diff --git a/src/metaschema/oscal_assessment-common_metaschema.xml b/src/metaschema/oscal_assessment-common_metaschema.xml index 84b3912c75..7b1656ddea 100644 --- a/src/metaschema/oscal_assessment-common_metaschema.xml +++ b/src/metaschema/oscal_assessment-common_metaschema.xml @@ -62,14 +62,16 @@ - - - + + (deprecated) Use 'assessment-objective' instead. + (deprecated) Use 'assessment-method' instead + The part defines an assessment objective. + The part defines an assessment method. - - - - + + + + diff --git a/src/metaschema/oscal_catalog_metaschema.xml b/src/metaschema/oscal_catalog_metaschema.xml index 40c922ef99..ab368f2ee1 100644 --- a/src/metaschema/oscal_catalog_metaschema.xml +++ b/src/metaschema/oscal_catalog_metaschema.xml @@ -46,7 +46,7 @@ - + The tool used to produce a resolved profile. @@ -115,9 +115,12 @@ - + &allowed-values-control-group-property-name; + + An introduction to a control or a group of controls. +

Catalogs can use a group to collect related controls into a single grouping. That can be useful to group controls into a family or other logical grouping.

@@ -177,11 +180,11 @@ - + &allowed-values-control-group-property-name; The status of a control. For example, a value of 'withdrawn' can indicate that the control has been withdrawn and should no longer be used. - + The control is no longer used. @@ -189,6 +192,48 @@ The link identifies another control with bearing to this control. The link identifies another control that must be present if this control is present. The link identifies other control content where this control content is now addressed. + The containing control definition was moved to the referenced control. + + + + An introduction to a control or a group of controls. + A set of control implementation requirements. + Additional information to consider when selecting, implementing, assessing, and monitoring a control. + (deprecated) Use 'assessment-method' instead. + The part describes a method-based assessment over a set of assessment objects. + + + An individual item within a control statement. + +

Nested statement parts are "item" parts.

+ + + + (deprecated) Use 'assessment-objective' instead. + The part describes a set of assessment objectives. + +

Objectives can be nested.

+ + + + (deprecated) Use 'assessment-objects' instead. + Provides a listing of assessment objects. + +

Assessment objects appear on assessment methods.

+ + + + + (deprecated) Use 'method' in the 'http://csrc.nist.gov/ns/rmf' namespace. The assessment method to use. This typically appears on parts with the name "assessment". + + + The assessment method to use. This typically appears on parts with the name "assessment". + + + + The process of holding discussions with individuals or groups of individuals within an organization to once again, facilitate assessor understanding, achieve clarification, or obtain evidence. + The process of reviewing, inspecting, observing, studying, or analyzing one or more assessment objects (i.e., specifications, mechanisms, or activities). + The process of exercising one or more assessment objects (i.e., activities or mechanisms) under specified conditions to compare actual with expected behavior. diff --git a/src/metaschema/oscal_control-common_metaschema.xml b/src/metaschema/oscal_control-common_metaschema.xml index 52dad739b8..19ff7efc0c 100644 --- a/src/metaschema/oscal_control-common_metaschema.xml +++ b/src/metaschema/oscal_control-common_metaschema.xml @@ -28,18 +28,6 @@ Part Name A textual label that uniquely identifies the part's semantic type. - - - - An introduction to a control or a group of controls. - A set of control implementation requirements. - An individual item within a control statement. - Additional information to consider when selecting, implementing, assessing, and monitoring a control. - Describes a set of assessment objectives. - Describes a method-based assessment over a set of assessment objects. - Provides a list of assessment objects. - - @@ -82,18 +70,9 @@ - + &allowed-values-control-group-property-name; - - The assessment method to use. This typically appears on parts with the name "assessment". - - - - The process of holding discussions with individuals or groups of individuals within an organization to once again, facilitate assessor understanding, achieve clarification, or obtain evidence. - The process of reviewing, inspecting, observing, studying, or analyzing one or more assessment objects (i.e., specifications, mechanisms, or activities). - The process of exercising one or more assessment objects (i.e., activities or mechanisms) under specified conditions to compare actual with expected behavior. -

A part provides for logical partitioning of prose, and can be thought of as a grouping structure (e.g., section). A part can have child parts allowing for arbitrary nesting of prose content (e.g., statement hierarchy). A part can contain prop objects that allow for enriching prose text with structured name/value information.

@@ -182,6 +161,15 @@ + + + &allowed-values-control-group-property-name; + An alternate to the value provided by the parameter's label. This will typically be qualified by a class. + + + The parent parameter provides an aggregation of 2 or more other parameters, each described by this property. + +

In a catalog, a parameter is typically used as a placeholder for the future assignment of a parameter value, although the OSCAL model allows for the direct assignment of a value if desired by the control author. The value may be optionally used to specify one or more values. If no value is provided, then it is expected that the value will be provided at the Profile or Implementation layer.

A parameter can include a variety of metadata options that support the future solicitation of one or more values. A label provides a textual placeholder that can be used in a tool to solicit parameter value input, or to display in catalog documentation. The desc provides a short description of what the parameter is used for, which can be used in tooling to help a user understand how to use the parameter. A constraint can be used to provide criteria for the allowed values. A guideline provides a recommendation for the use of a parameter.

diff --git a/src/metaschema/oscal_metadata_metaschema.xml b/src/metaschema/oscal_metadata_metaschema.xml index 6e51da7c72..4b066f73ba 100644 --- a/src/metaschema/oscal_metadata_metaschema.xml +++ b/src/metaschema/oscal_metadata_metaschema.xml @@ -101,9 +101,14 @@ - Indicates the organization that created this content. + Indicates the organization that created this content. + Indicates the organization that prepared this content. Indicates the organization for which this content was created. Indicates the organization responsible for all content represented in the "document". + Indicates the organization to contact for questions or support related to this content. + + + The value identifies a comma-seperated listing of keywords associated with this content. These keywords may be used as search terms for indexing and other applications. The link identifies the authoritative location for this file. Defined by RFC 6596. @@ -511,7 +516,7 @@ For resources representing a published document, this represents the version number of that document. For resources representing a published document, this represents the publication date of that document. - + @@ -542,7 +547,7 @@ Indicates the resource is a report. Indicates the resource is a formal agreement between two or more parties. - + diff --git a/src/metaschema/shared-constraints/allowed-values-control-group-property-name.ent b/src/metaschema/shared-constraints/allowed-values-control-group-property-name.ent index c8f59dc6a3..a5191ce71f 100644 --- a/src/metaschema/shared-constraints/allowed-values-control-group-property-name.ent +++ b/src/metaschema/shared-constraints/allowed-values-control-group-property-name.ent @@ -1,2 +1,3 @@ -A human-readable label for the parent context. +A human-readable label for the parent context, which may be rendered in place of the actual identifier for some use cases. An alternative identifier, whose value is easily sortable among other such values in the document. +An alternate or aliased identifier for the parent context.