As indicated on the Extending OSCAL models page, Lula implements custom namespace props for enhancing the OSCAL experience with Assessment Automation and Automated Governance.
This is the multi-page printable view of this section. Click here to print.
Namespace
- 1: Framework
- 2: Generation
- 3: Target
- 4: Threshold
1 - Framework
Component Definitions are built to be modular / re-usable components that can be applied against one-to-many systems. As such, it is expected that a single Component Definition can contain one-to-many Components with each Component containing one-to-many Control Implementations.
Each Control Implementation may reference a source to many disparate and connected or non-connected standards. As part of the Lula validate operation, the framework OSCAL prop exists for allowing a defined validation activity to include multiple Control Implementations into a single result for continued analysis.
Example
This use of this prop is defined in control-implementation[_].props in the following format:
props:
- name: framework
ns: https://docs.lula.dev/oscal/ns
value: impact-level-x
This example would be for the specification of the “Impact Level X” collection of Control Implementations.
2 - Generation
The generation prop is an identifier for the purposes of tracking imperative reproducibility of a given artifact or subset of an artifact. In the example below, the lula generate component command annotates how a given control-implementation - and associated component were generated.
props:
- name: generation
ns: https://docs.lula.dev/oscal/ns
value: lula generate component --catalog-source https://raw.githubusercontent.com/usnistgov/oscal-content/master/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json --component 'Component Title' --requirements ac-1,ac-3,ac-3.2,ac-4 --remarks assessment-objective
3 - Target
The target prop is a prop used by Lula to automate identification of a result back to a given Control Implementation source or a collection of multiple sources when the framework prop is set.
This is used by Lula to allow for lula validate and lula evaluate operations to target a specific standard or collection of standards.
Example
This prop can be identified when reviewing Assessment Results artifacts for each result[_].props as follows:
props:
- name: target
ns: https://docs.lula.dev/oscal/ns
value: https://raw.githubusercontent.com/usnistgov/oscal-content/main/nist.gov/SP800-53/rev5/yaml/NIST_SP-800-53_rev5_HIGH-baseline-resolved-profile_catalog.yaml
4 - Threshold
The Assessment Results OSCAL model supports the storage of many Result objects pertaining to the assessment of a component/system.
Each of these Results may establish a level of Compliance that indicates how compliant a component/system was at any point in time (typically during assessment). Lula leverages the Assessment Results model to store results of each validate operation while maintaining a threshold indicating when a component/system was most compliant.
This field is automatically maintained as Lula processes the identification of a threshold and updating it as required when a component/system becomes more compliant that a previous threshold.
Example
After the initial validate operation - Lula will add a results[_].props entry to the result in the following format:
props:
- name: threshold
ns: https://docs.lula.dev/oscal/ns
value: "false"
As indicated in the evaluate section, it is expected that lula evaluate be executed with an Assessment Results artifact containing more than one comparable result. In the event a single result exists, Lula will automatically add a threshold property to the result and set the value to true.