Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolved profile catalogs are missing props #563

Open
1 of 12 tasks
Rene2mt opened this issue Feb 23, 2024 · 1 comment · May be fixed by #591
Open
1 of 12 tasks

Resolved profile catalogs are missing props #563

Rene2mt opened this issue Feb 23, 2024 · 1 comment · May be fixed by #591
Assignees
@Rene2mt
Labels
blocked bug Something isn't working Scope: OSCAL Baselines

Comments

@Rene2mt
Copy link
Member

Rene2mt commented Feb 23, 2024

This relates to ...

  • the FedRAMP OSCAL Registry
  • the FedRAMP OSCAL baselines
  • the Guide to OSCAL-based FedRAMP Content
  • the Guide to OSCAL-based FedRAMP System Security Plans (SSP)
  • the Guide to OSCAL-based FedRAMP Security Assessment Plans (SAP)
  • the Guide to OSCAL-based FedRAMP Security Assessment Results (SAR)
  • the Guide to OSCAL-based FedRAMP Plan of Action and Milestones (POA&M)
  • the FedRAMP SSP OSCAL Template (JSON or XML Format)
  • the FedRAMP SAP OSCAL Template (JSON or XML Format)
  • the FedRAMP SAR OSCAL Template (JSON or XML Format)
  • the FedRAMP POA&M OSCAL Template (JSON or XML Format)
  • the FedRAMP OSCAL Validations

What happened?

The FedRAMP rev 5 resolved profile catalogs parameters are missing the "aggregate" props. The props are in the source catalog but were likely omitted during profile resolution.

Relevant log output

No response

How do we replicate this issue?

Compare FedRAMP baseline to source catalog. For example,

         <param id="ac-1_prm_1">
            <label>organization-defined personnel or roles</label>
         </param>

whereas the source catalog has

         <param id="ac-1_prm_1">
            <prop name="aggregates"
                   ns="http://csrc.nist.gov/ns/rmf"
                   value="ac-01_odp.01"/>
            <prop name="aggregates"
                   ns="http://csrc.nist.gov/ns/rmf"
                   value="ac-01_odp.02"/>
            <label>organization-defined personnel or roles</label>
         </param>

Where, exactly?

For the high baseline:

  • ac-1_prm_1
  • ac-6.1_prm_2
  • ac-17.4_prm_1
  • at-1_prm_1
  • at-2_prm_1
  • at-2_prm_2
  • at-3_prm_1
  • au-1_prm_1
  • au-2_prm_2
  • ca-1_prm_1
  • ca-7_prm_4
  • ca-7_prm_5
  • cm-1_prm_1
  • cm-3.4_prm_1
  • cm-6.1_prm_2
  • cm-7_prm_2
  • cm-7.1_prm_2
  • cm-8.2_prm_1
  • cm-8.3_prm_1
  • cp-1_prm_1
  • cp-2_prm_1
  • cp-2_prm_2
  • cp-2_prm_4
  • cp-4_prm_2
  • cp-8.4_prm_1
  • cp-9.1_prm_1
  • cp-9.5_prm_1
  • cp-10_prm_1
  • ia-1_prm_1
  • ir-1_prm_1
  • ir-5.1_prm_1
  • ir-8_prm_5
  • ma-1_prm_1
  • ma-2.2_prm_1
  • mp-1_prm_1
  • mp-2_prm_1
  • mp-2_prm_2
  • mp-4_prm_1
  • mp-4_prm_2
  • mp-5_prm_2
  • mp-6_prm_1
  • mp-6_prm_2
  • mp-6.2_prm_1
  • pe-1_prm_1
  • pe-3_prm_9
  • pe-8.1_prm_1
  • pe-16_prm_1
  • pl-1_prm_1
  • ps-1_prm_1
  • ps-3_prm_1
  • ra-1_prm_1
  • ra-5_prm_1
  • sa-1_prm_1
  • sa-8_prm_1
  • sa-15_prm_2
  • sa-15.3_prm_2
  • sc-1_prm_1
  • si-1_prm_1
  • si-4.4_prm_1
  • si-4.4_prm_2
  • si-6_prm_1
  • si-7_prm_1
  • si-7_prm_2
  • si-7.1_prm_1
  • si-7.1_prm_2
  • si-7.1_prm_3
  • si-7.1_prm_4
  • sr-1_prm_1

Likely the same param for applicable controls in the moderate and low baselines.

Other relevant details

No response
@Rene2mt Rene2mt added the bug Something isn't working label Feb 23, 2024
@Rene2mt Rene2mt self-assigned this Mar 8, 2024
@Rene2mt Rene2mt linked a pull request May 10, 2024 that will close this issue
Open
7 tasks
@Rene2mt
Copy link
Member Author

Rene2mt commented May 16, 2024

This error is due to the profile resolver which is part of a submodule used by this repository's CI/CD pipeline see XSLT profile resolver v1.0.6. Upgrading the submodule from version 1.0.* to 1.1.* will will fix profile resolution (including missing labels on props) BUT will break the other FedRAMP CI/CD pipeline workflows.

This fix is blocked by issue #592.

As workaround:

  • OSCAL CLI approach - Use OSCAL CLI (v1.0.3 or newer) to resolve the FedRAMP profiles locally.
  • XSLT Profile Resolver approach - Alternatively, use the OSCAL XSLT profile resolver (v1.1.2 or newer).

@Rene2mt Rene2mt linked a pull request May 20, 2024 that will close this issue
Feature profiles hotfix issue 563 #591
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Rene2mt Rene2mt

Labels
blocked bug Something isn't working Scope: OSCAL Baselines
Projects
FedRAMP Automation
Status: 🏗 In progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feature profiles hotfix issue 563 Rene2mt/fedramp-automation
1 participant
@Rene2mt