This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Namespace

As indicated on the Extending OSCAL models page, Lula implements custom namespace props for enhancing the OSCAL experience with Assessment Automation and Automated Governance.

Current Support

1 - Framework

Component Definitions are built to be modular / re-usable components that can be applied against one-to-many systems. As such, it is expected that a single Component Definition can contain one-to-many Components with each Component containing one-to-many Control Implementations.

Each Control Implementation may reference a source to many disparate and connected or non-connected standards. As part of the Lula validate operation, the framework OSCAL prop exists for allowing a defined validation activity to include multiple Control Implementations into a single result for continued analysis.

Example

This use of this prop is defined in control-implementation[_].props in the following format:

props:
  - name: framework
    ns: https://docs.lula.dev/oscal/ns
    value: impact-level-x

This example would be for the specification of the “Impact Level X” collection of Control Implementations.

2 - Generation

The generation prop is an identifier for the purposes of tracking imperative reproducibility of a given artifact or subset of an artifact. In the example below, the lula generate component command annotates how a given control-implementation - and associated component were generated.

props:
  - name: generation
    ns: https://docs.lula.dev/oscal/ns
    value: lula generate component --catalog-source https://raw.githubusercontent.com/usnistgov/oscal-content/master/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json --component 'Component Title' --requirements ac-1,ac-3,ac-3.2,ac-4 --remarks assessment-objective

3 - Target

The target prop is a prop used by Lula to automate identification of a result back to a given Control Implementation source or a collection of multiple sources when the framework prop is set.

This is used by Lula to allow for lula validate and lula evaluate operations to target a specific standard or collection of standards.

Example

This prop can be identified when reviewing Assessment Results artifacts for each result[_].props as follows:

props:
  - name: target
    ns: https://docs.lula.dev/oscal/ns
    value:  https://raw.githubusercontent.com/usnistgov/oscal-content/main/nist.gov/SP800-53/rev5/yaml/NIST_SP-800-53_rev5_HIGH-baseline-resolved-profile_catalog.yaml

4 - Threshold

The Assessment Results OSCAL model supports the storage of many Result objects pertaining to the assessment of a component/system.

Each of these Results may establish a level of Compliance that indicates how compliant a component/system was at any point in time (typically during assessment). Lula leverages the Assessment Results model to store results of each validate operation while maintaining a threshold indicating when a component/system was most compliant.

This field is automatically maintained as Lula processes the identification of a threshold and updating it as required when a component/system becomes more compliant that a previous threshold.

Example

After the initial validate operation - Lula will add a results[_].props entry to the result in the following format:

props:
  - name: threshold
    ns: https://docs.lula.dev/oscal/ns
    value: "false"

As indicated in the evaluate section, it is expected that lula evaluate be executed with an Assessment Results artifact containing more than one comparable result. In the event a single result exists, Lula will automatically add a threshold property to the result and set the value to true.

5 - Validation

The Assessment Results OSCAL model stores the observation list that relate to a specific finding (finding.related_observations). These findings are the control evaluations of the component/system, more detail can be found in Assessment Results. The observations are generated by Lula during the execution of a validate operation, which is underpinned by multiple executions of the Lula Validations.

To map these obserservations to the specific Lula Validation, the validation prop is used to identify the Lula Validation by unique identifier.

Example

After the validate operation where observation are generated in the assessment-results - Lula will add a observation.props entry to the result in the following format:

props:
  - name: validation
    ns: https://docs.lula.dev/oscal/ns
    value: "#8894c5cd-e27b-437e-a146-b6b4e9f2be78"

The value here is the Lula Validation’s UUID.