diff --git a/src/metaschema/oscal_assessment-common_metaschema.xml b/src/metaschema/oscal_assessment-common_metaschema.xml index a7ffb32171..c252c49b2a 100644 --- a/src/metaschema/oscal_assessment-common_metaschema.xml +++ b/src/metaschema/oscal_assessment-common_metaschema.xml @@ -40,9 +40,10 @@ - - Control Objectives - Identifies the controls being assessed and their control objectives. In the assessment plans, these are the planned controls and objectives. In the assessment results, these are the actual controls and objectives, reflecting any changes from the plan. + + + Reviewed Controls and Control Objectives + Identifies the controls being assessed and their control objectives. In an assessment plan, these are the controls and objectives that are to be assessed. In an assessment result, these are the actual controls and objectives that were assessed, reflecting any changes from the plan. Control Objective Description @@ -58,11 +59,16 @@ - - + + + + - - + + + objectives-selection + + @@ -76,7 +82,8 @@ - + + Assessed Controls Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan. @@ -112,7 +119,8 @@ - + + Referened Control Objectives Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the actual objectives, and reflects any changes from the plan. @@ -968,7 +976,8 @@ - + + @@ -1108,7 +1117,8 @@ - + + diff --git a/src/metaschema/oscal_assessment-plan_metaschema.xml b/src/metaschema/oscal_assessment-plan_metaschema.xml index 09f37d7c84..6bd7bc2799 100644 --- a/src/metaschema/oscal_assessment-plan_metaschema.xml +++ b/src/metaschema/oscal_assessment-plan_metaschema.xml @@ -42,10 +42,12 @@ Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies the planned assessment subject. In the assessment results this is the actual assessment subject, and reflects any changes from the plan. - + + - + + - + + assessment-result + + @@ -68,10 +71,12 @@ Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies the planned assessment subject. In the assessment results this is the actual assessment subject, and reflects any changes from the plan. - + + - + + - + + diff --git a/src/metaschema/oscal_poam_metaschema.xml b/src/metaschema/oscal_poam_metaschema.xml index 7174276c2f..e1089ac5d8 100644 --- a/src/metaschema/oscal_poam_metaschema.xml +++ b/src/metaschema/oscal_poam_metaschema.xml @@ -136,7 +136,8 @@ Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous monitoring scenario, this may be omitted or contain the same value as start if appropriate. - + + Information Type Description A summary of how this information type is used within the system. - - - Information Type Identifier - An identifier qualified by the given identification system used, such as NIST SP 800-60. - - id - + + + Information Type Categorization + A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60. + Information Type Identification System Specifies the information type identification system used. - Based on the section identifiers in NIST Special Publication 800-60 Volume II Revision 1 + Based on the section identifiers in NIST Special Publication 800-60 Volume II Revision 1. - -

The current allowed values are based on those identified in NIST SP 800-60 Volume 2 -

- - + + + + Information Type Systemized Identifier + An identifier qualified by the given identification system used, such as NIST SP 800-60. + id + + + + prop @@ -223,7 +226,7 @@ Confidentiality Impact Level - The expected level of impact resulting from the unauthorized disclosure of information. + The expected level of impact resulting from the unauthorized disclosure of the described information. prop @@ -242,7 +245,7 @@ Integrity Impact Level - The expected level of impact resulting from the unauthorized modification of information. + The expected level of impact resulting from the unauthorized modification of the described information. prop @@ -261,7 +264,7 @@ Availability Impact Level - The expected level of impact resulting from the disruption of access to or use of information or the information system. + The expected level of impact resulting from the disruption of access to or use of the described information or the information system. prop @@ -822,7 +825,8 @@ Provided Control Implementation Describes a capability which may be inherited by a leveraging system. - + + Provided Universally Unique Identifier A globally unique identifier that can be used to reference this provided entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document. @@ -895,7 +899,8 @@ Inherited Control Implementation Describes a control implementation inherited by a leveraging system. - + + Inherited Universally Unique Identifier A globally unique identifier that can be used to reference this inherited entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document. @@ -925,7 +930,8 @@ Satisfied Control Implementation Responsibility Describes how this system satisfies a responsibiity imposed by a leveraged system. - + + Satisfied Universally Unique Identifier A globally unique identifier that can be used to reference this satisfied entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.