Alexander Stein

@aj-stein-nist

Joined on Dec 7, 2021

  • oscal-cli 1.0.3 is a patch release with improvements and changes that are backwards compatible, specifically updating liboscal-java and metaschema-framework dependencies to make use of the OSCAL v1.1.2 models and the underlying use of the Metaschema Framework. This release also fixes a bug to properly reference embedded resource files in the release utility. Changes: Key Take-aways Key takeaways are below: OSCAL odel updates to v1.1.2 Correct local resource paths Details daf3ed3 Fix metaschema-java generated schema name and path for [#200](https://github.com/usnistgov/oscal-cli/issues
     Like  Bookmark
  • liboscal-java 3.0.3 is a patch release with improvements and changes that are backwards compatible, specifically updating liboscal-java and metaschema-framework dependencies to make use of the OSCAL v1.1.2 models and dependency updates. Changes: Key Take-aways Key takeaways are below: OSCAL model updates from v1.1.1 to v1.1.2 Dependency updates Details e659797 Update OSCAL models to v1.1.2 for [#234]
     Like  Bookmark
  • Segments Why Metaschema and the CLI? Download and install. Write a model in a module. Review key concepts for CLI use. Validate the module. Generate schemas. Validate document instance. Iterate, rinse, repeat.
     Like  Bookmark
  • Background Organization We propose in this draft document a non-exhaustive list of value streams. A value stream is a thematic collection of work items, varying in scope of work by quantity or quality (large epics to small issues), but still related to the same theme in that work. There are different kinds of work items, with some nested-like epics with user stories within them. An epic nested with epics concept is counter-intuitive, so we will label each one as a value stream. For organizational purposes, we organize the value streams grouped by high-level use cases in OSCAL. This grouping may be beneficial to link the resulting value of work completed in a value stream to a downstream developer tasks of making OSCAL-enabled tooling. Value streams grouped by use case Define control requirements (catalogs) Control mapping and relations Add group IDs Customize control requirements (catalogs, profiles)
     Like  Bookmark
  • Cosmic-Nesting-Boxes-Look-from-the-outside-in-e1538020123683 ) Don't we like boxes? Encoding and decoding data across programs and systems is a "solved problem." Why should we still care? Context time Binary data Text data
     Like  Bookmark
  • oscal-cli 0.3.4 release will be a minor release with minor bug fixes and improvements. However, there are changes to how library imports work that are not backwards compatible. Key Take-aways for Ready Changes This release will also update the liboscal-java 2.0.0 dependency once released. Important high-level changes are listed below. Bug fixes for certain commands. Bug fixes in arguments handling. Include updates from latest liboscal-java 2.0.0 release Details for Ready Changes
     Like  Bookmark
  • Goal Let's finish groundwork for documentation, do code and infra work to support easier generation of supporting examples with that documentation. Sprint Details Sprint 78 is from 17-31 October 2023. Current board is here. The board is sorted in priority order. Although not directly related to the goal, the #1771 spike, specifically its PR with test code and an ADR with a proposed update on how to perform profile resolution and OSCAL processing testing in an implementation-agnostic way, is important for all the team devs to understand. At least two more team members should review and approve. The top half of the board will be to finalize planning on documentation and examples sprint (modulo how we set up the board in #1688 for #1910). The second half of the board is moving forward imporant support work or issues that will block this upcoming doc work, so it is important, but less so than the top half the team should focus on.
     Like  Bookmark
  • New Key Deliverables for Gaps CRM Mapping Rules and checks (metrics) (previous work, SP800-80). Policy representation within OSCAL Recording and publication of OSCAL 4th Conference (2023) Workshop material Ongoing Maintenance Priorities OSCAL documentationmodel documentation tutorials and examples
     Like  Bookmark
  • Goal First aid time: Make it easier for community to consume and contribute back. Continue improving user-focused documentation, build out docs and examples roadmap. Inventorying OSCAL value streams in #1910 this sprint is a key goal to move tutorials/example work forward in the next sprint. Sprint Details Sprint 77 is from 2-13 October 2023. Current board is here. Leave or other priorities NOTE: October 9 is a federal holiday. A.J.: Working on OSCAL but have a few day-long trainings this sprint (Tuesday October 3rd and more to follow)
     Like  Bookmark
  • oscal-cli 1.0.2 is a patch release with improvements and changes that are backwards compatible, specifically updating liboscal-java and metaschema-framework dependencies to make use of the OSCAL v1.1.1 models and the underlying use of the Metaschema Framework. Changes: Key Take-aways Key takeaways are below: 13f4bf15 Update metaschema-framework and liboscal-java for v1.1.1 support. Details 13f4bf15 Update metaschema-framework and liboscal-java for v1.1.1 support.
     Like  Bookmark
  • Goal First aid time: start improving user-focused documentation, build out docs and examples roadmap. Still need to finish carry over work from last sprint. Sprint Details Sprint 76 is from 14-28 September 2023. Current board is here. Leave or other priorities A.J.: Primarily focused on OSCAL, no planned leave. Arminta: Sept 25 school closure (follow up later); Sept 28 - 2 hrs of AL Chris: Out Thurs/Fri next week. (Still presenting DEFINE)
     Like  Bookmark
  • liboscal-java 3.0.2 is a patch release with improvements and changes that are backwards compatible, specifically updating the library to the v1.1.1 release of OSCAL models and a bug fix of metaschema-java generation of XML schemas. Changes: Key Take-aways Key takeaways are below: Update embedded OSCAL models to v1.1.1 release. Update metaschema-java module to correct missing type information in generated XML schemas used for OSCAL document validation. Details a326055 Update XML schema type gen for usnistgov/liboscal-java#181. (#182)
     Like  Bookmark
  • OSCAL 1.1.1 is a patch release with minor model improvements, documentation, and artifact release changes that are backwards compatible. Changes: Key Take-aways Models Allow non-FISMA/RMF use cases for SSP information type impact levels. Remove obsolete model documentation for biblio elements in back-matter/resources. Profile Resolution and Process Specs Change spec for more practical definition of metadata/last-modified.
     Like  Bookmark
  • Participation Attending Organizations High Quality High Speed [HQHS] (the Standards Development Organization) Office of Convenience and Growth [OGC] (Government Agency) Wings on Wheels [WOW] (Manufacturer) Office of Risk Aversion [OGA] (Government Agency) Attendees Alexander Stein (HQHS, Chair) Ned Goren (HQHS, Secretary)
     Like  Bookmark
  • Welcome to the Open Security Controls Assessment Language (OSCAL) Blog, open to NIST team and to our community members! If you work closely with us, you might have noticed we our hard work on the OSCAL project's deep cleaning at the same time as our v1.1.0 release. As the project has evolved, we needed to do a deep cleaning and get better organized. Since, this decision would impact our team and the community, we discussed the change in our DEFINE and Model Engineering meetings, solicited feedback, and published a decision record describing our rationale and reorganization plan. If you want an up-to-date detailed description of OSCAL artifacts and what code repositories they come from, please take a moment and review the OSCAL Project's structure on our website. The NIST OSCAL Team will author future blog posts when important topics come up, but that is not only for us to decide. If you have an OSCAL topic you would like to read about or you want to guest-author a blog, you can email the NIST OSCAL team your proposal. The team will work with you to publish your post.
     Like  Bookmark
  • Goal First aid time: start improving user-focused documentation, build out docs and examples roadmap. Wrap up important work from last sprint. Let's not drag things on. Sprint Details Sprint 75 is from 29 August 2023 to 11 September 2023. Current board is here. Leave or other priorities [ALL]: Labor Day off (Federal Holiday) A.J.: Out for 1.5 days for travel and personal leave, 75% allocation on those days, has non-OSCAL work to attend to as well. Nikita: Our for 1 day for a personal conference. Has non-OSCAL work. 75% allocation on remaining days.
     Like  Bookmark
  • 1.1.1 will be a patch release with small, but useful, backwards-compatible enhancements, bug, fixes and documentation fixes. Key takeaways and full details are below. Changes: Key Takeaways Models Profile Resolution and Processing Specs Other Details Below is a list of every change that will be promoted from develop to a 1.1.0 release branch. The changes to models, docs, and code can be reviewed. All dependency changes from Dependabot and auto-committed website changes are excluded.
     Like  Bookmark
  • Hello, Greetings from the NIST OSCAL Team. The team will host our bi-weekly OSCAL Model Engineering Meeting on August 24, 2023, from 10:00-11:00 AM ET. Meeting invitation details are on our public website. Below is the tentative agenda. Review Meeting Ground Rules OSCAL Status Summary Review current active issues Review new issues
     Like  Bookmark
  • The problem ...We work for stakeholders who managed a database of books They have requirements What even is a pipeline? A pipeline is a program is focused on composition: programs that take inputs from the outputs of other programs, or even other pipelines. XProc is a XML pipelining technology. XProc has two predominant implementations:XML Calabash is for XProc 1.0 MorganaXProc-IIIse is for XProc 3.0
     Like  Bookmark
  • oscal-cli 1.0.1 will be a patch release with improvements and changes that are backwards compatible, specifically updating dependencies to fix issues with resources needed for schema-based validation commands. Changes: Key Take-aways Key takeaways are below: Fixes for schema-based validation commands. Details d48958a Update metaschema-java from 0.12.0 to 0.12.1 (#174) 96f10e7 Update resource paths to JSON and XML schemas (#177)
     Like  Bookmark