Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Align document version in metadata of SP800-53 with official PDF releases #184

Open
7 tasks
wendellpiez opened this issue Feb 24, 2023 · 0 comments
Open
7 tasks
Labels
enhancement The issue adds a new feature, capability, or artifact to the repository. User Story The issue is a user story for a development task.

Comments

@wendellpiez
Copy link
Contributor

User Story:

Currently published metadata calls SP800-53 (which includes SP800-53A,) version 5.1.2, reflecting its alignment with SP800-53 rev 5 update 1. This appears to be correct. https://raw.githubusercontent.com/usnistgov/oscal-content/main/nist.gov/SP800-53/rev5/xml/NIST_SP-800-53_rev5_catalog.xml

A forthcoming update would presumably be 5.2.0 to align with a forthcoming errata update of the document. However, this dataset in develop already says 5.2.1.

This appears to be an error and needs to be rectified.

Goals:

Align published document version with upstream document version (regarding PDF as copy of record).

  • First is a research spike that can be time-boxed - why does version say what it does in develop?
  • Then, the versioning policy must be updated and recorded to provide guidance in future. In theory, what is in develop now should be 5.1.3, correct (not yet 5.2)?
  • The current correct version must be confirmed with data owners.
  • When this is determined or even if this cannot be determined, the represented version in develop must be rectified (with a PR into develop); or any version must be correct on an update committed to main; or this file (in main) must not be overwritten but instead superseded by another file.

Dependencies:

Clarification of policy regarding these version assignments (see second item). We have a policy agreed on with the data owners (FISMA team) but it is not articulated or documented, hence not enforceable -- while the data in develop currently looks off.

NB also that establishing and managing provenance and versioning of authoritative sources is an increasingly salient issue for OSCAL users.

Acceptance Criteria

  • All readme documentation affected by the changes in this issue have been updated.
  • A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
  • The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.
@wendellpiez wendellpiez added enhancement The issue adds a new feature, capability, or artifact to the repository. User Story The issue is a user story for a development task. labels Feb 24, 2023
@aj-stein-nist aj-stein-nist moved this from Todo to Further Analysis Needed in NIST OSCAL Work Board Sep 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement The issue adds a new feature, capability, or artifact to the repository. User Story The issue is a user story for a development task.
Projects
Status: Further Analysis Needed
Development

No branches or pull requests

1 participant