OSCAL icon indicating copy to clipboard operation
OSCAL copied to clipboard

Published 20 hours ago verified publisher icon usnistgov

Identifier Scoping and Uniqueness Documentation Review

Open Rene2mt opened this issue 3 years ago • 3 comments

This issue is for a comprehensive review of the changes made in PR#941to ensure documentation describes identifier uniqueness and scoping clearly and accurately. The (peer) review should include the following:

Concepts - Identifier User Page Peer Review (see added Identifier Use page )

  • [ ] Clear description of identifier types
  • [ ] Clear description of identifier description
  • [ ] Clear description of identifier scope (review tables)

Metaschemas to Peer Review: (see metaschema identifier description changes)

  • [x] Common
    • [x] Oscal_metadata_metaschema.xml
  • [x] Control Layer (#1331)
    • [x] Oscal_control-common_metaschema.xml
    • [x] Oscal_catalog_metaschema.xml
    • [x] Oscal_profile_metaschema.xml
  • [ ] Implementation Layer
    • [ ] Oscal_implementation-common_metaschema.xml
    • [ ] Oscal_component_metaschema.xml
    • [ ] Oscal_ssp_metaschema.xml
      • [x] #1062
  • [ ] Assessment Layer
    • [ ] Oscal_assessment-common_metaschema.xml
    • [ ] Oscal_assessment-plan_metaschema.xml
    • [ ] Oscal_assessment-results_metaschema.xml
    • [ ] Oscal_poam_metaschema.xml

Peer Review Checklist for each of the Metaschemas listed above:

  • [ ] Check all "Identifier Declarations" for the following:
    • [ ] Description is satisfactory (e.g., specific enough, grammatically correct, etc.)
    • [ ] Description clearly states if identifier is "machine-oriented" or "human oriented"
    • [ ] Description clearly states the uniqueness of the identifier (e.g. locally vs globally unique)
    • [ ] Description clearly states if the scope (e.g. instance vs cross-instance)
    • [ ] Description is clear in how to externally reference the identifier (e.g. if the OSCAL resource where the identifier is defined is imported into another OSCAL instance)
    • [ ] Description clearly states how revision to the containing OSCAL instance impact the identifier
  • [ ] Check all "Identifier References" for the following:
    • [ ] Description is satisfactory (e.g., specific enough, grammatically correct, etc.)
    • [ ] When applicable, indicates the source (local or imported document) of the identifier being referenced

Rene2mt avatar Dec 09 '21 16:12 Rene2mt

As follow-on work, we could normalize the description to be one or two sentences. The first sentence fragment might start with a verb that describes what the thing does. Such as "Describes what the thing does."

david-waltermire avatar Jul 22 '22 16:07 david-waltermire

Need to extract RMF constraints into an external constraints file.

david-waltermire avatar Jul 22 '22 16:07 david-waltermire

Worthy of mention: UUIDs are not case-sensitive, thus uniqueness and comparisons are not simple equalities.

GaryGapinski avatar Jul 25 '22 20:07 GaryGapinski

As an epic predating usnistgov/OSCAL#1688 board reorganization, I will want to label this as needs refinement for now until it can be broken down, rescoped, and or closed.

aj-stein-nist avatar Sep 27 '23 00:09 aj-stein-nist