From b06aac9bf069248dbfa2b871aa249349b9f4e372 Mon Sep 17 00:00:00 2001
From: Guy Zylberberg <guyzyl@gmail.com>
Date: Thu, 25 Aug 2022 15:05:54 +0300
Subject: [PATCH] Create `<define-assembly name="impact">` (fix #1129) (#1171)

* Create`<define-assembly name="impact">`
* Restored C/I/A formal names and descriptions.

Resolves #1129.

Co-authored-by: David Waltermire <david.waltermire@nist.gov>
---
 src/metaschema/oscal_ssp_metaschema.xml | 63 ++++++++++---------------
 1 file changed, 24 insertions(+), 39 deletions(-)

diff --git a/src/metaschema/oscal_ssp_metaschema.xml b/src/metaschema/oscal_ssp_metaschema.xml
index e6bee63bfc..de446373a2 100644
--- a/src/metaschema/oscal_ssp_metaschema.xml
+++ b/src/metaschema/oscal_ssp_metaschema.xml
@@ -236,51 +236,21 @@
           <assembly ref="link" max-occurs="unbounded">
             <group-as name="links" in-json="ARRAY"/>
           </assembly>
-          <define-assembly name="confidentiality-impact" min-occurs="1">
+          <assembly ref="impact">
             <formal-name>Confidentiality Impact Level</formal-name>
             <description>The expected level of impact resulting from the unauthorized disclosure of the described information.</description>
-            <model>
-              <assembly ref="property" max-occurs="unbounded">
-                <group-as name="props" in-json="ARRAY"/>
-              </assembly>
-              <assembly ref="link" max-occurs="unbounded">
-                <group-as name="links" in-json="ARRAY"/>
-              </assembly>
-              <field ref="base" min-occurs="1"/>
-              <field ref="selected"/>
-              <field ref="adjustment-justification" in-xml="WITH_WRAPPER"/>
-            </model>
-          </define-assembly>
-          <define-assembly name="integrity-impact" min-occurs="1">
+            <use-name>confidentiality-impact</use-name>
+          </assembly>
+          <assembly ref="impact">
             <formal-name>Integrity Impact Level</formal-name>
             <description>The expected level of impact resulting from the unauthorized modification of the described information.</description>
-            <model>
-              <assembly ref="property" max-occurs="unbounded">
-                <group-as name="props" in-json="ARRAY"/>
-              </assembly>
-              <assembly ref="link" max-occurs="unbounded">
-                <group-as name="links" in-json="ARRAY"/>
-              </assembly>
-              <field ref="base" min-occurs="1"/>
-              <field ref="selected"/>
-              <field ref="adjustment-justification" in-xml="WITH_WRAPPER"/>
-            </model>
-          </define-assembly>
-          <define-assembly name="availability-impact" min-occurs="1">
+            <use-name>integrity-impact</use-name>
+          </assembly>
+          <assembly ref="impact">
             <formal-name>Availability Impact Level</formal-name>
             <description>The expected level of impact resulting from the disruption of access to or use of the described information or the information system.</description>
-            <model>
-              <assembly ref="property" max-occurs="unbounded">
-                <group-as name="props" in-json="ARRAY"/>
-              </assembly>
-              <assembly ref="link" max-occurs="unbounded">
-                <group-as name="links" in-json="ARRAY"/>
-              </assembly>
-              <field ref="base" min-occurs="1"/>
-              <field ref="selected"/>
-              <field ref="adjustment-justification" in-xml="WITH_WRAPPER"/>
-            </model>
-          </define-assembly>
+            <use-name>availability-impact</use-name>
+          </assembly>
         </model>
         <constraint>
           <expect level="WARNING" target="." test="@uuid">
@@ -318,6 +288,21 @@
       </allowed-values>
     </constraint>
   </define-assembly>
+  <define-assembly name="impact">
+    <formal-name>Impact Level</formal-name>
+    <description>The expected level of impact resulting from the described information.</description>
+    <model>
+      <assembly ref="property" max-occurs="unbounded">
+        <group-as name="props" in-json="ARRAY"/>
+      </assembly>
+      <assembly ref="link" max-occurs="unbounded">
+        <group-as name="links" in-json="ARRAY"/>
+      </assembly>
+      <field ref="base" min-occurs="1"/>
+      <field ref="selected"/>
+      <field ref="adjustment-justification" in-xml="WITH_WRAPPER"/>
+    </model>
+  </define-assembly>
   <define-field name="base" as-type="string" scope="local">
     <formal-name>Base Level (Confidentiality, Integrity, or Availability)</formal-name>
     <description>The prescribed base (Confidentiality, Integrity, or Availability) security impact level.</description>