Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modeling refactoring based on feedback (session 3) #643

Closed
wants to merge 20 commits into from
Closed

Modeling refactoring based on feedback (session 3) #643

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
60e2a42
Renamed group-as names to make them more consistent.
david-waltermire Feb 10, 2020
cb699d9
Moved levergaed-authorizations to system-implementation. Made system-…
david-waltermire Feb 10, 2020
21d2f56
Initial commit of a partial set of leveraged authorization examples
david-waltermire Feb 10, 2020
8592158
Added metadata and fixed other front matter
david-waltermire Feb 10, 2020
042010c
Updated examples with AU-5 mock-up data
brian-ruf Feb 14, 2020
eafaa3c
Filled in missing titles and descriptions. Added role/user.
brian-ruf Feb 20, 2020
9221394
Updates to examples. Tweak to SSP Metaschema
brian-ruf Mar 6, 2020
6e85f64
removed leveraged authorization examples, which are now in a differen…
david-waltermire May 29, 2020
5857ecf
Adding metaschema support for UUIDs
david-waltermire May 30, 2020
d99125c
Fixed broken schema and schematron paths.
david-waltermire May 30, 2020
88453ed
applying metaschema build fix
david-waltermire May 30, 2020
26c4b92
Fixed content to use new uuid-based flags.
david-waltermire May 30, 2020
705c36d
Profile resolution test set update to M3 models
wendellpiez May 30, 2020
b91b9f3
Updating profile resolver; renaming uuid support XSLT (#42)
wendellpiez May 30, 2020
66a686e
Removed SSL certificate check for wget
david-waltermire May 30, 2020
bd9f9f7
Updated OSCAL version in metaschema files.
david-waltermire May 31, 2020
0b5aaa3
Fixed Docker container to run scripts that require in-place editing.
david-waltermire May 31, 2020
282bcee
Added a location title.
david-waltermire May 31, 2020
424f97e
Updating metaschema support to fix bug (usnistgov/metaschema#56).
david-waltermire May 31, 2020
9f41a8e
Fixed message error in round-trip validation which indicated the wron…
david-waltermire May 31, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ commands:
command: |
# update maven version
cd /opt
sudo wget "https://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz"
sudo wget --no-check-certificate "https://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz"
sudo tar -xvzf "apache-maven-${MAVEN_VERSION}-bin.tar.gz"
sudo mv "apache-maven-${MAVEN_VERSION}" maven
export M2_HOME=/opt/maven
Expand Down
14 changes: 7 additions & 7 deletions build/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,18 @@ ARG saxonversion
ARG schematrondir
ARG oscaltoolsdir

RUN apt-get update && apt-get install -y apt-utils libxml2-utils jq maven hugo nodejs npm build-essential python3-pip git && apt-get clean
RUN apt-get update && apt-get install -y apt-utils libxml2-utils jq maven hugo nodejs npm build-essential python-pip git && apt-get clean
RUN npm install -g prettyjson markdown-link-check json-diff
RUN pip3 install lxml
RUN pip install lxml

RUN useradd --create-home --home-dir /home/user user
USER user
#RUN useradd --create-home --home-dir /home/user user
#USER user

RUN mkdir "${schematrondir}" && git clone --depth 1 --no-checkout https://github.com/Schematron/schematron.git "${schematrondir}" && cd "${schematrondir}" && git checkout master -- trunk/schematron/code
RUN mkdir "${oscaltoolsdir}" && git clone --depth 1 https://github.com/usnistgov/oscal-tools.git "${oscaltoolsdir}" && cd "${oscaltoolsdir}/json-cli" && mvn install
RUN mkdir -p "${schematrondir}" && git clone --depth 1 --no-checkout https://github.com/Schematron/schematron.git "${schematrondir}" && cd "${schematrondir}" && git checkout master -- trunk/schematron/code
RUN mkdir -p "${oscaltoolsdir}" && git clone --depth 1 https://github.com/usnistgov/oscal-tools.git "${oscaltoolsdir}" && cd "${oscaltoolsdir}/json-cli" && mvn install
RUN mvn org.apache.maven.plugins:maven-dependency-plugin:2.10:get -DartifactId=Saxon-HE -DgroupId=net.sf.saxon -Dversion=${saxonversion}

RUN chown -R user:user /home/user
#RUN chown -R user:user /home/user

VOLUME ["/oscal"]
WORKDIR /oscal
Expand Down
2 changes: 1 addition & 1 deletion build/ci-cd/validate-content-conversion-round-trips.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ for i in ${!paths[@]}; do
exitcode=1
continue;
else
echo -e "${P_OK}Converted ${source_format^^} '${P_END}${target_file}${P_OK}' to ${target_format^^} as '${P_END}${roundtrip_file}${P_OK}'.${P_END}"
echo -e "${P_OK}Converted ${target_format^^} '${P_END}${target_file}${P_OK}' to ${source_format^^} as '${P_END}${roundtrip_file}${P_OK}'.${P_END}"
fi

# compare the XML files to see if there is data loss
Expand Down
2 changes: 1 addition & 1 deletion build/metaschema
Open in desktop
Submodule metaschema updated 12 files
+45 −0 test-suite/schema-generation/datatypes/datatypes-uuid_json-schema.json
+35 −0 test-suite/schema-generation/datatypes/datatypes-uuid_metaschema.xml
+11 −0 test-suite/schema-generation/datatypes/datatypes-uuid_test_valid_PASS.json
+5 −0 test-suite/schema-generation/datatypes/datatypes-uuid_test_version-1-invalid_FAIL.json
+9 −0 toolchains/oscal-m2/json/json-schema-metamap.xsl
+4 −1 toolchains/oscal-m2/json/md-oscal-converter.xsl
+1 −0 toolchains/oscal-m2/json/pull-datatypes.xsl
+1 −0 toolchains/oscal-m2/lib/metaschema.xsd
+9 −0 toolchains/oscal-m2/lib/oscal-datatypes-check.xsl
+55 −15 toolchains/oscal-m2/lib/oscal-datatypes.xsd
+15 −0 toolchains/oscal-m2/xml/oscal-datatypes.xsd
+1 −1 website/Gemfile.lock
20 changes: 9 additions & 11 deletions src/content/fedramp.gov/xml/FedRAMP_HIGH-baseline_profile.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,30 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<profile xmlns="http://csrc.nist.gov/ns/oscal/1.0" id="uuid-4a4eae61-d11f-4e3e-97fb-af5e3e91d7c5">
<profile xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="4a4eae61-d11f-4e3e-97fb-af5e3e91d7c5">
<metadata>
<title>FedRAMP High Baseline</title>
<published>2020-02-02T00:00:00.000-05:00</published>
<last-modified>2020-01-28T10:00:00.000-05:00</last-modified>
<last-modified>2020-05-29T23:29:27.272-04:00</last-modified>
<version>1.2</version>
<oscal-version>1.0.0-milestone2</oscal-version>
<oscal-version>1.0.0-milestone3</oscal-version>

<role id="creator">
<title>Document creator</title>
</role>
<role id="contact">
<title>Contact</title>
</role>
<party id="fedramp">
<org>
<org-name>Federal Risk and Authorization Management Program (FedRAMP)</org-name>
<email>info@fedramp.gov</email>
<url>https://fedramp.gov</url>
</org>
<party uuid="c4cff125-196c-4c4d-9a77-8cb7c2b4f600" type="organization">
<party-name>Federal Risk and Authorization Management Program (FedRAMP)</party-name>
<email>info@fedramp.gov</email>
<link rel="homepage" href="https://fedramp.gov"/>
</party>
<responsible-party role-id="creator">
<party-id>fedramp</party-id>
<party-uuid>c4cff125-196c-4c4d-9a77-8cb7c2b4f600</party-uuid>
</responsible-party>
<responsible-party role-id="contact">
<party-id>fedramp</party-id>
<party-uuid>c4cff125-196c-4c4d-9a77-8cb7c2b4f600</party-uuid>
</responsible-party>
</metadata>
<import href="../../nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_catalog.xml">
Expand Down
1,208 changes: 708 additions & 500 deletions src/content/fedramp.gov/xml/FedRAMP_LI-SaaS-baseline_profile.xml
View file
Open in desktop

Large diffs are not rendered by default.

20 changes: 9 additions & 11 deletions src/content/fedramp.gov/xml/FedRAMP_LOW-baseline_profile.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,30 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<profile xmlns="http://csrc.nist.gov/ns/oscal/1.0" id="uuid-2bb4b4e9-b350-4ce3-9dec-6768214e4f2f">
<profile xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="2bb4b4e9-b350-4ce3-9dec-6768214e4f2f">
<metadata>
<title>FedRAMP Low Baseline</title>
<published>2020-02-02T00:00:00.000-05:00</published>
<last-modified>2020-01-28T10:00:00.000-05:00</last-modified>
<last-modified>2020-05-29T23:29:27.272-04:00</last-modified>
<version>1.2</version>
<oscal-version>1.0.0-milestone2</oscal-version>
<oscal-version>1.0.0-milestone3</oscal-version>

<role id="creator">
<title>Document creator</title>
</role>
<role id="contact">
<title>Contact</title>
</role>
<party id="fedramp">
<org>
<org-name>Federal Risk and Authorization Management Program (FedRAMP)</org-name>
<email>info@fedramp.gov</email>
<url>https://fedramp.gov</url>
</org>
<party uuid="422f5487-dae7-4daf-8b94-7470150c5e62" type="organization">
<party-name>Federal Risk and Authorization Management Program (FedRAMP)</party-name>
<email>info@fedramp.gov</email>
<link rel="homepage" href="https://fedramp.gov"/>
</party>
<responsible-party role-id="creator">
<party-id>fedramp</party-id>
<party-uuid>422f5487-dae7-4daf-8b94-7470150c5e62</party-uuid>
</responsible-party>
<responsible-party role-id="contact">
<party-id>fedramp</party-id>
<party-uuid>422f5487-dae7-4daf-8b94-7470150c5e62</party-uuid>
</responsible-party>
</metadata>
<import href="../../nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_catalog.xml">
Expand Down
20 changes: 9 additions & 11 deletions src/content/fedramp.gov/xml/FedRAMP_MODERATE-baseline_profile.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,30 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<profile xmlns="http://csrc.nist.gov/ns/oscal/1.0" id="uuid-c869ec01-ffd8-44ac-aae1-0f8fc13ab591">
<profile xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="c869ec01-ffd8-44ac-aae1-0f8fc13ab591">
<metadata>
<title>FedRAMP Moderate Baseline</title>
<published>2020-02-02T00:00:00.000-05:00</published>
<last-modified>2020-01-28T10:00:00.000-05:00</last-modified>
<last-modified>2020-05-29T23:29:27.272-04:00</last-modified>
<version>1.2</version>
<oscal-version>1.0.0-milestone2</oscal-version>
<oscal-version>1.0.0-milestone3</oscal-version>

<role id="prepared-by">
<title>Document creator</title>
</role>
<role id="contact">
<title>Contact</title>
</role>
<party id="fedramp">
<org>
<org-name>Federal Risk and Authorization Management Program (FedRAMP)</org-name>
<email>info@fedramp.gov</email>
<url>https://fedramp.gov</url>
</org>
<party uuid="d547b8c1-e2ba-499e-8906-a5dd380c1a74" type="organization">
<party-name>Federal Risk and Authorization Management Program (FedRAMP)</party-name>
<email>info@fedramp.gov</email>
<link rel="homepage" href="https://fedramp.gov"/>
</party>
<responsible-party role-id="prepared-by">
<party-id>fedramp</party-id>
<party-uuid>d547b8c1-e2ba-499e-8906-a5dd380c1a74</party-uuid>
</responsible-party>
<responsible-party role-id="contact">
<party-id>fedramp</party-id>
<party-uuid>d547b8c1-e2ba-499e-8906-a5dd380c1a74</party-uuid>
</responsible-party>
</metadata>
<import href="../../nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_catalog.xml">
Expand Down
40 changes: 18 additions & 22 deletions src/content/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_HIGH-baseline_profile.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,38 +1,34 @@
<!-- Produced by SP800-53-profile-with-filter.xsl 2018-05-14-04:00
runtime parameter settings: $baseline='HIGH' -->
<profile
xmlns="http://csrc.nist.gov/ns/oscal/1.0"
id="uuid-9d0593f5-c6ed-44b8-9127-ad5c310f8e34">
<profile xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="9d0593f5-c6ed-44b8-9127-ad5c310f8e34">
<metadata>
<title>NIST Special Publication 800-53 Revision 4 HIGH IMPACT BASELINE</title>

<last-modified>2019-09-23T14:22:55.113-04:00</last-modified>
<last-modified>2020-05-29T23:29:27.272-04:00</last-modified>
<version>2015-01-22</version>
<oscal-version>1.0.0-milestone1</oscal-version>
<oscal-version>1.0.0-milestone3</oscal-version>

<role id="creator"><title>Document Creator</title></role>
<role id="contact"><title>Contact</title></role>

<party id="IT-JTF">
<org>
<org-name>Joint Task Force, Transformation Initiative</org-name>
<address>
<addr-line>National Institute of Standards and Technology</addr-line>
<addr-line>Attn: Computer Security Division</addr-line>
<addr-line>Information Technology Laboratory</addr-line>
<addr-line>100 Bureau Drive (Mail Stop 8930)</addr-line>
<city>Gaithersburg</city>
<state>MD</state>
<postal-code>20899-8930</postal-code>
</address>
<email>sec-cert@nist.gov</email>
</org>
<party uuid="31a5dd8f-978a-4558-8ade-846211607d40" type="organization">
<party-name>Joint Task Force, Transformation Initiative</party-name>
<address>
<addr-line>National Institute of Standards and Technology</addr-line>
<addr-line>Attn: Computer Security Division</addr-line>
<addr-line>Information Technology Laboratory</addr-line>
<addr-line>100 Bureau Drive (Mail Stop 8930)</addr-line>
<city>Gaithersburg</city>
<state>MD</state>
<postal-code>20899-8930</postal-code>
</address>
<email>sec-cert@nist.gov</email>
</party>
<responsible-party role-id="creator">
<party-id>IT-JTF</party-id>
<party-uuid>31a5dd8f-978a-4558-8ade-846211607d40</party-uuid>
</responsible-party>
<responsible-party role-id="contact">
<party-id>IT-JTF</party-id>
<party-uuid>31a5dd8f-978a-4558-8ade-846211607d40</party-uuid>
</responsible-party>
</metadata>
<import href="#catalog">
Expand Down Expand Up @@ -1238,7 +1234,7 @@
</alter>
</modify>
<back-matter>
<resource id="catalog">
<resource uuid="catalog">
<desc>NIST Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal
Information Systems and Organizations</desc>
<rlink href="NIST_SP-800-53_rev4_catalog.xml" media-type="application/oscal.catalog+xml"/>
Expand Down
40 changes: 18 additions & 22 deletions src/content/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_LOW-baseline_profile.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,38 +1,34 @@
<!-- Produced by SP800-53-profile-with-filter.xsl 2018-05-14-04:00
runtime parameter settings: $baseline='LOW'-->
<profile
xmlns="http://csrc.nist.gov/ns/oscal/1.0"
id="uuid-13172679-d468-4a88-8d7f-3afdeffedff8">
<profile xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="13172679-d468-4a88-8d7f-3afdeffedff8">
<metadata>
<title>NIST Special Publication 800-53 Revision 4 LOW IMPACT BASELINE</title>

<last-modified>2019-09-23T14:24:06.243-04:00</last-modified>
<last-modified>2020-05-29T23:29:27.272-04:00</last-modified>
<version>2015-01-22</version>
<oscal-version>1.0.0-milestone1</oscal-version>
<oscal-version>1.0.0-milestone3</oscal-version>

<role id="creator"><title>Document Creator</title></role>
<role id="contact"><title>Contact</title></role>

<party id="IT-JTF">
<org>
<org-name>Joint Task Force, Transformation Initiative</org-name>
<address>
<addr-line>National Institute of Standards and Technology</addr-line>
<addr-line>Attn: Computer Security Division</addr-line>
<addr-line>Information Technology Laboratory</addr-line>
<addr-line>100 Bureau Drive (Mail Stop 8930)</addr-line>
<city>Gaithersburg</city>
<state>MD</state>
<postal-code>20899-8930</postal-code>
</address>
<email>sec-cert@nist.gov</email>
</org>
<party uuid="fcde62b1-8cce-4a57-a26b-b07ad2865ae1" type="organization">
<party-name>Joint Task Force, Transformation Initiative</party-name>
<address>
<addr-line>National Institute of Standards and Technology</addr-line>
<addr-line>Attn: Computer Security Division</addr-line>
<addr-line>Information Technology Laboratory</addr-line>
<addr-line>100 Bureau Drive (Mail Stop 8930)</addr-line>
<city>Gaithersburg</city>
<state>MD</state>
<postal-code>20899-8930</postal-code>
</address>
<email>sec-cert@nist.gov</email>
</party>
<responsible-party role-id="creator">
<party-id>IT-JTF</party-id>
<party-uuid>fcde62b1-8cce-4a57-a26b-b07ad2865ae1</party-uuid>
</responsible-party>
<responsible-party role-id="contact">
<party-id>IT-JTF</party-id>
<party-uuid>fcde62b1-8cce-4a57-a26b-b07ad2865ae1</party-uuid>
</responsible-party>
</metadata>
<import href="#catalog">
Expand Down Expand Up @@ -744,7 +740,7 @@
</alter>
</modify>
<back-matter>
<resource id="catalog">
<resource uuid="catalog">
<desc>NIST Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal
Information Systems and Organizations</desc>
<rlink href="NIST_SP-800-53_rev4_catalog.xml" media-type="application/oscal.catalog+xml"/>
Expand Down
40 changes: 18 additions & 22 deletions src/content/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_MODERATE-baseline_profile.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,38 +1,34 @@
<!-- Produced by SP800-53-profile-with-filter.xsl 2018-05-14-04:00
runtime parameter settings: $baseline='MODERATE'-->
<profile
xmlns="http://csrc.nist.gov/ns/oscal/1.0"
id="uuid-f5c7fb3c-b4d8-49ff-9ebf-cd6d484c2d7b">
<profile xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="f5c7fb3c-b4d8-49ff-9ebf-cd6d484c2d7b">
<metadata>
<title>NIST Special Publication 800-53 Revision 4 MODERATE IMPACT BASELINE</title>

<last-modified>2019-09-23T14:25:40.027-04:00</last-modified>
<last-modified>2020-05-29T23:29:27.272-04:00</last-modified>
<version>2015-01-22</version>
<oscal-version>1.0.0-milestone1</oscal-version>
<oscal-version>1.0.0-milestone3</oscal-version>

<role id="creator"><title>Document Creator</title></role>
<role id="contact"><title>Contact</title></role>

<party id="IT-JTF">
<org>
<org-name>Joint Task Force, Transformation Initiative</org-name>
<address>
<addr-line>National Institute of Standards and Technology</addr-line>
<addr-line>Attn: Computer Security Division</addr-line>
<addr-line>Information Technology Laboratory</addr-line>
<addr-line>100 Bureau Drive (Mail Stop 8930)</addr-line>
<city>Gaithersburg</city>
<state>MD</state>
<postal-code>20899-8930</postal-code>
</address>
<email>sec-cert@nist.gov</email>
</org>
<party uuid="316876e2-5c7b-4a60-a488-2ed977238f04" type="organization">
<party-name>Joint Task Force, Transformation Initiative</party-name>
<address>
<addr-line>National Institute of Standards and Technology</addr-line>
<addr-line>Attn: Computer Security Division</addr-line>
<addr-line>Information Technology Laboratory</addr-line>
<addr-line>100 Bureau Drive (Mail Stop 8930)</addr-line>
<city>Gaithersburg</city>
<state>MD</state>
<postal-code>20899-8930</postal-code>
</address>
<email>sec-cert@nist.gov</email>
</party>
<responsible-party role-id="creator">
<party-id>IT-JTF</party-id>
<party-uuid>316876e2-5c7b-4a60-a488-2ed977238f04</party-uuid>
</responsible-party>
<responsible-party role-id="contact">
<party-id>IT-JTF</party-id>
<party-uuid>316876e2-5c7b-4a60-a488-2ed977238f04</party-uuid>
</responsible-party>
</metadata>

Expand Down Expand Up @@ -1102,7 +1098,7 @@
</alter>
</modify>
<back-matter>
<resource id="catalog">
<resource uuid="catalog">
<desc>NIST Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal
Information Systems and Organizations</desc>
<rlink href="NIST_SP-800-53_rev4_catalog.xml" media-type="application/oscal.catalog+xml"/>
Expand Down
Loading