Improve identifer usage and references in FedRamp profiles #89
Assignees
Labels
Milestone
Comments
|
From above: "Much of this inconsistency has been produced because the original profiles have been created manually." @david-waltermire-nist Are you referring to fact that some control guidance in 800-53 contains hierarchal bullets while other controls do not? What content does this issue suggest the SME reviews? The source content within the 800-53 guidance or some other content? |
|
There are problems with control and parameter references in FedRamp baselines not matching 800-53 control IDs in the OSCAL 800-53 catalog. References to enhancements are problemantic as well. This is further compounded in the content conversation for some of the docker examples we have been working with. A key aspect of making this information be more suitable for automation is to get these IDs and references to agree.
…-------- Original Message --------
From: Greg Elin <notifications@github.com>
Date: Thu, January 11, 2018 1:12 PM -0500
To: usnistgov/OSCAL <OSCAL@noreply.github.com>
CC: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, Mention <mention@noreply.github.com>
Subject: Re: [usnistgov/OSCAL] Improve identifer usage and references in FedRamp profiles (#89)
From above: "Much of this inconsistency has been produced because the original profiles have been created manually."
@david-waltermire-nist<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdavid-waltermire-nist&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cba488f5fa6e14a8eb1f708d5591edf30%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636512911495693827&sdata=EVzBxm76vLuMbeqIuVz13SemEjxrhUhPa19%2Bc6HQXtM%3D&reserved=0> Are you referring to fact that some control guidance in 800-53 contains hierarchal bullets while other controls do not?
What content does this issue suggest the SME reviews? The source content within the 800-53 guidance or some other content?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fusnistgov%2FOSCAL%2Fissues%2F89%23issuecomment-357013507&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cba488f5fa6e14a8eb1f708d5591edf30%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636512911495693827&sdata=tvPZZbs0ev0O2Ht6OOLHmbdf2pSnFJ%2FuWLgiWxY5bhU%3D&reserved=0>, or mute the thread<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAJaiaM3tmeNZt-tUgevUL0WKsLxcxFevks5tJk8KgaJpZM4RbGkn&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cba488f5fa6e14a8eb1f708d5591edf30%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636512911495693827&sdata=OpgGq1eGJAAOxXoHsDvxM1SBuzzv%2B%2Bm9uJnMs%2FU2CGA%3D&reserved=0>.
|
|
Thanks, @david-waltermire-nist |
david-waltermire
added a commit
that referenced
this issue
Apr 3, 2018
# The first commit's message is: # This is a combination of 54 commits. # The first commit's message is: # This is a combination of 4 commits. # The first commit's message is: # This is a combination of 2 commits. # The first commit's message is: # This is a combination of 2 commits. # The first commit's message is: # This is a combination of 6 commits. # The first commit's message is: # This is a combination of 3 commits. # The first commit's message is: # This is a combination of 111 commits. # The first commit's message is: Initial commit of docs branch. # This is the commit message #2: Create CONTRIBUTING.md # This is the commit message #3: Create ROADMAP.md # This is the commit message #4: Update README.md # This is the commit message #5: Create README.md # This is the commit message #6: Update README.md # This is the commit message #7: Update README.md # This is the commit message #8: Create OSCAL-PRODUCERS.md # This is the commit message #9: Create OSCAL-CONSUMERS.md # This is the commit message #10: Update and rename OSCAL-CONSUMERS.md to USERS.md # This is the commit message #11: Update and rename OSCAL-PRODUCERS.md to IMPLEMENTERS.md # This is the commit message #12: Rename CONTRIBUTING.md to CONTRIBUTORS.md # This is the commit message #13: Update README.md # This is the commit message #14: Update README.md # This is the commit message #15: Update USERS.md # This is the commit message #16: Update README.md # This is the commit message #17: Update IMPLEMENTERS.md # This is the commit message #18: Update README.md # This is the commit message #19: Update ROADMAP.md # This is the commit message #20: Update USERS.md # This is the commit message #21: Update CONTRIBUTORS.md # This is the commit message #22: Update README.md # This is the commit message #23: Update README.md # This is the commit message #24: Update IMPLEMENTERS.md # This is the commit message #25: Update IMPLEMENTERS.md # This is the commit message #26: Rename CONTRIBUTORS.md to CONTRIBUTING.md # This is the commit message #27: Create control.md # This is the commit message #28: Update control.md # This is the commit message #29: Update control.md # This is the commit message #30: Update control.md # This is the commit message #31: Update control.md # This is the commit message #32: Add files via upload # This is the commit message #33: Update control.md # This is the commit message #34: Create temp.md # This is the commit message #35: Delete NIST-SP-800-53-Rev4-AC1.png # This is the commit message #36: Add files via upload # This is the commit message #37: Delete temp.md # This is the commit message #38: Add files via upload # This is the commit message #39: Update control.md # This is the commit message #40: Add files via upload # This is the commit message #41: Add files via upload # This is the commit message #42: Update control.md # This is the commit message #43: Update CONTRIBUTING.md # This is the commit message #44: Update CONTRIBUTING.md # This is the commit message #45: Update USERS.md # This is the commit message #46: Update CONTRIBUTING.md # This is the commit message #47: Delete CONTRIBUTING.md # This is the commit message #48: Delete USERS.md # This is the commit message #49: Add files via upload # This is the commit message #50: Delete CSA-CCM-IAM02.png # This is the commit message #51: Update control.md # This is the commit message #52: Update control.md # This is the commit message #53: Update control.md # This is the commit message #54: Update control.md # This is the commit message #55: Update control.md # This is the commit message #56: Update control.md # This is the commit message #57: Update control.md # This is the commit message #58: Update control.md # This is the commit message #59: Update control.md # This is the commit message #60: Update control.md # This is the commit message #61: Delete NIST-SP-800-53-AC1-in-OSCAL-XML.png # This is the commit message #62: Update README.md # This is the commit message #63: Update control.md # This is the commit message #64: Update control.md # This is the commit message #65: Add files via upload # This is the commit message #66: Delete ISO-27001-Control-A9.png # This is the commit message #67: Update control.md # This is the commit message #68: Add files via upload # This is the commit message #69: Add files via upload # This is the commit message #70: Delete ISO-27002-Control-9.1.1-part1.png # This is the commit message #71: Delete ISO-27002-Control-9.1.1-part2.png # This is the commit message #72: Update control.md # This is the commit message #73: Update control.md # This is the commit message #74: Update control.md # This is the commit message #75: Update control.md # This is the commit message #76: Update control.md # This is the commit message #77: Update README.md # This is the commit message #78: Update IMPLEMENTERS.md # This is the commit message #79: Add files via upload # This is the commit message #80: Delete oscal-layers.png # This is the commit message #81: Add files via upload # This is the commit message #82: Delete oscal-layers.png # This is the commit message #83: Add files via upload # This is the commit message #84: Update IMPLEMENTERS.md # This is the commit message #85: Update control.md # This is the commit message #86: Update IMPLEMENTERS.md # This is the commit message #87: Update control.md # This is the commit message #88: Rename IMPLEMENTERS.md to docs/prose/IMPLEMENTERS.md # This is the commit message #89: Rename IMPLEMENTERS.md to implementers.md # This is the commit message #90: Rearranged and outlined catalog documentation based on the conversation with karen and Wendell. # This is the commit message #91: Create catalog-xml.md # This is the commit message #92: Rename control.md to catalog.md # This is the commit message #93: Update catalog.md # This is the commit message #94: Update catalog.md # This is the commit message #95: Update catalog.md # This is the commit message #96: Update catalog-xml.md # This is the commit message #97: Update catalog-xml.md # This is the commit message #98: Update catalog-xml.md # This is the commit message #99: Update catalog-xml.md # This is the commit message #100: Update catalog-xml.md # This is the commit message #101: Update catalog-xml.md # This is the commit message #102: Update catalog-xml.md # This is the commit message #103: Update catalog-xml.md # This is the commit message #104: Update catalog-xml.md # This is the commit message #105: Update catalog-xml.md # This is the commit message #106: Docset migration to Slate # This is the commit message #107: Removing unused file. # This is the commit message #108: Update README.md Corrected a typo # This is the commit message #109: Add files via upload Graphical representation of OSCAL schemas aligned with Risk Management Framework steps and tasks. # This is the commit message #110: Create CONTRIBUTING.md # This is the commit message #111: Create ROADMAP.md # This is the commit message #2: Create README.md # This is the commit message #3: Update README.md # This is the commit message #2: Create OSCAL-PRODUCERS.md # This is the commit message #3: Create OSCAL-CONSUMERS.md # This is the commit message #4: Update and rename OSCAL-CONSUMERS.md to USERS.md # This is the commit message #5: Update and rename OSCAL-PRODUCERS.md to IMPLEMENTERS.md # This is the commit message #6: Rename CONTRIBUTING.md to CONTRIBUTORS.md # This is the commit message #2: Update USERS.md # This is the commit message #2: Update IMPLEMENTERS.md # This is the commit message #2: Update ROADMAP.md # This is the commit message #3: Update USERS.md # This is the commit message #4: Update CONTRIBUTORS.md # This is the commit message #2: Update IMPLEMENTERS.md # This is the commit message #3: Update IMPLEMENTERS.md # This is the commit message #4: Rename CONTRIBUTORS.md to CONTRIBUTING.md # This is the commit message #5: Create control.md # This is the commit message #6: Update control.md # This is the commit message #7: Update control.md # This is the commit message #8: Update control.md # This is the commit message #9: Update control.md # This is the commit message #10: Add files via upload # This is the commit message #11: Update control.md # This is the commit message #12: Create temp.md # This is the commit message #13: Delete NIST-SP-800-53-Rev4-AC1.png # This is the commit message #14: Add files via upload # This is the commit message #15: Delete temp.md # This is the commit message #16: Add files via upload # This is the commit message #17: Update control.md # This is the commit message #18: Add files via upload # This is the commit message #19: Add files via upload # This is the commit message #20: Update control.md # This is the commit message #21: Update CONTRIBUTING.md # This is the commit message #22: Update CONTRIBUTING.md # This is the commit message #23: Update USERS.md # This is the commit message #24: Update CONTRIBUTING.md # This is the commit message #25: Delete CONTRIBUTING.md # This is the commit message #26: Delete USERS.md # This is the commit message #27: Add files via upload # This is the commit message #28: Delete CSA-CCM-IAM02.png # This is the commit message #29: Update control.md # This is the commit message #30: Update control.md # This is the commit message #31: Update control.md # This is the commit message #32: Update control.md # This is the commit message #33: Update control.md # This is the commit message #34: Update control.md # This is the commit message #35: Update control.md # This is the commit message #36: Update control.md # This is the commit message #37: Update control.md # This is the commit message #38: Update control.md # This is the commit message #39: Delete NIST-SP-800-53-AC1-in-OSCAL-XML.png # This is the commit message #40: Update README.md # This is the commit message #41: Update control.md # This is the commit message #42: Update control.md # This is the commit message #43: Add files via upload # This is the commit message #44: Delete ISO-27001-Control-A9.png # This is the commit message #45: Update control.md # This is the commit message #46: Add files via upload # This is the commit message #47: Add files via upload # This is the commit message #48: Delete ISO-27002-Control-9.1.1-part1.png # This is the commit message #49: Delete ISO-27002-Control-9.1.1-part2.png # This is the commit message #50: Update control.md # This is the commit message #51: Update control.md # This is the commit message #52: Update control.md # This is the commit message #53: Update control.md # This is the commit message #54: Update control.md # This is the commit message #2: Update IMPLEMENTERS.md # This is the commit message #3: Add files via upload # This is the commit message #4: Delete oscal-layers.png # This is the commit message #5: Add files via upload # This is the commit message #6: Delete oscal-layers.png # This is the commit message #7: Add files via upload # This is the commit message #8: Update IMPLEMENTERS.md # This is the commit message #9: Update control.md # This is the commit message #10: Update IMPLEMENTERS.md # This is the commit message #11: Update control.md # This is the commit message #12: Rename IMPLEMENTERS.md to docs/prose/IMPLEMENTERS.md # This is the commit message #13: Rename IMPLEMENTERS.md to implementers.md # This is the commit message #14: Rearranged and outlined catalog documentation based on the conversation with karen and Wendell. # This is the commit message #15: Create catalog-xml.md # This is the commit message #16: Rename control.md to catalog.md # This is the commit message #17: Update catalog.md # This is the commit message #18: Update catalog.md # This is the commit message #19: Update catalog.md # This is the commit message #20: Update catalog-xml.md # This is the commit message #21: Update catalog-xml.md # This is the commit message #22: Update catalog-xml.md # This is the commit message #23: Update catalog-xml.md # This is the commit message #24: Update catalog-xml.md # This is the commit message #25: Update catalog-xml.md # This is the commit message #26: Update catalog-xml.md # This is the commit message #27: Update catalog-xml.md # This is the commit message #28: Update catalog-xml.md # This is the commit message #29: Fixed typos, updated repo documentation, and migrated documentation for use in Slate. Corrected a typo (+4 squashed commit) Squashed commit: [6ada57f] Removing unused file. [503ad71] Docset migration to Slate [351257e] Update catalog-xml.md [aae1e8b] Add files via upload Graphical representation of OSCAL schemas aligned with Risk Management Framework steps and tasks.
david-waltermire
added
the
Scope: Content
|
This issue concerns the integrity and correctness of the FedRAMP examples. Since this Issue was written, work by @brianrufgsa has probably addressed it, at least implicitly. (Brian, if so please feel free to mark the Issue as 'closable'.) Cf also Issue #38, about tooling for cross-checking profiles against their catalogs. |
|
PR #362 offers updated FedRAMP Profiles to address this issue. Recommend closing. |
5/23/2019Needs review and then close it (@brianrufgsa noted this issue is addressed in PR #362) |
|
Done. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
OSCAL uses identifiers and identifier references to link a profile entry to a control or control enhancement, to link an implementation entry to a profile entry and the underlying catalog, and to provide for relationships between controls and control enhancements. It is important for these identifiers to agree to keep referential integrity within the OSCAL instances. Much of this inconsistency has been produced because the original profiles have been created manually. To fix these issues, a subject matter expert (SME) will need to review the content and make the necessary corrections. We need to identify an appropriate SME to complete this task.
The text was updated successfully, but these errors were encountered: