Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate OSCAL for supplementing requirements model #52

Open
ronaldtse opened this issue Mar 18, 2019 · 7 comments
Open

Investigate OSCAL for supplementing requirements model #52

ronaldtse opened this issue Mar 18, 2019 · 7 comments
Labels
enhancement New feature or request

Comments

@ronaldtse
Copy link
Contributor

Sample: https://raw.githubusercontent.com/usnistgov/OSCAL/master/content/nist.gov/SP800-53/rev4/NIST_SP-800-53_rev4_catalog.xml
@ronaldtse ronaldtse added the question Further information is requested label Mar 18, 2019
@opoudjis
Copy link
Contributor

https://pages.nist.gov/OSCAL/examples/

@opoudjis opoudjis added enhancement New feature or request and removed question Further information is requested labels Mar 18, 2019
@opoudjis
Copy link
Contributor

https://www.metanorma.com/author/topics/document-format/requirements-recommendations-permissions/ : documentation of what we have

https://github.com/metanorma/metanorma-requirements-models: formal model, UML and RNC grammar

@anermina
Copy link

URL update for OSCAL sample:
https://raw.githubusercontent.com/usnistgov/OSCAL/master/content/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_catalog.xml

I guess the second URL is now:
https://pages.nist.gov/OSCAL/documentation/examples/

@anermina
Copy link

anermina commented Nov 3, 2019

OSCAL structure:
Top level containers: "profile", "catalog"
Sub-containers: "metadata", "group", "back-matter", "import", "merge", "modify"
Sub-sub-containers: "control", "prop", "link", "role", "party", "responsible-party", "org", "address", "addr-line", "param", "part", "citation", "resource", "rlink", "insert", "call", "include"
Attributes and elements: "title", "last-modified", "version", "oscal-version", "org-name", "city", "state", "postal-code", "email", "party-id", "label", "target", "as-is", "desc"
Sub-sub-container attributes: "name", "rel", "href", "class", "media-type", "id", "param-id", "control-id", "role-id", "position"

METADATA -> contains "role", "party", "responsible-party" (can also contain "prop" and "link"), and attributes "title", "last-modified", "version" and "oscal-version"

  • title -> the same as in Metanorma

  • last-modified (date and time)

  • version (date)

  • oscal-version

  • role -> defines different roles using attribute "id" which can take values 'creator' and 'contact'

  • party -> defines parties

    • org (organization)
      • org-name (name of the organization)
      • address
        • addr-line -> one line of the address in case it needs to be written in multiple lines
        • city
        • state
        • postal-code
      • email

  • responsible-party -> defines a responsible party; similar as subject in Metanorma

GROUP -> contains "control" and attributes "title", "class" and "id"

  • control -> it is used as some kind of separator; contains "part", "link", "prop" and "param" and attributes "class" and "id"
  • link -> combination of "import" and "inherit" in Metanorma using "href" token; classification is made with "rel" token, which can take values: 'corresp', 'incorporated-into', 'related' and 'reference'
  • part -> defines different parts; classification is made with token "name", which can take values: 'statement', 'guidance', 'objective', 'assessment', 'objects' and 'item'; also uses attribute "id"
  • param -> can contain "label" or "select" and attribute "id"
  • prop -> similar to "classification" in Metanorma; property that gives the "name" or "number" of the control, enhancement, or component part of a control such as statements or objectives; classification is made with token "name", which can take values 'sort-id', 'label', 'method', 'status', 'priority'
  • insert
  • label -> human readable labels
  • select -> enables to choose one option
    • choice -> options to choose between

BACK-MATTER -> contains "resource", "citation"

  • citation -> similar to "references" in Metanorma, uses attributes "target" (URL) and "title" (human readable), as well as "id" token
  • resource -> provides URL of resource through "rlink"; it can be described by human readable text using attribute "desc"
  • rlink -> resource URL, which is specified through "href" attribute, and whose type is specified by "media-type" attribute which can, for example, be 'application/pdf' or 'application/oscal.catalog+xml'
  • desc -> human readable text that describes some resource

IMPORT -> contains "include" and uses "href" attribute (e.g. '#catalog')

  • include -> specifies what to include
  • call -> specifies "control-id"

MERGE

  • as-is -> Boolean value

MODIFY -> contains "alter"

  • alter -> specifies what kind of alteration should be made (e.g. "add")
  • add -> specifies what should be added, uses attribute "control-id", as well as "position" (e.g. 'starting') for each added "prop"

@opoudjis
Copy link
Contributor

opoudjis commented Nov 8, 2019

Wow. Thank you @anermina. I don't have the headspace to investigate this now, but this gives me a start. And I can already see that this is radically different to the modelling we have done...

@ronaldtse
Copy link
Contributor Author

Under the new thinking, OSCAL represents one way of modeling a requirement. Metanorma should support multiple ways of modeling requirements, and for sure we should support OSCAL.

@opoudjis
Copy link
Contributor

No longer a priority

@opoudjis opoudjis removed their assignment Apr 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
Metanorma
Status: 🏝 Low priority
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ronaldtse @opoudjis @anermina