Addressed comments in issue usnistgov#445

docs/_data/navigation.yml

@@ -36,6 +36,15 @@ secondary:
 learnmore:
   - text: Learn More
     href: /learnmore/
+    addnav:
+      - text: For Security Professionals
+        href: /learnmore/securitypros/
+      - text: For Assessors
+        href: /learnmore/assessors/
+      - text: For Tool Developers
+        href: /learnmore/tooldevelopers/
+      - text: For Policy Authors
+        href: /learnmore/contentcreators/
   - text: Challenges Addressed
     href: /learnmore/challenges/
   - text: Project Goals
@@ -51,8 +60,6 @@ architecture:
   - text: Architecture
     href: /docs/
     subnav: true
-  - text: Schema Reference
-    href: /docs/schemas/
   - text: Relations to Documentary Encoding Standards
     href: /docs/relations/
 

docs/content/downloads.md

@@ -10,16 +10,18 @@ layout: post
 
 Official releases of the OSCAL Project are available on the project's [GitHub repository](https://github.com/usnistgov/OSCAL/releases). These releases align with the project's [roadmap](/OSCAL/learnmore/roadmap/).
 
-- [OSCAL 1.0 Milestone 1](https://github.com/usnistgov/OSCAL/releases): Stable releases of the OSCAL Catalog and Profile layers, including XML and JSON schema, content examples, and content converters.
+- [OSCAL 1.0.0 Milestone 1](https://github.com/usnistgov/OSCAL/releases): Stable releases of the OSCAL Catalog and Profile layers, including XML and JSON schema, content examples, and content converters.
+
+OSCAL uses version strings for releases based on the [semantic versioning v2.0.0](https://semver.org/spec/v2.0.0.html) specification.
 
 # Future OSCAL Compatibility Commitment
 
 The OSCAL Project team recognizes the impact of syntax changes on content and tool developers following an evolving language. As we develop OSCAL, the team will take care to minimize the impact of any necessary changes. Syntax changes to the OSCAL XML and JSON models will only occur where there is a compelling need to do so. To the greatest extend practical, OSCAL-based content produced today will be future compatible.
 
 The OSCAL team can not anticipate all issues raised or feedback received. In rare cases, changes to the OSCAL models will need to be made to address a compelling issue. In these instances, the OSCAL team will do everything practical to minimize the impact to early adopters, and document any changes where impacts are unavoidable in the [release notes](https://github.com/usnistgov/OSCAL/tree/master/src/release/release-notes.txt).
 
-NIST encourages early adoption of released OSCAL content, tools, and schema. In general early adopters can count on the following, from the first milestone release to the first official 1.0 release of OSCAL:
+NIST encourages early adoption of released OSCAL content, tools, and schema. In general early adopters can count on the following, from the first milestone release to the first official 1.0.0 release of OSCAL:
 
-- Any data element modeled in the milestone release will be modeled in the 1.0 release. Typically with the same syntax.
-- All features available in a milestone release will be available in the 1.0 release.
+- Any data element modeled in the milestone release will be modeled in the 1.0.0 release. Typically with the same syntax.
+- All features available in a milestone release will be available in the 1.0.0 release.
 - Deferred features, such as cryptographic validation, will be implemented while minimizing the impact to existing content. Most new features will be implemented as optional extensions with no impact to existing content.

docs/content/learnmore/assessors.md

@@ -5,15 +5,6 @@ permalink: /learnmore/assessors/
 layout: post
 topnav: learnmore
 sidenav: learnmore
-subnav:
-  - text: For Security Professionals
-    href: /learnmore/securitypros/
-  - text: For Assessors
-    href: /learnmore/assessors/
-  - text: For Tool Developers
-    href: /learnmore/tooldevelopers/
-  - text: For Policy Authors
-    href: /learnmore/contentcreators/
 sticky_sidenav: true
 ---
 

docs/content/learnmore/contentcreators.md

@@ -5,15 +5,6 @@ permalink: /learnmore/contentcreators/
 layout: post
 topnav: learnmore
 sidenav: learnmore
-subnav:
-  - text: For Security Professionals
-    href: /learnmore/securitypros/
-  - text: For Assessors
-    href: /learnmore/assessors/
-  - text: For Tool Developers
-    href: /learnmore/tooldevelopers/
-  - text: For Policy Authors
-    href: /learnmore/contentcreators/
 sticky_sidenav: true
 ---
 

docs/content/learnmore/goals.md

@@ -14,11 +14,11 @@ The OSCAL project is working to address the following goals:
     - Normalize the representation of security control catalogs, regulatory frameworks, and system information using precise, machine readable formats.
     - Allow the sharing of control implementation information across communities.
 1. Improve the efficiency, accuracy, and consistency of system security assessments.
-    - Assess a system's compliance state against several sets of requirements simultaneously and ensure traceability between the requirements.
+    - Assess a system's security control implementation against several sets of requirements simultaneously and ensure traceability between the requirements.
     - Enable assessments to be performed consistently, regardless of system type.
 1. Allow a system's security state to be assessed more often, ideally continuously, driving continuous assurance.
     - Drive a large decrease in assessment-related labor, decreasing assessment and authorization time.
-    - Support the evaluation of control implementation effectiveness based on data collected using a continuous monitoring capability.
+    - Support the assessment of control implementation effectiveness based on data collected using a continuous monitoring capability.
 
 ## OSCAL Design Principles
 
@@ -29,5 +29,5 @@ To address these goals, the OSCAL project is guided by the following design prin
   - Provide a common means to identify and version shared resources.
   - Standardize the expression of assessment artifacts, driving crowd-sourced development and improvement across profile and implementation layers.
 - Align OSCAL models with current, practical information, and support advanced structures that provide for greater automation and verification.
-  - Ensure security controls, implementation, and verification processes have full traceability and inherit at the baseline (software and service provider) and system interconnection levels.
+  - Ensure security controls, implementation, and assessment processes have full traceability to the selected control baseline and accross system boundaries for interconnected systems and common control providers.
   - Provides a path for early adoption and ongoing evolution around how OSCAL will be used.

docs/content/learnmore/index.md

@@ -5,16 +5,6 @@ permalink: /learnmore/
 layout: post
 sidenav: learnmore
 sticky_sidenav: true
-subnav:
-  - text: For Security Professionals
-    href: /learnmore/securitypros/
-  - text: For Assessors
-    href: /learnmore/assessors/
-  - text: For Tool Developers
-    href: /learnmore/tooldevelopers/
-  - text: For Policy Authors
-    href: /learnmore/contentcreators/
-
 ---
 
 NIST is developing the Open Security Controls Assessment Language (OSCAL) as a standardized, data-centric framework that can be applied to an information system for documenting and assessing its security controls. Today, security controls and control baselines are represented in proprietary formats, requiring data conversion and manual effort to describe their implementation. An important goal of OSCAL is to move the security controls and control baselines from a text-based and manual approach (using word processors or spreadsheets) to a set of standardized and machine-readable formats. With systems security information represented in OSCAL, security professionals will be able to automate security assessment, auditing, and continuous monitoring processes.

docs/content/learnmore/roadmap.md

@@ -16,7 +16,7 @@ OSCAL is being designed and created over a series of development epics leveragin
 
 Each [milestone](https://github.com/usnistgov/OSCAL/milestones) will result in an incremental release of OSCAL resources.
 
-- OSCAL 1.0 [Milestone 1](https://github.com/usnistgov/OSCAL/milestone/1): Develop the OSCAL Catalog and Profile models
+- OSCAL 1.0.0 [Milestone 1](https://github.com/usnistgov/OSCAL/milestone/1): Develop the OSCAL Catalog and Profile models
 
   The initial OSCAL work encompasses the [catalog]({{ site.baseurl }}/docs/catalog/) and [profile]({{ site.baseurl }}/docs/profile/) concepts of the OSCAL [architecture]({{ site.baseurl }}/docs/). There are several types of users who will benefit from OSCAL catalogs and profiles. They include the following producers of OSCAL catalogs, profiles, and/or tools:
 
@@ -32,8 +32,8 @@ Each [milestone](https://github.com/usnistgov/OSCAL/milestones) will result in a
   - **Auditors/assessors:** performing audits/assessments on demand with minimal effort
   - **Policy personnel:** identifying systemic problems that necessitate changes to organizational security policies
 
-- OSCAL 1.0 [Milestone 2](https://github.com/usnistgov/OSCAL/milestone/2): Develop the OSCAL Implementation models
-- OSCAL 1.0 [Milestone 3](https://github.com/usnistgov/OSCAL/milestone/3): Develop the OSCAL Assessment and Assessment Results models
-- OSCAL 1.0 [Final Release](https://github.com/usnistgov/OSCAL/milestone/4): Publish an OSCAL 1.0 Specification
+- OSCAL 1.0.0 [Milestone 2](https://github.com/usnistgov/OSCAL/milestone/2): Develop the OSCAL Implementation models
+- OSCAL 1.0.0 [Milestone 3](https://github.com/usnistgov/OSCAL/milestone/3): Develop the OSCAL Assessment and Assessment Results models
+- OSCAL 1.0.0 [Final Release](https://github.com/usnistgov/OSCAL/milestone/4): Publish an OSCAL 1.0 Specification
 
 To accelerate development, we are not focused on developing a formal specification for OSCAL until the final milestone. Until then, the OSCAL models will be [documented]({{ site.baseurl }}/docs/schemas/) on this site. This will allow us to work on a formal specification once most of the major development of OSCAL is completed. Until that point, adopters of OSCAL will find all of the resources they need to develop content and tools on this site.

docs/content/learnmore/securitypros.md

@@ -5,15 +5,6 @@ permalink: /learnmore/securitypros/
 layout: post
 topnav: learnmore
 sidenav: learnmore
-subnav:
-  - text: For Security Professionals
-    href: /learnmore/securitypros/
-  - text: For Assessors
-    href: /learnmore/assessors/
-  - text: For Tool Developers
-    href: /learnmore/tooldevelopers/
-  - text: For Policy Authors
-    href: /learnmore/contentcreators/
 sticky_sidenav: true
 ---
 

docs/content/learnmore/tooldevelopers.md

@@ -5,15 +5,6 @@ permalink: /learnmore/tooldevelopers/
 layout: post
 topnav: learnmore
 sidenav: learnmore
-subnav:
-  - text: For Security Professionals
-    href: /learnmore/securitypros/
-  - text: For Assessors
-    href: /learnmore/assessors/
-  - text: For Tool Developers
-    href: /learnmore/tooldevelopers/
-  - text: For Policy Authors
-    href: /learnmore/contentcreators/
 sticky_sidenav: true
 ---
 

src/metaschema/oscal_catalog_metaschema.xml

@@ -10,7 +10,7 @@
             xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/metaschema/1.0 ../../build/metaschema/lib/metaschema.xsd"
             root="catalog">
    <schema-name>OSCAL Control Catalog Format</schema-name>
-   <schema-version>1.0-milestone1</schema-version>
+   <schema-version>1.0.0-milestone2</schema-version>
    <short-name>oscal-catalog</short-name>
    <namespace>http://csrc.nist.gov/ns/oscal/1.0</namespace>
    <remarks>

src/metaschema/oscal_component_metaschema.xml

@@ -8,13 +8,14 @@
   root="component-definition">
 
   <schema-name>OSCAL Implementation Component Format</schema-name>
-  <schema-version>1.0-milestone2</schema-version>
+  <schema-version>1.0.0-milestone2</schema-version>
   <short-name>oscal-component</short-name>
   <namespace>http://csrc.nist.gov/ns/oscal/1.0</namespace>
 
 
   <remarks>
     <p>The OSCAL Implementation Component format can be used to describe the implementation of controls in a <code>component</code> or a set of components grouped as a <code>capabiity</code>. A component can be either a <em>technical component</em>, or a <em>documentary component</em>. A technical component is a component that is implemented in hardware (physical or virtual) or software. A documentary component is a component implemented in a document, such as a process, proceedure, or policy.</p>
+    <p>The root of the OSCAL Implementation Component format is <code>component-definition</code>.</p>
     <p>NOTE: This documentation is a work in progress. As a result, documentation for many of the information elements is missing or incomplete.</p>
   </remarks>
 

src/metaschema/oscal_implementation-common_metaschema.xml

@@ -9,7 +9,7 @@
     root="VALIDATION_root">
 
     <schema-name>OSCAL Implementation Common Information</schema-name>
-    <schema-version>1.0-milestone2</schema-version>
+    <schema-version>1.0.0-milestone2</schema-version>
     <short-name>oscal-implementation-common</short-name>
     <namespace>http://csrc.nist.gov/ns/oscal/1.0</namespace>
 

src/metaschema/oscal_metadata_metaschema.xml

@@ -10,7 +10,7 @@
             xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/metaschema/1.0 ../../build/metaschema/lib/metaschema.xsd"
             root="VALIDATION_root">
    <schema-name>OSCAL Document Metadata Description</schema-name>
-   <schema-version>1.0-milestone1</schema-version>
+   <schema-version>1.0.0-milestone2</schema-version>
    <short-name>oscal-metadata</short-name>
    <namespace>http://csrc.nist.gov/ns/oscal/metadata/1.0/</namespace>
 
@@ -97,7 +97,7 @@
          <p>This is a rough analog to an HTML anchor (<code>a</code>), except this is a line-oriented (block)
         element.</p>
          <p>The <code>href</code> must point to a local or remote resource. If a local resource is used, this will be indicated by a fragment "#" followed by an identifier which references an identified <code>citation</code> or <code>resource</code> in the document's <code>back-matter</code>. If a remote resource is used, the <code>href</code> value will be an absolute or relative URI pointing to the location of the referenced resource. A relative URI can be resolved relative to the location of the document conatining the link.</p>
-         <p>To provide a cryptographic hash for a remote target resource, a local reference to a <code>resource</code> is needed. The resource allows one or more hash values to be provided using the <code>rlink</code> 
+         <p>To provide a cryptographic hash for a remote target resource, a local reference to a <code>resource</code> is needed. The resource allows one or more hash values to be provided using the <code>rlink</code>
             <code>hash</code> object.</p>
          <p>The <code>media-type</code> provides a hint about the content model of the referenced resource. A valid entry from the <a href="https://www.iana.org/assignments/media-types/media-types.xhtml">IANA Media Types registry</a>
          </p>

src/metaschema/oscal_profile_metaschema.xml

@@ -8,7 +8,7 @@
             xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/metaschema/1.0 ../../build/metaschema/lib/metaschema.xsd"
             root="profile">
    <schema-name>OSCAL Profile Metaschema</schema-name>
-   <schema-version>1.0-milestone1</schema-version>
+   <schema-version>1.0.0-milestone2</schema-version>
    <short-name>oscal-profile</short-name>
    <namespace>http://csrc.nist.gov/ns/oscal/1.0</namespace>
    <remarks>

src/metaschema/oscal_ssp_metaschema.xml

@@ -14,12 +14,13 @@
             xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/metaschema/1.0 ../../build/metaschema/lib/metaschema.xsd"
             root="system-security-plan">
    <schema-name>OSCAL System Security Plan (SSP) Format</schema-name>
-   <schema-version>1.0-milestone1</schema-version>
+   <schema-version>1.0.0-milestone2</schema-version>
    <short-name>oscal-ssp</short-name>
    <namespace>http://csrc.nist.gov/ns/oscal/1.0</namespace>
    <remarks>
       <p>The OSCAL Control SSP format can be used to describe the information typically specified
 			in a system security plan, such as those defined in SP 800-18 or used by FedRAMP.</p>
+      <p>The root of the OSCAL System Security Plan (SSP) format is <code>system-security-plan</code>.</p>
       <p>NOTE: This documentation is a work in progress. As a result, documentation for many of the information elements is missing or incomplete.</p>
    </remarks>
    <!-- IMPORT STATEMENTS -->
@@ -121,12 +122,12 @@
 
    <define-field name="security-sensitivity-level">
       <!-- TODO: Any constraints for the values? -->
-      <formal-name/>
+      <formal-name>Security Sensitivity Level</formal-name>
       <description>TBD</description>
    </define-field>
 
    <define-flag name="impact-level" as-type="string">
-      <formal-name/>
+      <formal-name>Impact level</formal-name>
       <description>TBD</description>
       <valid-values allow-other="yes">
          <value name="low">A 'low' sensitivity level such as what is defined in <a href="https://doi.org/10.6028/NIST.FIPS.199">FIPS-199</a>.</value>