search

GSA / fedramp-automation

FedRAMP Automation
https://www.fedramp.gov/using-the-fedramp-oscal-resources-and-templates/
Other
290 stars 88 forks source link

FedRAMP Profiles Uses Vendored Media Types Not Conformant with OSCAL & IANA Media Type Specification #232

Closed aj-stein-nist closed 8 months ago

aj-stein-nist commented 2 years ago

Describe the bug

Per usnistgov/OSCAL#1255, the media types are not used in profiles and other example content with a vendored type format are not conformant with OSCAL guidance or the linked IANA specification strongly recommended for OSCAL usage. application/oscal.modelname+dataformat is invalid, while application/oscal+dataformat is acceptable.

Who is the bug affecting?

OSCAL tool developers

What version of OSCAL are you using? (Check our info on supported OSCAL versions)

v1.0.0 to v1.0.4 inclusive

What is affected by this bug?

Processing of OSCAL content with back-matter resources that have media-types defined for their links.

When does this occur?

Consistently.

How do we replicate the issue?

  1. Review media-type usage in current FedRAMP profiles and how they define media-types, such as this link or another link

Expected behavior (i.e. solution)

These are modified to be application/oscal+json and application/oscal+yaml respectively.

Other Comments

N/A

aj-stein-nist commented 2 years ago

/cc @volpet2014 and @Rene2mt, as this came up in model updates meeting (tracked in usnistgov/OSCAL#1066) and I took an action item to relay it back to FedRAMP, potentially assisting them with correcting this minor bug.