Incorrect Interconnection Property Value in SSP Template

[brian-ruf]

Describe the bug

In the interconnection example content within the SSP, the Direction property (prop[@name='direction']) contains an invalid value. After this example was created, NIST made the decision to handle "incoming" and "outgoing" as two separate property entries, instead of a single entry indicating both directions.

Who is the bug affecting?

Anyone attempting to use the interconnections example in the SSP as a reference for how to properly express bi-direction communication.

What version of OSCAL are you using? (Check our info on supported OSCAL versions)

Latest (1.0.2)

What is affected by this bug?

Will not validate and/or process properly when tools mature enough to enforce NIST-defined OSCAL property constraints.

How do we replicate the issue?

1. Open the OSCAL SSP Template (XML, JSON)
2. Search for the interconnection example. It's the only component with //component[@type='interconnection']
3. Inspect the Direction property (//component[@type='interconnection']/prop[@name='direction'])
4. Observe the value incoming-outgoing.

Per the NIST OSCAL SSP documentation on components, the only valid values for the Direction property are incoming and outgoing. The value incoming-outgoing is not a valid OSCAL value.

Expected behavior (i.e. solution)

In the file, /src/content/templates/ssp/xml/FedRAMP-SSP-OSCAL-Template.xml, replace the single line: <prop name="direction" value="incoming-outgoing"/>

with the following two lines:

<prop name="direction" value="incoming"/>
<prop name="direction" value="outgoing"/>

[brian-ruf]

I'll try to circle back to this when I'm on a machine where I am setup to clone, commit, and push.