You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When attempting to enhance constraints for different types of components in a system security plan that represent cross-boundary communication, we have confirmed that a prop[@name="direction"] is necessary to describe the direction of network communication. However, you can only use this property on component[@type="interconnection"], not others as applicable. More details can be found in GSA/fedramp-automation#950 to complete work for GSA/fedramp-automation#930.
Below is the relevant constraint that needs to be adjusted.
Developers and engineers who want to develop or consume constraint-based analysis to know if their OSCAL-based system security plan meets all NIST and FedRAMP-specific requirements.
What is affected by this bug
Metaschema, Modeling
How do we replicate this issue
Create a SSP with a component with a type that is not .[@type="interconnection"] and a prop[@name="direction" and @value="incoming"].
Run the oscal-cli or other conformant tooling to confirm the constraint does not permit this allowed value.
Expected behavior (i.e. solution)
Different types of components permit the use of this property.
Other comments
FedRAMP can use a @ns flag for the given prop, but we want to align with general use cases NIST supports and that can increase confusion about the difference between the identically named props while also decreasing interoperability.
Revisions
No response
The text was updated successfully, but these errors were encountered:
The above property collection needs to be de-coupled.
The following allowed values continue to only apply to interconnection components:
<enumvalue="isa-title">Title of the Interconnection Security Agreement (ISA).</enum>
<enumvalue="isa-date">Date of the Interconnection Security Agreement (ISA).</enum>
<enumvalue="isa-remote-system-name">The name of the remote interconnected system.</enum>
The following allowed values must be allowed on all of the following component types:
system
service
interconnection
software
<enumvalue="ipv4-address">An Internet Protocol Version 4 interconnection address</enum>
<enumvalue="ipv6-address">An Internet Protocol Version 6 interconnection address</enum>
<enumvalue="direction">An Internet Protocol Version 6 interconnection address</enum>
Describe the bug
When attempting to enhance constraints for different types of components in a system security plan that represent cross-boundary communication, we have confirmed that a
prop[@name="direction"]
is necessary to describe the direction of network communication. However, you can only use this property oncomponent[@type="interconnection"]
, not others as applicable. More details can be found in GSA/fedramp-automation#950 to complete work for GSA/fedramp-automation#930.Below is the relevant constraint that needs to be adjusted.
OSCAL/src/metaschema/oscal_implementation-common_metaschema.xml
Lines 191 to 198 in b123c11
https://github.com/usnistgov/OSCAL/blob/v1.1.3/src/metaschema/oscal_implementation-common_metaschema.xml#L191-L198
Who is the bug affecting
Developers and engineers who want to develop or consume constraint-based analysis to know if their OSCAL-based system security plan meets all NIST and FedRAMP-specific requirements.
What is affected by this bug
Metaschema, Modeling
How do we replicate this issue
.[@type="interconnection"]
and aprop[@name="direction" and @value="incoming"]
.Expected behavior (i.e. solution)
Different types of components permit the use of this property.
Other comments
FedRAMP can use a
@ns
flag for the given prop, but we want to align with general use cases NIST supports and that can increase confusion about the difference between the identically named props while also decreasing interoperability.Revisions
No response
The text was updated successfully, but these errors were encountered: