects and share many characteristics.

    However, the two data models are designed to cater to the needs of very different - data professionals. While STS documents are published for a specific audience or market, - OSCAL data (with the exception of public catalogs) is not likely to ever be "published", - while at the same time it will be exchanged among parties for purposes of analysis, - integration, and assessment, all of which are activities with semantics - the encoding should support. Consequently, the design of the OSCAL data models, - and of applications based on them, must enable different work than traditional - editorial and publishing workflows aimed at document production.

    + data professionals. STS is focused on the formal publication of technical standards, + while OSCAL is focused on presenting a subset of (relatively) highly structured + data from those standards and from other documents, for the purposes of integration + with security automation and assessment support.

    Due to their commonalities and potential overlap, however, STS and OSCAL (whether catalog, implementation- or assessment-related or other exchangeable data) can be used together. For example, dropping OSCAL data into an STS-based system, to support editing and production in a published form, would be a simple exercise in XML - transformation pipelining.

    + transformation pipelining. Or it may be found useful to author and edit documents + in STS for purposes of their publication, and then produce an OSCAL version of + those documents or parts of them, to expose to systems that can use OSCAL.

    \ No newline at end of file diff --git a/docs/content/documentation/relations.md b/docs/content/documentation/relations.md index 781dbfb58f..8bc49c9efe 100644 --- a/docs/content/documentation/relations.md +++ b/docs/content/documentation/relations.md @@ -1,5 +1,5 @@ --- -title: Relations to Industry Standards +title: Relations to Documentary Encoding Standards description: Relations permalink: /docs/relations/ layout: post @@ -10,7 +10,9 @@ sticky_sidenav: true Professionals working in the security domain are already familiar with numerous standards, specifications, guidelines and regulatory frameworks that define and describe practice in the systems security arena: NIST SP800-53, ISO 27001/2, FedRAMP, FISMA/FIPS, HIPAA and others. OSCAL's models are designed to capture the full range of these. -However, there are other standard forms of document represention that might also be useful in certain contexts. Since OSCAL attempts not to replace any of these, but to complement them, developers of OSCAL-based systems may wish to be aware of them and of opportunities to take advantage of OSCAL in working with them. +However, OSCAL is not the only text encoding technology available, and it is not always the most suitable, depending on the task at hand. Designed specifically to support operations related to security automation and assessment support, OSCAL may not be as optimal as other (standards-based, non-proprietary) formats for other applications including, notably, full text transcription, search and retrieval, or publication workflows. (OSCAL data may be shared among partners, even over networks including the Internet; but it is not necessarily suitable for publishing as such.) + +More importantly, since OSCAL shares its technical foundations with other documentary encoding standards that serve other horizontal or neighboring vertical domains, it is important to recognize a *high degree of compatibility* with other XML-based formats. Investing in OSCAL and OSCAL-related tooling is a way of developing capability that applies to these other formats as well; likewise investing in these can have beneficial side effects related to OSCAL and related technologies. ## How OSCAL relates to other document encoding formats diff --git a/docs/content/documentation/schemas/catalog-json.md b/docs/content/documentation/schemas/catalog-json.md index 9b091beea6..3ab63b25bb 100644 --- a/docs/content/documentation/schemas/catalog-json.md +++ b/docs/content/documentation/schemas/catalog-json.md @@ -1,5 +1,5 @@ --- -title: Schema Reference - JSON Catalog Model +title: OSCAL Control Catalog Model - JSON Schema Reference description: OSCAL Catalog Model JSON Schema Reference permalink: /docs/schemas/oscal-catalog-json/ layout: schemas diff --git a/docs/content/documentation/schemas/catalog-xml.md b/docs/content/documentation/schemas/catalog-xml.md index d887ee768a..dcf3b91479 100644 --- a/docs/content/documentation/schemas/catalog-xml.md +++ b/docs/content/documentation/schemas/catalog-xml.md @@ -1,5 +1,5 @@ --- -title: Schema Reference - XML Catalog Model +title: OSCAL Control Catalog Model - XML Schema Reference description: OSCAL Catalog Model XML Schema Reference permalink: /docs/schemas/oscal-catalog-xml/ layout: schemas diff --git a/docs/content/documentation/schemas/component-json.md b/docs/content/documentation/schemas/component-json.md new file mode 100644 index 0000000000..c759a6ac9a --- /dev/null +++ b/docs/content/documentation/schemas/component-json.md @@ -0,0 +1,10 @@ +--- +title: Schema Reference - JSON Component Model +description: OSCAL Component Model JSON Schema Reference +permalink: /docs/schemas/oscal-component-json/ +layout: schemas +topnav: schemareference +sidenav: schemas +subnav: true +model: oscal-component-json +--- diff --git a/docs/content/documentation/schemas/component-xml.md b/docs/content/documentation/schemas/component-xml.md new file mode 100644 index 0000000000..6227d226b6 --- /dev/null +++ b/docs/content/documentation/schemas/component-xml.md @@ -0,0 +1,10 @@ +--- +title: Schema Reference - XML Component Model +description: OSCAL Component Model XML Schema Reference +permalink: /docs/schemas/oscal-component-xml/ +layout: schemas +topnav: schemareference +sidenav: schemas +subnav: true +model: oscal-component-xml +--- diff --git a/docs/content/documentation/schemas/datatypes.md b/docs/content/documentation/schemas/datatypes.md new file mode 100644 index 0000000000..81ca716446 --- /dev/null +++ b/docs/content/documentation/schemas/datatypes.md @@ -0,0 +1,437 @@ +--- +title: Schema Reference - OSCAL Data Types +description: OSCAL Model Data Types Reference +permalink: /docs/schemas/datatypes/ +layout: post +topnav: schemareference +sidenav: schemas +sticky_sidenav: true +--- + +The OSCAL models are based on structures that use a specific set of data types. These data types are documented in the following sections. + +- [Simple Data types](#simple-data-types) + * [empty](#empty) + * [boolean](#boolean) + * [string](#string) + * [NCName](#ncname) + * [integer](#integer) + * [nonNegativeInteger](#nonnegativeinteger) + * [positiveInteger](#positiveinteger) +- [Formatted String Data types](#formatted-string-data-types) + * [dateTime-with-timezone](#datetime-with-timezone) + * [date-with-timezone](#date-with-timezone) + * [email](#email) + * [hostname](#hostname) + * [ip-v4-address](#ip-v4-address) + * [ip-v6-address](#ip-v6-address) + * [uri](#uri) + * [uri-reference](#uri-reference) + * [base64](#base64) +- [Markup Data Types](#markup-data-types) + * [markup-line](#markup-line) + + [Parameter Insertion](#parameter-insertion) + + [Specialized Character Mapping](#specialized-character-mapping) + * [markup-multiline](#markup-multiline) + + [Paragraphs](#paragraphs) + + [Tables](#tables) + +## Simple Data types + +### empty + +This data type indicates that the model information element contains no value content, but may contain other structured information elements. + +In XML, this may represent an element without text content. + +In JSON, this may represent an object with labels corrisponding to other child information elements, but no label corresponding to a text value. + +### boolean + +A boolean value mapped in XML, JSON, and YAML as follows: + +| Value | XML | JSON | YAML | +|:--- |:--- |:--- |:--- | +| true | true or 1 | true | true | +| false | false or 0 | false | false | + +### string + +A unicode string of characters. + +### NCName + +A non-colonized name as defined by [XML Schema Part 2: Datatypes Second Edition](https://www.w3.org/TR/xmlschema11-2/#NCName). + +### integer + +An integer value. + +OSCAL represents integers +[as defined in XSD](https://www.w3.org/TR/xmlschema11-2/#integer). + +In JSON Schema, the +[`integer` type](https://www.w3.org/TR/xmlschema11-2/#integer) is used. + +### nonNegativeInteger + +An integer value that is equal to or greater than `0`. + +In XSD, [nonNegativeInteger](https://www.w3.org/TR/xmlschema11-2/#nonNegativeInteger) is a built in type derived from the `integer` type. + +In JSON Schema, this becomes an `integer` value with an additional `minimum` constraint of `0`. Additionally, the `multipleOf` keyword is set to `1.0` to ensure an integer value in systems that do not have a native type. + +### positiveInteger + +A positive integer value. + +In XML Schema, [positiveInteger](https://www.w3.org/TR/xmlschema11-2/#nonNegativeInteger) is a built in type derived from the 'nonNegativeInteger' type. + +In JSON Schema, this becomes an `integer` value with an additional `minimum` constraint of `1`. Additionally, the `multipleOf` keyword is set to `1.0` to ensure an integer value in systems that do not have a native type. + +### decimal + +A real number expressed using decimal numerals. + +In XML Schema this is represented as the built in typ [decimal](https://www.w3.org/TR/xmlschema11-2/#decimal). + +In JSON Schema, this is represented as: + +```JSON +{ + "type": "number", + "pattern": "(\\+|-)?([0-9]+(\\.[0-9]*)?|\\.[0-9]+)" +} +``` + +## Formatted String Data types + +### dateTime-with-timezone + +A string containing a date and time formatted acording to "date-time" as defined [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.6). This type requires that the time-offset (timezone) is always provided. This use of timezone ensure that date/time information that is exchanged across timezones is non-ambiguous. + +For example: + +``` +2019-09-28T23:20:50.52Z +2019-12-02T16:39:57-08:00 +2019-12-31T23:59:60Z +``` + +In XML Schema this is represented as a restriction on the built in type [dateTime](https://www.w3.org/TR/xmlschema11-2/#dateTime) as follows: + +```XML + + + The xs:dateTime with a required timezone. + + + + + +``` + +In JSON Schema, this is represented as: + +```JSON +{ + "type": "string", + "format": "date-time", + "pattern": "((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})" +} +``` + +### date-with-timezone + +A string representing a 24 hour period in a given timezone. A `date-with-timezone` is formatted acording to "full-date" as defined [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.6). This type additionally requires that the time-offset (timezone) is always provided. + +For example: + +``` +2019-09-28Z +2019-12-02-08:00 +``` + +In XML Schema this is represented as a restriction on the built in type [date](https://www.w3.org/TR/xmlschema11-2/#date) as follows: + +```XML + + + The xs:date with a required timezone. + + + + + +``` + +In JSON Schema, this is represented as: + +```JSON +{ + "type": "string", + "pattern": "((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))(Z|[+-][0-9]{2}:[0-9]{2})(Z|[+-][0-9]{2}:[0-9]{2})" +} +``` + +### email + +An email address string formatted acording to [RFC 6531](https://tools.ietf.org/html/rfc6531). + +In XML Schema this is represented as the built in type [string](https://www.w3.org/TR/xmlschema11-2/#string) until a suitable pattern can be developed. + +In JSON Schema, this is represented as: + +```JSON +{ + "type": "string", + "format": "idn-email", + "pattern": ".+@.+" +} +``` + +Once a suitable pattern for XML is developed, this pattern will be ported to JSON for more consistent validation. + +### hostname + +An internationalized Internet host name string formatted acording to [section 2.3.2.3](https://tools.ietf.org/html/rfc5890#section-2.3.2.3) of RFC 5890. + +In XML Schema this is represented as the built in type [string](https://www.w3.org/TR/xmlschema11-2/#string) until a suitable pattern can be developed. + +In JSON Schema, this is represented as: + +```JSON +{ + "type": "string", + "format": "idn-hostname" +} +``` + +Once a suitable pattern for XML is developed, this pattern will be ported to JSON for more consistent validation. + +### ip-v4-address + +An Internet Protocol version 4 address in dotted-quad ABNF syntax as defined in [section 3.2](https://tools.ietf.org/html/rfc2673#section-3.2) of RFC 2673. + +In XML Schema this is represented as a restriction on the built in type [string](https://www.w3.org/TR/xmlschema11-2/#string) as follows: + +```XML + + + The ip-v4-address type specifies an IPv4 address in dot decimal notation. + + + + + + +``` + +In JSON Schema, this is represented as: + +```JSON +{ + "type": "string", + "format": "ipv4", + "pattern": "((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9]).){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])" +} +``` + +### ip-v6-address + +An Internet Protocol version 6 address in dotted-quad ABNF syntax as defined in [section 2.2](https://tools.ietf.org/html/rfc3513#section-2.2) of RFC 3513. + +In XML Schema this is represented as a restriction on the built in type [string](https://www.w3.org/TR/xmlschema11-2/#string) as follows: + +```XML + + + The ip-v4-address type specifies an IPv4 address in dot decimal notation. + + + + + + +``` + +In JSON Schema, this is represented as: + +```JSON +{ + "type": "string", + "format": "ipv6", + "pattern": "(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|[fF][eE]80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::([fF]{4}(:0{1,4}){0,1}:){0,1}((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9]).){3,3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9]).){3,3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9]))" +} +``` + +### uri + +A universal resource identifier (URI) formatted according to [RFC3986](https://tools.ietf.org/html/rfc3986). + +In XML Schema this is represented as the built in type [anyURI](https://www.w3.org/TR/xmlschema11-2/#anyURI) until a suitable pattern can be developed. + +In JSON Schema, this is represented as: + +```JSON +{ + "type": "string", + "format": "uri" +} +``` + +Once a suitable pattern for XML is developed, this pattern will be ported to JSON for more consistent validation. + +### uri-reference + +A URI Reference (either a URI or a relative-reference) formatted according to [section 4.1](https://tools.ietf.org/html/rfc3986#section-4.1) of RFC3986, + +In XML Schema this is represented as the built in type [anyURI](https://www.w3.org/TR/xmlschema11-2/#anyURI) until a suitable pattern can be developed. + +In JSON Schema, this is represented as: + +```JSON +{ + "type": "string", + "format": "uri-reference" +} +``` + +Once a suitable pattern for XML is developed, this pattern will be ported to JSON for more consistent validation. + +### base64 + +Represents a string containing arbitrary Base64-encoded binary data. + +In XML Schema this is represented as the built in type [base64Binary](https://www.w3.org/TR/xmlschema11-2/#base64Binary) until a suitable pattern can be developed. + +In JSON Schema, this is represented as: + +```JSON +{ + "type": "string", + "contentEncoding": "base64" +} +``` + +Once a suitable pattern for XML is developed, this pattern will be ported to JSON for more consistent validation. + +## Markup Data Types + +Structured prose text in OSCAL is designed to map cleanly to equivalent subsets of HTML and Markdown. This allows HTML-like markup to be incorporated in OSCAL XML-based content using an HTML-like element set maintained in the OSCAL namespace. This HTML-like element set is not intended to be treated directly as HTML, but to be readily and transparently converted to HTML (or other presentational formats) as needed. Similarly, OSCAL also uses a subset of Markdown for use in OSCAL JSON- and YAML-based content. A mapping is supported between the HTML-like element set and the Markdown syntax, which supports transparent and lossless bidirectional mapping between both OSCAL markup representations. + +The OSCAL HTML-like syntax supports: + +- HTML paragraphs (`p`), headers (`h1`-`h6`), tables (`table`), preformatted text (`pre`), code blocks (`code`), and ordered and unordered lists (`ol` and `ul`.) + +- Within paragraphs or text content: `a`, `img`, `strong`, `em`, `b`, `i`, `sup`, `sub`. + +In particular, note that elements such as `div`, `blockquote`, `section` or `aside`, used in HTML to provide structure, are *not permitted in OSCAL*. Structures in OSCAL should be represented using OSCAL elements (or objects in JSON) such as `part`, which can include prose. + +In addition, there are contexts in OSCAL where prose usage may be further constrained. For example, at a higher level (outside the base schema) an OSCAL application could forbid the use of prose headers `h1-h6` in favor of nested OSCAL `part` elements with their own titles. + +The OSCAL Markdown syntax is loosely based on CommonMark. When in doubt about Markdown features and syntax, we look to CommonMark for guidance, largely because it is more rigorously tested than many others forms of Markdown. + +### markup-line + +The following table describes the equavalent constructs in HTML and Markdown used in OSCAL within the `markup-line` data type. + +| Markup Type | HTML | Markdown | +|:--- |:--- |:--- | +| Emphasis (preferred) | <em>*text*</em> | \**text*\* +| Emphasis | <i>*text*</i> | \**text*\* +| Important Text (preferred) | <strong>*text*</strong> | \*\**text*\*\* +| Important Text | <b>*text*</b> | \*\**text*\*\* +| Quoted Text | <q>*text*</q> | "*text*" +| Subscript Text | <sub>*text*</sub> | \~*text*\~ +| Superscript Text | <sup>*text*</sup> | \^*text*\^ +| Image | <img alt="*alt text*" src="*url*" title="*title text*"/> | !\[*alt text*](*url* "*title text*") +| Link | <a *href*="*url*">*text*</a> | \[*text*](*url*) +| Heading: Level 1 | <h1>*text*</h1> | # *text* +| Heading: Level 2 | <h2>*text*</h2> | ## *text* +| Heading: Level 3 | <h3>*text*</h3> | ### *text* +| Heading: Level 4 | <h4>*text*</h4> | #### *text* +| Heading: Level 5 | <h5>*text*</h5> | ##### *text* +| Heading: Level 6 | <h6>*text*</h6> | ###### *text* +| Code Blocks | <code>*text*</code> | \`*text*\` +| Preformatted Text | <pre>*text*</pre> | \`\`\`*text*\`\`\` +| Ordered List Item | <ol><li>*text*</li></ol> | 1. *text* +| Unordered List Item | <ul><li>*text*</li></ul> | - *text* + +#### Parameter Insertion + +The OSCAL catalog, profile, and implementation layer models allow for control parameters to be defined and injected into prose text. + +Parameter injection is handled in HTML as follows using the <insert> tag: + +```html +Reviews and updates the risk management strategy or as required, to address organizational changes. +``` + +The same string in Markdown is represented as follows: + +```markdown +Reviews and updates the risk management strategy {{ pm-9_prm_1 }} or as required, to address organizational changes. +``` + +#### Specialized Character Mapping + +The following characters have special handling in their HTML and/or Markdown forms. + +| Character | XML HTML | JSON Markdown | YAML Markdown | +| --- | --- | --- | --- | +| & | &amp; | & | & +| < | &lt; | < | < +| > | &gt; | > | > +| " | &quot; | \\" | \\" +| ' | &apos; | ' | ' +| \* | \* | \\\* | \\\* +| ` | ` | \\` | \\` +| ~ | ~ | \\~ | \\~ +| ^ | ^ | \\^ | \\^ + +While the characters `*```~^` are valid for use unescaped in JSON strings and YAML double quoted strings, these characters have special meaning in Markdown markup. As a result, when these characters appear in HTML, they are escaped in the mapped Markdown to avoid them being parsed as Markdown markup. This allows these characters to be mapped back to HTML characters when the Markdown is mapped to HTML. + +### markup-multiline + +All constructs supported by the [markup-line](#markup-line) data type is supported by the `markup-multiline` data type. + +The following additonal constructs are also supported. + +#### Paragraphs + +Additionally, the use of <p> tags in HTML is mapped to Markdown as two double, escaped newlines within a JSON or YAML string (i.e., "\\\\n\\\\n"). This allows Mardown text to be split into paragraphs when this data type is used. + +#### Tables + +Tables are also supported by `markup-multiline` which are mapped from Markdown to HTML as follows: + +- The first row in a Markdown table is considered a header row, with each cell mapped as a <th>. +- The alignment formatting (second) row of the Markdown table is not converted to HTML. Formatting is currently ignored. +- Each remaining row is mapped as a cell using the <td> tag. +- colspan and rowspan is not supported by Markdown. + +Tables are mapped from HTML to Markdown as follows: + +- Only a single header row <tr><th> is supported. This row is mapped to the Markdown table header, with header cells preceded, delimited, and terminated by `|`. +- The second, alignment formatting row, is produced with centered alignment (i.e., | --- |) used for each cell. Other alignments are not currently supported. +- Each subsequent row is mapped to the Markdown table rows, with cells preceded, delimited, and terminated by `|`. + +For example: + +The following HTML table: + +```html + + + +
    Col ACol B
    Have some ofTry all of
    +``` + +Is mapped to the Markdown table: + +```markdown +| Col A | Col B | +| --- | --- | +| Have some of | Try all of | +``` diff --git a/docs/content/documentation/schemas/index.md b/docs/content/documentation/schemas/index.md index ff43a03b23..964530e149 100644 --- a/docs/content/documentation/schemas/index.md +++ b/docs/content/documentation/schemas/index.md @@ -8,16 +8,16 @@ sidenav: schemas sticky_sidenav: true --- -The OSCAL project is modeling each OSCAL [layer](https://pages.nist.gov/OSCAL/docs/) using a framework, called a [Metaschema](https://github.com/usnistgov/OSCAL/tree/master/src/metaschema). This framework allows the OSCAL project to model each OSCAL **layer** based on the information needs of the OSCAL **model**, creating an *information model* for each OSCAL layer. An OSCAL **schema** represents a *data model* that defines how to represent an OSCAL *information model* in a serialized format, such as JSON or XML. The OSCAL project uses the Metaschema framework to produce these schemas. This framework is also used to generate converters capable of converting OSCAL content for a given model to another supported format, and to produce documentation for each OSCAL model format. +The OSCAL project is modeling each OSCAL [layer](https://pages.nist.gov/OSCAL/docs/) using a framework, called a [Metaschema](https://github.com/usnistgov/OSCAL/tree/master/src/metaschema). This framework allows the OSCAL project to model each OSCAL **layer** based on the information needs of the OSCAL **model**, creating an *information model* for each OSCAL layer. An OSCAL **schema** represents a *data model* that defines how to represent an OSCAL *information model* in a serialized format, such as JSON or XML. The OSCAL project uses the Metaschema framework to produce these schemas. This framework is also used to generate converters capable of converting OSCAL content for a given model to another supported format, and to produce documentation for each OSCAL model as it applies to each format. The OSCAL project is producing the following types of schemas: -* XML Schema based on the [XML Schema Definition Language (XSD) 1.1](https://www.w3.org/TR/xmlschema11-1/) that describes an XML tag set for an OSCAL model +* XML Schema based on the XML Schema Definition Language (XSD) 1.1 that describes an XML tag set for an OSCAL model * JSON Schema based on the [JSON Schema draft-07](https://json-schema.org/specification.html) that describes a JSON data object for an OSCAL model -Using OSCAL converters, XML documents that are conforming (validate) to an OSCAL XSD can be converted without loss into the corresponding JSON, and vice versa. Accordingly we can produce not only the models and their documentation, but also tools for converting data sets in the respective formats into their "opposites". +Using OSCAL converters, XML documents that are conforming (validate) to an OSCAL XSD can be converted without loss into the corresponding JSON, and vice versa. Accordingly we can produce not only the models and their documentation, but also tools for converting data sets in the respective formats into equivalents in the other format. -In addition to the improved control over modeling and documentation this framework gives us, the framework also enables OSCAL to serve the needs of developers who use one or many of the OSCAL formats. We hope and expect that developers' experience with different approaches will inform further efforts to unify and consolidate a coherent information model for the OSCAL models. +In addition to providing improved control over modeling and documentation, the framework also enables OSCAL to serve the needs of developers who use one or many of the OSCAL formats. We hope and expect that developers' experience with different approaches will inform further efforts to unify and consolidate a coherent information model for the OSCAL models. In the future, we plan to extend our models with mappings to other formats as well. As a superset of JSON, YAML syntax is an attractive candidate. Once we have demonstrated that the models themselves are adequate to the data, many more things become possible. @@ -31,7 +31,7 @@ The sample schemas have been created with the following design principles in min ### Schema documentation -Find documentation for each of the models linked on the left. +Find documentation for each of the models in the page links. -Additionally, a separate page describes the -[OSCAL Prose Model](/OSCAL/docs/schemas/oscal-prose/), which is shared by each of the component models. +Additionally, a separate page describes the +[OSCAL Prose Model]({{ site.baseurl }}/docs/schemas/oscal-prose/), which is shared by each of the component models. diff --git a/docs/content/documentation/schemas/oscal-prose.md b/docs/content/documentation/schemas/oscal-prose.md deleted file mode 100644 index fdfbfd2536..0000000000 --- a/docs/content/documentation/schemas/oscal-prose.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: Schema Reference - OSCAL Prose Model -description: OSCAL Profile Model XML Schema Reference -permalink: /docs/schemas/oscal-prose/ -layout: post -topnav: schemareference -sidenav: schemas -sticky_sidenav: true ---- - -## HTML compatibility - -Prose in OSCAL is designed to map cleanly to an HTML subset. Note that this element set is not maintained in the HTML namespace. It is intended not to be treated directly as HTML, but to be readily and transparently converted to HTML (or other presentational formats) as needed. - -OSCAL prose supports paragraphs (`p`), headers (`h1`-`h6`), tables (`table`), preformatted text (`pre`), code blocks (`code`), and ordered and unordered lists (`ol` and `ul`.) - -Within paragraphs or text content (inline) the following elements are permitted: `a`, `img`, `strong`, `em`, `b`, `i`, `sup`, `sub`. - -In particular, note that elements such as `div`, `blockquote`, `section` or `aside`, used in HTML to provide structure, are *not permitted in OSCAL*. Structures in OSCAL should be represented using OSCAL elements (or objects in JSON) such as `part`, which can include prose. - -In addition, there are contexts in OSCAL where prose usage may be further constrained. For example, at a higher level (outside the base schema) an OSCAL application could forbid the use of prose headers `h1-h6` in favor of nested OSCAL `part` elements with their own titles. - -## Markdown compatibility - -OSCAL also maintains a mapping from its HTML-like tagging for prose into a Markdown syntax. Since markdown (as a JSON or YAML string) is our syntax of choice for representing unstructured prose in JSON and YAML, transparent and lossless bidirectional mapping between the OSCAL markup (tag) representation, into its Markdown equivalent, is supported. - -When in doubt about Markdown features and syntax, we look to CommonMark for guidance, largely because it is more rigorously tested than many others. - -## Mapping between HTML and Markdown - -The following HTML <-> Markdown mapping is supported by OSCAL. - -### Inline and Block Markup - -| Markup Type | HTML | Markdown | -|:--- |:--- |:--- | -| Emphasis (preferred) | <em>*text*</em> | \**text*\* -| Emphasis | <i>*text*</i> | \**text*\* -| Important Text (preferred) | <strong>*text*</strong> | \*\**text*\*\* -| Important Text | <b>*text*</b> | \*\**text*\*\* -| Quoted Text | <q>*text*</q> | "*text*" -| Subscript Text | <sub>*text*</sub> | \~*text*\~ -| Superscript Text | <sup>*text*</sup> | \^*text*\^ -| Image | <img alt="*alt text*" src="*url*" title="*title text*"/> | !\[*alt text*](*url* "*title text*") -| Link | <a *href*="*url*">*text*</a> | \[*text*](*url*) -| Heading: Level 1 | <h1>*text*</h1> | # *text* -| Heading: Level 2 | <h2>*text*</h2> | ## *text* -| Heading: Level 3 | <h3>*text*</h3> | ### *text* -| Heading: Level 4 | <h4>*text*</h4> | #### *text* -| Heading: Level 5 | <h5>*text*</h5> | ##### *text* -| Heading: Level 6 | <h6>*text*</h6> | ###### *text* -| Code Blocks | <code>*text*</code> | \`*text*\` -| Preformatted Text | <pre>*text*</pre> | \`\`\`*text*\`\`\` -| Ordered List Item | <ol><li>*text*</li></ol> | 1. *text* -| Unordered List Item | <ul><li>*text*</li></ul> | - *text* - -The use of <p> tags in HTML is mapped to Markdown as two double, escaped newlines within a JSON or YAML string (i.e., "\\\\n\\\\n"). This allows Mardown text to be split into paragraphs. - -### Table Markup - -Tables are mapped from Markdown to HTML as follows: - -- The first row in a Markdown table is considered a header row, with each cell mapped as a <th>. -- The alignment formatting (second) row of the Markdown table is not converted to HTML. Formatting is currently ignored. -- Each remaining row is mapped as a cell using the <td> tag. -- colspan and rowspan is not supported by Markdown. - -Tables are mapped from HTML to Markdown as follows: - -- Only a single header row <tr><th> is supported. This row is mapped to the Markdown table header, with header cells preceded, delimited, and terminated by `|`. -- The second, alignment formatting row, is produced with centered alignment (i.e., | --- |) used for each cell. Other alignments are not currently supported. -- Each subsequent row is mapped to the Markdown table rows, with cells preceded, delimited, and terminated by `|`. - -For example: - -The following HTML table: - -```html - - - -
    Col ACol B
    Have some ofTry all of
    -``` - -Is mapped to the Markdown table: - -```markdown -| Col A | Col B | -| --- | --- | -| Have some of | Try all of | -``` - -### Parameter Insertion - -The OSCAL catalog, profile, and implementation layer models allow for control parameters to be defined and injected into prose text. - -Parameter injection is handled in HTML as follows using the <insert> tag: - -```html -Reviews and updates the risk management strategy or as required, to address organizational changes. -``` - -The same string in Markdown is represented as follows: - -```markdown -Reviews and updates the risk management strategy {{ pm-9_prm_1 }} or as required, to address organizational changes. -``` - - -### Specialized Character Mapping - -The following characters have special handling in their HTML and/or Markdown forms. - -| Character | XML HTML | JSON Markdown | YAML Markdown | -| --- | --- | --- | --- | -| & | &amp; | & | & -| < | &lt; | < | < -| > | &gt; | > | > -| " | &quot; | \\" | \\" -| ' | &apos; | ' | ' -| \* | \* | \\\* | \\\* -| \` | \` | \\\` | \\\` -| ~ | ~ | \\~ | \\~ -| ^ | ^ | \\^ | \\^ - -While the characters ```\*\`~^``` are valid for use unescaped in JSON strings and YAML double quoted strings, these characters have special meaning in Markdown markup. As a result, when these characters appear in HTML, they are escaped in the mapped Markdown to avoid them being parsed as Markdown markup. This allows these characters to be mapped back to HTML characters when the Markdown is mapped to HTML. diff --git a/docs/content/documentation/schemas/profile-json.md b/docs/content/documentation/schemas/profile-json.md index 78b7547c20..fb60b77a78 100644 --- a/docs/content/documentation/schemas/profile-json.md +++ b/docs/content/documentation/schemas/profile-json.md @@ -1,5 +1,5 @@ --- -title: Schema Reference - JSON Profile Model +title: OSCAL Profile Model - JSON Schema Reference description: OSCAL Profile Model JSON Schema Reference permalink: /docs/schemas/oscal-profile-json/ layout: schemas diff --git a/docs/content/documentation/schemas/profile-xml.md b/docs/content/documentation/schemas/profile-xml.md index ffeec519c5..78a5bb4381 100644 --- a/docs/content/documentation/schemas/profile-xml.md +++ b/docs/content/documentation/schemas/profile-xml.md @@ -1,5 +1,5 @@ --- -title: Schema Reference - XML Profile Model +title: OSCAL Profile Model - XML Schema Reference description: OSCAL Profile Model XML Schema Reference permalink: /docs/schemas/oscal-profile-xml/ layout: schemas diff --git a/docs/content/documentation/schemas/ssp-json.md b/docs/content/documentation/schemas/ssp-json.md new file mode 100644 index 0000000000..4b07aa65b3 --- /dev/null +++ b/docs/content/documentation/schemas/ssp-json.md @@ -0,0 +1,10 @@ +--- +title: Schema Reference - JSON System Security Plan Model +description: OSCAL System Security Plan Model JSON Schema Reference +permalink: /docs/schemas/oscal-ssp-json/ +layout: schemas +topnav: schemareference +sidenav: schemas +subnav: true +model: oscal-ssp-json +--- diff --git a/docs/content/documentation/schemas/ssp-xml.md b/docs/content/documentation/schemas/ssp-xml.md new file mode 100644 index 0000000000..392b96b113 --- /dev/null +++ b/docs/content/documentation/schemas/ssp-xml.md @@ -0,0 +1,10 @@ +--- +title: Schema Reference - XML System Security Plan Model +description: OSCAL System Security Plan Model XML Schema Reference +permalink: /docs/schemas/oscal-ssp-xml/ +layout: schemas +topnav: schemareference +sidenav: schemas +subnav: true +model: oscal-ssp-xml +--- diff --git a/docs/content/downloads.md b/docs/content/downloads.md index a568858bc1..056e5241ca 100644 --- a/docs/content/downloads.md +++ b/docs/content/downloads.md @@ -10,7 +10,9 @@ layout: post Official releases of the OSCAL Project are available on the project's [GitHub repository](https://github.com/usnistgov/OSCAL/releases). These releases align with the project's [roadmap](/OSCAL/learnmore/roadmap/). -- [OSCAL 1.0 Milestone 1](https://github.com/usnistgov/OSCAL/releases): Stable releases of the OSCAL Catalog and Profile layers, including XML and JSON schema, content examples, and content converters. +- [OSCAL 1.0.0 Milestone 1](https://github.com/usnistgov/OSCAL/releases): Stable releases of the OSCAL Catalog and Profile layers, including XML and JSON schema, content examples, and content converters. + +OSCAL uses version strings for releases based on the [semantic versioning v2.0.0](https://semver.org/spec/v2.0.0.html) specification. # Future OSCAL Compatibility Commitment @@ -18,8 +20,8 @@ The OSCAL Project team recognizes the impact of syntax changes on content and to The OSCAL team can not anticipate all issues raised or feedback received. In rare cases, changes to the OSCAL models will need to be made to address a compelling issue. In these instances, the OSCAL team will do everything practical to minimize the impact to early adopters, and document any changes where impacts are unavoidable in the [release notes](https://github.com/usnistgov/OSCAL/tree/master/src/release/release-notes.txt). -NIST encourages early adoption of released OSCAL content, tools, and schema. In general early adopters can count on the following, from the first milestone release to the first official 1.0 release of OSCAL: +NIST encourages early adoption of released OSCAL content, tools, and schema. In general early adopters can count on the following, from the first milestone release to the first official 1.0.0 release of OSCAL: -- Any data element modeled in the milestone release will be modeled in the 1.0 release. Typically with the same syntax. -- All features available in a milestone release will be available in the 1.0 release. +- Any data element modeled in the milestone release will be modeled in the 1.0.0 release. Typically with the same syntax. +- All features available in a milestone release will be available in the 1.0.0 release. - Deferred features, such as cryptographic validation, will be implemented while minimizing the impact to existing content. Most new features will be implemented as optional extensions with no impact to existing content. diff --git a/docs/content/learnmore/assessors.md b/docs/content/learnmore/assessors.md index 6426f9b904..0eee66fb57 100644 --- a/docs/content/learnmore/assessors.md +++ b/docs/content/learnmore/assessors.md @@ -5,15 +5,6 @@ permalink: /learnmore/assessors/ layout: post topnav: learnmore sidenav: learnmore -subnav: - - text: For Security Professionals - href: /learnmore/securitypros/ - - text: For Assessors - href: /learnmore/assessors/ - - text: For Tool Developers - href: /learnmore/tooldevelopers/ - - text: For Policy Authors - href: /learnmore/contentcreators/ sticky_sidenav: true --- diff --git a/docs/content/learnmore/casestudies.md b/docs/content/learnmore/casestudies.md index e3d30a257b..9f28627ef2 100755 --- a/docs/content/learnmore/casestudies.md +++ b/docs/content/learnmore/casestudies.md @@ -10,7 +10,7 @@ layout: post ## General Services Administration (GSA) Federal Risk and Authorization Management Program (FedRAMP) -[Government Computer News Story - FedRAMP Updates](https://gcn.com/articles/2018/06/14/fedramp-updates.aspx) +Government Computer News Story - FedRAMP Updates "FedRAMP officials want to make it easier for agencies to get cloud service providers [authorized]. The National Institute of Standards and Technology’s Open Security Controls Assessment Language, which speeds up the security controls assessment process through standardization and automation, will be available for testing by the end of [the 2019] fiscal year", Matt Goodrich said at the June 13th, 2018 Advanced Technology Academic Research Center (ATARC) Federal Cloud and Data Center Summit. He was FedRAMP Director at this time. diff --git a/docs/content/learnmore/contentcreators.md b/docs/content/learnmore/contentcreators.md index 9b9f17390d..4a1c8b3524 100644 --- a/docs/content/learnmore/contentcreators.md +++ b/docs/content/learnmore/contentcreators.md @@ -5,15 +5,6 @@ permalink: /learnmore/contentcreators/ layout: post topnav: learnmore sidenav: learnmore -subnav: - - text: For Security Professionals - href: /learnmore/securitypros/ - - text: For Assessors - href: /learnmore/assessors/ - - text: For Tool Developers - href: /learnmore/tooldevelopers/ - - text: For Policy Authors - href: /learnmore/contentcreators/ sticky_sidenav: true --- diff --git a/docs/content/learnmore/goals.md b/docs/content/learnmore/goals.md index a34a809206..78723c19d1 100644 --- a/docs/content/learnmore/goals.md +++ b/docs/content/learnmore/goals.md @@ -14,11 +14,11 @@ The OSCAL project is working to address the following goals: - Normalize the representation of security control catalogs, regulatory frameworks, and system information using precise, machine readable formats. - Allow the sharing of control implementation information across communities. 1. Improve the efficiency, accuracy, and consistency of system security assessments. - - Assess a system's compliance state against several sets of requirements simultaneously and ensure traceability between the requirements. + - Assess a system's security control implementation against several sets of requirements simultaneously and ensure traceability between the requirements. - Enable assessments to be performed consistently, regardless of system type. 1. Allow a system's security state to be assessed more often, ideally continuously, driving continuous assurance. - Drive a large decrease in assessment-related labor, decreasing assessment and authorization time. - - Support the evaluation of control implementation effectiveness based on data collected using a continuous monitoring capability. + - Support the assessment of control implementation effectiveness based on data collected using a continuous monitoring capability. ## OSCAL Design Principles @@ -29,5 +29,5 @@ To address these goals, the OSCAL project is guided by the following design prin - Provide a common means to identify and version shared resources. - Standardize the expression of assessment artifacts, driving crowd-sourced development and improvement across profile and implementation layers. - Align OSCAL models with current, practical information, and support advanced structures that provide for greater automation and verification. - - Ensure security controls, implementation, and verification processes have full traceability and inherit at the baseline (software and service provider) and system interconnection levels. + - Ensure security controls, implementation, and assessment processes have full traceability to the selected control baseline and accross system boundaries for interconnected systems and common control providers. - Provides a path for early adoption and ongoing evolution around how OSCAL will be used. diff --git a/docs/content/learnmore/index.md b/docs/content/learnmore/index.md index 49ea24f316..800282dcce 100755 --- a/docs/content/learnmore/index.md +++ b/docs/content/learnmore/index.md @@ -5,16 +5,6 @@ permalink: /learnmore/ layout: post sidenav: learnmore sticky_sidenav: true -subnav: - - text: For Security Professionals - href: /learnmore/securitypros/ - - text: For Assessors - href: /learnmore/assessors/ - - text: For Tool Developers - href: /learnmore/tooldevelopers/ - - text: For Policy Authors - href: /learnmore/contentcreators/ - --- NIST is developing the Open Security Controls Assessment Language (OSCAL) as a standardized, data-centric framework that can be applied to an information system for documenting and assessing its security controls. Today, security controls and control baselines are represented in proprietary formats, requiring data conversion and manual effort to describe their implementation. An important goal of OSCAL is to move the security controls and control baselines from a text-based and manual approach (using word processors or spreadsheets) to a set of standardized and machine-readable formats. With systems security information represented in OSCAL, security professionals will be able to automate security assessment, auditing, and continuous monitoring processes. diff --git a/docs/content/learnmore/roadmap.md b/docs/content/learnmore/roadmap.md index c7dfbe9d54..d597dcd0aa 100755 --- a/docs/content/learnmore/roadmap.md +++ b/docs/content/learnmore/roadmap.md @@ -16,7 +16,7 @@ OSCAL is being designed and created over a series of development epics leveragin Each [milestone](https://github.com/usnistgov/OSCAL/milestones) will result in an incremental release of OSCAL resources. -- OSCAL 1.0 [Milestone 1](https://github.com/usnistgov/OSCAL/milestone/1): Develop the OSCAL Catalog and Profile models +- OSCAL 1.0.0 [Milestone 1](https://github.com/usnistgov/OSCAL/milestone/1): Develop the OSCAL Catalog and Profile models The initial OSCAL work encompasses the [catalog]({{ site.baseurl }}/docs/catalog/) and [profile]({{ site.baseurl }}/docs/profile/) concepts of the OSCAL [architecture]({{ site.baseurl }}/docs/). There are several types of users who will benefit from OSCAL catalogs and profiles. They include the following producers of OSCAL catalogs, profiles, and/or tools: @@ -32,8 +32,8 @@ Each [milestone](https://github.com/usnistgov/OSCAL/milestones) will result in a - **Auditors/assessors:** performing audits/assessments on demand with minimal effort - **Policy personnel:** identifying systemic problems that necessitate changes to organizational security policies -- OSCAL 1.0 [Milestone 2](https://github.com/usnistgov/OSCAL/milestone/2): Develop the OSCAL Implementation models -- OSCAL 1.0 [Milestone 3](https://github.com/usnistgov/OSCAL/milestone/3): Develop the OSCAL Assessment and Assessment Results models -- OSCAL 1.0 [Final Release](https://github.com/usnistgov/OSCAL/milestone/4): Publish an OSCAL 1.0 Specification +- OSCAL 1.0.0 [Milestone 2](https://github.com/usnistgov/OSCAL/milestone/2): Develop the OSCAL Implementation models +- OSCAL 1.0.0 [Milestone 3](https://github.com/usnistgov/OSCAL/milestone/3): Develop the OSCAL Assessment and Assessment Results models +- OSCAL 1.0.0 [Final Release](https://github.com/usnistgov/OSCAL/milestone/4): Publish an OSCAL 1.0 Specification To accelerate development, we are not focused on developing a formal specification for OSCAL until the final milestone. Until then, the OSCAL models will be [documented]({{ site.baseurl }}/docs/schemas/) on this site. This will allow us to work on a formal specification once most of the major development of OSCAL is completed. Until that point, adopters of OSCAL will find all of the resources they need to develop content and tools on this site. diff --git a/docs/content/learnmore/securitypros.md b/docs/content/learnmore/securitypros.md index d291136453..0d5d5c53c1 100644 --- a/docs/content/learnmore/securitypros.md +++ b/docs/content/learnmore/securitypros.md @@ -5,15 +5,6 @@ permalink: /learnmore/securitypros/ layout: post topnav: learnmore sidenav: learnmore -subnav: - - text: For Security Professionals - href: /learnmore/securitypros/ - - text: For Assessors - href: /learnmore/assessors/ - - text: For Tool Developers - href: /learnmore/tooldevelopers/ - - text: For Policy Authors - href: /learnmore/contentcreators/ sticky_sidenav: true --- diff --git a/docs/content/learnmore/tooldevelopers.md b/docs/content/learnmore/tooldevelopers.md index 7a684cc7a4..676916be66 100644 --- a/docs/content/learnmore/tooldevelopers.md +++ b/docs/content/learnmore/tooldevelopers.md @@ -5,15 +5,6 @@ permalink: /learnmore/tooldevelopers/ layout: post topnav: learnmore sidenav: learnmore -subnav: - - text: For Security Professionals - href: /learnmore/securitypros/ - - text: For Assessors - href: /learnmore/assessors/ - - text: For Tool Developers - href: /learnmore/tooldevelopers/ - - text: For Policy Authors - href: /learnmore/contentcreators/ sticky_sidenav: true --- diff --git a/docs/content/resources/index.md b/docs/content/resources/index.md index be926a70aa..5d534e9c74 100755 --- a/docs/content/resources/index.md +++ b/docs/content/resources/index.md @@ -24,7 +24,7 @@ layout: post ## News -* [FedRAMP Looks to NIST for Security Control Refinements](https://gcn.com/articles/2018/06/14/fedramp-updates.aspx) +* FedRAMP Looks to NIST for Security Control Refinements * [Automating Compliance for Highly Regulated Industries with Docker Enterprise Edition and OSCAL](https://blog.docker.com/2018/05/automating-compliance-docker-ee-oscal/) * [Federal Business Council Presentation](https://www.fbcinc.com/e/FITSC/presentations/Iorga-FITSC-CSAT_with_RMFOSCAL.pdf) * [What's Next for FedRAMP? Automation, new authorizations later this year](https://federalnewsnetwork.com/federal-cloud-report/2018/06/whats-next-for-fedramp-automation-new-authorizations-and-more-later-this-year/) diff --git a/src/content/components/example-component.json b/src/content/components/example-component.json new file mode 100644 index 0000000000..b54da7d853 --- /dev/null +++ b/src/content/components/example-component.json @@ -0,0 +1,77 @@ +{ + "component-definition": { + "metadata": { + "title": "Test Component Defintion", + "last-modified-date": "2019-08-21T15:24:24.389Z", + "oscal-version": "1.0.0-milestone2", + "parties": { + "id": "party-1", + "org": {"org-name": "Test Vendor"} + } + }, + "components": { + "component-1": { + "name": "test component 1", + "component-type": "software", + "title": "test component 1", + "description": "This is a software component that implements basic authentication mechanisms.", + "supplier": { + "party-id": "party-1", + "role-id": "vendor" + }, + "control-implementations": { + "description": "", + "can-meet-requirement-sets": [ + { + "source": "../../../content/nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_catalog.json", + "description": "This is a partial implementation of the SP 800-53 rev4 catalog, focusing on the control enhancement AC-2 (2).", + "implemented-requirements": { + "id": "requirement-ac-2-2", + "description": "Inactive accounts are automatically disabled based on the duration specified by the duration parameter. Disabled accounts are expected to be reviewed and removed when appropriate.", + "subcontrol-id": "ac-2.2", + "using": { + "implementations": { + "configuration-id": "config-1", + "with-arguments": { + "duration": { + "use-param": "ac-2.2_prm_2" + } + } + } + } + } + }, + { + "source": "../../../content/fedramp.gov/json/FedRAMP_HIGH-baseline_profile.json", + "description": "This is a partial implementation of the FedRAMP High profile, focusing on the control enhancement AC-2 (2).", + "implemented-requirements": + {"requirement-id": "requirement-ac-2-2"} + } + ] + }, + "configurations": { + "config-1": { + "description": "", + "arguments": { + "duration": {"type": "duration-seconds"} + }, + "mechanisms": { + "configuration-method": { + "script": { + "STRVALUE": "something {{ duration }} ", + "system": "https://www.perl.org/" + } + }, + "verification-method": { + "script": { + "STRVALUE": "something {{ duration }} ", + "system": "https://www.perl.org/" + } + } + } + } + } + } + } + } +} \ No newline at end of file diff --git a/src/content/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_catalog.xml b/src/content/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_catalog.xml index 273e131ab4..8886c2b410 100644 --- a/src/content/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_catalog.xml +++ b/src/content/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_catalog.xml @@ -1,18 +1,18 @@ - - + + + id="uuid-f3de8b2b-dc8e-4b17-9653-e83b708a6663"> NIST Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations - 2019-06-05T17:36:38.803-04:00 + 2019-08-17T11:39:39.05-04:00 2015-01-22 1.0.0-milestone1 Assurance, computer security, FISMA, Privacy Act, Risk Management Framework, security controls, security requirements - - + NIST publication (PDF) + NIST publication via DOI lookup Document creator diff --git a/src/metaschema/oscal_catalog_metaschema.xml b/src/metaschema/oscal_catalog_metaschema.xml index 69983f5ea5..69d7596981 100644 --- a/src/metaschema/oscal_catalog_metaschema.xml +++ b/src/metaschema/oscal_catalog_metaschema.xml @@ -5,318 +5,307 @@ - - OSCAL Control Catalog Format - 1.0-milestone1 - oscal-catalog - http://csrc.nist.gov/ns/oscal/1.0 - - -

    The OSCAL Control Catalog format can be used to describe a collection of security controls and related control enhancements (subcontrols), along with contextualizing documentation and metadata. The root of the Control Catalog format is catalog.

    -     - - - - - - Catalog - A collection of controls. - -

    Catalogs may use one or more group objects to subdivide the control contents of a catalog.

    -

    An OSCAL catalog model provides a structured representation of control information. Representing the other non-control propose contents of a source catalog is beyond the scope of the OSCAL catalog model. It is expected that other document formats will address this additional information.

    -     - - - - - - - - - - Back matter including references and resources. - - - - A small catalog with a single control - - A Miniature Catalog - - A Single Control - - - -     - - + + + + + + + + + + + Back matter including references and resources. + + + +

    Catalogs may use one or more group objects to subdivide the control contents of a catalog.

    +

    An OSCAL catalog model provides a structured representation of control information.

    +     + + A small catalog with a single control + + A Miniature Catalog + + A Single Control + + + + + - - - - - - - Control Group - A group of controls, or of groups of controls. - -

    Catalogs can use a group to collect related controls into a single grouping. That can be useful to group controls into a family or other logical grouping.

    -

    A group may have its own properties, statements, parameters, and references, which are inherited by all members of that group.

    -     - - - - - - - - - - - - - - - My Group - some property - - Control - - - -     - - - - - Control - A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance. - -

    Controls may be grouped using group, and controls may be partitioned using + + Control Group + A group of controls, or of groups of controls. + + + + + + + + + + + + + + + + + + + + + + + + + +

    Catalogs can use a group to collect related controls into a single grouping. That can be useful to group controls into a family or other logical grouping.

    +

    A group may have its own properties, statements, parameters, and references, which are inherited by all members of that group.

    +     + + + My Group + some property + + Control + + + +     + + Control + A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance. + + + + + + + + + + + + + + + + + + + + + + + + +

    Controls may be grouped using group, and controls may be partitioned using part or enhanced using subcontrol.

    -     - - - - - - - - - - - - - - Control 1 - - -     - - - - - Sub-Control - A control extension or enhancement - -

    -     - - - The subcontrol's human-readable name. - - - - - - - - -     - - - - - - - - Parameter - Parameters provide a mechanism for the dynamic assignment of value(s) in a control. - -

    In a catalog, a parameter is typically used as a placeholder for the future assignment of a parameter value, although the OSCAL model allows for the direct assignment of a value if desired by the control author. The value may be optionally used to specify one or more values. If no value is provided, then it is expected that the value will be provided at the Profile or Implementation layer.

    -

    A parameter can include a variety of metadata options that support the future solicitation of one or more values. A label provides a textual placeholder that can be used in a tool to solicit parameter value input, or to display in catalog documentation. The desc provides a short description of what the parameter is used for, which can be used in tooling to help a user understand how to use the parameter. A constraint can be used to provide criteria for the allowed values. A guideline provides a recommendation for the use of a parameter.

    -     - - - A short name for the parameter. - -

    The label value should be suitable for inline display in a rendered catalog.

    -     -     - - A short summary of the parameter's intended use. -

    A label is optional, but should be provided unless a select (selection) is provided.

     -     - - A rule describing the permissible parameter values. - -

    Currently, OSCAL does not standardize any formal rules language for value constraints. A test option may be used to specify a formal rule that may be automatically used if recognized by an OSCAL tool. Further development is needed to support the declaration of a rule language and value.

    -     -     - - Additional recommendations for the use of the parameter, or around what values should be provided. - - - - A recommended parameter value or set of values. - -

    A value provided in a catalog can be redefined at any higher layer of OSCAL (e.g., Profile).

    -     -     - - A set of parameter value choices, that may be picked from to set the parameter value. - -

    .

    -     -     -     - - - - -     -     - - - Parameter label - A placeholder for a missing value, in display. - - - + + + + + + Parameter + Parameters provide a mechanism for the dynamic assignment of value(s) in a control. + + + + + + A short name for the parameter. + +

    The label value should be suitable for inline display in a rendered catalog.

    +     +     + + + + + + + + + + + + A recommended parameter value or set of values. + +

    A value provided in a catalog can be redefined at any higher layer of OSCAL (e.g., Profile).

    +     +     + + A set of parameter value choices, that may be picked from to set the parameter value. + +

    .

    +     +     +     + + + + +     + +

    In a catalog, a parameter is typically used as a placeholder for the future assignment of a parameter value, although the OSCAL model allows for the direct assignment of a value if desired by the control author. The value may be optionally used to specify one or more values. If no value is provided, then it is expected that the value will be provided at the Profile or Implementation layer.

    +

    A parameter can include a variety of metadata options that support the future solicitation of one or more values. A label provides a textual placeholder that can be used in a tool to solicit parameter value input, or to display in catalog documentation. The desc provides a short description of what the parameter is used for, which can be used in tooling to help a user understand how to use the parameter. A constraint can be used to provide criteria for the allowed values. A guideline provides a recommendation for the use of a parameter.

    +     +     + + Parameter label + A placeholder for a missing value, in display. + + - - - Parameter description - Indicates and explains the purpose and use of a parameter - - - - - - Constraint - A formal or informal expression of a constraint or test - - - - Guideline - A prose statement that provides a recommendation for the use of a parameter. - - - - - - - - Value constraint - Indicates a permissible value for a parameter or property - -

    In a declaration, value will commonly be given in groups, indicating a set of + + Parameter description + Indicates and explains the purpose and use of a parameter + + + + Constraint + A formal or informal expression of a constraint or test + + + + Guideline + A prose statement that provides a recommendation for the use of a parameter. + + + + + + + Value constraint + Indicates a permissible value for a parameter or property + +

    In a declaration, value will commonly be given in groups, indicating a set of enumerated permissible values (i.e., for an element to be valid to a value constraint, it must equal one of the given values).

    -

    In a parameter, a value represents a value assignment to the parameter, overriding any +

    In a parameter, a value represents a value assignment to the parameter, overriding any value given at the point of insertion. When parameters are provided in OSCAL profiles, their values will override any values assigned lower down the stack.

    -     -     - - - - - Selection - Presenting a choice among alternatives - - - - - - - - Choice - A value selection among several such options - - - - - - - - Part - A partition or component of a control, subcontrol or part - -

    A part provides for logical partitioning of prose, and can be thought of as a grouping structure (e.g., section). A part can have child parts allowing for arbitrary nesting of prose content (e.g., statement hierarchy). A part can contain prop objects that allow for enriching prose text with structured name/value information.

    -

    A part can be assigned an optional id>, which allows for internal and external references to the textual concept contained within a part. A id provides a means for an OSCAL profile, or a higher layer OSCAL model to reference a specific part within a catalog. For example, an id can be used to reference or to make modifications to a control statement in a profile.

    -

    Use of part and prop provides for a wide degree of extensibility within the OSCAL catalog model. The optional ns provides a means to qualify a part's name, allowing for organization-specific vocabularies to be defined with clear semantics. Any organization that extends OSCAL in this way should consistently assign a ns value that represents the organization, making a given namespace qualified name unique to that organization. This allows the combination of ns and name to always be unique and unambiguous, even when mixed with extensions from other organizations. Each organization is responsible for governance of their own extensions, and is strongly encouraged to publish their extensions as standards to their user community. If no ns is provided, the name is expected to be in the "OSCAL" namespace.

    -

    To ensure a ns is unique to an organization and naming conflicts are avoided, a URI containing a DNS or other globally defined organization name should be used. For example, if FedRAMP and DoD both extend OSCAL, FedRAMP will use the ns "https://fedramp.gov", while DoD will use the ns "https://defense.gov" for any organization specific name.

    -

    Tools that process OSCAL content are not required to interpret unrecognized OSCAL extensions; however, OSCAL-compliant tools should not modify or remove unrecognized extensions, unless there is a compelling reason to do so, such as data sensitivity.

    -     - - - - - - - - - - Multiple Parts with Different Organization-Specific Names - - Something FedRAMP Cares About - Something DoD Cares About - - -     - - - Constraint test - A formal (executable) expression of a constraint - - - - Cardinality - When selecting, a requirement such as one or more - - - - Depends on - Another parameter invoking this one - - -     \ No newline at end of file + + + + Selection + Presenting a choice among alternatives + + + + + + + + + + Choice + A value selection among several such options + + + Part + A partition or component of a control, subcontrol or part + + + + + + + + + + + + + + + + + + + +

    A part provides for logical partitioning of prose, and can be thought of as a grouping structure (e.g., section). A part can have child parts allowing for arbitrary nesting of prose content (e.g., statement hierarchy). A part can contain prop objects that allow for enriching prose text with structured name/value information.

    +

    A part can be assigned an optional id>, which allows for internal and external references to the textual concept contained within a part. A id provides a means for an OSCAL profile, or a higher layer OSCAL model to reference a specific part within a catalog. For example, an id can be used to reference or to make modifications to a control statement in a profile.

    +

    Use of part and prop provides for a wide degree of extensibility within the OSCAL catalog model. The optional ns provides a means to qualify a part's name, allowing for organization-specific vocabularies to be defined with clear semantics. Any organization that extends OSCAL in this way should consistently assign a ns value that represents the organization, making a given namespace qualified name unique to that organization. This allows the combination of ns and name to always be unique and unambiguous, even when mixed with extensions from other organizations. Each organization is responsible for governance of their own extensions, and is strongly encouraged to publish their extensions as standards to their user community. If no ns is provided, the name is expected to be in the "OSCAL" namespace.

    +

    To ensure a ns is unique to an organization and naming conflicts are avoided, a URI containing a DNS or other globally defined organization name should be used. For example, if FedRAMP and DoD both extend OSCAL, FedRAMP will use the ns "https://fedramp.gov", while DoD will use the ns "https://defense.gov" for any organization specific name.

    +

    Tools that process OSCAL content are not required to interpret unrecognized OSCAL extensions; however, OSCAL-compliant tools should not modify or remove unrecognized extensions, unless there is a compelling reason to do so, such as data sensitivity.

    +     + + Multiple Parts with Different Organization-Specific Names + + Something FedRAMP Cares About + Something DoD Cares About + + +     + + Constraint test + A formal (executable) expression of a constraint + + + Cardinality + When selecting, a requirement such as one or more + + + Depends on + Another parameter invoking this one + + + + Prose + Prose permits multiple paragraphs, lists, tables etc. + + diff --git a/src/metaschema/oscal_component_metaschema.xml b/src/metaschema/oscal_component_metaschema.xml new file mode 100644 index 0000000000..0855238969 --- /dev/null +++ b/src/metaschema/oscal_component_metaschema.xml @@ -0,0 +1,229 @@ + + + + + + + OSCAL Implementation Component Format + 1.0.0-milestone2 + oscal-component + http://csrc.nist.gov/ns/oscal/1.0 + + + +

    The OSCAL Implementation Component format can be used to describe the implementation of controls in a component or a set of components grouped as a capabiity. A component can be either a technical component, or a documentary component. A technical component is a component that is implemented in hardware (physical or virtual) or software. A documentary component is a component implemented in a document, such as a process, proceedure, or policy.

    +

    The root of the OSCAL Implementation Component format is component-definition.

    +

    NOTE: This documentation is a work in progress. As a result, documentation for many of the information elements is missing or incomplete.

    +     + + + + + Component Definition + TBD + + + + + + + + + + + + + + + + + Import Component Definition + Loads a component definition from another resource. + + Hyperlink Reference + A link to a resource that defines a set of components and/or capabilities to import into this collection. + + + + + Component + A defined component that can be part of an implemented system. + + + Component Identifier + A unique identifier for a component. + + + Component Name + The component's short, human-readable name. + + + + + A longer name for the component. + + + + + + + The version of the component. + The model of the component. Useful for 'software', 'hardware', and 'service' components. + The date the component was released. + + + + + + + + A reference to another component that this component has a dependency on. + A reference to another component of type=validation, that is a validation (e.g., FIPS 140-2) for this component + A pointer to a validation record (e.g., FIPS 140-2) or other authorization. + + + + + + + + + + + + + + + + + + +

    Components may be products, services, APIs, policies, processes, plans, guidance, + standards, or other tangible items that enable security and/or privacy.

    +

    The type indicates which of these component types is represented.

    +

    A group of components may be aggregated into a capability. For example, am account management capability that consists of an account management process, and a Lightweight Directory Access Protocol (LDAP) software implementation.

    +

    Capabilities are expressed by combining one or more components.

    +     +     + + + Capability + A grouping of other components and/or capabilities. + + + Capability Identifier + A unique identifier for a capability. + + + Capability Name + The capability's human-readable name. + + + + + + + + + + + + + + + + + + + + + + + + + + Control Implementation + Defines how the component or capability supports a set of controls. + + + + + + + + + + Can Meet + Defines what sets of controls are supported by the component. + + + + + + + + + + + + + + + + + + + + +     diff --git a/src/metaschema/oscal_implementation-common_metaschema.xml b/src/metaschema/oscal_implementation-common_metaschema.xml new file mode 100644 index 0000000000..fc8bc6190c --- /dev/null +++ b/src/metaschema/oscal_implementation-common_metaschema.xml @@ -0,0 +1,432 @@ + + + + + + + OSCAL Implementation Common Information + 1.0.0-milestone2 + oscal-implementation-common + http://csrc.nist.gov/ns/oscal/1.0 + + + + + (nominal root) + NOT TO BE USED IN A METASCHEMA + + + + + + + + + + + + + + + + + + + + + + + + + +

    This declaration provides a point of entry for validating the metaschema module standalone.

    +     +     + + + Component Type + A category describing the purpose of the component. + + Any software, operating system, or firmware + + A service that may provide APIs. + + + + + Any guideline or recommendation + + + + + + + Description + TBD + + + + Remarks + TBD + + + + Supplier + TBD + + + + + + + + + +

    For products, services, and APIs, this is the vendor information.

    +

    For policies, processes, plans, standards, and guidance, this is the authoring + organization.

    +

    For capabilities, this is the organization that defines and maintains the + capability.

    +     +     + + + Source Resource Reference + A reference to an OSCAL catalog or profile providing the referenced control or subcontrol definition. + + + + Control-based Requirement + TBD + + Requirement Identifier Reference + A reference to a requirement defined on another requirement set that should be included here. + + + + + + + + + + + + + + + + + + + + + + Control Identifier Reference + A reference to a control identifier. + + + Subcontrol Identifier Reference + A reference to a subcontrol identifier. + + + + Statement Identifier + Pointer to a speific requirement statement within a control or subcontrol. + + + + + Using + The set of implementations needed to support the control requirements. + + + + + + + + + Implementation + An implementation needed to support the control requirements. + + + + + + + + + + + + + + + + + + + + + + With Argument + An argument to pass to the referenced configuration. + + + Argument Name + The name of the argument. + + + + + + + + Using Parameter + An identified parameter from the catalog or profile who's value is assigned to the argument. + + + + Configuration Identifier Reference + A reference to a configuration defined on the component. + + + + Artifact Identifier Reference + A reference to an artifact defined on the component. + + + + Configuration + Information on how to configure the component (for technical types of components). + + + Configuration Identifier + A unique identifier for the configuration. + + + + + + + + + + + + + + + + + + + + + mechanism + Information on a mechanism used to configure the component. + + Mechanism Identifier + A unique identifier for the configuration mechanism. + + + + + + + + + + + + + + + + + + + Configuration Method + A mechanism used to deploy the configuration. + + + + + + + + + Verification Method + A mechanism used to verify a previously deployed configuration. + + + + + + + + + Script + An executable script. + + + + + system + A configure or verify system type described by a well-known URI + + + + argument + TBD + + + Argument Name + The name of an argument to be passed into a script. + + + Argument Data Type + The data type of the argument. + + + + + + + + + + + + + + + + + + Configuration + Information on how to use the component (for documentary types of components). + + + Artifact Identifier + A unique identifier for the artifact. + + + + + + + + + + + + + + + + + + Artifact Implementation Source + TBD + + Source Resource Reference + Where to get the artifact + + + + + + + + + + + + + + + + Artifact Verification Process + TBD + + Verification Process Resource Reference + Where to get the process to verify the artifact is implemented. + + + + + + + + + + + + + + + + Component Reference + A reference to a component by its identifier + + + + Capability Reference + A reference to a capability by its identifier + + + Incorporates Component + TBD + + + + + + + + + Incorporates Capability + TBD + + + Capability Reference + A reference to a capability by its identifier + + + + + + +     diff --git a/src/metaschema/oscal_metadata_metaschema.xml b/src/metaschema/oscal_metadata_metaschema.xml index 70a64ebf21..1cc7ce6ab0 100644 --- a/src/metaschema/oscal_metadata_metaschema.xml +++ b/src/metaschema/oscal_metadata_metaschema.xml @@ -5,553 +5,576 @@ + xmlns="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:o="http://csrc.nist.gov/ns/oscal/example" + xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/metaschema/1.0 ../../build/metaschema/lib/metaschema.xsd" + root="VALIDATION_root"> + OSCAL Document Metadata Description + 1.0.0-milestone2 + oscal-metadata + http://csrc.nist.gov/ns/oscal/metadata/1.0/ - OSCAL Document Metadata Description - 1.0-milestone1 - oscal-metadata - http://csrc.nist.gov/ns/oscal/metadata/1.0/ - - - (nominal root) - NOT TO BE USED IN A METASCHEMA - -

    This declaration provides a point of entry for validating the metaschema module standalone.

    -     - - - - -     - - - Publication metadata - Provides information about the publication and availability of the containing document. - - - - - - - - - - - - - - - - Back matter - A collection of citations and resource references. - -

    Provides a collection of identified citation and resource objects that can be referenced by a link with a rel value of "reference" and an href value that is a fragment "#" followed by a reference to a citation identifier. A citation can reference a resource by specifying a local target value using the same fragment-identifier approach.

    -     - - - - - - - Use of link, citation, and resource + + (nominal root) + NOT TO BE USED IN A METASCHEMA + + + + + -

    The following is a contrived example to show the use of link, citation, and resource.

    +

    This declaration provides a point of entry for validating the metaschema module standalone.

     - - My citation - ...snip... - - - #resource1 - - - - - - -     -     - - - text - - - - Link - A reference to a local or remote resource, with associated markup. - -

    This is a rough analog to an HTML anchor (a), except this is a line-oriented (block) - element.

    -

    The href must point to a local or remote resource. If a local resource is used, this will be indicated by a fragment "#" followed by an identifier which references an identified citation or resource in the document's back-matter. If a remote resource is used, the href value will be an absolute or relative URI pointing to the location of the referenced resource. A relative URI can be resolved relative to the location of the document conatining the link.

    -

    To provide a cryptographic hash for a remote target resource, a local reference to a resource is needed. The resource allows one or more hash values to be provided using the rlink hash object.

    -

    The media-type provides a hint about the content model of the referenced resource. A valid entry from the IANA Media Types registry

    -     - - Providing for link integrity + + + Publication metadata + Provides information about the publication and availability of the containing document. + + + + + + + + + + + + + + + + + + + + + + + + + Back matter + A collection of citations and resource references. + + + + + + + + -

    The following is a contrived example to show the use of link, citation, and resource.

    +

    Provides a collection of identified citation and resource objects that can be referenced by a link with a rel value of "reference" and an href value that is a fragment "#" followed by a reference to a citation identifier. A citation can reference a resource by specifying a local target value using the same fragment-identifier approach.

     - - My Hashed Resource + + Use of link, citation, and resource + +

    The following is a contrived example to show the use of link, citation, and + resource.

    +     + + My citation + ...snip... + + + #resource1 + + + + + + +     +     + + Link + A reference to a local or remote resource + text + + + + +

    This is a rough analog to an HTML anchor (a), except this is a line-oriented (block) + element.

    +

    The href must point to a local or remote resource. If a local resource is used, this will be indicated by a fragment "#" followed by an identifier which references an identified citation or resource in the document's back-matter. If a remote resource is used, the href value will be an absolute or relative URI pointing to the location of the referenced resource. A relative URI can be resolved relative to the location of the document conatining the link.

    +

    To provide a cryptographic hash for a remote target resource, a local reference to a resource is needed. The resource allows one or more hash values to be provided using the rlink + hash object.

    +

    The media-type provides a hint about the content model of the referenced resource. A valid entry from the IANA Media Types registry +

    +     + + Providing for link integrity + +

    The following is a contrived example to show the use of link, citation, and resource.

    +     + + My Hashed Resource ...snip... - - - C2E9C1..snip..F88D2E - - - - -     -     - - - Last modified date - Date of last modification. - -

    This value represents the point in time when the OSCAL document was last updated. The date value must be an ISO 8601 formatted date with full time and time zone indicated. Ordinarily, a date value will be machine generated at time of creation or modification.

    -

    In some cases, an OSCAL document may be derived from some source material in a different format. In such a case, the last-modified-date value should indicate the modification time of the OSCAL document, not the source material.

    -     -     - - - Document version - The version of the document content. -

    A string indicating the document's version, by release number, date, or other identifier. This version is typically set by the document owner or by the tool used to maintain the content.

     -     - - - OSCAL version - OSCAL model version. -

    Indicates the version of the OSCAL model to which this data set conforms, for example - 1.0-M1.

     -     - - - - Qualifies the kind of document identifier. - - A Digital Object Identifier (DOI); use is preferred, since this allows for retrieval of a full bibliographic record. - - - Document Identifier - A document identifier qualified by an identifier type. - -

    A document identifier or name, qualified by a type that indicates the naming system of the identifier. A document identifier may provide a hint to the persistant location of the same or another version of the document.

    - -

    Specific usage rules, nomenclatures, and recognized file types (e.g., DOIs, CMS locators, etc.) may be defined at application level. The value of this field may also be a hash or checksum.

    -     -     - - - Type - Indicating the type of identifier, address, email or other data item. -

    Generally, this flag is used to relate to schemes and taxonomies defined outside the OSCAL application in some public form; i.e. they can be looked up. The values may be constrained to a locally defined list.

     -     - - - - - - Used to provide a listing of keywords. This is typically used on a prop in the metadata to provide keywords for the document. - A human-readable label for the parent context. - An assessment method. - The status of a control or subcontrol. The value can be 'withdrawn' to indicate that the control or subcontrol has been withdrawn and should no longer be used. - - - - - - Property - A value with a name, attributed to the containing control, subcontrol, part, + + + C2E9C1..snip..F88D2E + + + + +     +     + + Last modified date + Date of last modification. + +

    This value represents the point in time when the OSCAL document was last updated. The date value must be an ISO 8601 formatted date with full time and time zone indicated. Ordinarily, a date value will be machine generated at time of creation or modification.

    +

    In some cases, an OSCAL document may be derived from some source material in a different format. In such a case, the last-modified-date value should indicate the modification time of the OSCAL document, not the source material.

    +     +     + + Document version + The version of the document content. + +

    A string indicating the document's version, by release number, date, or other identifier. This version is typically set by the document owner or by the tool used to maintain the content.

    +     +     + + OSCAL version + OSCAL model version. + +

    Indicates the version of the OSCAL model to which this data set conforms, for example + 1.0-M1.

    +     +     + + Document Identifier + A document identifier qualified by an identifier type. + + Qualifies the kind of document identifier. + + A Digital Object Identifier (DOI); use is preferred, since this allows for retrieval of a full bibliographic record. + + + +

    A document identifier or name, qualified by a type that indicates the naming system of the identifier. A document identifier may provide a hint to the persistant location of the same or another version of the document.

    +

    Specific usage rules, nomenclatures, and recognized file types (e.g., DOIs, CMS locators, etc.) may be defined at application level. The value of this field may also be a hash or checksum.

    +     +     + + Type + Indicating the type of identifier, address, email or other data item. + +

    Generally, this flag is used to relate to schemes and taxonomies defined outside the OSCAL application in some public form; i.e. they can be looked up. The values may be constrained to a locally defined list.

    +     +     + + Property + A value with a name, attributed to the containing control, subcontrol, part, or group. - -

    Properties permit the deployment and management of arbitrary controlled values, with and among control objects (controls, parts, and extensions), for any purpose useful to an application or implementation of those controls. Typically, properties will be used to sort, select, order, and arrange controls or relate them to one another or to class hierarchies, taxonomies, or external authorities.

    -

    The value of a property is a + + + + Used to provide a listing of keywords. This is typically used on a prop in the metadata to provide keywords for the document. + A human-readable label for the parent context. + + An assessment method. + + The status of a control or subcontrol. The value can be 'withdrawn' to indicate that the control or subcontrol has been withdrawn and should no longer be used. + + + + + + +

    Properties permit the deployment and management of arbitrary controlled values, with and among control objects (controls, parts, and extensions), for any purpose useful to an application or implementation of those controls. Typically, properties will be used to sort, select, order, and arrange controls or relate them to one another or to class hierarchies, taxonomies, or external authorities.

    +

    The value of a property is a simple scalar value or list of values.

    -

    The lexical composition of properties may be constrained by declarations including matching +

    The lexical composition of properties may be constrained by declarations including matching to regular expressions or by declaring a known datatype.

    -

    Because properties are often used as selectors or identifiers for OSCAL operations, their +

    Because properties are often used as selectors or identifiers for OSCAL operations, their values can be expected frequently to be normalized (e.g., with respect to whitespace) in use; however, this is application defined.

    -

    For singletons (that is, the only element among siblings with its class), +

    For singletons (that is, the only element among siblings with its class), properties are especially useful as proxies (unique identifiers) for their controls, such that controls may be returned one for one on queries for properties (name and value). The robustness of such queries can be ensured by appropriate property declarations (as singletons and as identifiers); cf declare-prop in the declarations model (which also supports other constraints over property values).

    -     -     - - - Name - Identifying the purpose and intended use of the property, part or other object. -

    This flag is intended to be used as a control point for validation of properties and parts + + + + Name + Identifying the purpose and intended use of the property, part or other object. + +

    This flag is intended to be used as a control point for validation of properties and parts with respect to constraints related to local semantics. A name is not necessarily expected to be unique, even within the scope of the parent (containing) structure. In some local applications, it is possible for a name to be unique and uniqueness of a name can be validated in such cases.

    -

    The definition of a name is subject to its namespace, offered by an ns flag (q.v.). When ns is not given, the namespace is assumed to be oscal and the name should be one of the recognized values for names - in OSCAL.

     -     - - - Namespace - A namespace qualifying the name. - -

    Identifies an organization or compliance regime defining the information needs (requirements) addressed by +

    The definition of a name is subject to its namespace, offered by an ns flag (q.v.). When ns is not given, the namespace is assumed to be oscal and the name should be one of the recognized values for names + in OSCAL.

    +     +     + + Namespace + A namespace qualifying the name. + +

    Identifies an organization or compliance regime defining the information needs (requirements) addressed by an object. When this attribute is not given, its value should be assumed to be oscal and the name should be a name defined by this specification.

    -     -     - - - Class - Indicating the type or classification of the containing object - -

    A class can be used in validation rules to express extra constraints over items of a specific class value. Some objects where this flag appears also permit a name and a ns to be assigned, which can provide for more rigor in validation.

    -     -     - - - - - Party (organization or person) - A responsible entity, either singular (an organization or person) or collective (multiple persons) - -

    As contents one of org or person is required, or both; there may be only one org, but many persons.

    -

    Note that persons can also be indicated with organizational affiliations by using + + + + Class + Indicating the type or classification of the containing object + +

    A class can be used in validation rules to express extra constraints over items of a specific class value. Some objects where this flag appears also permit a name and a ns to be assigned, which can provide for more rigor in validation.

    +     + + + Party (organization or person) + A responsible entity, either singular (an organization or person) or collective (multiple persons) + + + + + + + + + + +

    As contents one of org or person is required, or both; there may be only one org, but many persons.

    +

    Note that persons can also be indicated with organizational affiliations by using orgname inside person. Contact information in that case belongs to the person, not the organization: use org when an organization as such serves as a documented party.

    -     - - - - - -     - - - Person - A person, with contact information - - - - - Affiliated organization - - - - - - - - - - - - - Organization - An organization or legal entity (not a person), with contact information - - - - - - - - - - - - - - - Personal Identifier - An identifier for a person (such as an ORCID) using a designated scheme. - - - - - Organization Identifier - An identifier for an organization using a designated scheme. - - - - - - Related link - A pointer to an external copy of a document with optional hash for verification - -

    This is different from unstructured link, which makes no provision for a hash or formal title. It is also different from the element of the same name once proposed for HTML.

    -     - - - -     - - - Relation - Purpose of the link - -

    TO DO: discuss IANA link relation registry.

    -     -     - - - Media type - Describes the media type of a linked resource - -

    TO DO: discuss IANA media type registry.

    -     -     - - - Person Name - Full (legal) name of an individual - - - - Organization Name - Full (legal) name of an organization - -

    Only when this element is used directly within org can it be accepted of the name of the thing to which it is attached. This element may also be used directly on person to name an affiliated organization.

    -

    href can be used to provide external links or internal links to other elements. The sibling org-id element + + + + Party Reference + References a party defined in metadata. + + + Person + A person, with contact information + + + + + Affiliated organization + + + + + + + + + + + + + + + + + + + + + + + + Organization + An organization or legal entity (not a person), with contact information + + + + + + + + + + + + + + + + + + + + + + + Personal Identifier + An identifier for a person (such as an ORCID) using a designated scheme. + + + + Organization Identifier + An identifier for an organization using a designated scheme. + + + + Related link + A pointer to an external copy of a document with optional hash for verification + + + + + + + + +

    This is different from unstructured link, which makes no provision for a hash or formal title. It is also different from the element of the same name once proposed for HTML.

    +     +     + + Relation + Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + +

    TO DO: discuss IANA link relation registry.

    +     +     + + Media type + Describes the media type of the linked resource + +

    TO DO: discuss IANA media type registry.

    +     +     + + Person Name + Full (legal) name of an individual + + + Organization Name + Full (legal) name of an organization + +

    Only when this element is used directly within org can it be accepted of the name of the thing to which it is attached. This element may also be used directly on person to name an affiliated organization.

    +

    + href can be used to provide external links or internal links to other elements. The sibling org-id element (similarly for affiliated organizations) can also be used to link (for example to organizations listed elsewhere as parties.)

    -     -     - - - short-name - A common name, short name or acronym - -

    This element is not expected to be used to identify individual persons, but rather an + + + + short-name + A common name, short name or acronym + +

    This element is not expected to be used to identify individual persons, but rather an organization or system.

    -     -     - - - - Indicates the type of address. - - A home address. - A work address. - - - Address - A postal address. - - - - - - - - - - - - - Address line - A single line of an address. - - - - City - City, town or geographical region for mailing address - - - - State - State, province or analogous geographical region for mailing address - - - - Postal Code - Postal or ZIP code for mailing address - - - - Country - Country for mailing address - - - - Email - Email address - - - - - Indicates the type of phone number. + + + + Address + A postal address. + + Indicates the type of address. + + A home address. + A work address. + + + + + + + + + + + + + + + Address line + A single line of an address. + + + City + City, town or geographical region for mailing address + + + State + State, province or analogous geographical region for mailing address + + + Postal Code + Postal or ZIP code for mailing address + + + Country + Country for mailing address + + + Email + Email address + + + Telephone + Contact number by telephone + + Indicates the type of phone number. + + A home phone number. + An office phone number. + A mobile phone number. + + + + + URL + URL for web site or Internet presence + + + + Notes + Any notes with further information + + Indicates the type of note. + + + + + + + Description + A short textual description + + + Resource + A resource associated with the present document. + + + + + + + + + + + + +

    Use of resource allows for information that pertains to, authenticates, or supplements the document it is included in.

    +

    A resource can be used in two ways. 1) it may point to an specific retrievable network resource, or 2) be included as an attachment.

    +     +     + + Hash + A representation of a cryptographic digest generated over a resource using a hash algorithm. + value + + +

    A hash value can be used to authenticate that a referenced resource is the same resources as was pointed to by the author of the reference.

    +

    When appearing as part of a resource (data object), the hash should apply to the referenced object.

    +     +     + + Hash algorithm + Method by which a hash is derived - A home phone number. - An office phone number. - A mobile phone number. + + + + + - - Telephone - Contact number by telephone - - - - URL - URL for web site or Internet presence - - - - - Indicates the type of note. - - Notes - Any notes with further information - - - - - - - Description - A short textual description - - - - - Resource - A resource associated with the present document. - -

    Use of resource allows for information that pertains to, authenticates, or supplements the document it is included in.

    -

    A resource can be used in two ways. 1) it may point to an specific retrievable network resource, or 2) be included as an attachment.

    -     - - - - - - - - -     - - - value - - Hash - A representation of a cryptographic digest generated over a resource using a hash algorithm. - -

    A hash value can be used to authenticate that a referenced resource is the same resources as was pointed to by the author of the reference.

    -

    When appearing as part of a resource (data object), the hash should apply to the referenced object.

    -     -     - - - Hash algorithm - Method by which a hash is derived - - - - - - - - -

    Valid values MUST be a value defined in the W3C XML Security Algorithm Cross-Reference Digest Methods (W3C, April 2013).

     -     - - - - Role - Defining a role to be assigned to a party or agent - -

    Permissible values to be determined closer to the application (e.g. by a receiving + +

    Valid values MUST be a value defined in the W3C XML Security Algorithm Cross-Reference Digest Methods (W3C, April 2013).

    +     +     + + Role + Defining a role to be assigned to a party or agent + + + + + + + +

    Permissible values to be determined closer to the application (e.g. by a receiving authority).

    -     - - - - - -     - - - hypertext reference - A link to a document or document fragment (actual, nominal or projected) - -

    Note in particular that href targets include elements (locations) in + + + + hypertext reference + A link to a document or document fragment (actual, nominal or projected) + +

    Note in particular that href targets include elements (locations) in representations of documents that exist only by virtue of dynamic application, such as (for example) the results of profile resolution.

    -     -     - - - Identifier - Unique identifier of the containing object - -

    No mechanism is proposed to ensure that id values do not collide across + + + + Identifier + Unique identifier of the containing object + +

    No mechanism is proposed to ensure that id values do not collide across different catalogs. Use profiling without merge to detect such clashes.

    -     + - Some citation of some sort + Some citation of some sort -     - - - Role identifier - References a role element defined in metadata. - - Identifies a party responsible for creating the content. - Identifies a party responsible for maintainer the content on an ongoing basis. - - - - - - Title - A title for display and navigation, exclusive of more specific properties - -

    A title for the containing object as it should appear in a formatted document.

    -     -     - - - - - Base64 - - - - - File Name - Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. - - - - - Citation - A citation to resources, either external or internal (by means of internal cross-reference). - -

    The structure of a citation is not intended to be a full biblographic representation of a cited resource. Instead, it is expected that matching to a source of bibliograpical information (e.g., database) will be handled by use of a doc-id. Use of a canonical identifier such as a DOI is recommended for any citation.

    -

    Within this element, a generic title can cite a title. If citation information takes the form of a bibliographic entry, then desc can be used to provide a bibliographic entry.

    -     - - - - - - - -     - - - Citation target - An address for retrieval of a citation - -

    Semantically equivalent to an href (flag), this is represented as a field in order to permit citations to carry an extra target (for cross-check or fallback) and to permit further qualification (with flags of its own) in future.

    -

    This value is expected to be a URI, and may be an internal link to + + + Role identifier + References a role element defined in metadata. + + Identifies a party responsible for creating the content. + Identifies a party responsible for maintainer the content on an ongoing basis. + + + + + Title + A title for display and navigation + +

    A title for the containing object as it should appear in a formatted document.

    +     +     + + Base64 + + + + + + File Name + Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. + + + Citation + A citation to resources, either external or internal (by means of internal cross-reference). + + + + + + + + + + + + + +

    The structure of a citation is not intended to be a full biblographic representation of a cited resource. Instead, it is expected that matching to a source of bibliograpical information will be handled by use of a doc-id. Use of a canonical identifier such as a DOI is recommended for any citation.

    +

    Within this element, a generic title can cite a title. If citation information takes the form of a bibliographic entry, then desc can be used to provide it.

    +     +     + + Citation target + An address for retrieval of a citation + +

    Semantically equivalent to an href (flag), this is represented as a field in order to permit citations to carry an extra target (for cross-check or fallback) and to permit further qualification (with flags of its own) in future.

    +

    This value is expected to be a URI, and may be an internal link to another object such as a resource documented in back matter.

    -

    When a citation is given as a full (but unparsed) bibliographic citation, use desc instead +

    When a citation is given as a full (but unparsed) bibliographic citation, use desc instead of title inside this object.

    -     -     - + + + + Note + Permits multiple paragraphs, lists, tables etc. +     diff --git a/src/metaschema/oscal_profile_metaschema.xml b/src/metaschema/oscal_profile_metaschema.xml index c7985ed62e..f2b7205ac3 100644 --- a/src/metaschema/oscal_profile_metaschema.xml +++ b/src/metaschema/oscal_profile_metaschema.xml @@ -3,24 +3,34 @@ + xmlns="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:o="http://csrc.nist.gov/ns/oscal/1.0" + xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/metaschema/1.0 ../../build/metaschema/lib/metaschema.xsd" + root="profile"> OSCAL Profile Metaschema - 1.0-milestone1 + 1.0.0-milestone2 oscal-profile http://csrc.nist.gov/ns/oscal/1.0 -

    A profile designates a selection and configuration of controls and subcontrols from one or more catalogs, along with a series of operations over the controls and subcontrols. The topmost element in the OSCAL profile XML schema is profile.

    +

    A profile designates a selection and configuration of controls and subcontrols from one or more catalogs, along with a series of operations over the controls and subcontrols. The topmost element in the OSCAL profile XML schema is profile.

     - - - - + Profile Each OSCAL profile is defined by a Profile element + + + + + + + + + + + +

    An OSCAL document that describes a selection with possible modification of multiple controls from multiple catalogs. It provides mechanisms by which controls may be selected @@ -30,20 +40,20 @@ subcontrols as given in and by a catalog. They may also serve as sources for further modification in and by other profiles, that import them.

     - - - - - - -     - - - + Import resource An Import element designates a catalog, profile, or other resource to be included (referenced and potentially modified) by this profile. + + + + + + + + +

    An import indicates a source whose controls are to be included (referenced and modified) in a profile. This source will either be a catalog whose controls are given @@ -56,10 +66,6 @@ an include/all is assumed (that is, all controls will be included by default).

     - - - - @@ -68,11 +74,19 @@     - Merge controls A Merge element merges controls in resolution. + + + + + + + + +

    The contents of the merge element may be used to reorder or restructure controls by indicating an order and/or structure in resolution.

    @@ -80,83 +94,102 @@ profile, but not included (implicitly or explicitly) in the scope of a merge element, will not be merged into (will be dropped) in the resulting resolution.

     - - - - - - -     - - + Combination rule A Combine element defines whether and how to combine multiple (competing) versions of the same control + -

    Whenever combining controls from multiple (import) pathways, an issue arises of what to do with +

    Whenever combining controls from multiple (import) pathways, an issue arises of what to do with clashing invocations (multiple competing versions of a control or a subcontrol).

    -

    This setting permits a profile designer to apply a rule for the resolution of such cases. +

    This setting permits a profile designer to apply a rule for the resolution of such cases. In a well-designed profile, such collisions would ordinarily be avoided, but this setting can be useful for defining what to do when it occurs.

         - + As is An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes. - + Combination method How clashing controls and subcontrols should be handled - - - Use the first definition. - Merge - keep - + + Use the first definition - the first control with a given ID is used; subsequent ones are discarded + Merge - controls with the same ID are combined + Keep - controls with the same ID are kept, retaining the clash + - + Custom grouping A Custom element frames a structure for embedding represented controls in resolution. - -

    The custom element represents a custom arrangement or organization of controls in - the resolution of a catalog.

    -

    While the as-is element provides for a restitution of a control set's organization - (in one or more source catalogs), this element permits the definition of an entirely different structure.

    -     - - - + + + + + + + + + + +

    The custom element represents a custom arrangement or organization of controls in + the resolution of a catalog.

    +

    While the as-is element provides for a restitution of a control set's organization + (in one or more source catalogs), this element permits the definition of an entirely different structure.

    +     - + Control group As in catalogs, a group of (selected) controls or of groups of controls - - - + + + + + + + + + - + Modify controls Set parameters or amend controls in resolution - - + + + + + + - + Include controls Specifies which controls and subcontrols to include from the resource (source catalog) being imported + + + + + + + + + + +

    To be schema-valid, this element must contain either (but not both) a single all element, or a sequence of call elements.

    @@ -164,24 +197,16 @@ (qv); i.e., all controls are included by default, unless the include instruction calls controls specifically.

     - - - - - - -     - - - + Include all Include all controls from the imported resource (catalog) +

    This element provides an alternative to calling controls and subcontrols individually from a catalog. But this is also the default behavior when no include @@ -189,24 +214,6 @@ unless it is for purposes of including its @with-subcontrols='yes'

    - - - -     - - - - - - - - + Call (control or subcontrol) Call a control or subcontrol by its ID + + + +

    Inside include, If @control-id is used (to indicate the control being referenced), @subcontrol-id cannot be used, and vice versa. (A single @@ -247,59 +251,77 @@ controls or subcontrols may be included. nb this means it is possible to include subcontrols w/o their controls, for later combination w/ other includes --> - - - - - + Match controls and subcontrols by identifier Select controls by (regular expression) match on ID + + + + - + Exclude controls Which controls and subcontrols to exclude from the resource (source catalog) being imported + + + + + + + + + +

    Within exclude, all is not an option since it makes no sense. However, it also makes no sense to use exclude/call except with include/all; you would not want to include and exclude something by ID simultaneously. If this happens, an error condition will be reported.

     - - - - - -     - - - - - + Parameter Setting A parameter setting, to be propagated to points of insertion - - - - - + + + Parameter ID + Indicates the value of the 'id' flag on a target parameter; i.e. which parameter to set + + + + + + + + + + + - - + + - - + + + + + + - - - - - - + Alteration An Alter element specifies changes to be made to an included control or subcontrol when a profile is resolved. + + + + + + + + + +

    Use @control-id or @subcontrol-id to indicate the scope of alteration.

    It is an error for two alter elements to apply to the same control or subcontrol. @@ -308,18 +330,13 @@ remove properties or add global properties); extending this element to match multiple control IDs could provide for this.

     - - - -     - - - - - + Removal Specifies elements to be removed from a control or subcontrol, in resolution + + +

    Use @class-ref, @id-ref or @item-name to indicate class tokens or ID reference, or the formal name, of the component to be removed or erased @@ -330,83 +347,83 @@ add to add it back again with changes.

         - - + Addition Specifies contents to be added into controls or subcontrols, in resolution + - - - - - + + + + + + + + + + + + + - + Control ID Value of the 'id' flag on a target control - + Include control with subcontrol Whether a control should be implicitly included, if not called. - - Include the parent control when a subcontrol is imported. - Exclude the parent control when a subcontrol is imported. - + + Include the parent control when a subcontrol is imported. + Exclude the parent control when a subcontrol is imported. + - + Include subcontrols with control Whether subcontrols should be implicitly included, if not called. - - Include all subcontrols for a control during the import. - Exclude all subcontrols for a control during the import. - + + Include all subcontrols for a control during the import. + Exclude all subcontrols for a control during the import. + - - + Control ID Value of the 'id' flag on a target subcontrol - - Parameter ID - Value of the 'id' flag on a target parameter - - + Pattern A regular expression matching the IDs of one or more controls or subcontrols to be selected - + Order A designation of how a selection of controls in a profile is to be ordered. - - - - - - + + + + + - + Position Where to add the new content with respect to the targeted element (beside it or inside it) - - - - - - + + + + + - + References by class Items to remove, by class - + References by ID Items to remove, indicated by their IDs - + References by name Items to remove, by item type (name), e.g. title or prop - -     \ No newline at end of file + diff --git a/src/metaschema/oscal_ssp_metaschema.xml b/src/metaschema/oscal_ssp_metaschema.xml index c3459a0301..8cbf93e63e 100644 --- a/src/metaschema/oscal_ssp_metaschema.xml +++ b/src/metaschema/oscal_ssp_metaschema.xml @@ -1,1366 +1,1304 @@ - - - - - - - - - - OSCAL System Security Plan (SSP) Format - 1.0-milestone1 - oscal-ssp - urn:OSCAL-SSP-metaschema - - -

    The OSCAL Control SSP format can be used to describe the information typically specified - in a FedRAMP system security plan. The root of the Control Catalog format is - system_security_plan.

    -

    An XML Schema is provided for the OSCAL SSP XML model.

    -     - - - - - - - - - - - System Security Plan (SSP) - - - - - - - - - - - - - - - - - - - System Characteristics - Contains the characteristics of the system, such as its name, purpose, and - security impact level. - - - - - - - - - - - - - - - - - - - - - - - - - - - - System Identification - - - - - System Name (Full) - - - - - System Name (Short) - - - - - - Description - A free-text description of the system. - - - - - - - - - - - - System Information - Contains details about all types of information stored, processed, or - transmitted by the system, such as privacy information, and NIST 800-60 information - types. - - - - - - - - - System Information Designations - Used to enumerate all special information type designations that may be required by a specific organization or compliance regiem, such as privacy impact information (PII), or payment card information (PCI). - - - - - - true - false - false - false - - - - - - - System Information Designation - Used when a specific organization or compliance regiem requires certain information types to be explicitly cited, such as privacy impact information (PII), or payment card information (PCI). - - - - - - - - A Privacy Sensitive System - false - - - - - - Declaration - Identifies whether a specific designation applies to this system. - - - A Privacy Sensitive System - false - - - - - - Information Designation Qualifiers - A list of questions about the system that contribute to the establishment of a designation, such as the FedRAMP privacy threshold analysis questions. - - - - - - - Does the ISA collect, maintain, or share PII in any identifiable form? - no - - - - - - - - Individual Information Designation Qualifier - An individual questions about the system that contributes to the establishment of a designation, such as a FedRAMP privacy threshold analysis question. - - - - - - - - - Is there a Privacy Act System of Records Notice (SORN) for this ISA system? - yes - [SORN ID#] - - - - - - - Qualifier Question - A question that must be answered about this system. - - - - Is there a Privacy Act System of Records Notice (SORN) for this ISA system? - yes - [SORN ID#] - - - - - - - Qualifier Question Response - The response to the question. - - - - Is there a Privacy Act System of Records Notice (SORN) for this ISA system? - yes - [SORN ID#] - - - - - - - Qualifier Question Response Notes - Additional information about the response to the question. - - - - Is there a Privacy Act System of Records Notice (SORN) for this ISA system? - yes - [SORN ID#] - - - - - - - - - Information Type - Contains details about one type of information stored, processed, or - transmitted by the system, such as privacy information, and NIST 800-60 information - types. - - - - - - - - - - - Confidentiality Impact Level - - - - - - - - - - - Integrity Impact Level - - - - - - - - - - - Availability Impact Level - - - - - - - - - - - Base Level (Confidentiality, Integrity, or Availability) - The prescribed base (Confidentiality, Integrity, or Availability) security - impact level. - - - - Selected Level (Confidentiality, Integrity, or Availability) - The selected (Confidentiality, Integrity, or Availability) security impact - level. - - - - Adjustment Justification - If the selected security level is different from the base security level, this - contains the justificaiton for the change. - - - - Security Impact Level - - - - - - - - - - - Security Objective (Confidentiality) - - - - - Security Objective (Integrity) - - - - - Security Objective (Availability) - - - - - Security Electronic Authetication Level - - - - - - - - - - - - Security Authentication (Identity Assurance Level) - - - - - Security Authentication (Authenticator Assurance Level) - - - - - Security Authentication (Federation Assurance Level) - - - - - Security eAuthentication Level - - - - - Status - - - - - Status Description (if Other) - - - - - Deployment Model - - - - - Deployment Model Description (if Other) - - - - - Service Model - - - - - Service Model Description Other - - - - - Leveraged Authorizations - All leveraged authorizations for this system. - - - - - - - - - - Leveraged Authorization - The details for a single leveraged authorization - - - - - - - - - - - Leveraged system Name - Name of the leveraged system. - - - - Leveraged System Service Provider Name - Name of the service provider that manages the leveraged system. - - - - Leveraged System Authorization Date - The date the leveraged system received its authorization. - -

    Value needs to be validated as a date field.

    -     -     - - - Authorization Boundary - - - - - - - - - - - - Boundary Diagram - - -

    The @attachment-id flag references the attachment ID of the boundary diagram.

    -     - - - - -     - - - - Boundary Description - - - - - - - - Network Architecture Diagrams - - - - - - - - - - - - Network Diagram - - -

    The @attachment-id flag references the attachment ID of the nextwork diagram.

    -     - - - - -     - - - Network Description - - - - - - - - Data Flow - - - - - - - - - - - Data Flow Diagram - - -

    The @attachment-id flag references the attachment ID of the data flow diagram.

    -     - - - - -     - - - Data Flow Description - - - - - - - - - Users - Provides all user roles. - - - - - - - - - - - - - - - - Role - Defining a role to be assigned to a party or agent - -

    Permissible values to be determined closer to the application (e.g. by a receiving - authority).

    -     - - - - - - - - -     - - - Privilege - Identifies the type/level of system privilege for the role. - For FedRAMP, the only valid values are "p" (Privileged), "np" (Non-Privileged), or "nla" (No Logical Access). - - - - Responsibility - Identifies the functions performed by the user role. - - - - Statistics - Provides a collection of statistics about users of the system. - - - - - - - - - - - - Total Current Internal Users - - -

    To be validated as a natural number (integer >= 1)

    -     -     - - - Total Future Internal Users - - -

    To be validated as a natural number (integer >= 1)

    -     -     - - - Total Current External Users - - -

    To be validated as a natural number (integer >= 1)

    -     -     - - - Total Future External Users - - -

    To be validated as a natural number (integer >= 1)

    -     -     - - - - - System Implementation - Provides information as to how the system is implemented. - - - - - - - - - - - - Ports, Protocols, and Services - A collection of the ports, protocols, and services used within the - system. - - - - - - - - - - Service - A collection of information about an individual service within the - system. - - - - - - - - - - - Protocol - Information about the protocol used to provide a service. - - - - - - - - - - - Port Range - - -

    To be validated as a natural number (integer >= 1)

    -     -     - - - Purpose - Describes the purpose for the service within the system. - - - - Used By - Identifies the types of system component that uses the service. One entry per - - - - - - Interconnection status - Are their system interconnections? (Yes/No) - -

    If the answer is "yes", there must be at least one interconnection element.

    -     -     - - - - Interconnection - Details on an individual system interconnection. - -

    If there is at least one interconnecton element, the system-interconnections element - should be "yes".

    -     - - - - - - - - -     - - - External System Name - - - - - External System Organization - - - - - ISA Authorization - Name of the individual who authorized the Interconnection Security Agreement - (ISA). - - - - ISA Name - Title of the Interconnection Security Agreement (ISA). - - - - ISA Date - Date of the Interconnection Security Agreement (ISA). - - - - - - Component - . - -

    Components may be products, services, APIs, policies, processes, plans, guidance, - standards, or other tangible items that enable security.

    -

    The @type attribute indicates which of these component types is represented.

    -

    A group of components may be aggregated into a "capability", such as an account - management capability that consists of an account management process, and an active - directory product.

    -

    Capabilities are expressed using the same component structure, with the @type - attribute indicating "capability", and the child-element "sub-component".

    -     - - - - - - - - - -     - - - - Origin - . - -

    For products, services, and APIs, this is vendor information, model, version number - and other product-related information, such as support details.

    -

    For policies, processes, plans, standards, and guidance, this is the authoring - organization, document details (title, publication date, version), and related - details.

    -

    For capabilities, this is the organization that defines and maintains the - capability.

    -     - - - - - - - - - -     - - - Component identification number. - . - - - - - - Vendor - . - - - - - Release Date - . - -

    To be validated as a natural number (integer >= 1)

    -     -     - - - Model - . - - - - - - Part - . - -

    ???

    -     - - - - -     - - - - Characteristics - Component characteristics, assets and configuration information - -

    When context="specification", this describes all security relevant settings in the - component.

    -

    When context="standard", this describes how to configure the component to meet a - specific goal, such as compliance with FISMA Moderate, PCI, or GPRD.

    -

    When context="actual", or when no type is listed, this describes the actual - configuration of the component within a specific system.

    -     - - - - - - -     - - - - Internet Protocol Address - Use the @type flag to deisgnate IPv4 or IPv6. - - - - - - Satisfaction - Describes how the indicated control is satisfied by this - component - -

    When context="specification", this describes how the control could be satisfied by - the component.

    -

    When context="standard", this describes how the security control would be satisfied - if the component was configured in accordance with the associted characteristics - provisioning information.

    -

    When context="actual", or when no type is listed, this describes how the control is - satisfied based on the component's actual deployment within a given system.

    -     - - - -     - - - System Inventory - . - - - - - - - - - - - - Inventory Item - . - - - - - - - - - - - - - - - - - Network Name - If available, state the DNS name or URL of the inventory item. This can be left + + + + + + + OSCAL System Security Plan (SSP) Format + 1.0.0-milestone2 + oscal-ssp + http://csrc.nist.gov/ns/oscal/1.0 + +

    The OSCAL Control SSP format can be used to describe the information typically specified + in a system security plan, such as those defined in SP 800-18 or used by FedRAMP.

    +

    The root of the OSCAL System Security Plan (SSP) format is system-security-plan.

    +

    NOTE: This documentation is a work in progress. As a result, documentation for many of the information elements is missing or incomplete.

    +     + + + + + + + System Security Plan (SSP) + TBD + + + + + + + + + + + + + + + + + + + + Import profile + Used to import the OSCAL profile representing the system's control baseline. + + + + + + + + + System Characteristics + Contains the characteristics of the system, such as its name, purpose, and + security impact level. + + + + + + A free-text description of the system. + + + + + + + + + + + + + + + + + + All leveraged authorizations for this system. + + + + + + + + + + + + + + + + System Identification + TBD + + + + + System Name (Full) + TBD + + + System Name (Short) + TBD + + + + + Security Sensitivity Level + TBD + + + + Impact level + TBD + + A 'low' sensitivity level such as what is defined in FIPS-199. + A 'moderate' sensitivity level such as what is defined in FIPS-199. + A 'high' sensitivity level such as what is defined in FIPS-199. + + + + + System Information + Contains details about all types of information stored, processed, or + transmitted by the system, such as privacy information, and NIST 800-60 information + types. + + + + + + + Used to enumerate all special information type designations that may be required by a specific organization or compliance regiem, such as privacy impact information (PII), or payment card information (PCI). + + + + + + + + System Information Designation + Used when a specific organization or compliance regiem requires certain information types to be explicitly cited, such as privacy impact information (PII), or payment card information (PCI). + + + + + + + + + + + + true + + + false + + + false + + + false + + + + + A Privacy Sensitive System + false + + + + + Declaration + Identifies whether a specific designation applies to this system. + + + A Privacy Sensitive System + false + + + + + Information Designation Qualifiers + A list of questions about the system that contribute to the establishment of a designation, such as the FedRAMP privacy threshold analysis questions. + + + + + + + + + Does the ISA collect, maintain, or share PII in any identifiable form? + no + + + + + + Individual Information Designation Qualifier + An individual questions about the system that contributes to the establishment of a designation, such as a FedRAMP privacy threshold analysis question. + + + + + + + + + + Is there a Privacy Act System of Records Notice (SORN) for this ISA system? + yes + [SORN ID#] + + + + + + Qualifier Question + A question that must be answered about this system. + + + + Is there a Privacy Act System of Records Notice (SORN) for this ISA system? + yes + [SORN ID#] + + + + + + + Qualifier Question Response + The response to the question. + + The answer is afirmative. + The answer is negative. + + + + + Is there a Privacy Act System of Records Notice (SORN) for this ISA system? + yes + [SORN ID#] + + + + + + Qualifier Question Response Notes + Additional information about the response to the question. + + + + Is there a Privacy Act System of Records Notice (SORN) for this ISA system? + yes + [SORN ID#] + + + + + + Information Type + Contains details about one type of information stored, processed, or + transmitted by the system, such as privacy information, and NIST 800-60 information + types. + + + + + + + + + + + + + + + + + Confidentiality Impact Level + TBD + + + + + + + + + Integrity Impact Level + TBD + + + + + + + + + Availability Impact Level + TBD + + + + + + + + + Base Level (Confidentiality, Integrity, or Availability) + The prescribed base (Confidentiality, Integrity, or Availability) security + impact level. + + + + Selected Level (Confidentiality, Integrity, or Availability) + The selected (Confidentiality, Integrity, or Availability) security impact + level. + + + Adjustment Justification + If the selected security level is different from the base security level, this + contains the justificaiton for the change. + + + Security Impact Level + TBD + + + + + + + + + Security Objective (Confidentiality) + TBD + + + + Security Objective (Integrity) + TBD + + + + Security Objective (Availability) + TBD + + + + Security Electronic Authentication Level + TBD + + + + + + + + + + Security Authentication (Identity Assurance Level) + TBD + + + Security Authentication (Authenticator Assurance Level) + TBD + + + Security Authentication (Federation Assurance Level) + TBD + + + Security eAuthentication Level + TBD + + + Status + TBD + + + State + TBD + + + The system is currently operating and is in production. + The system is being designed, developed, or implemented + The system is undergoing a major change, development, or transition. + The system is no longer operational. + Some other state. + + + + + + +

    If 'other' is selected, a remark must be included to describe the current state.

    +     +     + + Deployment Model + TBD + + + TBD + + + + + + + + Some other deployment model. + + + + + + +

    If 'other' is selected, a remark must be included to describe the type of deployment.

    +     +     + + Service Model + TBD + + + TBD + + + + + + +

    If 'other' is selected, a remark must be included to describe the type of deployment.

    +     +     + + + Leveraged Authorization + The details for a single leveraged authorization + + + + + + + + + + + Leveraged system Name + Name of the leveraged system. + + + Leveraged System Service Provider Name + Name of the service provider that manages the leveraged system. + + + + Leveraged System Authorization Date + The date the leveraged system received its authorization. + + + + Authorization Boundary + TBD + + + + + + + + + + + + Diagram + TBD + + + Diagram ID + An identifier for this diagram. + + + + + A description of the diagram (e.g., alternate text). this can be used to support compliance with requirements from Section 508 of the United States Workforce Rehabilitation Act of 1973. + + + +

    The href references a remote URI or an internal reference within this document containing the diagram.

    +     + + + A boudnary diagram - bad example text. + + +     + + Network Architecture Diagrams + TBD + + + + + + + + + + + + Data Flow + TBD + + + + + + + + + + + + Role + Defining a role to be assigned to a party or agent + + + System Role ID + TBD + + + + + + + + + + + + + + + + + + + + + +

    Permissible values to be determined closer to the application (e.g. by a receiving + authority).

    +     +     + + Privilege + Identifies the type/level of system privilege for the role. + For FedRAMP, the only valid values are "p" (Privileged), "np" (Non-Privileged), or "nla" (No Logical Access). + + + Responsibility + Identifies the functions performed by the user role. + + + Statistics + Provides a collection of statistics about users of the system. + + + + + + + + + + Total Current Internal Users + TBD + +

    To be validated as a natural number (integer >= 1)

    +     +     + + Total Future Internal Users + TBD + +

    To be validated as a natural number (integer >= 1)

    +     +     + + Total Current External Users + TBD + +

    To be validated as a natural number (integer >= 1)

    +     +     + + Total Future External Users + TBD + +

    To be validated as a natural number (integer >= 1)

    +     +     + + + + System Implementation + Provides information as to how the system is implemented. + + + + + + + + + A collection of the ports, protocols, and services used within the + system. + + + + + + + + + + + Component + A defined component that can be part of an implemented system. + + + Component Identifier + A unique identifier for a component. + + + Component Name + The component's human-readable name. + + + + + + + + + The version of the component. + The model of the component. + The date the component was released. + + + + + + + + A reference to another component that this component has a dependency on. + A reference to another component of type=validation, that is a validation (e.g., FIPS 140-2) for this component + A pointer to a validation record (e.g., FIPS 140-2) or other authorization. + + + + + + + + + + + + + +

    Components may be products, services, APIs, policies, processes, plans, guidance, + standards, or other tangible items that enable security and/or privacy.

    +

    The type indicates which of these component types is represented.

    +

    A group of components may be aggregated into a capability. For example, am account management capability that consists of an account management process, and a Lightweight Directory Access Protocol (LDAP) software implementation.

    +

    Capabilities are expressed by combining one or more components.

    +     +     + + + Capability + A grouping of other components and/or capabilities. + + + Capability Identifier + A unique identifier for a capability. + + + Capability Name + The capability's human-readable name. + + + + + + + + + + + + + + + + + + + + + + Service + Information about an individual service within the + system. + + + + + + + + + + + + + + + Protocol + Information about the protocol used to provide a service. + + + + + + + + + + Port Range + TBD + + + + +

    To be validated as a natural number (integer >= 1)

    +     +     + + Purpose + Describes the purpose for the service within the system. + + + Used By + Identifies a type of uses for the service. A component can be optionally identified. + + + + + + + + + Interconnection + Details on an individual system interconnection. + + + + + + + + + + + +

    If there is at least one interconnecton element, the system-interconnections element + should be "yes".

    +     + +     + + External System Name + TBD + + + External System Organization + TBD + + + ISA Authorization + Name of the individual who authorized the Interconnection Security Agreement + (ISA). + + + ISA Name + Title of the Interconnection Security Agreement (ISA). + + + ISA Date + Date of the Interconnection Security Agreement (ISA). + + + Vendor + TBD + + + + + + Internet Protocol Address + Use the @type flag to deisgnate IPv4 or IPv6. + + + + System Inventory + TBD + + + + + + + + + Inventory Item + TBD + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Network Name + If available, state the DNS name or URL of the inventory item. This can be left blank if one does not exist, or it is a dynamic field. - - - - Host Item - - -

    Required for physical or virtual machines, network components, and similar + + + Host Item + TBD + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

    Required for physical or virtual machines, network components, and similar objects.

    -     - - - - - - - - - - - - - - - -     - - - NetBIOS Name - If available, state the NetBIOS name of the inventory item. This can be omitted + + + + + NetBIOS Name + If available, state the NetBIOS name of the inventory item. This can be omitted if one does not exist, or it is a dynamic field. - - - - Media Access Control (MAC) Address - If available, state the MAC Address of the inventory item. This can be left + + + Media Access Control (MAC) Address + If available, state the MAC Address of the inventory item. This can be left blank if one does not exist, or it is a dynamic field. - - - - Operating System Name - . - -

    If the @component-id flag is provided in the inventory-item element, this can be + + + Operating System Name + TBD + +

    If the @component-id flag is provided in the inventory-item element, this can be derived from the component information.

    -     -     - - - Operating System Version Number - . - -

    If the @component-id flag is provided in the inventory-item element, this can be + + + + Operating System Version Number + TBD + +

    If the @component-id flag is provided in the inventory-item element, this can be derived from the component information.

    -     -     - - - Location of the Asset - Physical location of hardware. Could include Data Center ID, Cage#, Rack# or + + + + Location of the Asset + Physical location of hardware. Could include Data Center ID, Cage#, Rack# or other meaningful location identifiers. - - - - Asset Type - Simple description of the asset's function (e.g., Router, Storage Array, DNS + + + Asset Type + Simple description of the asset's function (e.g., Router, Storage Array, DNS Server, etc.) Do not use vendor or product names here. - - - - Hardware Model - Model number of the hardware. - -

    If the @component-id flag is provided in the inventory-item element, this can be + + + Hardware Model + Model number of the hardware. + +

    If the @component-id flag is provided in the inventory-item element, this can be derived from the component information.

    -     -     - - - Authenticated Scan - Indicate whether this asset is planned for authenticated + + + + Authenticated Scan + Indicate whether this asset is planned for authenticated scanning. - - - - Software Item - - -

    Required for software that runs on a host-item, such as a web server or database application.

    -     - - - - - - - - -     - - - Software Product Name - . - -

    If the @component-id flag is provided in the inventory-item element, this can be + + + Software Item + TBD + + + + + + + + + + + + + + + + + + + +

    Required for software that runs on a host-item, such as a web server or database application.

    +     + + + + Software Product Name + TBD + +

    If the @component-id flag is provided in the inventory-item element, this can be derived from the component information.

    -     -     - - - Software Version Number - . - -

    If the @component-id flag is provided in the inventory-item element, this can be + + + + Software Version Number + TBD + +

    If the @component-id flag is provided in the inventory-item element, this can be derived from the component information.

    -     -     - - - Software Patch Level (If applicable) - . - -

    If the @component-id flag is provided in the inventory-item element, this can be + + + + Software Patch Level (If applicable) + TBD + +

    If the @component-id flag is provided in the inventory-item element, this can be derived from the component information.

    -     -     - - - Function - . - -

    If the @component-id flag is provided in the inventory-item element, this can be + + + + Function + TBD + +

    If the @component-id flag is provided in the inventory-item element, this can be derived from the component information.

    -     -     - - - Comments - Any additional information that could be useful to an auditor or + + + + Comments + Any additional information that could be useful to an auditor or reviewer. - - - - Serial Number - Product serial number or internal asset tag number. - - - - Network ID - Virtual LAN or Network ID. - - - - - Asset Owner - The individual, title, or role who "owns" the asset on behalf of the + + + Serial Number + Product serial number or internal asset tag number. + + + Network ID + Virtual LAN or Network ID. + + + Asset Owner + The individual, title, or role who "owns" the asset on behalf of the organization. - - - - - Asset Administrator - The individual, title, role, or team responsible for operating and maintaining + + + + Asset Administrator + The individual, title, role, or team responsible for operating and maintaining the asset. - - - - Implementation of Security Control - - - - - - - - - - - - Control Implementation - Information related to the implementation of an individual - control. - - - - - - - - - - - - Responsible Role - - - - - - - Set Parameter Value - Identifies the parameter that will be filled in by the enclosed value + +     + + + + Control Implementation + Defines how the system (as a whole) supports a set of controls. + + + + + + + + + + + + + + + + Component Control Implementation + Defines how the referenced component implements a set of controls. + + + + + + + + + + + capability Control Implementation + Defines how the referenced capability implements a set of controls. + + + + + + + + + + + Meets + Defines what sets of controls are supported by the system (as a whole). + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Responsible Role + TBD + + + + Set Parameter Value + Identifies the parameter that will be filled in by the enclosed value element. - - - - - - - - - Value - The phrase or string that fills-in the parameter and completes the requirement + + + + + + + + Value + The phrase or string that fills-in the parameter and completes the requirement statement. - - - - - Control Response - Describes how a control is implemented. - - - - - -

    Response to AC-2 part g.

    -     -     - -     - - - - References - A group of reference descriptions - - - - - - - - - - - Reference - A reference, with one or more citations to standards, related documents, or - other resources - - - - - - - - - - - Citation - Citation of a resource - -

    Semantics of any contents within citation are implicit, not encoded. To mitigate - problems establishin matches with bibliograpical databases, it is recommended a - canonical identifier such as a DOI be provided for any citation.

    -     -     - - - - - Link - A line or paragraph with a hypertext link - -

    Works like an HTML anchor (a) except this is a line-oriented (block) - element.

    -     -     - - - - Attachments - . - - - - - - - - - - - - - Attachment Format - - - - - Date - - - - - Date - - - - - - Date - - - - - - - - - - Attachment ID / identifier - Unique attachment identifier. - -

    No mechanism is proposed to ensure that attachment-id values do not - collide across different catalogs. Use profiling without merge to detect such - clashes.

    -     - - - -     - - - Component ID / identifier - ID of a linked or imported component - -

    In the context of an import statement, this identifies the id of a component to + + + + + + NIST 800-60 Information Type Identifier + Pointer to the information type in NIST SP 800-60. + + + + Parameter ID + Points to a parameter within a control, to which the contained value will be assigned. - - - - System ISSO - - - - - - Reference Type - Identifies the reference type, such as a law, standard, guidance. - - - - Target label - Provides for an indication of a link target, by its label, when no ID is available - - - - File Name - Name of the file before it was converted to Base-64. This is the name that will be assigned to the file when converted back to binary. - - - - Role ID - In the context of a responsibility element, this points to a role in the users element responsible for this control - - - - - - - - - - - - - - - Class - Identifies the property or object within the control; a semantic hint - -

    Overloading this attribute with more than one value is permitted, but not recommended.

    -     -     - - - Context - Context designates the context of information provided. - -

    The @context flag indicates the component's "characteristics" and "satisfaction" + + + + Start + Indicates the starting port number in a port range. + +

    Should be a number within a permitted range

    +     + + + + + + + +     + + End + Indicates the ending port number in a port range. + +

    Should be a number within a permitted range

    +     + + + + + + + +     + + Transport + Indicates the transport type. + + + + + + + + + + Public + Designates an asset as either publicly accessible (="yes") or not (="no"). - - - - - - Virtual - Designates an asset as either virtual (="yes") or physical + + + + Virtual + Designates an asset as either virtual (="yes") or physical (="no"). - - - - - - external - . - - - access - . - - - sensitivity-level - . - - - - validation - . - - - - - - provisioning - . - - - - - - sub-component - . - - - organization - . - - - baseline-template - . - - - scanned - . - - - - + baseline-template + TBD + + + scanned + TBD + + + - - - - - - - - - - + + + -     +--> +     diff --git a/src/metaschema/readme.md b/src/metaschema/readme.md index a16c577173..62578bcad5 100644 --- a/src/metaschema/readme.md +++ b/src/metaschema/readme.md @@ -20,8 +20,12 @@ An OSCAL Metaschema defines the *information model* of a given OSCAL model. A Me - [Fields](#fields) - [Assemblies](#assemblies) - [Flags](#flags) + - [Data types](#datatypes) + - [Enumerating flag values](#enumerated-values) - [Metaschema modeling](#metaschema-modeling) - - [Use of @address](#use-of--address) + - JSON ENHANCEMENT FEATURES + - [Designating a JSON key](#use-of-key) + - [Designating a JSON value key](#use-of-valuekey) # OSCAL Metaschema Usage @@ -46,14 +50,17 @@ The following is the Mermaid notation for the chart above: ``` graph TB - ms -- extract documentation --> xmldocsh[XML docs / HTML] - xmldocsh -- generic HTML to md --> xmldocmd[XML docs / md] - ms((Metaschema)) -- translate --> sch(XML Schema) - ms -- xdm::object map --> xj{xml to json XSLT} - ms -- object::xdm map --> jx{json to xml XSLT} - ms -- translate --> jsch(JSON Schema) - ms -- extract documentation --> jsondocsh[JSON docs / HTML] - jsondocsh -- generic HTML to md --> jsondocmd[JSON-flavored docs / md] + ms1[module] -- include --> ms + ms2[module] -- include --> ms + xmp1[example] -- cite --> ms + xmp2[example] -- cite --> ms + ms[main Metaschema] -- compile metaschema --> cms + cms -- extract documentation --> xmldocsh[XML docs / HTML] + cms((Compiled metaschema)) -- translate --> sch(XML Schema) + cms -- xdm::object map --> xj{xml to json XSLT} + cms -- object::xdm map --> jx{json to xml XSLT} + cms -- translate --> jsch(JSON Schema) + cms -- extract documentation --> jsondocsh[JSON docs / HTML] classDef metasch fill:skyblue,stroke:blue,stroke-width:12px,stroke-opacity:0.2 classDef xml fill:gold,stroke:#333,stroke-width:2px; @@ -61,7 +68,7 @@ classDef json fill:pink,stroke:#333,stroke-width:2px classDef html fill:lightgreen,stroke-width:2px classDef md fill:lightgreen,stroke-width:4px,stroke-dasharray:2,2 -class ms metasch +class cms,ms,ms1,ms2,xmp1,xmp2 metasch class sch,xj xml class jsch,jx json class xmldocsh,jsondocsh html @@ -85,15 +92,15 @@ Nonetheless and with this in mind, understanding the mechanism by which the Meta Terminology note: "metaschema" is a common noun and there are many metaschema technologies (indeed almost any mature XML tag set has one), with different purposes, feature sets and capabilities. "Metaschema" (capitalized) is our peculiar homegrown metaschema technology and application. -## The Overall Approach +## The Approach A reduced, lightweight modeling language with certain specially-enforced constraints can be sketched such that multiple schemas constraining disparate formats, such as XML and JSON, can be produced from a single metaschema instance (a document written in Metaschema) deterministically, and thus designed and coordinated in parallel. We begin by producing functioning schemas to describe OSCAL data in XML Schema Definition Language (XSD) 1.1 on the XML side and JSON Schema draft7 on the JSON side. As we do this, the constraints imposed by using the Metaschema modeling syntax enable us to do two things implicitly (that is, without any further effort or additional cost or planning): -- Limit ourselves to schema constructs that map cleanly into features offered by both (target) schema technoologies, thus ensuring that all information can be preserved in (lossless bidirectional) conversion. +- Limit ourselves to schema constructs that map cleanly into features offered by both (target) schema technologies, thus ensuring that all information can be preserved in (lossless bidirectional) conversion. -- Mediate between the "structural imbalances" in the data formats by providing the extra information we need to introduce improvements to model and syntax on both sides. By "model and syntax" we mean everything bearing on both the information sets to be represented, and their (canonical or recognized) representations, including object structures, notations and data type bindings. Beyond the applicable metaschema, no further inputs and no reliance on arbitrary conventions or runtime settings should be necessary to produce, reliably, correspondent JSON from any (metaschema-described, schema-valid) XML, and vice-versa. +- Mediate between the structural imbalances in the data formats by providing the extra information we need to introduce improvements to model and syntax on both sides. By "model and syntax" we mean everything bearing on both the information sets to be represented, and their (canonical or recognized) representations, including object structures, notations and declarations of data type bindings. Beyond the applicable metaschema, no further inputs and no reliance on arbitrary conventions or runtime settings should be necessary to produce, reliably, correspondent JSON from any (metaschema-described, schema-valid) XML, and vice-versa. - Additionally, (and this is crucial) produce specifications and running code supporting automated production of schemas and model-related artifacts, consistent with the circumscribed model defined (and documented) in the Metaschema. @@ -117,23 +124,28 @@ Top level documentation for the Metaschema instance appears in the header sectio The root element is `METASCHEMA` using all capitals. To name the root element in all capitals (unlike the general rule) and to give it a name somewhat peculiar to its application, retains and expresses the information that it is intended to be the document root. This is the only element named in all caps. -`METASCHEMA` may take two attributes, `@use` and `@top`. `@use` must be equal to the `@name` assigned to an assembly definition in the schema. `@top` must be equal to the `@group-as` on the same definition. (This is the first instance of the Metaschema tactic of "strategic redundancy" in naming and managing its various components. While in principle, we would be able to infer each of these values from the other, we require both to be expressed in order to confirm the integrity of the binding.) - -Note the assembly definition indicated by @use will be expected to apply to the root or virtual root for the conformant XML or JSON data set. +`METASCHEMA` indicates the root element or object for the schema with its `@root` attribute, which must correspond to the `@name` of one of the (assembly) definitions in the metaschema. ## Metaschema header In addition to the top-level attributes `@use` and `@top`, the top of the metaschema may include these elements, in order: - ### schema-name Describing the scope of application of the data format, for example "OSCAL Catalog". +### schema-version + +A literal value indicating the version to be assigned to schemas and tools produced from the Metaschema. + ### short-name A coded version of the schema name, for use when a string-safe identifier is needed, for example on artifact file names. Expect this short name to be propagated anytime such a "handle" is needed. A short name for the OSCAL Catalog metaschema (and schemas) might be `oscal-catalog`. +### namespace + +An XML namespace identifier (URI) to be used for the resulting XSD. All elements in the metaschema will be assigned to this namespace, including elements defined in metaschema modules, that are designated with their own namespaces. (In other words, this data value is operative only for the top-level metaschema, not for any of its imported modules. This makes it possible to use modules in metaschemas defined with different namespaces.) + ### remarks Paragraphs describing the metaschema. @@ -150,7 +162,7 @@ There are three kinds of definitions: ### Fields -Fields can be thought of as simple text values, either scalars or sequences of scalars, or when appropriate, of "rich text", i.e. text permitting inline formatting. Depending on modeling requirements, fields may also be used for even simpler bits of data, such as objects that carry specialized flags but have no values or structures otherwise. +Fields can be thought of as simple text values, either scalars or sequences of scalars, or when appropriate, of "rich text" or mixed content, i.e. text permitting inline formatting. Depending on modeling requirements, fields may also be used for even simpler bits of data, such as objects that carry specialized flags but have no values or structures otherwise. This means that fields can be more or less complex, depending on the need. This distinction is made by qualifying the `field` with an `@as` attribute, as follows: @@ -175,8 +187,32 @@ An assembly is just like a field, except it contains structured content (objects While data of arbitrary complexity is represented by assemblies (which may contain assemblies), at the other extreme, flags are available for the most granular bits of qualifying information. Since data already appears as text values of fields, flags might not be necessary. But they are extremely useful both for enabling more economical expression of data and especially process-oriented or "semantic" metadata such as controlled values, formal or informal taxonomic classifications etc. etc. +#### Data types + In order to facilitate this, flags also support a feature not supported on fields, namely rudimentary data typing (via XSD datatypes). Use `define-flag/@datatype` and `flag/@datatype` (again, with tactical redundancy, the same value at both ends) to assign its datatype. +#### Enumerated values + +Additionally, flags may be constrained to a set of known values listed in advance. + +This restriction can be either strict (values must be in the list for document validity) or loose (i.e. for documentation only, no effect in schemas). + +Use the `valid-values` element to restrict the permissible values for a flag. Set its attribute `allow-other='yes'` if the list is not exclusive. + +Within it `valid-values`, a `value` element's `@name` attribute assigns the permissible value, while its data content provides documentation. For example: + +```xml + + Hash algorithm + Method by which a hash is derived + + + + + + + ... +``` ## Metaschema modeling In the case of field and flag objects, the modeling constraints to be imposed by the result schemas (either XSD or JSON Schema) over the data set, can be determined on the basis of how they are described. Assembly definitions, however, permit not only flags to be assigned to assemblies of the defined type; additionally, they contain a `model` element for a *mode declaration*. This declaration names the subcomponents to be permitted (in documents valid to the target schemas) within any assembly of the type being defined. @@ -194,7 +230,10 @@ With these limitations, a model may be defined to contain any mix of fields and * `assemblies` - same as `fields`, but for assemblies. In JSON, this construct is also presented as an array unless there is an `@address` * `prose` refers to a "region of prose", that is, a section of prose text of unspecified length. In XML, prose is represented in conventional fashion as (a sequence of) `

    ` and list elements (`

      ` or `
        `) perhaps with inline markup (indicating further formatting). For consistency across metaschema applications, the permitted tagging will always be conformant to the same model for prose, managed to reflect (echo) a clean HTML subset. This specification also permits the markup vocabulary to be mapped to a text-based markdown syntax, suitable for use within JSON expressions of the same or similar data. -## Use of @address + +## JSON Enhancement features + +### Use of `key` One problem with zero-or-more cardinality as supported by `fields` and `assemblies` is that in JSON, no suitable structure is available for the inclusion of truly arbitrary but repeatable properties or 'contents' (as to its structural type) on an object. The closest thing is an array, which can be pulled into use for this -- at the cost of not permitting a JSON property label on items in the array. In order to capture the same information as is transparently available on the XML, it is therefore necessary to 'finesse' the JSON object type: Metaschema does this by mapping each field or assembly in a zero-or-many set, to an array with the corresponding number of items. The name of the objects can thus be captured implicitly, by naming (labeling) their containing array. diff --git a/src/release/release-notes.txt b/src/release/release-notes.txt index 4133a5a142..36da84e841 100644 --- a/src/release/release-notes.txt +++ b/src/release/release-notes.txt @@ -1,8 +1,22 @@ The OSCAL Project has made the following releases: OSCAL 1.0.0 Milestone 1 ---------------------- +----------------------- - The first official OSCAL release - Provides stable versions of the OSCAL catalog and profile models in XML and JSON formats, along with associated XML and JSON schemas. - Includes draft versions of the NIST SP 800-53 revision 4 OSCAL content and FedRAMP baselines in OSCAL XML, JSON, and YAML formats. - Provides content converters that are capable of accurately converting between OSCAL catalog and profile content in OSCAL XML to OSCAL JSON format and vice versa. + +OSCAL 1.0.0 Milestone 2 +----------------------- + +- The following content model changes have been made that may break content compatibility: + + Catalog: + + - /catalog/metadata/last-modified-date - The data type has been changed from string to dateTime-with-timezone. + - link + - The data type of the href property/attribute on the link object/element has been changed from string to uri-reference. + - The text content of link can now be XML/HTML or JSON/Markdown content. + - rlinks - The data type of the href property/attribute on the rlink object/element has been changed from string to uri-reference. + - email - The data type has been changed from string to email. diff --git a/src/utils/util/author/CSS/oscal.css b/src/utils/util/author/CSS/oscal.css index 2c8833d008..23c4bfdb53 100644 --- a/src/utils/util/author/CSS/oscal.css +++ b/src/utils/util/author/CSS/oscal.css @@ -1,5 +1,5 @@ /* Note this CSS hasn't been reviewed for tightness it is likely to contain obsolte (ordinarily no-op) code */ - +/* Extra note - yes, although it works tolerably well it really ought to be stripped down */ * { display: block } catalog, framework { max-width: 48em } @@ -104,20 +104,20 @@ desc:before { font-style: normal; content: 'Description: ' } default:before { font-style: normal; content: 'Default: ' } param value:before { font-style: normal; content: 'Value: ' } -prop:before { content: attr(class) ': '; font-weight: bold; font-size:90%; font-family: sans-serif } +prop:before { content: attr(name) ': '; font-weight: bold; font-size:90%; font-family: sans-serif } prop { display:block; background-color: #FDDDE6; border: thin outset pink; padding: 2px; font-size: 90% } /* SP800-53 -part[class=supplemental-guidance]:before { content: "Supplemental guidance" } */ +part[name=supplemental-guidance]:before { content: "Supplemental guidance" } */ /* ISO 27002 -purpose:before,part[class=purpose]:before { content: "Purpose/s"; font-weight: bold; color: midnightblue; font-family: sans-serif } -guidance:before,[class=guidance]:before { content: "Guidance"; font-weight: bold; color: midnightblue; font-family: sans-serif } -information:before,part[class=information]:before { content: "Other information"; font-weight: bold; color: midnightblue; font-family: sans-serif } -remarks:before,part[class=remarks]:before { content: "Remarks"; font-weight: bold; color: midnightblue; font-family: sans-serif } +purpose:before,part[name=purpose]:before { content: "Purpose/s"; font-weight: bold; color: midnightblue; font-family: sans-serif } +guidance:before,[name=guidance]:before { content: "Guidance"; font-weight: bold; color: midnightblue; font-family: sans-serif } +information:before,part[name=information]:before { content: "Other information"; font-weight: bold; color: midnightblue; font-family: sans-serif } +remarks:before,part[name=remarks]:before { content: "Remarks"; font-weight: bold; color: midnightblue; font-family: sans-serif } */ @@ -177,7 +177,7 @@ sub, sup { display: inline; font-size: .83em } sub { vertical-align: sub } sup { vertical-align: super } -insert, select { display: inline; font-family: sans-serif; background-color: white; +insert { display: inline; font-family: sans-serif; background-color: white; font-size: 80%; font-style: italic; font-weight: bold; border: thin solid pink; content: oxy_popup( edit, '@param-id',