From ca64dc8bfb786a8f4c98e9445f0792eeaabca8ce Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Fri, 21 Feb 2025 14:06:37 -0500 Subject: [PATCH] `has-oscal-namespace()`->`@ns` check for #2113 --- .../oscal_assessment-common_metaschema.xml | 38 +++++++------- .../oscal_assessment-plan_metaschema.xml | 2 +- src/metaschema/oscal_catalog_metaschema.xml | 26 +++++----- src/metaschema/oscal_component_metaschema.xml | 18 +++---- .../oscal_control-common_metaschema.xml | 4 +- ...oscal_implementation-common_metaschema.xml | 52 +++++++++---------- src/metaschema/oscal_metadata_metaschema.xml | 20 +++---- src/metaschema/oscal_profile_metaschema.xml | 2 +- src/metaschema/oscal_ssp_metaschema.xml | 18 +++---- 9 files changed, 90 insertions(+), 90 deletions(-) diff --git a/src/metaschema/oscal_assessment-common_metaschema.xml b/src/metaschema/oscal_assessment-common_metaschema.xml index b2d2543690..59ee135aaf 100644 --- a/src/metaschema/oscal_assessment-common_metaschema.xml +++ b/src/metaschema/oscal_assessment-common_metaschema.xml @@ -62,16 +62,16 @@ - + **(deprecated)** Use 'assessment-objective' instead. **(deprecated)** Use 'assessment-method' instead. The part defines an assessment objective. The part defines an assessment method. - - - - + + + + @@ -183,11 +183,11 @@ - + The assessment method to use. This typically appears on parts with the name "assessment". - - + + The process of holding discussions with individuals or groups of individuals within an organization to once again, facilitate assessor understanding, achieve clarification, or obtain evidence. The process of reviewing, inspecting, observing, studying, or analyzing one or more assessment objects (i.e., specifications, mechanisms, or activities). The process of exercising one or more assessment objects (i.e., activities or mechanisms) under specified conditions to compare actual with expected behavior. @@ -1274,10 +1274,10 @@ - + The type of remediation tracking entry. Can be multi-valued. - + Contacted vendor to determine the status of a pending fix to a known vulnerability. Information related to the current state of response to this risk. A significant step in the response plan has been achieved. @@ -1308,13 +1308,13 @@ - + The risk has been confirmed to be a false positive. The risk has been accepted. No further action will be taken. The risk has been adjusted. A numeric value indicating the sequence in which risks should be addressed. (Lower numbers are higher priority) - + @@ -1405,10 +1405,10 @@ - + Indicates if the facet is 'initial' as first identified, or 'adjusted' indicating that the value has be changed after some adjustments have been made (e.g., to identify residual risk). - + As first identified. Indicates that residual risk remains after some adjustments have been made. @@ -1854,10 +1854,10 @@ - + Risk Response Type - + The risk will be eliminated. The risk will be reduced. The risk will be transferred to another organization or entity. @@ -1937,11 +1937,11 @@ - + The assessment method to use. This typically appears on parts with the name "objective". - - + + The process of holding discussions with individuals or groups of individuals within an organization to once again, facilitate assessor understanding, achieve clarification, or obtain evidence. The process of reviewing, inspecting, observing, studying, or analyzing one or more assessment objects (i.e., specifications, mechanisms, or activities). The process of exercising one or more assessment objects (i.e., activities or mechanisms) under specified conditions to compare actual with expected behavior. diff --git a/src/metaschema/oscal_assessment-plan_metaschema.xml b/src/metaschema/oscal_assessment-plan_metaschema.xml index 55a452b178..dd54bc8c95 100644 --- a/src/metaschema/oscal_assessment-plan_metaschema.xml +++ b/src/metaschema/oscal_assessment-plan_metaschema.xml @@ -91,7 +91,7 @@ - + Defines the circumstances, conditions, degree, and manner in which the use of cyber-attack techniques or actions may be applied to the assessment. Any information the assessor should make known to the system owner or authorizing official. Has child 'item' parts for each individual disclosure. Defines any assessment activities which the system owner or authorizing official wishes to ensure are performed as part of the assessment. diff --git a/src/metaschema/oscal_catalog_metaschema.xml b/src/metaschema/oscal_catalog_metaschema.xml index 8b476aa612..6dd4d27c40 100644 --- a/src/metaschema/oscal_catalog_metaschema.xml +++ b/src/metaschema/oscal_catalog_metaschema.xml @@ -49,7 +49,7 @@ - + The tool used to produce a resolved profile. The document-level uuid of the source profile from which the catalog was produced by profile resolution. @@ -141,10 +141,10 @@ - + &allowed-values-control-group-property-name; - + An introduction to a control or a group of controls. Information providing directions for a control or a group of controls. @@ -222,14 +222,14 @@ + target="prop[@ns = 'http://csrc.nist.gov/ns/oscal']/@name"> &allowed-values-control-group-property-name; The status of a control. For example, a value of 'withdrawn' can indicate that the control has been withdrawn and should no longer be used. + target="prop[@ns = 'http://csrc.nist.gov/ns/oscal' and @name='status']/@value"> The control is no longer used. **(deprecated)*** Use 'withdrawn' instead. @@ -252,7 +252,7 @@ + target="part[@ns = 'http://csrc.nist.gov/ns/oscal']/@name"> An introduction to a control or a group of controls. A set of implementation requirements or recommendations. @@ -265,14 +265,14 @@ over a set of assessment objects. + target="part[@ns = 'http://csrc.nist.gov/ns/oscal' and @name='statement']//part[@ns = 'http://csrc.nist.gov/ns/oscal']/@name"> An individual item within a control statement.

Nested statement parts are "item" parts.

 + target=".//part[@ns = 'http://csrc.nist.gov/ns/oscal']/@name"> **(deprecated)** Use 'assessment-objective' instead. The part describes a set of assessment @@ -282,7 +282,7 @@ + target="part[@ns = 'http://csrc.nist.gov/ns/oscal' and @name=('assessment','assessment-method')]/part[@ns = 'http://csrc.nist.gov/ns/oscal']/@name"> **(deprecated)** Use 'assessment-objects' instead. Provides a listing of assessment @@ -292,17 +292,17 @@ + target="part[@ns = 'http://csrc.nist.gov/ns/oscal' and @name=('assessment','assessment-method')]/prop[@ns = 'http://csrc.nist.gov/ns/oscal']/@name"> **(deprecated)** Use 'method' in the 'http://csrc.nist.gov/ns/rmf' namespace. The assessment method to use. This typically appears on parts with the name "assessment-method". + target="part[@ns = 'http://csrc.nist.gov/ns/oscal' and @name=('assessment','assessment-method')]/prop[has-oscal-namespace('http://csrc.nist.gov/ns/rmf')]/@name"> The assessment method to use. This typically appears on parts with the name "assessment-method". - + + target="part[@ns = 'http://csrc.nist.gov/ns/oscal' and @name=('assessment','assessment-method')]/prop[has-oscal-namespace(('http://csrc.nist.gov/ns/oscal','http://csrc.nist.gov/ns/rmf')) and @name='method']/@value"> The process of holding discussions with individuals or groups of individuals within an organization to once again, facilitate assessor understanding, achieve clarification, or obtain evidence. The process of reviewing, inspecting, observing, studying, or analyzing one or more assessment objects (i.e., specifications, mechanisms, or activities). The process of exercising one or more assessment objects (i.e., activities or mechanisms) under specified conditions to compare actual with expected behavior. diff --git a/src/metaschema/oscal_component_metaschema.xml b/src/metaschema/oscal_component_metaschema.xml index f70fcdb0cb..7a37af33cd 100644 --- a/src/metaschema/oscal_component_metaschema.xml +++ b/src/metaschema/oscal_component_metaschema.xml @@ -148,7 +148,7 @@ - + @@ -177,7 +177,7 @@ &allowed-values-responsible-roles-component-production; - + &allowed-values-property-name-asset-type-values; @@ -185,22 +185,22 @@ - + The component allows an authenticated scan. The component does not allow an authenticated scan. - + The component is virtualized. The component is not virtualized. - + The component is publicly accessible. The component is not publicly accessible. - + The component is implemented within the system boundary. The component is implemented outside the system boundary. @@ -210,8 +210,8 @@ - - + + @@ -221,7 +221,7 @@ - + &allowed-values-component_component_software; diff --git a/src/metaschema/oscal_control-common_metaschema.xml b/src/metaschema/oscal_control-common_metaschema.xml index 4bae078550..8f4ea26c8c 100644 --- a/src/metaschema/oscal_control-common_metaschema.xml +++ b/src/metaschema/oscal_control-common_metaschema.xml @@ -76,7 +76,7 @@ - + &allowed-values-control-group-property-name; @@ -179,7 +179,7 @@ - + &allowed-values-control-group-property-name; An alternate to the value provided by the parameter's label. This will typically be qualified by a class. diff --git a/src/metaschema/oscal_implementation-common_metaschema.xml b/src/metaschema/oscal_implementation-common_metaschema.xml index b4def97907..b46641de18 100644 --- a/src/metaschema/oscal_implementation-common_metaschema.xml +++ b/src/metaschema/oscal_implementation-common_metaschema.xml @@ -88,7 +88,7 @@ - + Relative placement of component ('internal' or 'external') to the system. UUID of the related leveraged-authorization assembly in this SSP. @@ -121,26 +121,26 @@ &allowed-values-responsible-roles-component-production; - + &allowed-values-property-name-asset-type-values; - + The component allows an authenticated scan. The component does not allow an authenticated scan. - + The component is publicly accessible. The component is not publicly accessible. - + The component is virtualized. The component is not virtualized. - + The component is implemented within the system boundary. The component is implemented outside the system boundary. @@ -149,14 +149,14 @@ - - + + - + The name of the company or organization @@ -173,7 +173,7 @@ - + &allowed-values-component_component_software; @@ -187,16 +187,16 @@ - + Title of the Interconnection Security Agreement (ISA). Date of the Interconnection Security Agreement (ISA). The name of the remote interconnected system. &allowed-values-property-name-networked-components; - + &allowed-values-property-name-networked-components; - + The identified IP address is for this system. The identified IP address is for the remote system to which this system is connected. @@ -210,11 +210,11 @@ Interconnection Security Agreement (ISA) authorizing official for this system. Interconnection Security Agreement (ISA) authorizing official for the remote interconnected system. - - - - - + + + + + Data from the remote system flows into this system. Data from this system flows to the remote system. @@ -404,16 +404,16 @@ - + The type of user, such as internal, external, or general-public. The user's privilege level within the system, such as privileged, non-privileged, no-logical-access. - + A user account for a person or entity that is part of the organization who owns or operates the system. A user account for a person or entity that is not part of the organization who owns or operates the system. A user of the system considered to be outside - + This role has elevated access to the system, such as a group or system administrator. This role has typical user-level access to the system without elevated access. This role has no access to the system, such as a manager who approves access as part of a process. @@ -533,7 +533,7 @@ - + &allowed-values-component_component_property-name; &allowed-values-component_inventory-item_property-name; @@ -557,7 +557,7 @@ - + The Internet Protocol v4 Address of the asset. The Internet Protocol v6 Address of the asset. The full-qualified domain name (FQDN) of the asset. @@ -589,16 +589,16 @@ &allowed-values-component_inventory-item_property-name; - + &allowed-values-property-name-asset-type-values; - + The name of the company or organization - + The asset is included in periodic vulnerability scanning. The asset is not included in periodic vulnerability scanning. diff --git a/src/metaschema/oscal_metadata_metaschema.xml b/src/metaschema/oscal_metadata_metaschema.xml index be28d1206b..ef9c3ddc90 100644 --- a/src/metaschema/oscal_metadata_metaschema.xml +++ b/src/metaschema/oscal_metadata_metaschema.xml @@ -203,13 +203,13 @@ - + Characterizes the kind of location. - + A location that contains computing assets. A class can be used to indicate the sub-type of data-center as primary or alternate. - + The location is a data-center used for normal operations. The location is a data-center used for fail-over or backup operations. @@ -326,7 +326,7 @@ - + A mail stop associated with the party. The name or number of the party's office. The formal job title of a person. @@ -404,7 +404,7 @@ Indicates the person or organization responsible for all content represented in the "document". Indicates the person or organization to contact for questions or support related to this content. - + The value identifies a comma-seperated listing of keywords associated with this content. These keywords may be used as search terms for indexing and other applications. @@ -568,13 +568,13 @@ - + Identifies the type of resource represented. The most specific appropriate type value SHOULD be used. For resources representing a published document, this represents the version number of that document. For resources representing a published document, this represents the publication date of that document. - - + + Indicates the resource is an organization's logo. Indicates the resource represents an image. @@ -702,7 +702,7 @@ - + A label or descriptor that is tied to a sensitivity or classification marking system. An optional class can be used to define the specific marking system used for the associated value. @@ -874,7 +874,7 @@ This value identifies action types defined in the NIST OSCAL namespace. - + An approval of a document instance's content. A request from the responisble party or parties to change the content. diff --git a/src/metaschema/oscal_profile_metaschema.xml b/src/metaschema/oscal_profile_metaschema.xml index 0caddb6a18..310034dc3a 100644 --- a/src/metaschema/oscal_profile_metaschema.xml +++ b/src/metaschema/oscal_profile_metaschema.xml @@ -377,7 +377,7 @@ - + &allowed-values-control-group-property-name; diff --git a/src/metaschema/oscal_ssp_metaschema.xml b/src/metaschema/oscal_ssp_metaschema.xml index d70d0796b3..8c6c62ce23 100644 --- a/src/metaschema/oscal_ssp_metaschema.xml +++ b/src/metaschema/oscal_ssp_metaschema.xml @@ -129,7 +129,7 @@ - + A value of 1, 2, or 3 as defined by SP 800-63-3. A value of 1, 2, or 3 as defined by SP 800-63-3. @@ -145,11 +145,11 @@ As defined by SP 800-63-3. - + The associated value is one of: public-cloud, private-cloud, community-cloud, government-only-cloud, hybrid-cloud, or other. The associated value is one of: saas, paas, iaas, or other. - + The public cloud deployment model as defined by The NIST Definition of Cloud Computing. The private cloud deployment model as defined by The NIST Definition of Cloud Computing. @@ -165,7 +165,7 @@

The hybrid cloud deployment model, as defined by The NIST Definition of Cloud Computing, can be supported by selecting two or more of the existing deployment models.

 - + Software as a service (SaaS) cloud service model as defined by The NIST Definition of Cloud Computing. Platform as a service (PaaS) cloud service model as defined by The NIST Definition of Cloud Computing. @@ -271,10 +271,10 @@ - + Is this a privacy sensitive system? yes or no - + The system is privacy sensitive. The system is not privacy sensitive. @@ -634,7 +634,7 @@ - + The component allows an authenticated scan. The component does not allow an authenticated scan. @@ -713,10 +713,10 @@ - + Identifies the source of the implemented control. Any control-origination prop defined in a child context will override the parent value. - + The control is implemented by the organization owning the system, but is not specific to the system itself. The control is implemented specifically to this system. The control is provided by the system, but must be configured by the customer.