Addressed group naming resolving usnistgov#780

david-waltermire · Nov 19, 2020 · 87302bb · 87302bb
1 parent 5a901ad
commit 87302bb
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 37 deletions.
diff --git a/src/metaschema/oscal_assessment-common_metaschema.xml b/src/metaschema/oscal_assessment-common_metaschema.xml
@@ -40,9 +40,10 @@
    </define-assembly>
 
    <!-- ********** OBJECTIVES Assembly ********** -->
-   <define-assembly name="objectives">
-      <formal-name>Control Objectives</formal-name>
-      <description>Identifies the controls being assessed and their control objectives. In the assessment plans, these are the planned controls and objectives. In the assessment results, these are the actual controls and objectives, reflecting any changes from the plan.</description>
+   <define-assembly name="reviewed-controls">
+      <!-- CHANGED: "objectives" to "reviewed-controls" -->
+      <formal-name>Reviewed Controls and Control Objectives</formal-name>
+      <description>Identifies the controls being assessed and their control objectives. In an assessment plan, these are the controls and objectives that are to be assessed. In an assessment result, these are the actual controls and objectives that were assessed, reflecting any changes from the plan.</description>
       <model>
          <define-field name="description" min-occurs="0" max-occurs="1" in-xml="WITH_WRAPPER" as-type="markup-multiline">
             <formal-name>Control Objective Description</formal-name>
@@ -58,11 +59,16 @@
          <assembly ref="link" max-occurs="unbounded">
             <group-as name="links" in-json="ARRAY"/>
          </assembly>
-         <assembly ref="controls" min-occurs="1" max-occurs="unbounded">
-            <group-as name="control-group" in-json="ARRAY"/>
+         <assembly ref="control-selection" min-occurs="1" max-occurs="unbounded">
+            <!-- CHANGED: "controls" to "control-selection" -->
+            <!-- CHANGED: "control-group" to "control-selections" -->
+            <group-as name="control-selections" in-json="ARRAY"/>
          </assembly>
-         <assembly ref="control-objectives" min-occurs="0" max-occurs="unbounded">
-            <group-as name="control-objective-group" in-json="ARRAY"/>
+         <assembly ref="control-objectives-selection" min-occurs="0" max-occurs="unbounded">
+            <!-- CHANGED: "control-objectives" to "control-objectives-selection" -->
+            <use-name>objectives-selection</use-name>
+            <!-- CHANGED: "control-objective-group" to "objectives-selections" -->
+            <group-as name="objectives-selections" in-json="ARRAY"/>
          </assembly>
          <assembly ref="objective" min-occurs="0" max-occurs="unbounded">
             <group-as name="objectives" in-json="ARRAY"/>
@@ -76,7 +82,8 @@
       </model>
    </define-assembly>
 
-   <define-assembly name="controls">
+   <define-assembly name="control-selection">
+      <!-- CHANGED: "controls" to "control-selection" -->
       <formal-name>Assessed Controls</formal-name>
       <description>Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.</description>
       <model>
@@ -112,7 +119,8 @@
       </model>
    </define-assembly>
 
-   <define-assembly name="control-objectives">
+   <define-assembly name="control-objectives-selection" scope="local">
+      <!-- CHANGED: "control-objectives" to "control-objectives-selection" -->
       <formal-name>Referened Control Objectives</formal-name>
       <description>Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the actual objectives, and reflects any changes from the plan.</description>
       <model>
@@ -968,7 +976,8 @@
          </define-field>
          <!-- CHANGE: group-as name from evidence-group to relevant-evidence-group         -->
          <assembly ref="relevant-evidence" min-occurs="0" max-occurs="unbounded">
-            <group-as name="relevant-evidence-group" in-json="ARRAY"/>
+            <!-- CHANGED: "relevant-evidence-group" to "relevant-evidence" -->
+            <group-as name="relevant-evidence" in-json="ARRAY"/>
          </assembly>
          <field ref="remarks" in-xml="WITH_WRAPPER" min-occurs="0" max-occurs="1"/>
       </model>
@@ -1108,7 +1117,8 @@
          </assembly>
          <field ref="remediation-deadline" min-occurs="0" max-occurs="1"/>
          <assembly ref="remediation" min-occurs="0" max-occurs="unbounded">
-            <group-as name="remediation-group" in-json="ARRAY"/>
+            <!-- CHANGED: "remediation-group" to "remediations" -->
+            <group-as name="remediations" in-json="ARRAY"/>
          </assembly>
          <field ref="risk-status" min-occurs="1" max-occurs="1">
             <!-- CHANGED: from "risk-status" to "status" -->

diff --git a/src/metaschema/oscal_assessment-plan_metaschema.xml b/src/metaschema/oscal_assessment-plan_metaschema.xml
@@ -42,10 +42,12 @@
       <description>Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies the planned assessment subject. In the assessment results this is the actual assessment subject, and reflects any changes from the plan.</description>
       <model>
          <assembly ref="include-subject" min-occurs="1" max-occurs="unbounded">
-            <group-as name="includes" in-json="ARRAY"/>
+            <!-- CHANGED: "includes" to "include-subjects" -->
+            <group-as name="include-subjects" in-json="ARRAY"/>
          </assembly>
          <assembly ref="exclude-subject" min-occurs="0" max-occurs="unbounded">
-            <group-as name="excludes" in-json="ARRAY"/>
+            <!-- CHANGED: "excludes" to "exclude-subjects" -->
+            <group-as name="exclude-subjects" in-json="ARRAY"/>
          </assembly>
          <assembly ref="local-definitions" min-occurs="0" max-occurs="1"/>
          <field ref="remarks"

diff --git a/src/metaschema/oscal_assessment-results_metaschema.xml b/src/metaschema/oscal_assessment-results_metaschema.xml
@@ -35,7 +35,10 @@
          <assembly ref="assets" min-occurs="0" max-occurs="1"/>
          <assembly ref="assessment-activities" min-occurs="0" max-occurs="1"/>
          <assembly ref="results" min-occurs="1" max-occurs="unbounded">
-            <group-as name="results_group" in-json="ARRAY"/>
+            <!-- CHANGED: "results" to "assessment-result" -->
+            <use-name>assessment-result</use-name>
+            <!-- CHANGED: "results_group" to "assessment-results" -->
+            <group-as name="assessment-results" in-json="ARRAY"/>
          </assembly>
          <assembly ref="back-matter" min-occurs="0" max-occurs="1"/>
       </model>
@@ -68,10 +71,12 @@
       <description>Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies the planned assessment subject. In the assessment results this is the actual assessment subject, and reflects any changes from the plan.</description>
       <model>
          <assembly ref="include-subject" min-occurs="1" max-occurs="unbounded">
-            <group-as name="includes" in-json="ARRAY"/>
+            <!-- CHANGED: "includes" to "include-subjects" -->
+            <group-as name="include-subjects" in-json="ARRAY"/>
          </assembly>
          <assembly ref="exclude-subject" min-occurs="0" max-occurs="unbounded">
-            <group-as name="excludes" in-json="ARRAY"/>
+            <!-- CHANGED: "excludes" to "exclude-subjects" -->
+            <group-as name="exclude-subjects" in-json="ARRAY"/>
          </assembly>
          <assembly ref="local-definitions" min-occurs="0" max-occurs="1"/>
          <field ref="remarks"

diff --git a/src/metaschema/oscal_metadata_metaschema.xml b/src/metaschema/oscal_metadata_metaschema.xml
@@ -27,7 +27,8 @@
          <field ref="version" min-occurs="1"/>
          <field ref="oscal-version" min-occurs="1"/>
          <assembly ref="revision" max-occurs="unbounded">
-            <group-as name="revision-history" in-xml="GROUPED" in-json="ARRAY"/>
+            <!-- CHANGED: "revision-histroy" to "revisions" -->
+            <group-as name="revisions" in-xml="GROUPED" in-json="ARRAY"/>
          </assembly>
          <!-- CHANGED from "doc-id" to "document-id" -->
          <field ref="document-id" max-occurs="unbounded">

diff --git a/src/metaschema/oscal_poam_metaschema.xml b/src/metaschema/oscal_poam_metaschema.xml
@@ -136,7 +136,8 @@
             <description>Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous monitoring scenario, this may be omitted or contain the same value as start if appropriate.</description>
          </define-field>
          <assembly ref="poam-item" min-occurs="1" max-occurs="unbounded">
-            <group-as name="poam-item-group" in-json="ARRAY"/>
+            <!-- CHANGED: "poam-item-group" to "poam-items" -->
+            <group-as name="poam-items" in-json="ARRAY"/>
          </assembly>
          <field ref="remarks"
                 in-xml="WITH_WRAPPER"

diff --git a/src/metaschema/oscal_ssp_metaschema.xml b/src/metaschema/oscal_ssp_metaschema.xml
@@ -190,27 +190,30 @@
                   <formal-name>Information Type Description</formal-name>
                   <description>A summary of how this information type is used within the system.</description>
                </define-field>
-               <define-field name="information-type-id" as-type="string" max-occurs="unbounded">
-                  <!-- This is an id because the idenfier is assigned and managed externally by humans. -->
-                  <formal-name>Information Type Identifier</formal-name>
-                  <description>An identifier qualified by the given identification <code>system</code> used, such as NIST SP 800-60.</description>
-                  <json-key flag-name="system"/>
-                  <json-value-key>id</json-value-key>
-                  <group-as name="information-type-ids" in-json="BY_KEY"/>
+               <define-assembly name="categorization" as-type="string" max-occurs="unbounded">
+                  <!-- CHANGED: replaced the information-type-id structure with the current structure -->
+                  <formal-name>Information Type Categorization</formal-name>
+                  <description>A set of information type identifiers qualified by the given identification <code>system</code> used, such as NIST SP 800-60.</description>
+                  <group-as name="categorizations" in-json="ARRAY"/>
                   <define-flag required="yes" name="system">
                      <formal-name>Information Type Identification System</formal-name>
                      <description>Specifies the information type identification system used.</description>
                      <constraint>
                         <allowed-values allow-other="yes">
-                           <enum value="https://doi.org/10.6028/NIST.SP.800-60v2r1">Based on the section identifiers in NIST Special Publication 800-60 Volume II Revision 1</enum>
+                           <enum value="https://doi.org/10.6028/NIST.SP.800-60v2r1">Based on the section identifiers in NIST <a href="https://doi.org/10.6028/NIST.SP.800-60v2r1">Special Publication 800-60 Volume II Revision 1</a>.</enum>
                         </allowed-values>
                      </constraint>
                   </define-flag>
-                  <remarks>
-                     <p>The current allowed values are based on those identified in <a href="https://doi.org/10.6028/NIST.SP.800-60v2r1">NIST SP 800-60 Volume 2</a>
-                     </p>
-                  </remarks>
-               </define-field>
+                  <model>
+                     <define-field name="information-type-id" as-type="string" max-occurs="unbounded">
+                        <!-- This is an id because the idenfier is assigned and managed externally by humans. -->
+                        <formal-name>Information Type Systemized Identifier</formal-name>
+                        <description>An identifier qualified by the given identification <code>system</code> used, such as NIST SP 800-60.</description>
+                        <json-value-key>id</json-value-key>
+                        <group-as name="information-type-ids" in-json="ARRAY"/>
+                     </define-field>
+                  </model>
+               </define-assembly>
                <field ref="property" max-occurs="unbounded">
                   <use-name>prop</use-name>
                   <group-as name="properties" in-json="ARRAY"/>
@@ -223,7 +226,7 @@
                </assembly>
                <define-assembly name="confidentiality-impact" min-occurs="1">
                   <formal-name>Confidentiality Impact Level</formal-name>
-                  <description>The expected level of impact resulting from the unauthorized disclosure of information.</description>
+                  <description>The expected level of impact resulting from the unauthorized disclosure of the described information.</description>
                   <model>
                      <field ref="property" max-occurs="unbounded">
                         <use-name>prop</use-name>
@@ -242,7 +245,7 @@
                </define-assembly>
                <define-assembly name="integrity-impact" min-occurs="1">
                   <formal-name>Integrity Impact Level</formal-name>
-                  <description>The expected level of impact resulting from the unauthorized modification of information.</description>
+                  <description>The expected level of impact resulting from the unauthorized modification of the described information.</description>
                   <model>
                      <field ref="property" max-occurs="unbounded">
                         <use-name>prop</use-name>
@@ -261,7 +264,7 @@
                </define-assembly>
                <define-assembly name="availability-impact" min-occurs="1">
                   <formal-name>Availability Impact Level</formal-name>
-                  <description>The expected level of impact resulting from the disruption of access to or use of information or the information system.</description>
+                  <description>The expected level of impact resulting from the disruption of access to or use of the described information or the information system.</description>
                   <model>
                      <field ref="property" max-occurs="unbounded">
                         <use-name>prop</use-name>
@@ -822,7 +825,8 @@
                <define-assembly name="provided" max-occurs="unbounded">
                   <formal-name>Provided Control Implementation</formal-name>
                   <description>Describes a capability which may be inherited by a leveraging system.</description>
-                  <group-as name="provided-group" in-json="ARRAY"/>
+                  <!-- CHANGED: "provided-group" to "provided" -->
+                  <group-as name="provided" in-json="ARRAY"/>
                   <define-flag name="uuid" as-type="uuid" required="yes">
                      <formal-name>Provided Universally Unique Identifier</formal-name>
                      <description>A globally unique identifier that can be used to reference this provided entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.</description>
@@ -895,7 +899,8 @@
          <define-assembly name="inherited" max-occurs="unbounded">
             <formal-name>Inherited Control Implementation</formal-name>
             <description>Describes a control implementation inherited by a leveraging system.</description>
-            <group-as name="inherited-group" in-json="ARRAY"/>
+            <!-- CHANGED: "inherited-group" to "inherited" -->
+            <group-as name="inherited" in-json="ARRAY"/>
             <define-flag name="uuid" as-type="uuid" required="yes">
                <formal-name>Inherited Universally Unique Identifier</formal-name>
                <description>A globally unique identifier that can be used to reference this inherited entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.</description>
@@ -925,7 +930,8 @@
          <define-assembly name="satisfied" max-occurs="unbounded">
             <formal-name>Satisfied Control Implementation Responsibility</formal-name>
             <description>Describes how this system satisfies a responsibiity imposed by a leveraged system.</description>
-            <group-as name="satisfied-group" in-json="ARRAY"/>
+            <!-- CHANGED: "satisfied-group" to "satisfied" -->
+            <group-as name="satisfied" in-json="ARRAY"/>
             <define-flag name="uuid" as-type="uuid" required="yes">
                <formal-name>Satisfied Universally Unique Identifier</formal-name>
                <description>A globally unique identifier that can be used to reference this satisfied entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.</description>