Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Child-parent "required" links overlap with "related" links in 800-53 catalog IA-12(05) and IA-13(01)(02)(03) #227

Closed
2 tasks
iMichaela opened this issue Dec 7, 2023 · 2 comments
Closed
2 tasks

Child-parent "required" links overlap with "related" links in 800-53 catalog IA-12(05) and IA-13(01)(02)(03) #227

iMichaela opened this issue Dec 7, 2023 · 2 comments
Labels
enhancement The issue adds a new feature, capability, or artifact to the repository. User Story The issue is a user story for a development task.

Comments

@iMichaela
Copy link
Contributor

User Story:

The 800-53 catalog in OSCAL was enhanced in mid 2022 with <link rel="required" href="[parent control id]" /> in 713 places. The required link relation is followed by a <link rel="related" href="[parent control id]" /> for the same relation. If parsers are coded to update a setting because a child control could, in theory, override the value set by a parent control, would most mostlikely treat this sequence the same way and the required relation will be ignored. Since not both are needed, the most valuable one should prevail.

Goals:

In all cases fitting the description above and the example below, remove the related link relation.

<control class="SP800-53-enhancement" id="ia-12.5">
       [...]
        <link rel="required" href="#ia-12"/>
        <link rel="related" href="#ia-12"/>

NOTE: CPRT data shows IA-12(05) related to IA-12 . Could it be an error in the CPRT 800-53 v5.1.1?

<control class="SP800-53-enhancement" id="ia-13.1">
      [...]
      <link rel="required" href="#ia-13"/>
      <link rel="related" href="#ia-13"/>

<control class="SP800-53-enhancement" id="ia-13.2">
      [...]
      <link rel="required" href="#ia-13"/>
      <link rel="related" href="#ia-13"/>

<control class="SP800-53-enhancement" id="ia-13.3">
      [...]
      <link rel="required" href="#ia-13"/>
      <link rel="related" href="#ia-13"/>

Dependencies:

none

Acceptance Criteria

  • A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
  • The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.
@iMichaela iMichaela added enhancement The issue adds a new feature, capability, or artifact to the repository. User Story The issue is a user story for a development task. labels Dec 7, 2023
@iMichaela
Copy link
Contributor Author

Based on the conversation with RMF team (Vicky) IA-12(05) is triggered by a typo in the original document and will have to stay as is to accurately represent the root of trust (CPRT Data).
The IA-13(01)(02)(03) need to be corrected and the related links removed to accurately represent CPRT Data.

@iMichaela iMichaela changed the title Child-parent links of "required" overlap with "related" in 800-53 catalog Child-parent "required" links overlap with "related" links in 800-53 catalog IA-12(05) and IA-13(01)(02)(03) Dec 8, 2023
@iMichaela iMichaela mentioned this issue Dec 8, 2023
Merged
10 tasks
@iMichaela
Copy link
Contributor Author

Addressed by #228

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement The issue adds a new feature, capability, or artifact to the repository. User Story The issue is a user story for a development task.
Projects
NIST OSCAL Work Board
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@iMichaela