Skip to content

OSCAL 1.0.0 Release Candidate 2

Pre-release
Pre-release
Compare
Choose a tag to compare
@david-waltermire david-waltermire released this 12 Apr 18:46
v1.0.0-rc2
f3071ec

We are pleased to announce the publication of OSCAL 1.0.0 Release Candidate (RC) 2. This is the second full draft release of OSCAL 1.0.0 which is made available for public review and feedback before releasing the final OSCAL 1.0.0.

Please provide feedback by May 7, 2021 by emailing the NIST OSCAL team at oscal@nist.gov or by creating an issue on our GitHub repository.

The OSCAL 1.0.0 RC 2 includes:

  • Updated stable versions of catalog and profile models which provide a structured representation of control catalogs and baselines or overlays.
  • Updated stable version of the system security plan model which provides a structured representations of a system's control-based implementation.
  • Updated stable version of the component definition model which provides a stand-alone structured representation of the controls that are supported in a given implementation of a hardware, software, service, policy, process, procedure, or compliance artifact (e.g., FIPS 140-2 validation).
  • Updated stable versions of the assessment plan, assessment results, plan of action and milestones (POA&M) models, which support the structured representation of information used for planning for and documenting the results of an information system assessment or continuous monitoring activity.
  • Updated tools to convert between OSCAL XML and JSON formats, and to up convert content from previous releases to RC2.

Changes in this release are focused on the following major areas:

  • Simplification of key OSCAL features
    • Properties and annotations have been merged into a single prop that now allows an optional remarks and uuid.
    • In the assessment plan and assessment results models, the concepts of a task and action have been combined.
    • Use of local-definitions in the assessment plan, assessment results, and POA&M models has been simplified and made more consistent.
  • Model documentation improvements
    • Some usage descriptions were enhanced to provide more detail and to be more consistent overall.
    • Formal names were updated in some places where the names did not match the data element.
    • Many spelling errors were corrected.
  • Removed the use of XML <any> and JSON additonalProperties for arbitrary extensions based on community discussion. Extended data can still be provided using link declarations to external content. This decision can be revisited in future revisions once there is more implementation experience with the OSCAL models.
  • Added the following link relations: latest-version, predecessor-version, and successor-version to allow an OSCAL document to link to latest, previous, and next document revisions.
  • Fixed a few bugs in the profile resolver code and updated the resolver to work with new profile import/insert structures.
  • Provided support for data insertion points for data other than parameters in markup content.

To download this release, click on Assets below and download either the .zip or the *.tar.bz2 bundle. These bundles contain the resources described above. There are also release notes containing a summary of changes in this and previous releases.

These changes were made based on all the excellent feedback we received from the OSCAL community. The NIST OSCAL team is very thankful for all of the great feedback we have received.

Assets 4
0 Join discussion