diff --git a/.github/workflows/periodic.yml b/.github/workflows/periodic.yml
index e7c0cf4053..e46c42c9dd 100644
--- a/.github/workflows/periodic.yml
+++ b/.github/workflows/periodic.yml
@@ -12,10 +12,10 @@ jobs:
# Needed to post comments and issues
issues: write
steps:
- - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
submodules: recursive
- - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
+ - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
with:
node-version-file: "build/.nvmrc"
cache: "npm"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7a13b3a845..2bfff9da07 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,7 +8,7 @@ jobs:
name: Package Release
runs-on: ubuntu-22.04
steps:
- - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
submodules: recursive
- uses: actions/setup-java@v5
diff --git a/.github/workflows/status.yml b/.github/workflows/status.yml
index 0a0dbf402a..303a4cc05a 100644
--- a/.github/workflows/status.yml
+++ b/.github/workflows/status.yml
@@ -18,14 +18,14 @@ jobs:
name: Status Checks
runs-on: ubuntu-22.04
steps:
- - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
submodules: recursive
- uses: actions/setup-java@v5
with:
distribution: "temurin"
java-version: "17"
- - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
+ - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
with:
node-version-file: "build/.nvmrc"
cache: "npm"
diff --git a/README.md b/README.md
index 43297eb42b..ca5a872c2a 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ NIST is developing the [Open Security Controls Assessment Language](https://csrc
With this effort, we are stressing the agile development of a set of *minimal* formats that are both generic enough to capture the breadth of data in scope (controls specifications), while also capable of ad-hoc tuning and extension to support peculiarities of both (industry or sector) standard and new control types.
-The [OSCAL website](https://www.nist.gov/oscal) provides an overview of the OSCAL project, including an XML and JSON [schema reference](https://pages.nist.gov/OSCAL/reference/), [examples](https://pages.nist.gov/OSCAL/concepts/examples/), and other resources.
+The [OSCAL website](https://www.nist.gov/oscal) provides an overview of the OSCAL project, including an XML and JSON [schema reference](https://pages.nist.gov/OSCAL/reference/), [examples](https://pages.nist.gov/OSCAL/resources/examples/), and other resources.
If you are interested in contributing to the development of OSCAL, refer to the [contributor guidance](https://github.com/usnistgov/OSCAL/blob/main/CONTRIBUTING.md) for more information.
diff --git a/build/package-lock.json b/build/package-lock.json
index 8361212c06..a9cd36ac85 100644
--- a/build/package-lock.json
+++ b/build/package-lock.json
@@ -470,22 +470,11 @@
"dev": true
},
"node_modules/fast-json-patch": {
- "version": "2.2.1",
- "resolved": "https://registry.npmjs.org/fast-json-patch/-/fast-json-patch-2.2.1.tgz",
- "integrity": "sha512-4j5uBaTnsYAV5ebkidvxiLUYOwjQ+JSFljeqfTxCrH9bDmlCQaOJFS84oDJ2rAXZq2yskmk3ORfoP9DCwqFNig==",
+ "version": "3.1.1",
+ "resolved": "https://registry.npmjs.org/fast-json-patch/-/fast-json-patch-3.1.1.tgz",
+ "integrity": "sha512-vf6IHUX2SBcA+5/+4883dsIjpBTqmfBjmYiWK1savxQmFk4JfBMLa7ynTYOs1Rolp/T1betJxHiGD3g1Mn8lUQ==",
"dev": true,
- "dependencies": {
- "fast-deep-equal": "^2.0.1"
- },
- "engines": {
- "node": ">= 0.4.0"
- }
- },
- "node_modules/fast-json-patch/node_modules/fast-deep-equal": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz",
- "integrity": "sha512-bCK/2Z4zLidyB4ReuIsvALH6w31YfAQDmXMqMx6FyfHqvBxtjC0eRumeSu4Bs3XtXwpyIywtSTrVT99BxY1f9w==",
- "dev": true
+ "license": "MIT"
},
"node_modules/fs.realpath": {
"version": "1.0.0",
@@ -1221,7 +1210,7 @@
"dev": true,
"requires": {
"ajv": "^8.0.0",
- "fast-json-patch": "^2.0.0",
+ "fast-json-patch": "3.1.1",
"glob": "^7.1.0",
"js-yaml": "^3.14.0",
"json-schema-migrate": "^2.0.0",
@@ -1476,21 +1465,10 @@
"dev": true
},
"fast-json-patch": {
- "version": "2.2.1",
- "resolved": "https://registry.npmjs.org/fast-json-patch/-/fast-json-patch-2.2.1.tgz",
- "integrity": "sha512-4j5uBaTnsYAV5ebkidvxiLUYOwjQ+JSFljeqfTxCrH9bDmlCQaOJFS84oDJ2rAXZq2yskmk3ORfoP9DCwqFNig==",
- "dev": true,
- "requires": {
- "fast-deep-equal": "^2.0.1"
- },
- "dependencies": {
- "fast-deep-equal": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz",
- "integrity": "sha512-bCK/2Z4zLidyB4ReuIsvALH6w31YfAQDmXMqMx6FyfHqvBxtjC0eRumeSu4Bs3XtXwpyIywtSTrVT99BxY1f9w==",
- "dev": true
- }
- }
+ "version": "3.1.1",
+ "resolved": "https://registry.npmjs.org/fast-json-patch/-/fast-json-patch-3.1.1.tgz",
+ "integrity": "sha512-vf6IHUX2SBcA+5/+4883dsIjpBTqmfBjmYiWK1savxQmFk4JfBMLa7ynTYOs1Rolp/T1betJxHiGD3g1Mn8lUQ==",
+ "dev": true
},
"fs.realpath": {
"version": "1.0.0",
diff --git a/build/package.json b/build/package.json
index 948d4af6f7..d4dce81c57 100644
--- a/build/package.json
+++ b/build/package.json
@@ -6,5 +6,8 @@
"ajv-cli": "^5.0.0",
"ajv-formats": "^3.0.1",
"markdown-link-check": "3.14.2"
+ },
+ "overrides": {
+ "fast-json-patch": "3.1.1"
}
}
\ No newline at end of file
diff --git a/build/pom.xml b/build/pom.xml
index c1daf5507d..25fc9ebfec 100644
--- a/build/pom.xml
+++ b/build/pom.xml
@@ -39,7 +39,7 @@
com.xmlcalabash
xmlcalabash
- 3.0.31
+ 3.0.42
@@ -48,7 +48,7 @@
org.apache.maven.plugins
maven-dependency-plugin
- 3.9.0
+ 3.10.0
copy-dependencies
diff --git a/src/metaschema/oscal_catalog_metaschema.xml b/src/metaschema/oscal_catalog_metaschema.xml
index 47aa67ca63..f877bb07be 100644
--- a/src/metaschema/oscal_catalog_metaschema.xml
+++ b/src/metaschema/oscal_catalog_metaschema.xml
@@ -340,7 +340,7 @@
+ target="part[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name=('assessment','assessment-method')]//part[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name">
**(deprecated)** Use
'assessment-objects' instead.
Provides a listing of assessment
@@ -350,17 +350,17 @@
+ target="part[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name=('assessment','assessment-method')]//prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name">
**(deprecated)** Use 'method' in the 'http://csrc.nist.gov/ns/rmf' namespace. The assessment method to use. This typically appears on parts with the name "assessment-method".
+ target="part[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name=('assessment','assessment-method')]//prop[has-oscal-namespace('http://csrc.nist.gov/ns/rmf')]/@name">
The assessment method to use. This typically appears on
parts with the name "assessment-method".
+ target="part[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name=('assessment','assessment-method')]//prop[has-oscal-namespace(('http://csrc.nist.gov/ns/oscal','http://csrc.nist.gov/ns/rmf')) and @name='method']/@value">
The process of holding discussions with individuals or groups of individuals within an organization to once again, facilitate assessor understanding, achieve clarification, or obtain evidence.
The process of reviewing, inspecting, observing, studying, or analyzing one or more assessment objects (i.e., specifications, mechanisms, or activities).
The process of exercising one or more assessment objects (i.e., activities or mechanisms) under specified conditions to compare actual with expected behavior.
diff --git a/src/metaschema/oscal_ssp_metaschema.xml b/src/metaschema/oscal_ssp_metaschema.xml
index 90068ca090..a130dc5ee5 100644
--- a/src/metaschema/oscal_ssp_metaschema.xml
+++ b/src/metaschema/oscal_ssp_metaschema.xml
@@ -618,12 +618,16 @@
-
+
+
-
@@ -729,7 +733,7 @@
-
+
diff --git a/src/specifications/profile-resolution/readme.md b/src/specifications/profile-resolution/readme.md
index 6e877e6c65..f05370f498 100644
--- a/src/specifications/profile-resolution/readme.md
+++ b/src/specifications/profile-resolution/readme.md
@@ -23,7 +23,7 @@ need a process for this - also Github Issues?
## Providing feedback on this specification
-The OSCAL team welcomes feedback on the work in progress in this subdirectory, whether it be questions, points for clarification, critiques or suggestions. A rendered version of the Profile Resolution specification maintained here [appears](https://pages.nist.gov/OSCAL/resources/concepts/processing/profile-resolution/) on the OSCAL web site.
+The OSCAL team welcomes feedback on the work in progress in this subdirectory, whether it be questions, points for clarification, critiques or suggestions. A rendered version of the Profile Resolution specification maintained here [appears](https://pages.nist.gov/OSCAL/learn/concepts/processing/profile-resolution/) on the OSCAL web site.
Please post Issues in Github or questions to the OSCAL mailing list, or ask about them on our [Gitter channel](https://gitter.im/usnistgov-OSCAL/Lobby). (See https://pages.nist.gov/OSCAL/contact/ for links.)