Skip to content

Add OSCAL Component Definitions as a release artifact #11628

New issue
New issue
Closed
Closed
Add OSCAL Component Definitions as a release artifact#11628
Labels
OSCALPRs and Issues releated to OSCALenhancementGeneral enhancements to the project.triaged
@jpower432

Description

@jpower432
jpower432
opened on Feb 27, 2024

Share the context

Utilities were added to the content repository to create OSCAL Component definitions from the compliance data stored in YAML.
This allows user/devs to create OSCAL Component Definitions for products on an as-needed basis with the profiles and catalogs that exist in the trestle workspace under shared/references/oscal.

Description of problem:

In order to get component definitions from this repository, a user would have to clone the repository and create it through the utilities.

Problems with this:
  • Consistency: OSCAL Component Definition would have different UUID when generated from the same commit.
  • Ease of Use: Steps including setting up a development environment are required to generate a component definition
  • Traceability: It can be difficult to associated the Component Definition with a release or commit because they are regenerated with each run (related to Consistency)

Proposed change:

Choose products and available profile combinations to generate OSCAL component definitions and add it as a release artifact so can be easily imported into an SSP or workspace (e.g. trestle import).

References:

Related to #11106
A repository I created for demonstrate the transformation - https://github.com/jpower432/oscal-authoring-demo

Metadata

Metadata

Assignees

No one assigned

    Labels

    OSCALPRs and Issues releated to OSCALenhancementGeneral enhancements to the project.triaged

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions