Moved FedRAMP baselines to correct folder under src

src/content/fedramp.gov/xml/FedRAMP_HIGH-baseline-resolved-profile_catalog.xml

@@ -1,9 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" id="uuid-4045631f-a7f3-48b7-9228-052cb2a2e8fe">
+<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" id="uuid-3827d9c8-bd61-46f6-9bad-8e2dd990b16b">
   <metadata>
     <title>FedRAMP High Baseline [RESOLVED]</title>
-    <published>2019-11-27T00:00:00.000-05:00</published>
-    <last-modified>2019-11-25T21:19:31.000000-05:00</last-modified>
+    <published>2020-02-02T00:00:00.000-05:00</published>
+    <last-modified>2020-01-28T14:25:14.000000-05:00</last-modified>
     <version>1.2</version>
     <oscal-version>1.0.0-milestone2</oscal-version>
     <role id="creator">
@@ -2070,9 +2070,9 @@
       </param>
       <param id="ac-7_prm_3">
         <select>
-          <choice>locks the account/node for an <insert param-id="ac-7_prm_4"/> </choice>
+          <choice>locks the account/node for an <insert param-id="ac-7_prm_4"/></choice>
           <choice>locks the account/node until released by an administrator</choice>
-          <choice>delays next logon prompt according to <insert param-id="ac-7_prm_5"/> </choice>
+          <choice>delays next logon prompt according to <insert param-id="ac-7_prm_5"/></choice>
         </select>
       </param>
       <param id="ac-7_prm_4" depends-on="ac-7_prm_3">
@@ -2400,22 +2400,6 @@
           <p>Automated mechanisms implementing system use notification</p>
         </part>
       </part>
-      <control class="SP800-53" id="ac-8.fr">
-        <title>AC-8 Additional FedRAMP Requirements and Guidance</title>
-        <prop name="label">AC-8 Req</prop>
-        <part id="ac-8.fr_smt.1" name="item">
-          <prop name="label">Requirement:</prop>
-          <p>The service provider shall determine elements of the cloud environment that require the System Use Notification control.  The elements of the cloud environment that require System Use Notification are approved and accepted by the JAB/AO.</p>
-        </part>
-        <part id="ac-8.fr_smt.2" name="item">
-          <prop name="label">Requirement:</prop>
-          <p>The service provider shall determine how System Use Notification is going to be verified and provide appropriate periodicity of the check.  The System Use Notification verification and periodicity are approved and accepted by the JAB/AO.  If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided.</p>
-        </part>
-        <part id="ac-8.fr_smt.3" name="item">
-          <prop name="label">Requirement:</prop>
-          <p>If not performed as part of a Configuration Baseline check, then there must be documented agreement on how to provide results of verification and the necessary periodicity of the verification by the service provider.  The documented agreement on how to provide verification of the results are approved and accepted by the JAB/AO.</p>
-        </part>
-      </control>
     </control>
     <control class="SP800-53" id="ac-10">
       <title>Concurrent Session Control</title>
@@ -2435,7 +2419,7 @@
         <p>Organizations may define the maximum number of concurrent sessions for information system accounts globally, by account type (e.g., privileged user, non-privileged user, domain, specific application), by account, or a combination. For example, organizations may limit the number of concurrent sessions for system administrators or individuals working in particularly sensitive domains or mission-critical applications. This control addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts.</p>
       </part>
       <part id="ac-10_obj" name="objective">
-        <p> Determine if:</p>
+        <p>Determine if:</p>
         <part id="ac-10_obj.1" name="objective">
           <prop name="label">AC-10[1]</prop>
           <p>the organization defines account and/or account types for the information system;</p>
@@ -2500,7 +2484,7 @@
         <link rel="related" href="#ac-7">AC-7</link>
       </part>
       <part id="ac-11_obj" name="objective">
-        <p> Determine if:</p>
+        <p>Determine if:</p>
         <part id="ac-11.a_obj" name="objective">
           <prop name="label">AC-11(a)</prop>
           <part id="ac-11.a_obj.1" name="objective">
@@ -3448,7 +3432,7 @@
         <link rel="related" href="#si-4">SI-4</link>
       </part>
       <part id="ac-19_obj" name="objective">
-        <p> Determine if the organization:</p>
+        <p>Determine if the organization:</p>
         <part id="ac-19.a_obj" name="objective">
           <prop name="label">AC-19(a)</prop>
           <p>establishes for organization-controlled mobile devices:</p>
@@ -7918,28 +7902,6 @@
           </part>
         </part>
       </control>
-      <control class="SP800-53-enhancement" id="ca-7.fr">
-        <title>Additional FedRAMP Requirements and Guidance</title>
-        <prop name="label">CA-7 Req</prop>
-        <part id="ca-7.fr_smt.1" name="item">
-          <prop name="label">Requirement 1</prop>
-          <p>Operating System Scans: at least monthly</p>
-        </part>
-        <part id="ca-7.fr_smt.2" name="item">
-          <prop name="label">Requirement 2</prop>
-          <p>Database and Web Application Scans: at least monthly</p>
-        </part>
-        <part id="ca-7.fr_smt.3" name="item">
-          <prop name="label">Requirement 3</prop>
-          <p>All scans performed by Independent Assessor: at least annually</p>
-        </part>
-        <part id="ca-7.fr_gdn.1" name="guidance">
-          <p>CSPs must provide evidence of closure and remediation of a high vulnerability within the timeframe for standard POA&amp;M updates.</p>
-        </part>
-        <part id="ca-7.fr_gdn.2" name="guidance">
-          <p>See the FedRAMP Documents page under Key Cloud Service Provider (CSP) Documents, Continuous Monitoring Strategy Guide <a href="https://www.FedRAMP.gov/documents/">https://www.FedRAMP.gov/documents/</a></p>
-        </part>
-      </control>
     </control>
     <control class="SP800-53" id="ca-8">
       <title>Penetration Testing</title>
@@ -10581,7 +10543,7 @@
           <select how-many="one or more">
             <choice>disables network access by such components</choice>
             <choice>isolates the components</choice>
-            <choice>notifies <insert param-id="cm-8.3_prm_3"/> </choice>
+            <choice>notifies <insert param-id="cm-8.3_prm_3"/></choice>
           </select>
         </param>
         <param id="cm-8.3_prm_3" depends-on="cm-8.3_prm_2">
@@ -28376,14 +28338,6 @@
           <p>automated mechanisms providing an indication of use of collaborative computing devices</p>
         </part>
       </part>
-      <control class="SP800-53-enhancement" id="sc-15.fr">
-        <title>SC-15 Additional FedRAMP Requirements and Guidance</title>
-        <prop name="label">SC-15 Req</prop>
-        <part id="sc-15.fr_smt" name="item">
-          <prop name="label">Requirement</prop>
-          <p>The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use.</p>
-        </part>
-      </control>
     </control>
     <control class="SP800-53" id="sc-17">
       <title>Public Key Infrastructure Certificates</title>
@@ -30768,7 +30722,7 @@
         <param id="si-4.22_prm_2">
           <select how-many="one or more">
             <choice>audits</choice>
-            <choice>alerts <insert param-id="si-4.22_prm_3"/> </choice>
+            <choice>alerts <insert param-id="si-4.22_prm_3"/></choice>
           </select>
         </param>
         <param id="si-4.22_prm_3" depends-on="si-4.22_prm_2">
@@ -31418,7 +31372,7 @@
         <param id="si-7.1_prm_2">
           <select how-many="one or more">
             <choice>at startup</choice>
-            <choice>at <insert param-id="si-7.1_prm_3"/> </choice>
+            <choice>at <insert param-id="si-7.1_prm_3"/></choice>
             <choice>
               <insert param-id="si-7.1_prm_4"/>
             </choice>
@@ -31595,7 +31549,7 @@
           <select how-many="one or more">
             <choice>shuts the information system down</choice>
             <choice>restarts the information system</choice>
-            <choice>implements <insert param-id="si-7.5_prm_2"/> </choice>
+            <choice>implements <insert param-id="si-7.5_prm_2"/></choice>
           </select>
         </param>
         <param id="si-7.5_prm_2" depends-on="si-7.5_prm_1">

src/content/fedramp.gov/xml/FedRAMP_LI-SaaS-baseline-resolved-profile_catalog.xml

@@ -1,9 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" id="uuid-8b898586-6ae4-4685-8e32-600755fe556b">
+<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" id="uuid-0c798736-55c4-4191-8c0a-52759ad32ee8">
   <metadata>
     <title>FedRAMP Tailored Low Impact Software as a Service (LI-SaaS) Baseline [RESOLVED]</title>
-    <published>2019-11-27T00:00:00.000-05:00</published>
-    <last-modified>2019-11-25T22:23:42.000000-05:00</last-modified>
+    <published>2020-02-02T00:00:00.000-05:00</published>
+    <last-modified>2020-01-28T14:26:33.000000-05:00</last-modified>
     <version>1.2</version>
     <oscal-version>1.0.0-milestone2</oscal-version>
     <role id="author">
@@ -194,9 +194,9 @@
       </param>
       <param id="ac-7_prm_3">
         <select>
-          <choice>locks the account/node for an <insert param-id="ac-7_prm_4"/> </choice>
+          <choice>locks the account/node for an <insert param-id="ac-7_prm_4"/></choice>
           <choice>locks the account/node until released by an administrator</choice>
-          <choice>delays next logon prompt according to <insert param-id="ac-7_prm_5"/> </choice>
+          <choice>delays next logon prompt according to <insert param-id="ac-7_prm_5"/></choice>
         </select>
       </param>
       <param id="ac-7_prm_4" depends-on="ac-7_prm_3">

src/content/fedramp.gov/xml/FedRAMP_LOW-baseline-resolved-profile_catalog.xml

@@ -1,9 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" id="uuid-5456659f-da22-4d01-a1fa-f0e51f84e363">
+<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" id="uuid-eeffbf3f-a798-49f7-9382-c13a7586eb7e">
   <metadata>
     <title>FedRAMP Low Baseline [RESOLVED]</title>
-    <published>2019-11-27T00:00:00.000-05:00</published>
-    <last-modified>2019-11-25T21:20:32.000000-05:00</last-modified>
+    <published>2020-02-02T00:00:00.000-05:00</published>
+    <last-modified>2020-01-28T14:26:08.000000-05:00</last-modified>
     <version>1.2</version>
     <oscal-version>1.0.0-milestone2</oscal-version>
     <role id="creator">
@@ -554,9 +554,9 @@
       </param>
       <param id="ac-7_prm_3">
         <select>
-          <choice>locks the account/node for an <insert param-id="ac-7_prm_4"/> </choice>
+          <choice>locks the account/node for an <insert param-id="ac-7_prm_4"/></choice>
           <choice>locks the account/node until released by an administrator</choice>
-          <choice>delays next logon prompt according to <insert param-id="ac-7_prm_5"/> </choice>
+          <choice>delays next logon prompt according to <insert param-id="ac-7_prm_5"/></choice>
         </select>
       </param>
       <param id="ac-7_prm_4" depends-on="ac-7_prm_3">
@@ -813,22 +813,6 @@
           <p>Automated mechanisms implementing system use notification</p>
         </part>
       </part>
-      <control class="SP800-53" id="ac-8.fr">
-        <title>AC-8 Additional FedRAMP Requirements and Guidance</title>
-        <prop name="label">AC-8 Req</prop>
-        <part id="ac-8.fr_smt.1" name="item">
-          <prop name="label">Requirement:</prop>
-          <p>The service provider shall determine elements of the cloud environment that require the System Use Notification control.  The elements of the cloud environment that require System Use Notification are approved and accepted by the JAB/AO.</p>
-        </part>
-        <part id="ac-8.fr_smt.2" name="item">
-          <prop name="label">Requirement:</prop>
-          <p>The service provider shall determine how System Use Notification is going to be verified and provide appropriate periodicity of the check.  The System Use Notification verification and periodicity are approved and accepted by the JAB/AO.  If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided.</p>
-        </part>
-        <part id="ac-8.fr_smt.3" name="item">
-          <prop name="label">Requirement:</prop>
-          <p>If not performed as part of a Configuration Baseline check, then there must be documented agreement on how to provide results of verification and the necessary periodicity of the verification by the service provider.  The documented agreement on how to provide verification of the results are approved and accepted by the JAB/AO.</p>
-        </part>
-      </control>
     </control>
     <control class="SP800-53" id="ac-14">
       <title>Permitted Actions Without Identification or Authentication</title>
@@ -1127,7 +1111,7 @@
         <link rel="related" href="#si-4">SI-4</link>
       </part>
       <part id="ac-19_obj" name="objective">
-        <p> Determine if the organization:</p>
+        <p>Determine if the organization:</p>
         <part id="ac-19.a_obj" name="objective">
           <prop name="label">AC-19(a)</prop>
           <p>establishes for organization-controlled mobile devices:</p>
@@ -3506,28 +3490,6 @@
           <p>Mechanisms implementing continuous monitoring</p>
         </part>
       </part>
-      <control class="SP800-53-enhancement" id="ca-7.fr">
-        <title>Additional FedRAMP Requirements and Guidance</title>
-        <prop name="label">CA-7 Req</prop>
-        <part id="ca-7.fr_smt.1" name="item">
-          <prop name="label">Requirement 1</prop>
-          <p>Operating System Scans: at least monthly</p>
-        </part>
-        <part id="ca-7.fr_smt.2" name="item">
-          <prop name="label">Requirement 2</prop>
-          <p>Database and Web Application Scans: at least monthly</p>
-        </part>
-        <part id="ca-7.fr_smt.3" name="item">
-          <prop name="label">Requirement 3</prop>
-          <p>All scans performed by Independent Assessor: at least annually</p>
-        </part>
-        <part id="ca-7.fr_gdn.1" name="guidance">
-          <p>CSPs must provide evidence of closure and remediation of a high vulnerability within the timeframe for standard POA&amp;M updates.</p>
-        </part>
-        <part id="ca-7.fr_gdn.2" name="guidance">
-          <p>See the FedRAMP Documents page under Key Cloud Service Provider (CSP) Documents, Continuous Monitoring Strategy Guide <a href="https://www.FedRAMP.gov/documents/">https://www.FedRAMP.gov/documents/</a></p>
-        </part>
-      </control>
     </control>
     <control class="SP800-53" id="ca-9">
       <title>Internal System Connections</title>
@@ -12698,14 +12660,6 @@
           <p>automated mechanisms providing an indication of use of collaborative computing devices</p>
         </part>
       </part>
-      <control class="SP800-53-enhancement" id="sc-15.fr">
-        <title>SC-15 Additional FedRAMP Requirements and Guidance</title>
-        <prop name="label">SC-15 Req</prop>
-        <part id="sc-15.fr_smt" name="item">
-          <prop name="label">Requirement</prop>
-          <p>The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use.</p>
-        </part>
-      </control>
     </control>
     <control class="SP800-53" id="sc-20">
       <title>Secure Name / Address Resolution Service (authoritative Source)</title>