Skip to content

Commit

Permalink
Updated release text.
Browse files Browse the repository at this point in the history
  • Loading branch information
@david-waltermire
david-waltermire committed Jun 7, 2021
1 parent a8d6a0a commit 5a65bd8
Show file tree
Hide file tree
Showing 6 changed files with 34 additions and 1,113 deletions.
46 changes: 14 additions & 32 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,50 +12,32 @@ If you are interested in contributing to the development of OSCAL, refer to the

## Project Status

OSCAL 1.0.0 Release Candidate 2 was released on April 12, 2021. The full announcement can be found below:
OSCAL 1.0.0 was released on June 7, 2021. The full announcement can be found below:

<blockquote>
We are pleased to announce the publication of OSCAL 1.0.0 Release Candidate (RC) 2. This is the second full draft release of OSCAL 1.0.0 which is made available for public review and feedback before releasing the final OSCAL 1.0.0.

Please provide feedback by May 7, 2021 by emailing the NIST OSCAL team at [[email protected]](mailto:[email protected]) or by [creating an issue](https://github.com/usnistgov/OSCAL/issues) on our GitHub repository.

The [OSCAL 1.0.0 RC 2](https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-rc2) includes:

- Updated stable versions of [catalog](https://pages.nist.gov/OSCAL/documentation/schema/catalog-layer/catalog/) and [profile](https://pages.nist.gov/OSCAL/documentation/schema/profile-layer/profile/) models which provide a structured representation of control catalogs and baselines or overlays.
- Updated stable version of the [system security plan](https://pages.nist.gov/OSCAL/documentation/schema/implementation-layer/ssp/) model which provides a structured representations of a system's control-based implementation.
- Updated stable version of the [component definition](https://pages.nist.gov/OSCAL/documentation/schema/implementation-layer/component/) model which provides a stand-alone structured representation of the controls that are supported in a given implementation of a hardware, software, service, policy, process, procedure, or compliance artifact (e.g., FIPS 140-2 validation).
- Updated stable versions of the [assessment plan](https://pages.nist.gov/OSCAL/documentation/schema/assessment-layer/assessment-plan/), [assessment results](https://pages.nist.gov/OSCAL/documentation/schema/assessment-results-layer/assessment-results/), [plan of action and milestones](https://pages.nist.gov/OSCAL/documentation/schema/assessment-results-layer/poam/) (POA&amp;M) models, which support the structured representation of information used for planning for and documenting the results of an information system assessment or continuous monitoring activity.
- Updated tools to convert between OSCAL [XML](https://github.com/usnistgov/OSCAL/tree/master/xml) and [JSON](https://github.com/usnistgov/OSCAL/tree/master/json) formats, and to [up convert](https://github.com/usnistgov/OSCAL/tree/master/src/release/content-upgrade) content from previous releases to RC2.

Changes in this release are focused on the following major areas:
- Simplification of key OSCAL features
- Properties and annotations have been merged into a single `prop` that now allows an optional `remarks` and `uuid`.
- In the assessment plan and assessment results models, the concepts of a `task` and `action` have been combined.
- Use of `local-definitions` in the assessment plan, assessment results, and POA&M models has been simplified and made more consistent.
- Model documentation improvements
- Some usage descriptions were enhanced to provide more detail and to be more consistent overall.
- Formal names were updated in some places where the names did not match the data element.
- Many spelling errors were corrected.
- Removed the use of XML `<any>` and JSON `additonalProperties` for arbitrary extensions based on community discussion. Extended data can still be provided using `link` declarations to external content. This decision can be revisited in future revisions once there is more implementation experience with the OSCAL models.
- Added the following `link` relations: `latest-version`, `predecessor-version`, and `successor-version` to allow an OSCAL document to link to latest, previous, and next document revisions.
- Fixed a few bugs in the profile resolver code and updated the resolver to work with new profile import/insert structures.
- Provided support for data insertion points for data other than parameters in markup content.

There are also [release notes](https://github.com/usnistgov/OSCAL/blob/master/src/release/release-notes.txt) containing a summary of changes in this and previous releases.
The NIST Open Security Controls Assessment Language (OSCAL) team is pleased to announce the release of OSCAL 1.0.0. This first official, major release of OSCAL provides a stable OSCAL 1.0.0 for wide-scale implementation. This release marks an important milestone for the OSCAL project and for the earlier adopters and implementers of security automation with OSCAL.

This release [incorporates changes](/reference/release-notes/#oscal-100-release) based on feedback from the OSCAL community. The NIST OSCAL team is very thankful for all of the great ideas and feedback we have received to date.

Looking forward, the NIST OSCAL team is excited to work with the [OSCAL community](/contribute/) to continue to enhance OSCAL through [additional minor releases](#beyond-the-oscal-100-full-release).

For additional information on the OSCAL project, please see the NIST’s Cybersecurity Insights blog: [*“The Foundation for Interoperable and Portable Security Automation is Revealed in NIST’s OSCAL Project”*](https://www.nist.gov/blogs/cybersecurity-insights/foundation-interoperable-and-portable-security-automation-revealed) and the [OSCAL website](/).

Please direct any feedback on this release by emailing the NIST OSCAL team at [[email protected]](mailto:[email protected]) or by [creating an issue](https://github.com/usnistgov/OSCAL/issues) on our GitHub repository.

There are also [release notes](https://pages.nist.gov/OSCAL/reference/release-notes/#oscal-100-release) containing a summary of changes in this and previous releases.

These changes were made based on all the excellent feedback we received from the OSCAL community. The NIST OSCAL team is very thankful for all of the great feedback we have received.

The NIST team is also maintaining **OSCAL content** that is updated to the latest OSCAL 1.0.0 RC2. The [OSCAL content repository](https://github.com/usnistgov/oscal-content/) provides OSCAL examples, in addition to:
The NIST team is also maintaining **OSCAL content** that is updated to the latest OSCAL revision. The [OSCAL content repository](https://github.com/usnistgov/oscal-content/) provides OSCAL examples, in addition to:

- The [NIST SP 800-53 revision 5 catalog](https://github.com/usnistgov/oscal-content/tree/master/nist.gov/SP800-53/rev5) and the security and privacy [NIST SP 800-53B baselines](https://github.com/usnistgov/oscal-content/tree/master/nist.gov/SP800-53/rev5).
- The [NIST SP 800-53 revision 4 catalog](https://github.com/usnistgov/oscal-content/tree/master/nist.gov/SP800-53/rev4) and the [three NIST SP 800-53 revision 4 baselines](https://github.com/usnistgov/oscal-content/tree/master/nist.gov/SP800-53/rev4).
- The [FedRAMP SP 800-53 revision 4 baselines](https://github.com/usnistgov/oscal-content/tree/master/fedramp.gov). Please note, these baselines are also available on [GSA/fedramp-automation](https://github.com/GSA/fedramp-automation/tree/master/baselines) repository.

All of this OSCAL content is provided in XML, JSON and YAML formats.

The OSCAL team is working diligently to release OSCAL 1.0.0 FINAL near June 1, 2021, with the caveat that the date might change depending on the feedback we receive. To this end, we appreciate any feedback you have on the OSCAL 1.0.0 RC2 models. We would like to kindly ask our community to focus on providing any other RC2-related comments in the next two weeks, so we can stay on schedule. Reviewing your comments is instrumental for our team to make the OSCAL 1.0.0 FINAL release as robust as is feasible, and to address any gaps that might cause backwards compatibilities between future OSCAL minor releases (e.g., 1.1.0, 1.2.0) and OSCAL 1.0.0.

We will continue the development of OSCAL focusing our full attention on providing a more complete set of documentation for all the OSCAL layers and models, creating more examples, and providing a diverse set of tutorials.
The NIST team will continue the development in collaboration with the OSCAL community. Future efforts will include providing a more complete set of documentation for all the OSCAL layers and models, creating more examples, and providing a diverse set of tutorials.

NIST is also seeking tool developers, vendors, and service providers that would like to implement the OSCAL 1.0.0 models in commercial and open-source offerings. To provide feedback, to ask questions, or to let us know about an OSCAL implementation you are working on, please email the NIST OSCAL team at [[email protected]](mailto:[email protected]). You can also post publicly to the OSCAL development list: [[email protected]](mailto:[email protected]) or [create an issue](https://github.com/usnistgov/OSCAL/issues) on our GitHub repository.

Expand Down
2 changes: 1 addition & 1 deletion build/metaschema
Submodule metaschema updated 1 files
+1 −1 test-suite/oscal/v1.0Milestone3/oscal_implementation-common_metaschema.xml
2 changes: 2 additions & 0 deletions docs/content/about/news.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ toc:
enabled: true
---

- [OSCAL 1.0.0 Full Release](https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0) - June 7, 2021
- [The Foundation for Interoperable and Portable Security Automation is Revealed in NIST’s OSCAL Project](https://www.nist.gov/blogs/cybersecurity-insights/foundation-interoperable-and-portable-security-automation-revealed) - May 19, 2021
- [OSCAL 1.0.0 Release Candidate 2 (RC2) Released](https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-rc2) - April 12, 2021
- [OSCAL 1.0.0 Release Candidate 1 (RC1) Released](https://pages.nist.gov/OSCAL/contribute/roadmap/#oscal-100-release-candidate-1) - December 21, 2020
- [NIST ready to test approach to make FedRAMP faster, less burdensome](https://federalnewsnetwork.com/ask-the-cio/2020/10/nist-ready-to-test-approach-to-make-fedramp-faster-less-burdensome/) - October 8, 2020
Expand Down
18 changes: 9 additions & 9 deletions docs/content/contribute/roadmap.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,28 +20,28 @@ Each [milestone](https://github.com/usnistgov/OSCAL/milestones) will result in a

The first major version of OSCAL, OSCAL v1, will be developed over a series of milestone releases, culminating in a a [full release](#oscal-100-full-release) of OSCAL v1.

OSCAL release history:
OSCAL release history, in reverse chronological order:

- [OSCAL 1.0.0 Milestone 1](/contribute/roadmap/#oscal-100-milestone-1) - June 15, 2019
- [OSCAL 1.0.0 Milestone 2](/contribute/roadmap/#oscal-100-milestone-2) - October 1, 2019
- [OSCAL 1.0.0 Milestone 3](/contribute/roadmap/#oscal-100-milestone-3) - June 3, 2020
- [OSCAL 1.0.0 Release Candidate 1](/contribute/roadmap/#oscal-100-release-candidate-1) - December 21, 2020
- [OSCAL 1.0.0 Full Release](/contribute/roadmap/#oscal-100-full-release) - June 7, 2021
- [OSCAL 1.0.0 Release Candidate 2](/contribute/roadmap/#oscal-100-release-candidate-2) - April 12, 2021
- [OSCAL 1.0.0 Full Release](/contribute/roadmap/#oscal-100-full-release) - TBD
- [OSCAL 1.0.0 Release Candidate 1](/contribute/roadmap/#oscal-100-release-candidate-1) - December 21, 2020
- [OSCAL 1.0.0 Milestone 3](/contribute/roadmap/#oscal-100-milestone-3) - June 3, 2020
- [OSCAL 1.0.0 Milestone 2](/contribute/roadmap/#oscal-100-milestone-2) - October 1, 2019
- [OSCAL 1.0.0 Milestone 1](/contribute/roadmap/#oscal-100-milestone-1) - June 15, 2019

These releases are listed below in reverse chronological order.

### OSCAL 1.0.0 Full Release

{{<usa-tag>}}Development Milestone{{</usa-tag>}} OSCAL 1.0.0 [Full Release](https://github.com/usnistgov/OSCAL/milestone/4)

{{<usa-tag>}}Status{{</usa-tag>}} Planned
{{<usa-tag>}}Status{{</usa-tag>}} [Released](https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0) (June 7, 2021)

{{<usa-tag>}}Focus{{</usa-tag>}} Publish an OSCAL 1.0.0 Specification
{{<usa-tag>}}Focus{{</usa-tag>}} Provide a stable OSCAL 1.0.0 for wide-scale implementation.

{{<usa-tag>}}Release Notes{{</usa-tag>}} [OSCAL 1.0.0 Release Notes](/reference/release-notes/#oscal-100-release)

The NIST Open Security Controls Assessment Language (OSCAL) team is pleased to announce the release of OSCAL 1.0.0. As the first official, major release of OSCAL, this release marks an important milestone for the OSCAL project and for the earlier adopters and implementers of security automation with OSCAL.
The NIST Open Security Controls Assessment Language (OSCAL) team is pleased to announce the release of OSCAL 1.0.0. This first official, major release of OSCAL provides a stable OSCAL 1.0.0 for wide-scale implementation. This release marks an important milestone for the OSCAL project and for the earlier adopters and implementers of security automation with OSCAL.

This release [incorporates changes](/reference/release-notes/#oscal-100-release) based on feedback from the OSCAL community. The NIST OSCAL team is very thankful for all of the great ideas and feedback we have received to date.

Expand Down
11 changes: 6 additions & 5 deletions docs/content/downloads/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,14 @@ Official releases of the OSCAL Project are available on the project's [GitHub re

## OSCAL Releases

The following OSCAL releases have been published.
The following OSCAL releases have been published, listed in reverse chronological order.

- [OSCAL 1.0.0 Milestone 1](https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-milestone1): First development milestone of OSCAL. Stable releases of the OSCAL Catalog and Profile layers, including XML and JSON schema, content examples, and content converters.
- [OSCAL 1.0.0 Milestone 2](https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-milestone2): Second development milestone of OSCAL. Stable releases of the OSCAL Catalog, Profile, and System Security Plan models, including XML and JSON schema, content examples, and content converters.
- [OSCAL 1.0.0 Milestone 3](https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-milestone3): Third development milestone of OSCAL. Stable releases of the OSCAL Catalog, Profile, System Security Plan, assessment plan, assessment results, and POA&M models, including XML and JSON schema, content examples, and content converters.
- [OSCAL 1.0.0 Release Candidate (RC) 1](https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-rc1): First public draft of OSCAL 1.0.0. Contains stable releases of the OSCAL Catalog, Profile, System Security Plan, assessment plan, assessment results, and POA&M models, including XML and JSON schema, content examples, and content converters.
- [OSCAL 1.0.0 Final Release](https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0): First official, major release of OSCAL providing a stable OSCAL 1.0.0 for wide-scale implementation. This release marks an important milestone for the OSCAL project and for the earlier adopters and implementers of security automation with OSCAL.
- [OSCAL 1.0.0 Release Candidate (RC) 2](https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-rc2): Final public draft of OSCAL 1.0.0. Contains stable releases of the OSCAL Catalog, Profile, System Security Plan, assessment plan, assessment results, and POA&M models, including XML and JSON schema, content examples, and content converters.
- [OSCAL 1.0.0 Release Candidate (RC) 1](https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-rc1): First public draft of OSCAL 1.0.0. Contains stable releases of the OSCAL Catalog, Profile, System Security Plan, assessment plan, assessment results, and POA&M models, including XML and JSON schema, content examples, and content converters.
- [OSCAL 1.0.0 Milestone 3](https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-milestone3): Third development milestone of OSCAL. Stable releases of the OSCAL Catalog, Profile, System Security Plan, assessment plan, assessment results, and POA&M models, including XML and JSON schema, content examples, and content converters.
- [OSCAL 1.0.0 Milestone 2](https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-milestone2): Second development milestone of OSCAL. Stable releases of the OSCAL Catalog, Profile, and System Security Plan models, including XML and JSON schema, content examples, and content converters.
- [OSCAL 1.0.0 Milestone 1](https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-milestone1): First development milestone of OSCAL. Stable releases of the OSCAL Catalog and Profile layers, including XML and JSON schema, content examples, and content converters.

You can also get the [latest development version](https://github.com/usnistgov/OSCAL/) [ZIP](https://github.com/usnistgov/OSCAL/archive/develop.zip).

Expand Down
Loading

0 comments on commit 5a65bd8

Please sign in to comment.