search

usnistgov / oscal-content

NIST SP 800-53 content and other OSCAL content examples
Other
301 stars 123 forks source link

Child-parent "required" links overlap with "related" links in 800-53 catalog IA-12(05) and IA-13(01)(02)(03) #227

Closed iMichaela closed 9 months ago

iMichaela commented 10 months ago

User Story:

The 800-53 catalog in OSCAL was enhanced in mid 2022 with <link rel="required" href="[parent control id]" /> in 713 places. The required link relation is followed by a <link rel="related" href="[parent control id]" /> for the same relation. If parsers are coded to update a setting because a child control could, in theory, override the value set by a parent control, would most mostlikely treat this sequence the same way and the required relation will be ignored. Since not both are needed, the most valuable one should prevail.

Goals:

In all cases fitting the description above and the example below, remove the related link relation.

<control class="SP800-53-enhancement" id="ia-12.5">
       [...]
        <link rel="required" href="#ia-12"/>
        <link rel="related" href="#ia-12"/>

NOTE: CPRT data shows IA-12(05) related to IA-12 . Could it be an error in the CPRT 800-53 v5.1.1?

<control class="SP800-53-enhancement" id="ia-13.1">
      [...]
      <link rel="required" href="#ia-13"/>
      <link rel="related" href="#ia-13"/>
<control class="SP800-53-enhancement" id="ia-13.2">
      [...]
      <link rel="required" href="#ia-13"/>
      <link rel="related" href="#ia-13"/>
<control class="SP800-53-enhancement" id="ia-13.3">
      [...]
      <link rel="required" href="#ia-13"/>
      <link rel="related" href="#ia-13"/>

Dependencies:

none

Acceptance Criteria

iMichaela commented 10 months ago

Based on the conversation with RMF team (Vicky) IA-12(05) is triggered by a typo in the original document and will have to stay as is to accurately represent the root of trust (CPRT Data). The IA-13(01)(02)(03) need to be corrected and the related links removed to accurately represent CPRT Data.

iMichaela commented 9 months ago

Addressed by #228