From 1ef642bb759372ed731eacd79e9eca63fa845ab7 Mon Sep 17 00:00:00 2001 From: Alexander Stein Date: Mon, 26 Sep 2022 12:57:31 -0400 Subject: [PATCH] Add actions assembly to encode an action (i.e. approval) and its role, party, and approval date. (#1052) (#1429) * Create actions assembly in OSCAL metadata model. * Address PR feedback to wrap up. https://github.com/usnistgov/OSCAL/pull/1052#pullrequestreview-1079613752 https://github.com/usnistgov/OSCAL/pull/1052#discussion_r950777018 Co-authored-by: Al S --- src/metaschema/oscal_metadata_metaschema.xml | 56 ++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/src/metaschema/oscal_metadata_metaschema.xml b/src/metaschema/oscal_metadata_metaschema.xml index 2ea0c03416..848123ac94 100644 --- a/src/metaschema/oscal_metadata_metaschema.xml +++ b/src/metaschema/oscal_metadata_metaschema.xml @@ -52,6 +52,9 @@ + + + @@ -759,6 +762,59 @@ + + + Action + An action applied by a role within a given party to the content. + + Action Universally Unique Identifier + A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + Action Occurrence Date + The date and time when the action occurred. + + + Action Type + The type of action documented by the assembly, such as an approval. + + + Action Type System + Specifies the action type system used. + +

Provides a means to segment the value space for the type, so that different organizations and individuals can assert control over the allowed action's type. This allows the semantics associated with a given type to be defined on an organization-by-organization basis.

+

An organization MUST use a URI that they have control over. e.g., a domain registered to the organization in a URI, a registered uniform resource names (URN) namespace.

+
+
+ + + + + + + + + + + + + + + + + + + + + This value identifies action types defined in the NIST OSCAL namespace. + + + An approval of a document instance's content. + A request from the responisble party or parties to change the content. + + +
+ Responsible Role A reference to one or more roles with responsibility for performing a function relative to the containing object.