Open Security Controls Assessment Language (OSCAL)
The latest OSCAL 1.1.2 is a patch release.
Full Changelog: https://github.com/usnistgov/OSCAL/compare/v1.1.1...v1.1.2
git log v1.1.1..v1.1.2 --pretty=oneline --abbrev-commit
e36c374e0 Remove with-parent-controls from implementation (#1843)
7c47f2303 Bump actions/setup-java from 3 to 4 (#1963)
6df1a6b34 Updated version in the release a patch guidance (#1964)
09435aaa3 Catalog constraints added in oscal_catalog_metaschema.xml - see issue #1949 (#1952)
f4785f28a Flatten codeowners (#1962)
77caaeee5 Add tutorials system lifecycle ADR (#1959)
d1706a0dd Bump build/metaschema-xslt from `bd4359a` to `7d9fbfa` (#1955)
3b6edd9c6 Bump actions/checkout from 4.1.0 to 4.1.1 (#1950)
3dc4f6220 Bump org.apache.maven.plugins:maven-dependency-plugin in /build (#1953)
36e2f67e0 Bump actions/setup-node from 3.8.1 to 4.0.0 (#1954)
a3978d6d1 Bump actions/github-script from 6.4.1 to 7.0.1 (#1961)
cf852454e [skip ci] Update status, date before merge. Clarify content is still backwards compatible.
02ba255bb [skip ci] Add missing link to oscal-content per review feedback.
c048d293e [skip ci] Add ADR-0008 for usnistgov/oscal-content#116.
b8633b538 Implementation Agnostic Testing (#1946)
0294ee8d7 Integrate PR feedback and merge updated enum value.
441f6e528 Added hybrid cloud
8cac71b7f Make schema paths react to directory restructuring
5b7cf8e2e Bug fix for selected children of unselected parent
f9415874e Fix expected content of resolving merge-keep_profile.xml
ef2a78933 Bump build/metaschema-xslt from `034e92b` to `bd4359a`
5d17717be Bump actions/checkout from 4.0.0 to 4.1.0
4ff2c922c Updated link for profile resolution
6787fced7 Bump actions/checkout from 3.6.0 to 4.0.0
95f2e89f1 Add transferred issue status
65bc5ea7a Update automation to centralized triage board
90679e6c2 Ignore xmllint man docs on man page mirror for #1926.
f159b2894 Add transferred issue status
52d81d6ee Update automation to centralized triage board
6d7efe0a1 Ignore xmllint man docs on man page mirror for #1926.
OSCAL 1.1.1 is a patch release with minor model improvements, documentation, and artifact release changes that are backwards compatible.
biblio
elements in back-matter/resources
.metadata/last-modified
.metadata:last-modified
(#1900)ac4bd7e
to 10f72aa
(#1886)information-type/*-impact
constraints (#1888)Note for NIST developers: the output below is from executing the following command against the release branch (main
) on a developer workstation: git log origin/main..origin/develop --pretty=oneline --abbrev-commit
.
10f72aa
to 034e92b
(#1902)metadata:last-modified
(#1900)ac4bd7e
to 10f72aa
(#1886)--quiet
to the resolver test mvn download (#1898)information-type/*-impact
constraints (#1888)1.1.0 will be a minor release with important backwards-compatible enhances and bug-fixes around SSP, POA&M, profile, and cross-model metadata. Many of these feature enhancements have been pending release for over 12 months with neutral or positive community support.
Key takeaways and full details are below.
with-parent-controls
from the profile model.group
attribute to propswith-parent-controls
feature from Profile Resolution spec and unit tests.Below is a list of every change that will be promoted from develop to a 1.1.0 release branch. The changes to models, docs, and code can be reviewed. All dependency changes from Dependabot and auto-committed website changes are excluded.
default-mode
to avoid apply-template
loop when the stylesheet is applied to a document. (#1804)$
in Linux build setup steps (#1779)<define-assembly name="impact">
(fix #1129) (#1171)oscal-version
(#1386)Full Changelog: https://github.com/usnistgov/OSCAL/compare/v1.0.5...v1.1.0
Full Changelog: https://github.com/usnistgov/OSCAL/compare/v1.0.5...v1.0.6
Full Changelog: https://github.com/usnistgov/OSCAL/compare/v1.0.4...v1.0.5
Note: This patch release fixes a defect in the JSON schemas released with OSCAL 1.0.3. Please use this release instead of the 1.0.3 release.
README.md
(PR #1261) @guyzylThis release corrects defects in the JSON schemas released with OSCAL 1.0.3. The previously released schemas did not contain the correct regular expressions required to properly constrain data based on the specific data type for a given field. As a result, under the old schemas some data might be allowed to be provided that is invalid. The new JSON schemas in this release correct this defect by restoring the proper regular expressions.
Full Changelog: https://github.com/usnistgov/OSCAL/compare/v1.0.3...v1.0.4
Note: This release contains defective JSON schemas that are missing required regular expressions. This has been corrected in the OSCAL 1.0.4 release. Please use the 1.0.4 release instead of this release.
assessment-common
metaschema only. (PR #1224) @guyzylmain
branch instead of master
branch. (PR #1225) @guyzylTo fix a number of data type related issues, the underlying type system used in the generated OSCAL XML and JSON schemas was replaced. This change resulted in different names for simple and complex types for data types in XML schemas and some adjustments in data type definitions in JSON schemas. This may cause some issues with schema binding approaches that generate code from the XML or JSON schemas. In such instances, you may need to further customize your binding configurations or make some code adjustments resulting from differently generated code.
Full Changelog: https://github.com/usnistgov/OSCAL/compare/v1.0.2...v1.0.3
The NIST Open Security Controls Assessment Language (OSCAL) team is pleased to announce the release of OSCAL 1.0.2. This patch release of OSCAL 1.0 provides bug fixes and documentation enhancements.
This release incorporates changes based on feedback from the OSCAL community. The NIST OSCAL team is very thankful for all of the great ideas and feedback we have received to date.
Looking forward, the NIST OSCAL team is excited to continue to work with the OSCAL community to enhance OSCAL through additional minor releases.
For additional information on the OSCAL project, please see the NIST’s Cybersecurity Insights blog: “The Foundation for Interoperable and Portable Security Automation is Revealed in NIST’s OSCAL Project” and the OSCAL website.
For documentation on the OSCAL models included in this release, please visit the v1.0.2 model reference.
The following changes were made in this patch release.
define-assembly
for include-all
with assembly ref
(PR #1144) @guyzyl, @david-waltermire-nistNEW CONTENT
, END NEW CONTENT
, and NEW
comment blocks from Metaschemas. (PR #1179) @guyzyl>
which shows in the built schemas (PRs #1133, #1147) @guyzylREADME.md
(PR #1181) @guyzyl.github/README.md
file to ABOUT.md
to fix the main index page in the GitHub repo (#1182) @guyzylThe following compatibility breaking change was made:
Full Changelog: https://github.com/usnistgov/OSCAL/compare/v1.0.1...v1.0.2
The NIST Open Security Controls Assessment Language (OSCAL) team is pleased to announce the release of OSCAL 1.0.1. This first patch release of OSCAL 1.0 provides bug fixes and documentation enhancements.
This release incorporates changes based on feedback from the OSCAL community. The NIST OSCAL team is very thankful for all of the great ideas and feedback we have received to date.
Looking forward, the NIST OSCAL team is excited to continue to work with the OSCAL community to enhance OSCAL through additional minor releases.
For additional information on the OSCAL project, please see the NIST’s Cybersecurity Insights blog: “The Foundation for Interoperable and Portable Security Automation is Revealed in NIST’s OSCAL Project” and the OSCAL website.
For documentation on the OSCAL models included in this release, please visit the v1.0.1 model reference.
The following changes were made in this patch release.
The following additional changes were made that affect the OSCAL website.
We deeply appreciate all the contributions made by these and other community members.
Full Changelog: https://github.com/usnistgov/OSCAL/compare/v1.0.0...v1.0.1
The NIST Open Security Controls Assessment Language (OSCAL) team is pleased to announce the release of OSCAL 1.0.0. This first official, major release of OSCAL provides a stable OSCAL 1.0.0 for wide-scale implementation. This release marks an important milestone for the OSCAL project and for the earlier adopters and implementers of security automation with OSCAL.
This release incorporates changes based on feedback from the OSCAL community. The NIST OSCAL team is very thankful for all of the great ideas and feedback we have received to date.
Looking forward, the NIST OSCAL team is excited to work with the OSCAL community to continue to enhance OSCAL through additional minor releases.
For additional information on the OSCAL project, please see the NIST’s Cybersecurity Insights blog: “The Foundation for Interoperable and Portable Security Automation is Revealed in NIST’s OSCAL Project” and the OSCAL website.