liboscal-java 3.0.3 is a patch release with improvements and changes that are backwards compatible, specifically updating liboscal-java and metaschema-framework dependencies to make use of the OSCAL v1.1.2 models and dependency updates. Changes: Key Take-aways Key takeaways are below: OSCAL model updates from v1.1.1 to v1.1.2 Dependency updates Details e659797 Update OSCAL models to v1.1.2 for [#234]

oscal-cli 1.0.3 is a patch release with improvements and changes that are backwards compatible, specifically updating liboscal-java and metaschema-framework dependencies to make use of the OSCAL v1.1.2 models and the underlying use of the Metaschema Framework. This release also fixes a bug to properly reference embeeded resource files in the release. Changes: Key Take-aways Key takeaways are below: Model updates Correct local resource paths Details daf3ed3 Fix metaschema-java generated schema name and path for [#200](https://github.com/usnistgov/oscal-cli/issues

Segments Why Metaschema and the CLI? Download and install. Write a model in a module. Review key concepts for CLI use. Validate the module. Generate schemas. Validate document instance. Iterate, rinse, repeat.

Cosmic-Nesting-Boxes-Look-from-the-outside-in-e1538020123683 ) Don't we like boxes? Encoding and decoding data across programs and systems is a "solved problem." Why should we still care? Context time Binary data Text data

Goal Sprint Details Sprint 78 is from 17-31 October 2023. Current board is here. Leave or other priorities A.J.: I will be at a conference on 17-18 Oct and have some other trainings, focusing more and more on transition plan. Arminta: Chris: Dmitry: Michaela: At a conference Oct 17-19. 80% of the rest of the time will be on OSCAL (OSCAL Define, 101 included)

Goal First aid time: Make it easier for community to consume and contribute back. Continue improving user-focused documentation, build out docs and examples roadmap. Sprint Details Sprint 77 is from 2-13 October 2023. Current board is here. Leave or other priorities NOTE: October 9 is federal holiday. A.J.: Working on OSCAL but have a few day-long trainings this sprint (Tuesday October 3rd and more to follow)

New Key Deliverables for Gaps CRM Mapping Rules and checks (metrics) Policy representation within OSCAL Recording and publication of OSCAL 4th Conference (2023) Workshop material Ongoing Maintenance Priorities OSCAL documentationmodel documentation tutorials and examples

oscal-cli 1.0.2 is a patch release with improvements and changes that are backwards compatible, specifically updating liboscal-java and metaschema-framework dependencies to make use of the OSCAL v1.1.1 models and the underlying use of the Metaschema Framework. Changes: Key Take-aways Key takeaways are below: 13f4bf15 Update metaschema-framework and liboscal-java for v1.1.1 support. Details 13f4bf15 Update metaschema-framework and liboscal-java for v1.1.1 support.

Goal First aid time: start improving user-focused documentation, build out docs and examples roadmap. Still need to finish carry over work from last sprint. Sprint Details Sprint 76 is from 14-28 September 2023. Current board is here. Leave or other priorities A.J.: Primarily focused on OSCAL, no planned leave. Arminta: Sept 25 school closure (follow up later); Sept 28 - 2 hrs of AL Chris: Out Thurs/Fri next week. (Still presenting DEFINE)

Goal First aid time: start improving user-focused documentation, build out docs and examples roadmap. Still need to finish carry over work from last sprint. Sprint Details Sprint 76 is from 14-28 September 2023. Current board is here. Leave or other priorities A.J.: Primarily focused on OSCAL, no planned leave. Arminta: Sept 25 school closure (follow up later); Sept 28 - 2 hrs of AL Chris: Out Thurs/Fri next week. (Still presenting DEFINE)

Goal First aid time: start improving user-focused documentation, build out docs and examples roadmap. Still need to finish carry over work from last sprint. Sprint Details Sprint 76 is from 14-28 September 2023. Current board is here. Leave or other priorities A.J.: Primarily focused on OSCAL, no planned leave. Arminta: Sept 25 school closure (follow up later); Sept 28 - 2 hrs of AL Chris: Out Thurs/Fri next week. (Still presenting DEFINE)

Background Organization We propose in this draft document a non-exhaustive list of value streams. A value stream is a thematic collection of work items, varying in scope of work by quantity or quality (large epics to small issues), but still related to the same theme in that work. There are different kinds of work items, with some nested-like epics with user stories within them. An epic nested with epics concept is counter-intuitive, so we will label each one as a value stream. For organizational purposes, we organize the value streams grouped by high-level use cases in OSCAL. This grouping may be beneficial to link the resulting value of work completed in a value stream to a downstream developer tasks of making OSCAL-enabled tooling. Value streams grouped by use case Define control Requirements (catalogs) Control mapping and relations Add group IDs Customize control requirements (catalogs, profiles)

Participation Attending Organizations High Quality High Speed (HQHS, SDO) Office of Convenience and Growth (OGC, Government) Wings on Wheels (WOW, Manufacturer) Office of Risk Aversion (ORA, Government) Attendees Alexander Stein (HQHS) Ned Goren (HQHS)

Welcome to the Open Security Controls Assessment Language (OSCAL) Blog, open to NIST team and to our community members! If you work closely with us, you might have noticed we our hard work on the OSCAL project's deep cleaning at the same time as our v1.1.0 release. As the project has evolved, we needed to do a deep cleaning and get better organized. Since, this decision would impact our team and the community, we discussed the change in our DEFINE and Model Engineering meetings, solicited feedback, and published a decision record describing our rationale and reorganization plan. If you want an up-to-date detailed description of OSCAL artifacts and what code repositories they come from, please take a moment and review the OSCAL Project's structure on our website. The NIST OSCAL Team will author future blog posts when important topics come up, but that is not only for us to decide. If you have an OSCAL topic you would like to read about or you want to guest-author a blog, you can email the NIST OSCAL team your proposal. The team will work with you to publish your post.

liboscal-java 3.0.2 will be a patch release with improvements and changes that are backwards compatible, specifically updating the library to v1.1.1 release of OSCAL models. Changes: Key Take-aways Key takeaways are below: Details Appendix Detailed Commit Log Note for NIST developers: the output below is from executing the following command against the release branch (main) on a developer workstation: git log origin/main..origin/develop --pretty=oneline --abbrev-commit.

Goal First aid time: start improving user-focused documentation, build out docs and examples roadmap. Wrap up important work from last sprint. Let's not drag things on. Sprint Details Sprint 75 is from 29 August 2023 to 11 September 2023. Current board is here. Leave or other priorities [ALL]: Labor Day off (Federal Holiday) A.J.: Out for 1.5 days for travel and personal leave, 75% allocation on those days, has non-OSCAL work to attend to as well. Nikita: Our for 1 day for a personal conference. Has non-OSCAL work. 75% allocation on remaining days.

Goal First aid time: start improving user-focused documentation, build out docs and examples roadmap. Wrap up important work from last sprint. Let's not drag things on. Sprint Details Sprint 75 is from 29 August 2023 to 11 September 2023. Current board is here. Leave or other priorities [ALL]: Labor Day off (Federal Holiday) A.J.: Out for 1.5 days for travel and personal leave, 75% allocation on those days, has non-OSCAL work to attend to as well. Nikita: Our for 1 day for a personal conference. Has non-OSCAL work. 75% allocation on remaining days.

OSCAL 1.1.1 will be a patch release with minor model improvements, documentation, and artifact release changes that are backwards compatible. Changes: Key Take-aways Models Allow non-FISMA/RMF use cases for SSP information type impact levels. Remove obsolete model documentation for biblio elements in back-matter/resources. Profile Resolution and Process Specs Change spec for more practical definition of metadata/last-modified.

1.1.1 will be a patch release with small, but useful, backwards-compatible enhancements, bug, fixes and documentation fixes. Key takeaways and full details are below. Changes: Key Takeaways Models Profile Resolution and Processing Specs Other Details Below is a list of every change that will be promoted from develop to a 1.1.0 release branch. The changes to models, docs, and code can be reviewed. All dependency changes from Dependabot and auto-committed website changes are excluded.

The problem ...We work for stakeholders who managed a database of books They have requirements What even is a pipeline? A pipeline is a program is focused on composition: programs that take inputs from the outputs of other programs, or even other pipelines. XProc is a XML pipelining technology. XProc has two predominant implementations:XML Calabash is for XProc 1.0 MorganaXProc-IIIse is for XProc 3.0

oscal-cli 1.0.1 will be a patch release with improvements and changes that are backwards compatible, specifically updating dependencies to fix issues with resources needed for schema-based validation commands. Changes: Key Take-aways Key takeaways are below: Fixes for schema-based validation commands. Details d48958a Update metaschema-java from 0.12.0 to 0.12.1 (#174) 96f10e7 Update resource paths to JSON and XML schemas (#177)

liboscal-java 3.0.0 will be a major release with improvements and changes that are not backwards compatible, specifically obsolete imports from package restructuring and removed library functions for control mappings. Changes: Key Take-aways Key takeaways are below: Update OSCAL models to 1.1.0. Deprecate utility functions for control mapping. Details Below is a list of all changes that will be promoted from develop to 3.0.0 release branch.

1.1.0 will be a minor release with important backwards-compatible enhances and bug-fixes around SSP, POA&M, profile, and cross-model metadata. Many of these feature enhancements have been pending release for over 12 months with neutral or positive community support. Key takeaways and full details are below. Changes: Key Takeaways Models SSP: Change certain elements from required to optional for non-RMF use cases. SSP: improve constraints of links for cross-referencing components and indicating where components were imported from. POAM: add related-findings assembly. Profile: Remove with-parent-controls from the profile model.

oscal-cli 0.3.4 release will be a minor release with minor bug fixes and improvements. However, there are changes to how library imports work that are not backwards compatible. Key Take-aways for Ready Changes This release will also update the liboscal-java 2.0.0 dependency once released. Important high-level changes are listed below. Bug fixes for certain commands. Bug fixes in arguments handling. Include updates from latest liboscal-java 2.0.0 release Details for Ready Changes

liboscal-java 2.0.0 will be a major release with minor bug fixes, improvements, and backwards non-compatible changes to how library imports work. Key Take-aways for Ready Changes This release makes updates to metaschema-java, the library that will read the OSCAL Metaschema XML files and generate reusable Java model classes and utility functions. Key takeaways are below: Add library API documentation. Fix bugs with serializing lists in HTML/Markdown markup. Formatting output. Update to OSCAL v1.0.6 models.