liboscal-java 3.0.3 is a patch release with improvements and changes that are backwards compatible, specifically updating liboscal-java and metaschema-framework dependencies to make use of the OSCAL v1.1.2 models and dependency updates.
Changes: Key Take-aways
Key takeaways are below:
OSCAL model updates from v1.1.1 to v1.1.2
Dependency updates
Details
e659797 Update OSCAL models to v1.1.2 for [#234]
oscal-cli 1.0.3 is a patch release with improvements and changes that are backwards compatible, specifically updating liboscal-java and metaschema-framework dependencies to make use of the OSCAL v1.1.2 models and the underlying use of the Metaschema Framework. This release also fixes a bug to properly reference embeeded resource files in the release.
Changes: Key Take-aways
Key takeaways are below:
Model updates
Correct local resource paths
Details
daf3ed3 Fix metaschema-java generated schema name and path for [#200](https://github.com/usnistgov/oscal-cli/issues
Segments
Why Metaschema and the CLI?
Download and install.
Write a model in a module.
Review key concepts for CLI use.
Validate the module.
Generate schemas.
Validate document instance.
Iterate, rinse, repeat.
Cosmic-Nesting-Boxes-Look-from-the-outside-in-e1538020123683
)
Don't we like boxes?
Encoding and decoding data across programs and systems is a "solved problem."
Why should we still care?
Context time
Binary data
Text data
Goal
Sprint Details
Sprint 78 is from 17-31 October 2023. Current board is here.
Leave or other priorities
A.J.: I will be at a conference on 17-18 Oct and have some other trainings, focusing more and more on transition plan.
Arminta:
Chris:
Dmitry:
Michaela: At a conference Oct 17-19. 80% of the rest of the time will be on OSCAL (OSCAL Define, 101 included)
Michaela Iorga changed 8 hours agoView mode Like Bookmark
Goal
First aid time: Make it easier for community to consume and contribute back. Continue improving user-focused documentation, build out docs and examples roadmap.
Sprint Details
Sprint 77 is from 2-13 October 2023. Current board is here.
Leave or other priorities
NOTE: October 9 is federal holiday.
A.J.: Working on OSCAL but have a few day-long trainings this sprint (Tuesday October 3rd and more to follow)
Michaela Iorga changed a few seconds agoView mode Like Bookmark
New Key Deliverables for Gaps
CRM
Mapping
Rules and checks (metrics)
Policy representation within OSCAL
Recording and publication of OSCAL 4th Conference (2023) Workshop material
Ongoing Maintenance Priorities
OSCAL documentationmodel documentation
tutorials and examples
Wendell Piez changed 7 hours agoView mode Like Bookmark
oscal-cli 1.0.2 is a patch release with improvements and changes that are backwards compatible, specifically updating liboscal-java and metaschema-framework dependencies to make use of the OSCAL v1.1.1 models and the underlying use of the Metaschema Framework.
Changes: Key Take-aways
Key takeaways are below:
13f4bf15 Update metaschema-framework and liboscal-java for v1.1.1 support.
Details
13f4bf15 Update metaschema-framework and liboscal-java for v1.1.1 support.
Goal
First aid time: start improving user-focused documentation, build out docs and examples roadmap. Still need to finish carry over work from last sprint.
Sprint Details
Sprint 76 is from 14-28 September 2023. Current board is here.
Leave or other priorities
A.J.: Primarily focused on OSCAL, no planned leave.
Arminta: Sept 25 school closure (follow up later); Sept 28 - 2 hrs of AL
Chris: Out Thurs/Fri next week. (Still presenting DEFINE)
Goal
First aid time: start improving user-focused documentation, build out docs and examples roadmap. Still need to finish carry over work from last sprint.
Sprint Details
Sprint 76 is from 14-28 September 2023. Current board is here.
Leave or other priorities
A.J.: Primarily focused on OSCAL, no planned leave.
Arminta: Sept 25 school closure (follow up later); Sept 28 - 2 hrs of AL
Chris: Out Thurs/Fri next week. (Still presenting DEFINE)
Dmitry Cousin changed 42 minutes agoView mode Like Bookmark
Goal
First aid time: start improving user-focused documentation, build out docs and examples roadmap. Still need to finish carry over work from last sprint.
Sprint Details
Sprint 76 is from 14-28 September 2023. Current board is here.
Leave or other priorities
A.J.: Primarily focused on OSCAL, no planned leave.
Arminta: Sept 25 school closure (follow up later); Sept 28 - 2 hrs of AL
Chris: Out Thurs/Fri next week. (Still presenting DEFINE)
Background
Organization
We propose in this draft document a non-exhaustive list of value streams. A value stream is a thematic collection of work items, varying in scope of work by quantity or quality (large epics to small issues), but still related to the same theme in that work. There are different kinds of work items, with some nested-like epics with user stories within them. An epic nested with epics concept is counter-intuitive, so we will label each one as a value stream. For organizational purposes, we organize the value streams grouped by high-level use cases in OSCAL. This grouping may be beneficial to link the resulting value of work completed in a value stream to a downstream developer tasks of making OSCAL-enabled tooling.
Value streams grouped by use case
Define control Requirements (catalogs)
Control mapping and relations
Add group IDs
Customize control requirements (catalogs, profiles)
Michaela Iorga changed 12 hours agoView mode Like Bookmark
Participation
Attending Organizations
High Quality High Speed (HQHS, SDO)
Office of Convenience and Growth (OGC, Government)
Wings on Wheels (WOW, Manufacturer)
Office of Risk Aversion (ORA, Government)
Attendees
Alexander Stein (HQHS)
Ned Goren (HQHS)
Alexander Stein changed a few seconds agoView mode Like Bookmark
Welcome to the Open Security Controls Assessment Language (OSCAL) Blog, open to NIST team and to our community members!
If you work closely with us, you might have noticed we our hard work on the OSCAL project's deep cleaning at the same time as our v1.1.0 release. As the project has evolved, we needed to do a deep cleaning and get better organized. Since, this decision would impact our team and the community, we discussed the change in our DEFINE and Model Engineering meetings, solicited feedback, and published a decision record describing our rationale and reorganization plan. If you want an up-to-date detailed description of OSCAL artifacts and what code repositories they come from, please take a moment and review the OSCAL Project's structure on our website.
The NIST OSCAL Team will author future blog posts when important topics come up, but that is not only for us to decide. If you have an OSCAL topic you would like to read about or you want to guest-author a blog, you can email the NIST OSCAL team your proposal. The team will work with you to publish your post.
liboscal-java 3.0.2 will be a patch release with improvements and changes that are backwards compatible, specifically updating the library to v1.1.1 release of OSCAL models.
Changes: Key Take-aways
Key takeaways are below:
Details
Appendix
Detailed Commit Log
Note for NIST developers: the output below is from executing the following command against the release branch (main) on a developer workstation: git log origin/main..origin/develop --pretty=oneline --abbrev-commit.
Goal
First aid time: start improving user-focused documentation, build out docs and examples roadmap. Wrap up important work from last sprint. Let's not drag things on.
Sprint Details
Sprint 75 is from 29 August 2023 to 11 September 2023. Current board is here.
Leave or other priorities
[ALL]: Labor Day off (Federal Holiday)
A.J.: Out for 1.5 days for travel and personal leave, 75% allocation on those days, has non-OSCAL work to attend to as well.
Nikita: Our for 1 day for a personal conference. Has non-OSCAL work. 75% allocation on remaining days.
Nikita Wootten changed 10 hours agoView mode Like Bookmark
Goal
First aid time: start improving user-focused documentation, build out docs and examples roadmap. Wrap up important work from last sprint. Let's not drag things on.
Sprint Details
Sprint 75 is from 29 August 2023 to 11 September 2023. Current board is here.
Leave or other priorities
[ALL]: Labor Day off (Federal Holiday)
A.J.: Out for 1.5 days for travel and personal leave, 75% allocation on those days, has non-OSCAL work to attend to as well.
Nikita: Our for 1 day for a personal conference. Has non-OSCAL work. 75% allocation on remaining days.
Michaela Iorga changed 2 days agoView mode Like Bookmark
OSCAL 1.1.1 will be a patch release with minor model improvements, documentation, and artifact release changes that are backwards compatible.
Changes: Key Take-aways
Models
Allow non-FISMA/RMF use cases for SSP information type impact levels.
Remove obsolete model documentation for biblio elements in back-matter/resources.
Profile Resolution and Process Specs
Change spec for more practical definition of metadata/last-modified.
1.1.1 will be a patch release with small, but useful, backwards-compatible enhancements, bug, fixes and documentation fixes.
Key takeaways and full details are below.
Changes: Key Takeaways
Models
Profile Resolution and Processing Specs
Other
Details
Below is a list of every change that will be promoted from develop to a 1.1.0 release branch. The changes to models, docs, and code can be reviewed. All dependency changes from Dependabot and auto-committed website changes are excluded.
The problem ...We work for stakeholders who managed a database of books
They have requirements
What even is a pipeline?
A pipeline is a program is focused on composition: programs that take inputs from the outputs of other programs, or even other pipelines.
XProc is a XML pipelining technology.
XProc has two predominant implementations:XML Calabash is for XProc 1.0
MorganaXProc-IIIse is for XProc 3.0
Wendell Piez changed 10 days agoView mode Like Bookmark
oscal-cli 1.0.1 will be a patch release with improvements and changes that are backwards compatible, specifically updating dependencies to fix issues with resources needed for schema-based validation commands.
Changes: Key Take-aways
Key takeaways are below:
Fixes for schema-based validation commands.
Details
d48958a Update metaschema-java from 0.12.0 to 0.12.1 (#174)
96f10e7 Update resource paths to JSON and XML schemas (#177)
liboscal-java 3.0.0 will be a major release with improvements and changes that are not backwards compatible, specifically obsolete imports from package restructuring and removed library functions for control mappings.
Changes: Key Take-aways
Key takeaways are below:
Update OSCAL models to 1.1.0.
Deprecate utility functions for control mapping.
Details
Below is a list of all changes that will be promoted from develop to 3.0.0 release branch.
1.1.0 will be a minor release with important backwards-compatible enhances and bug-fixes around SSP, POA&M, profile, and cross-model metadata. Many of these feature enhancements have been pending release for over 12 months with neutral or positive community support.
Key takeaways and full details are below.
Changes: Key Takeaways
Models
SSP: Change certain elements from required to optional for non-RMF use cases.
SSP: improve constraints of links for cross-referencing components and indicating where components were imported from.
POAM: add related-findings assembly.
Profile: Remove with-parent-controls from the profile model.
Wendell Piez changed a month agoView mode Like Bookmark
oscal-cli 0.3.4 release will be a minor release with minor bug fixes and improvements. However, there are changes to how library imports work that are not backwards compatible.
Key Take-aways for Ready Changes
This release will also update the liboscal-java 2.0.0 dependency once released. Important high-level changes are listed below.
Bug fixes for certain commands.
Bug fixes in arguments handling.
Include updates from latest liboscal-java 2.0.0 release
Details for Ready Changes
liboscal-java 2.0.0 will be a major release with minor bug fixes, improvements, and backwards non-compatible changes to how library imports work.
Key Take-aways for Ready Changes
This release makes updates to metaschema-java, the library that will read the OSCAL Metaschema XML files and generate reusable Java model classes and utility functions. Key takeaways are below:
Add library API documentation.
Fix bugs with serializing lists in HTML/Markdown markup.
Formatting output.
Update to OSCAL v1.0.6 models.