Skip to content

Commit

Permalink
Publishing auto-converted artifacts
Browse files Browse the repository at this point in the history
  • Loading branch information
@oscalbuilder
oscalbuilder committed Jun 8, 2021
1 parent 185bd54 commit a849dbc
Show file tree
Hide file tree
Showing 120 changed files with 2,595 additions and 2,528 deletions.
2 changes: 1 addition & 1 deletion examples/catalog/json/basic-catalog-min.json
View file

Large diffs are not rendered by default.

8 changes: 4 additions & 4 deletions examples/catalog/json/basic-catalog.json
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
{
"catalog": {
"uuid": "22054d80-252f-4ab8-ae9c-5bf69c9109a9",
"uuid": "74c8ba1e-5cd4-4ad1-bbfd-d888e2f6c724",
"metadata": {
"title": "Sample Security Catalog *for Demonstration* and Testing",
"published": "2020-02-02T11:01:04.736-04:00",
"last-modified": "2021-04-07T12:50:10.241-04:00",
"last-modified": "2021-06-08T13:57:28.355446-04:00",
"version": "1.0",
"oscal-version": "1.0.0-rc2",
"oscal-version": "1.0.0",
"remarks": "The following is a short excerpt from [ISO/IEC 27002:2013](https://www.iso.org/standard/54533.html), *Information technology — Security techniques — Code of practice for information security controls*. This work is provided here under copyright \"fair use\" for non-profit, educational purposes only. Copyrights for this work are held by the publisher, the International Organization for Standardization (ISO)."
},
"groups": [
Expand Down Expand Up @@ -45,7 +45,7 @@
"id": "s1.1.1-prm1",
"label": "a choice from a selection",
"select": {
"how-many": "one or more",
"how-many": "one-or-more",
"choice": [
"initiating a device lock after {{ insert: param, s1.1.1-prm_2 }} of inactivity",
"requiring the user to initiate a device lock before leaving the system unattended"
Expand Down
8 changes: 4 additions & 4 deletions examples/catalog/xml/basic-catalog.xml
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Modified by the OSCAL 1.0.0 RC1 to OSCAL 1.0.0 RC2 conversion XSLT on 2021-04-07T12:50:10.241-04:00 -->
<!-- Modified by the OSCAL 1.0.0 RC2 to OSCAL 1.0.0 conversion XSLT on 2021-06-08T13:57:28.355446-04:00 -->
<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0"
uuid="22054d80-252f-4ab8-ae9c-5bf69c9109a9">
uuid="74c8ba1e-5cd4-4ad1-bbfd-d888e2f6c724">
<metadata>
<title>Sample Security Catalog <em>for Demonstration</em> and Testing</title>
<published>2020-02-02T11:01:04.736-04:00</published>
<last-modified>2021-04-07T12:50:10.241-04:00</last-modified>
<last-modified>2021-06-08T13:57:28.355446-04:00</last-modified>
<version>1.0</version>
<oscal-version>1.0.0-rc2</oscal-version>
<oscal-version>1.0.0</oscal-version>
<remarks>
<p>The following is a short excerpt from <a href="https://www.iso.org/standard/54533.html">ISO/IEC 27002:2013</a>, <em>Information technology — Security techniques — Code of practice for information security controls</em>. This work is provided here under copyright <q>fair use</q> for non-profit, educational purposes only. Copyrights for this work are held by the publisher, the International Organization for Standardization (ISO).</p>
</remarks>
Expand Down
8 changes: 4 additions & 4 deletions examples/catalog/yaml/basic-catalog.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
---
catalog:
uuid: 22054d80-252f-4ab8-ae9c-5bf69c9109a9
uuid: 74c8ba1e-5cd4-4ad1-bbfd-d888e2f6c724
metadata:
title: Sample Security Catalog *for Demonstration* and Testing
published: 2020-02-02T11:01:04.736-04:00
last-modified: 2021-04-07T12:50:10.241-04:00
last-modified: 2021-06-08T13:57:28.355446-04:00
version: "1.0"
oscal-version: 1.0.0-rc2
oscal-version: 1.0.0
remarks: The following is a short excerpt from [ISO/IEC
27002:2013](https://www.iso.org/standard/54533.html), *Information
technology — Security techniques — Code of practice for information
Expand Down Expand Up @@ -39,7 +39,7 @@ catalog:
- id: s1.1.1-prm1
label: a choice from a selection
select:
how-many: one or more
how-many: one-or-more
choice:
- "initiating a device lock after {{ insert: param,
s1.1.1-prm_2 }} of inactivity"
Expand Down
4 changes: 2 additions & 2 deletions examples/component-definition/json/example-component-min.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
"uuid": "8223d65f-57a9-4689-8f06-2a975ae2ad72",
"metadata": {
"title": "Test Component Definition",
"last-modified": "2021-04-07T12:50:10.241-04:00",
"last-modified": "2021-06-08T13:57:28.355446-04:00",
"version": "20200723",
"oscal-version": "1.0.0-rc2",
"oscal-version": "1.0.0",
"parties": [
{
"uuid": "ee47836c-877c-4007-bbf3-c9d9bd805a9a",
Expand Down
4 changes: 2 additions & 2 deletions examples/component-definition/json/example-component.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
"uuid": "8223d65f-57a9-4689-8f06-2a975ae2ad72",
"metadata": {
"title": "Test Component Definition",
"last-modified": "2021-04-07T12:50:10.241-04:00",
"last-modified": "2021-06-08T13:57:28.355446-04:00",
"version": "20200723",
"oscal-version": "1.0.0-rc2",
"oscal-version": "1.0.0",
"parties": [
{
"uuid": "ee47836c-877c-4007-bbf3-c9d9bd805a9a",
Expand Down
4 changes: 2 additions & 2 deletions examples/component-definition/xml/example-component.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
uuid="8223d65f-57a9-4689-8f06-2a975ae2ad72">
<metadata>
<title>Test Component Definition</title>
<last-modified>2021-04-07T12:50:10.241-04:00</last-modified>
<last-modified>2021-06-08T13:57:28.355446-04:00</last-modified>
<version>20200723</version>
<oscal-version>1.0.0-rc2</oscal-version>
<oscal-version>1.0.0</oscal-version>
<party uuid="ee47836c-877c-4007-bbf3-c9d9bd805a9a" type="organization">
<name>Test Vendor</name>
</party>
Expand Down
4 changes: 2 additions & 2 deletions examples/component-definition/yaml/example-component.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ component-definition:
uuid: 8223d65f-57a9-4689-8f06-2a975ae2ad72
metadata:
title: Test Component Definition
last-modified: 2021-04-07T12:50:10.241-04:00
last-modified: 2021-06-08T13:57:28.355446-04:00
version: "20200723"
oscal-version: 1.0.0-rc2
oscal-version: 1.0.0
parties:
- uuid: ee47836c-877c-4007-bbf3-c9d9bd805a9a
name: Test Vendor
Expand Down
2 changes: 1 addition & 1 deletion examples/ssp/json/oscal_leveraged-example_ssp-min.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"system-security-plan":{"uuid":"fb1cf6e8-5ebe-48ba-847d-fcfa5ccc0e96","metadata":{"roles":[{"id":"admin"},{"id":"customer"},{"id":"poc-for-customers"}],"parties":[{"uuid":"11111111-0000-4000-9000-100000000001","type":"person"}]},"import-profile":{"href":"..\/..\/..\/nist.gov\/SP800-53\/rev4\/xml\/NIST_SP-800-53_rev4_LOW-baseline_profile.xml"},"system-characteristics":{"system-ids":[{"id":"csp_iaas_system"}],"system-information":{"information-types":[{"categorizations":[{"system":"https:\/\/doi.org\/10.6028\/NIST.SP.800-60v2r1","information-type-ids":[]}],"confidentiality-impact":{},"integrity-impact":{},"availability-impact":{}}]},"security-impact-level":{},"status":{"state":"operational"},"authorization-boundary":{}},"system-implementation":{"users":[{"uuid":"11111111-0000-4000-9000-200000000001","role-ids":[],"authorized-privileges":[{"functions-performed":[]}]}],"components":[{"uuid":"cfbc1d9d-e772-47a4-aed5-1b902339eab2","type":"this-system","status":{"state":"operational"}},{"uuid":"11111111-0000-4000-9001-000000000001","type":"this-system","status":{"state":"operational"}},{"uuid":"11111111-0000-4000-9001-000000000002","type":"software","props":[{"name":"implementation-point","value":"system"}],"status":{"state":"operational"},"responsible-roles":[{"role-id":"admin","party-uuids":[]}]}]},"control-implementation":{"implemented-requirements":[{"uuid":"11111111-0000-4000-9009-002000000000","control-id":"ac-2","set-parameters":[{"param-id":"ac-2_prm_1","values":[]}],"statements":[{"statement-id":"ac-2_stmt.a","uuid":"11111111-0000-4000-9009-002001000000","by-components":[{"component-uuid":"11111111-0000-4000-9001-000000000001","uuid":"11111111-0000-4000-9009-002001001000","export":{"responsibilities":[{"uuid":"11111111-0000-4000-9009-002001001001","responsible-roles":[{"role-id":"customer"}]}]}},{"component-uuid":"11111111-0000-4000-9001-000000000002","uuid":"11111111-0000-4000-9009-002001002000","export":{"provided":[{"uuid":"11111111-0000-4000-9009-002001002001","responsible-roles":[{"role-id":"poc-for-customers"}]}],"responsibilities":[{"uuid":"11111111-0000-4000-9009-002001002002","provided-uuid":"11111111-0000-4000-9009-002001002001","responsible-roles":[{"role-id":"customer"}]}]}}]}]}]},"back-matter":{"resources":[{"uuid":"11111111-0000-4000-9999-000000000001","rlinks":[{"href":".\/attachments\/IaaS_ac_proc.docx"}]}]}}}
{"system-security-plan":{"uuid":"d197545f-353f-407b-9166-ebf959774c5a","metadata":{"title":"CSP IaaS System Security Plan","last-modified":"2021-06-08T13:57:35.068496-04:00","version":"0.1","oscal-version":"1.0.0","roles":[{"id":"admin","title":"Administrator"},{"id":"customer","title":"External Customer"},{"id":"poc-for-customers","title":"Internal POC for Customers"}],"parties":[{"uuid":"11111111-0000-4000-9000-100000000001","type":"person"}]},"import-profile":{"href":"../../../nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_LOW-baseline_profile.json"},"system-characteristics":{"system-ids":[{"id":"csp_iaas_system"}],"system-name":"Leveraged IaaS System","description":"An example of three customers leveraging an authorized SaaS, which is running on an authorized IaaS.\n\n```\n\nCust-A Cust-B Cust-C\n | | |\n +---------+---------+\n |\n +-------------------+\n | Leveraging SaaS |\n +-------------------+\n |\n |\n +-------------------+\n | Leveraged IaaS |\n | this file |\n +-------------------+\n \n```\n\nIn this example, the IaaS SSP specifies customer responsibilities for certain controls.\n\nThe SaaS must address these for the control to be fully satisfied.\n\nThe SaaS provider may either implement these directly or pass the responsibility on to their customers. Both may be necessary.\n\nFor any given control, the Leveraged IaaS SSP must describe:\n\n1. HOW the IaaS is directly satisfying the control\n1. WHAT responsibilities are left for the Leveraging SaaS (or their customers) to implement.\n\n\nFor any given control, the Leveraging SaaS SSP must describe:\n\n1. WHAT is being inherited from the underlying IaaS\n1. HOW the SaaS is directly satisfying the control.\n1. WHAT responsibilities are left for the SaaS customers to implement. (The SaaS customers are Cust-A, B and C)\n","security-sensitivity-level":"low","system-information":{"information-types":[{"title":"System and Network Monitoring","description":"This IaaS system handles information pertaining to audit events.","categorizations":[{"system":"https://doi.org/10.6028/NIST.SP.800-60v2r1","information-type-ids":["C.3.5.8"]}],"confidentiality-impact":{"base":"fips-199-moderate","selected":"fips-199-low","adjustment-justification":"This impact has been adjusted to low as an example of how to perform this type of adjustment."},"integrity-impact":{"base":"fips-199-moderate","selected":"fips-199-low","adjustment-justification":"This impact has been adjusted to low as an example of how to perform this type of adjustment."},"availability-impact":{"base":"fips-199-moderate","selected":"fips-199-low","adjustment-justification":"This impact has been adjusted to low as an example of how to perform this type of adjustment."}}]},"security-impact-level":{"security-objective-confidentiality":"fips-199-low","security-objective-integrity":"fips-199-low","security-objective-availability":"fips-199-low"},"status":{"state":"operational"},"authorization-boundary":{"description":"The hardware and software supporting the virtualized infrastructure supporting the IaaS."},"remarks":"Most system-characteristics content does not support the example, and is included to meet the minimum SSP syntax requirements."},"system-implementation":{"users":[{"uuid":"11111111-0000-4000-9000-200000000001","role-ids":["admin"],"authorized-privileges":[{"title":"Administrator","functions-performed":["Manages the components within the IaaS."]}]}],"components":[{"uuid":"cfbc1d9d-e772-47a4-aed5-1b902339eab2","type":"this-system","title":"This System","description":"The system described by this SSP.\n\nThis text was auto-generated by the OSCAL M3-RC1 data upgrade converter.","status":{"state":"operational"}},{"uuid":"11111111-0000-4000-9001-000000000001","type":"this-system","title":"This System","description":"This Leveraged IaaS.\n\nThe entire system as depicted in the system authorization boundary","status":{"state":"operational"}},{"uuid":"11111111-0000-4000-9001-000000000002","type":"software","title":"Application","description":"An application within the IaaS, exposed to SaaS customers and their downstream customers.\n\nThis Leveraged IaaS maintains aspects of the application.\n\nThe Leveraging SaaS maintains aspects of their assigned portion of the application.\n\nThe customers of the Leveraging SaaS maintain aspects of their sub-assigned portions of the application.","props":[{"name":"implementation-point","value":"system"}],"status":{"state":"operational"},"responsible-roles":[{"role-id":"admin","party-uuids":["11111111-0000-4000-9000-100000000001"]}]}]},"control-implementation":{"description":"This is a collection of control responses.","implemented-requirements":[{"uuid":"11111111-0000-4000-9009-002000000000","control-id":"ac-2","set-parameters":[{"param-id":"ac-2_prm_1","values":["privileged and non-privileged"]}],"statements":[{"statement-id":"ac-2_stmt.a","uuid":"11111111-0000-4000-9009-002001000000","by-components":[{"component-uuid":"11111111-0000-4000-9001-000000000001","uuid":"11111111-0000-4000-9009-002001001000","description":"Response for the \\\"This System\\\" component.\n\nOverall description of how \\\"This System\\\" satisfies AC-2, Part a.\n\nResponse for the \\\"This System\\\" component.\n\nOverall description of how \\\"This System\\\" satisfies AC-2, Part a.\n\nResponse for the \\\"This System\\\" component.\n\nOverall description of how \\\"This System\\\" satisfies AC-2, Part a.\n\nResponse for the \\\"This System\\\" component.\n\nOverall description of how \\\"This System\\\" satisfies AC-2, Part a.","export":{"description":"Optional description about what is being exported.","responsibilities":[{"uuid":"11111111-0000-4000-9009-002001001001","description":"Leveraging system's responsibilities with respect to inheriting this capability.\n\nIn the context of the application component in satisfaction of AC-2, part a.","responsible-roles":[{"role-id":"customer"}]}]}},{"component-uuid":"11111111-0000-4000-9001-000000000002","uuid":"11111111-0000-4000-9009-002001002000","description":"Describes how the application satisfies AC-2, Part a.","export":{"description":"Optional description about what is being exported.","provided":[{"uuid":"11111111-0000-4000-9009-002001002001","description":"Consumer-appropriate description of what may be inherited.\n\nIn the context of the application component in satisfaction of AC-2, part a.","responsible-roles":[{"role-id":"poc-for-customers"}]}],"responsibilities":[{"uuid":"11111111-0000-4000-9009-002001002002","provided-uuid":"11111111-0000-4000-9009-002001002001","description":"Leveraging system's responsibilities with respect to inheriting this capability.\n\nIn the context of the application component in satisfaction of AC-2, part a.","responsible-roles":[{"role-id":"customer"}]}]}}],"remarks":"a. Identifies and selects the following types of information system accounts to support organizational missions/business functions: [Assignment: privileged and non-privileged];"}],"remarks":"The organization:\n\na. Identifies and selects the following types of information system accounts to support organizational missions/business functions: [Assignment: organization-defined information system account types];\n\nb. Assigns account managers for information system accounts;\n\nc. Establishes conditions for group and role membership;\n\nd. through j. omitted"}]},"back-matter":{"resources":[{"uuid":"11111111-0000-4000-9999-000000000001","rlinks":[{"href":"./attachments/IaaS_ac_proc.docx"}]}]}}}
Loading

0 comments on commit a849dbc

Please sign in to comment.