Skip to content

NIST 800-171-R3 import validation errors for the catalog #2174

New issue
New issue
Open
#2177
Open
NIST 800-171-R3 import validation errors for the catalog#2174
#2177
@JasonRodriguez1474

Description

@JasonRodriguez1474
JasonRodriguez1474
opened on Mar 21, 2026

Describe the bug

When attempting to import the official NIST_SP800-171_rev3_catalog.json from https://github.com/usnistgov/oscal-content I was presented with the following error message.

trestle.core.commands.import_:95 ERROR: Error while importing OSCAL file: 8 validation errors for Catalog
groups -> 0 -> controls -> 7 -> params -> 3 -> label
  string does not match regex "^[^\n]+$" (type=value_error.str.regex; pattern=^[^\n]+$)
groups -> 0 -> controls -> 7 -> params -> 3 -> label
  string does not match regex "^[^\n]+$" (type=value_error.str.regex; pattern=^[^\n]+$)
groups -> 0 -> controls -> 9 -> params -> 1 -> label
  string does not match regex "^[^\n]+$" (type=value_error.str.regex; pattern=^[^\n]+$)
groups -> 0 -> controls -> 9 -> params -> 1 -> label
  string does not match regex "^[^\n]+$" (type=value_error.str.regex; pattern=^[^\n]+$)
groups -> 0 -> controls -> 7 -> params -> 3 -> label
  string does not match regex "^[^\n]+$" (type=value_error.str.regex; pattern=^[^\n]+$)
groups -> 0 -> controls -> 7 -> params -> 3 -> label
  string does not match regex "^[^\n]+$" (type=value_error.str.regex; pattern=^[^\n]+$)
groups -> 0 -> controls -> 9 -> params -> 1 -> label
  string does not match regex "^[^\n]+$" (type=value_error.str.regex; pattern=^[^\n]+$)
groups -> 0 -> controls -> 9 -> params -> 1 -> label
  string does not match regex "^[^\n]+$" (type=value_error.str.regex; pattern=^[^\n]+$)

To Reproduce

Steps to reproduce the behavior:

  1. Clone the oscal repo, https://github.com/usnistgov/oscal-content
  2. Attempt to import either the NIST_SP800-171_rev3_catalog.json or NIST_SP800-171_rev3_catalog-min.json
  • You should receive the error from above at this point in time

Expected behavior

I expected for the catalog to be imported.
However, the issue appears to be due to either the NIST catalog isn't meeting the specification, or trestle gets hung up on labels being empty fields such as

NIST Catalog snippet without changes

                "id": "A.03.01.08.ODP.04",
                "props": [
                  {
                    "name": "label",
                    "value": "A.03.01.08.ODP[04]"
                  }
                ],
                "label": "",
                "usage": "organization-defined time period",
                "guidelines": [
                  {
                    "prose": "the time period for an account or node to be locked is defined (if selected)."
                  }
                ]
              }
            ],

But I was able to resolve by simply giving these labels a value.

                "id": "A.03.01.08.ODP.04",
                "props": [
                  {
                    "name": "label",
                    "value": "A.03.01.08.ODP[04]"
                  }
                ],
                "label": "time period",
                "usage": "organization-defined time period",
                "guidelines": [
                  {
                    "prose": "the time period for an account or node to be locked is defined (if selected)."
                  }
                ]
              }
            ],

Screenshots / Logs.

Error message listed above, command used below.
trestle import -f ../oscal-content/nist.gov/SP800-171/rev3/json/NIST_SP800-171_rev3_catalog.json -o 800-171-r3

Environment

  • MacOS
  • Python version: 3.13
  • Installed packages: brand new venv, with just compliance-trestle

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    Trestle Roadmap

    Status

    New

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions