diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..400c729
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,5 @@
+# To list all file extensions:
+# git ls-files | awk -F . {'print $NF'}|sort -u
+#
+# Set the default behavior, in case people don't have core.autocrlf set.
+* text=auto
diff --git a/pom.xml b/pom.xml
index 7b92afc..81ee4ff 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,14 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>gov.nist.secauto</groupId>
 		<artifactId>oss-parent</artifactId>
-		<version>27</version>
+		<version>28-SNAPSHOT</version>
 	</parent>
 	<groupId>gov.nist.secauto.oscal.tools.oscal-cli</groupId>
 	<artifactId>cli-core</artifactId>
-	<version>1.0.4-SNAPSHOT</version>
+	<version>1.1.0-SNAPSHOT</version>
 
 	<packaging>jar</packaging>
 
@@ -78,8 +80,8 @@
 	</mailingLists>
 	<properties>
 		<!-- metaschema dependencies -->
-		<dependency.metaschema-framework.version>0.12.2</dependency.metaschema-framework.version>
-		<dependency.liboscal-java.version>3.0.3</dependency.liboscal-java.version>
+		<dependency.metaschema-framework.version>1.0.0-M2-SNAPSHOT</dependency.metaschema-framework.version>
+		<dependency.liboscal-java.version>3.0.4-SNAPSHOT</dependency.liboscal-java.version>
 
 		<!-- site configuration -->
 		<site.url>https://pages.nist.gov/metaschema-java/</site.url>
@@ -109,16 +111,23 @@
 
 		<!-- other dependencies -->
 		<dependency.auto-service.version>1.1.1</dependency.auto-service.version>
-		<dependency.commons-cli.version>1.5.0</dependency.commons-cli.version>
-		<dependency.commons-io.version>2.15.1</dependency.commons-io.version>
+		<dependency.commons-cli.version>1.7.0</dependency.commons-cli.version>
+		<dependency.commons-io.version>2.16.1</dependency.commons-io.version>
 		<dependency.everit-json.version>1.14.4</dependency.everit-json.version>
+		<dependency.jansi.version>2.4.1</dependency.jansi.version>
 		<dependency.jline.version>3.21.0</dependency.jline.version>
-		<dependency.log4j2.version>2.20.0</dependency.log4j2.version>
-		<dependency.spotbugs-annotations.version>4.7.3</dependency.spotbugs-annotations.version>
+		<dependency.json.version>20240303</dependency.json.version>
+		<dependency.log4j2.version>2.23.1</dependency.log4j2.version>
+		<dependency.pmd.version>7.1.0</dependency.pmd.version>
+		<dependency.spotbugs-annotations.version>4.8.3</dependency.spotbugs-annotations.version>
 		<dependency.saxon-he.version>12.4</dependency.saxon-he.version>
-		<dependency.xmlresolver.version>6.0.2</dependency.xmlresolver.version>
+		<dependency.xmlbeans.version>5.2.0</dependency.xmlbeans.version>
+		<dependency.xmlresolver.version>5.2.2</dependency.xmlresolver.version>
 
 		<plugin.license.version>4.2</plugin.license.version>
+		<plugin.maven-toolchains.version>3.1.0</plugin.maven-toolchains.version>
+		<plugin.pmd.version>3.22.0</plugin.pmd.version>
+		<plugin.spotbugs.version>4.8.4.0</plugin.spotbugs.version>
 	</properties>
 	<repositories>
 		<repository>
@@ -215,11 +224,22 @@
 			<classifier>data</classifier>
 			<version>${dependency.xmlresolver.version}</version>
 		</dependency>
+		<dependency>
+			<groupId>org.apache.xmlbeans</groupId>
+			<artifactId>xmlbeans</artifactId>
+			<version>${dependency.xmlbeans.version}</version>
+		</dependency>
 		<dependency>
 			<groupId>com.github.erosb</groupId>
 			<artifactId>everit-json-schema</artifactId>
 			<version>${dependency.everit-json.version}</version>
 		</dependency>
+		<dependency>
+			<!-- for dependency convergence -->
+			<groupId>org.json</groupId>
+			<artifactId>json</artifactId>
+			<version>${dependency.json.version}</version>
+		</dependency>
 		<dependency>
 			<groupId>com.github.spotbugs</groupId>
 			<artifactId>spotbugs-annotations</artifactId>
@@ -228,12 +248,7 @@
 		</dependency>
 		<dependency>
 			<groupId>org.junit.jupiter</groupId>
-			<artifactId>junit-jupiter-api</artifactId>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.junit.jupiter</groupId>
-			<artifactId>junit-jupiter-engine</artifactId>
+			<artifactId>junit-jupiter</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
@@ -260,6 +275,27 @@
 
 		<pluginManagement>
 			<plugins>
+				<plugin>
+					<groupId>org.apache.maven.plugins</groupId>
+					<artifactId>maven-toolchains-plugin</artifactId>
+					<version>${plugin.maven-toolchains.version}</version>
+					<executions>
+						<execution>
+							<goals>
+								<goal>toolchain</goal>
+							</goals>
+						</execution>
+					</executions>
+					<configuration>
+						<toolchains>
+							<jdk>
+								<version>11</version>
+								<vendor>temurin</vendor>
+							</jdk>
+						</toolchains>
+					</configuration>
+				</plugin>
+
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-site-plugin</artifactId>
@@ -282,13 +318,50 @@
 				<plugin>
 					<groupId>com.github.spotbugs</groupId>
 					<artifactId>spotbugs-maven-plugin</artifactId>
+					<version>${plugin.spotbugs.version}</version>
 					<configuration>
 						<excludeFilterFile>spotbugs-exclude.xml</excludeFilterFile>
 					</configuration>
 				</plugin>
+				<plugin>
+					<groupId>org.apache.maven.plugins</groupId>
+					<artifactId>maven-pmd-plugin</artifactId>
+					<version>${plugin.pmd.version}</version>
+					<dependencies>
+						<dependency>
+							<groupId>net.sourceforge.pmd</groupId>
+							<artifactId>pmd-core</artifactId>
+							<version>${dependency.pmd.version}</version>
+						</dependency>
+						<dependency>
+							<groupId>net.sourceforge.pmd</groupId>
+							<artifactId>pmd-java</artifactId>
+							<version>${dependency.pmd.version}</version>
+						</dependency>
+					</dependencies>
+					<executions>
+						<execution>
+							<id>pmd-verify</id>
+							<goals>
+								<goal>check</goal>
+							</goals>
+							<configuration>
+								<failurePriority>2</failurePriority>
+								<!-- fail on error for all builds -->
+								<failOnViolation>true</failOnViolation>
+								<printFailingErrors>true</printFailingErrors>
+								<format>sarif</format>
+							</configuration>
+						</execution>
+					</executions>
+				</plugin>
 			</plugins>
 		</pluginManagement>
 		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-toolchains-plugin</artifactId>
+			</plugin>
 			<plugin>
 				<groupId>io.github.git-commit-id</groupId>
 				<artifactId>git-commit-id-maven-plugin</artifactId>
@@ -428,9 +501,8 @@
 							<thirdPartyFilename>LICENSE-THIRD-PARTY.txt</thirdPartyFilename>
 							<licenseMerges>
 								<licenseMerge>The Apache Software License,
-									Version 2.0|Apache
-									License, Version 2.0|Apache Public License
-									2.0</licenseMerge>
+									Version 2.0|Apache License, Version
+									2.0|Apache Public License 2.0</licenseMerge>
 							</licenseMerges>
 						</configuration>
 					</execution>
diff --git a/src/main/assembly/bin.xml b/src/main/assembly/bin.xml
index 4e60d18..e4cbca6 100644
--- a/src/main/assembly/bin.xml
+++ b/src/main/assembly/bin.xml
@@ -14,6 +14,9 @@
 			<outputDirectory>/lib</outputDirectory>
 			<outputFileNameMapping>${artifact.groupId}.${artifact.artifactId}-${artifact.version}.${artifact.extension}</outputFileNameMapping>
 			<useProjectArtifact>true</useProjectArtifact>
+			<excludes>
+				<exclude>org.jetbrains:annotations</exclude>
+			</excludes>
 		</dependencySet>
 	</dependencySets>
 	<fileSets>
diff --git a/src/main/java-templates/gov/nist/secauto/oscal/tools/cli/core/OscalCliVersion.java b/src/main/java-templates/gov/nist/secauto/oscal/tools/cli/core/OscalCliVersion.java
index a447b8c..7d1af53 100644
--- a/src/main/java-templates/gov/nist/secauto/oscal/tools/cli/core/OscalCliVersion.java
+++ b/src/main/java-templates/gov/nist/secauto/oscal/tools/cli/core/OscalCliVersion.java
@@ -26,7 +26,7 @@
 
 package gov.nist.secauto.oscal.tools.cli.core;
 
-import gov.nist.secauto.metaschema.model.common.util.IVersionInfo;
+import gov.nist.secauto.metaschema.core.util.IVersionInfo;
 
 public class OscalCliVersion implements IVersionInfo {
 
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/CLI.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/CLI.java
index 1b10921..c48dab6 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/CLI.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/CLI.java
@@ -28,12 +28,15 @@
 
 import gov.nist.secauto.metaschema.cli.processor.CLIProcessor;
 import gov.nist.secauto.metaschema.cli.processor.ExitStatus;
-import gov.nist.secauto.metaschema.model.MetaschemaVersion;
-import gov.nist.secauto.metaschema.model.common.util.IVersionInfo;
-import gov.nist.secauto.metaschema.model.common.util.MetaschemaJavaVersion;
-import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
+import gov.nist.secauto.metaschema.core.MetaschemaJavaVersion;
+import gov.nist.secauto.metaschema.core.model.MetaschemaVersion;
+import gov.nist.secauto.metaschema.core.util.IVersionInfo;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.LibOscalVersion;
 import gov.nist.secauto.oscal.lib.OscalVersion;
+import gov.nist.secauto.oscal.tools.cli.core.commands.ConvertCommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.ResolveCommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.ValidateCommand;
 import gov.nist.secauto.oscal.tools.cli.core.commands.assessmentplan.AssessmentPlanCommand;
 import gov.nist.secauto.oscal.tools.cli.core.commands.assessmentresults.AssessmentResultsCommand;
 import gov.nist.secauto.oscal.tools.cli.core.commands.catalog.CatalogCommand;
@@ -43,7 +46,8 @@
 import gov.nist.secauto.oscal.tools.cli.core.commands.profile.ProfileCommand;
 import gov.nist.secauto.oscal.tools.cli.core.commands.ssp.SystemSecurityPlanCommand;
 
-import java.util.List;
+import java.util.LinkedHashMap;
+import java.util.Map;
 
 import edu.umd.cs.findbugs.annotations.NonNull;
 
@@ -59,13 +63,16 @@ public static void main(String[] args) {
 
   @NonNull
   public static ExitStatus runCli(String... args) {
-    List<IVersionInfo> versions = ObjectUtils.notNull(
-        List.of(
-            new OscalCliVersion(),
-            new LibOscalVersion(),
-            new OscalVersion(),
-            new MetaschemaJavaVersion(),
-            new MetaschemaVersion()));
+    @SuppressWarnings("serial") Map<String, IVersionInfo> versions = ObjectUtils.notNull(
+        new LinkedHashMap<>() {
+          {
+            put(CLIProcessor.COMMAND_VERSION, new OscalCliVersion());
+            put("https://github.com/usnistgov/liboscal-java", new LibOscalVersion());
+            put("https://github.com/usnistgov/OSCAL", new OscalVersion());
+            put("https://github.com/usnistgov/metaschema-java", new MetaschemaJavaVersion());
+            put("https://github.com/usnistgov/metaschema", new MetaschemaVersion());
+          }
+        });
     CLIProcessor processor = new CLIProcessor("oscal-cli", versions);
     processor.addCommandHandler(new CatalogCommand());
     processor.addCommandHandler(new ProfileCommand());
@@ -75,6 +82,9 @@ public static ExitStatus runCli(String... args) {
     processor.addCommandHandler(new AssessmentResultsCommand());
     processor.addCommandHandler(new PlanOfActionsAndMilestonesCommand());
     processor.addCommandHandler(new MetaschemaCommand());
+    processor.addCommandHandler(new ValidateCommand());
+    processor.addCommandHandler(new ConvertCommand());
+    processor.addCommandHandler(new ResolveCommand());
     return processor.process(args);
   }
 
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalConvertSubcommand.java
new file mode 100644
index 0000000..729263c
--- /dev/null
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalConvertSubcommand.java
@@ -0,0 +1,90 @@
+/*
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government and is
+ * being made available as a public service. Pursuant to title 17 United States
+ * Code Section 105, works of NIST employees are not subject to copyright
+ * protection in the United States. This software may be subject to foreign
+ * copyright. Permission in the United States and in foreign countries, to the
+ * extent that NIST may hold copyright, to use, copy, modify, create derivative
+ * works, and distribute this software and its documentation without fee is hereby
+ * granted on a non-exclusive basis, provided that this notice and disclaimer
+ * of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
+ * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+
+package gov.nist.secauto.oscal.tools.cli.core.commands;
+
+import gov.nist.secauto.metaschema.cli.commands.AbstractConvertSubcommand;
+import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext;
+import gov.nist.secauto.metaschema.cli.processor.ExitStatus;
+import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor;
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
+import gov.nist.secauto.metaschema.databind.IBindingContext;
+import gov.nist.secauto.metaschema.databind.io.Format;
+import gov.nist.secauto.metaschema.databind.io.IBoundLoader;
+import gov.nist.secauto.oscal.lib.OscalBindingContext;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.Writer;
+import java.net.URI;
+
+import edu.umd.cs.findbugs.annotations.NonNull;
+
+public abstract class AbstractOscalConvertSubcommand
+    extends AbstractConvertSubcommand {
+  private static final Logger LOGGER = LogManager.getLogger(AbstractOscalConvertSubcommand.class);
+
+  @NonNull
+  public abstract Class<? extends IBoundObject> getOscalClass();
+
+  @Override
+  public ICommandExecutor newExecutor(CallingContext callingContext, CommandLine commandLine) {
+    return new OscalCommandExecutor(callingContext, commandLine);
+  }
+
+  private final class OscalCommandExecutor
+      extends AbstractConversionCommandExecutor {
+
+    private OscalCommandExecutor(
+        @NonNull CallingContext callingContext,
+        @NonNull CommandLine commandLine) {
+      super(callingContext, commandLine);
+    }
+
+    @Override
+    protected IBindingContext getBindingContext() {
+      return OscalBindingContext.instance();
+    }
+
+    @Override
+    public ExitStatus execute() {
+      LOGGER.atWarn().log("This command path is deprecated. Please use 'convert'.");
+
+      return super.execute();
+    }
+
+    @Override
+    protected void handleConversion(URI source, Format toFormat, Writer writer, IBoundLoader loader)
+        throws FileNotFoundException, IOException {
+      Class<? extends IBoundObject> clazz = getOscalClass();
+      loader.convert(source, writer, toFormat, clazz);
+    }
+  }
+}
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalValidationSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalValidationSubcommand.java
similarity index 74%
rename from src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalValidationSubcommand.java
rename to src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalValidationSubcommand.java
index 30c1951..8b0b6c6 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalValidationSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalValidationSubcommand.java
@@ -24,19 +24,22 @@
  * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
  */
 
-package gov.nist.secauto.oscal.tools.cli.core.commands.oscal;
+package gov.nist.secauto.oscal.tools.cli.core.commands;
 
-import gov.nist.secauto.metaschema.binding.IBindingContext;
 import gov.nist.secauto.metaschema.cli.commands.AbstractValidateContentCommand;
 import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext;
 import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor;
-import gov.nist.secauto.metaschema.model.common.constraint.IConstraintSet;
+import gov.nist.secauto.metaschema.core.model.constraint.IConstraintSet;
+import gov.nist.secauto.metaschema.core.model.xml.ExternalConstraintsModulePostProcessor;
+import gov.nist.secauto.metaschema.core.util.CollectionUtil;
+import gov.nist.secauto.metaschema.databind.IBindingContext;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
 
 import org.apache.commons.cli.CommandLine;
 import org.json.JSONObject;
 
 import java.io.IOException;
+import java.net.URL;
 import java.util.List;
 import java.util.Set;
 
@@ -51,17 +54,17 @@ public abstract class AbstractOscalValidationSubcommand
   protected abstract List<Source> getOscalXmlSchemas() throws IOException;
 
   @NonNull
-  protected abstract JSONObject getOscalJsonSchema();
+  protected abstract JSONObject getOscalJsonSchema() throws IOException;
 
   @Override
   public ICommandExecutor newExecutor(CallingContext callingContext, CommandLine commandLine) {
     return new OscalCommandExecutor(callingContext, commandLine);
   }
 
-  private class OscalCommandExecutor
+  protected class OscalCommandExecutor
       extends AbstractValidationCommandExecutor {
 
-    private OscalCommandExecutor(
+    protected OscalCommandExecutor(
         @NonNull CallingContext callingContext,
         @NonNull CommandLine commandLine) {
       super(callingContext, commandLine);
@@ -69,18 +72,27 @@ private OscalCommandExecutor(
 
     @Override
     protected IBindingContext getBindingContext(@NonNull Set<IConstraintSet> constraintSets) {
-      return constraintSets.isEmpty() ? OscalBindingContext.instance() : new OscalBindingContext(constraintSets);
+      IBindingContext retval;
+      if (constraintSets.isEmpty()) {
+        retval = OscalBindingContext.instance();
+      } else {
+        ExternalConstraintsModulePostProcessor postProcessor
+            = new ExternalConstraintsModulePostProcessor(constraintSets);
+
+        retval = new OscalBindingContext(CollectionUtil.singletonList(postProcessor));
+      }
+      return retval;
     }
 
     @Override
     @NonNull
-    public List<Source> getXmlSchemas() throws IOException {
+    public List<Source> getXmlSchemas(URL targetResource) throws IOException {
       return getOscalXmlSchemas();
     }
 
     @Override
     @NonNull
-    public JSONObject getJsonSchema() {
+    public JSONObject getJsonSchema(JSONObject json) throws IOException {
       return getOscalJsonSchema();
     }
   }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractRenderSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractRenderSubcommand.java
index 69242fc..87ed59a 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractRenderSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractRenderSubcommand.java
@@ -35,7 +35,7 @@
 import gov.nist.secauto.metaschema.cli.processor.command.DefaultExtraArgument;
 import gov.nist.secauto.metaschema.cli.processor.command.ExtraArgument;
 import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor;
-import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractResolveCommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractResolveCommand.java
new file mode 100644
index 0000000..1c68324
--- /dev/null
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractResolveCommand.java
@@ -0,0 +1,322 @@
+/*
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government and is
+ * being made available as a public service. Pursuant to title 17 United States
+ * Code Section 105, works of NIST employees are not subject to copyright
+ * protection in the United States. This software may be subject to foreign
+ * copyright. Permission in the United States and in foreign countries, to the
+ * extent that NIST may hold copyright, to use, copy, modify, create derivative
+ * works, and distribute this software and its documentation without fee is hereby
+ * granted on a non-exclusive basis, provided that this notice and disclaimer
+ * of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
+ * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+
+package gov.nist.secauto.oscal.tools.cli.core.commands;
+
+import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext;
+import gov.nist.secauto.metaschema.cli.processor.ExitCode;
+import gov.nist.secauto.metaschema.cli.processor.ExitStatus;
+import gov.nist.secauto.metaschema.cli.processor.InvalidArgumentException;
+import gov.nist.secauto.metaschema.cli.processor.OptionUtils;
+import gov.nist.secauto.metaschema.cli.processor.command.AbstractTerminalCommand;
+import gov.nist.secauto.metaschema.cli.processor.command.DefaultExtraArgument;
+import gov.nist.secauto.metaschema.cli.processor.command.ExtraArgument;
+import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor;
+import gov.nist.secauto.metaschema.core.metapath.DynamicContext;
+import gov.nist.secauto.metaschema.core.metapath.StaticContext;
+import gov.nist.secauto.metaschema.core.metapath.item.node.IDocumentNodeItem;
+import gov.nist.secauto.metaschema.core.metapath.item.node.INodeItem;
+import gov.nist.secauto.metaschema.core.util.CustomCollectors;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
+import gov.nist.secauto.metaschema.databind.io.DeserializationFeature;
+import gov.nist.secauto.metaschema.databind.io.Format;
+import gov.nist.secauto.metaschema.databind.io.IBoundLoader;
+import gov.nist.secauto.metaschema.databind.io.ISerializer;
+import gov.nist.secauto.oscal.lib.OscalBindingContext;
+import gov.nist.secauto.oscal.lib.model.Catalog;
+import gov.nist.secauto.oscal.lib.model.Profile;
+import gov.nist.secauto.oscal.lib.profile.resolver.ProfileResolutionException;
+import gov.nist.secauto.oscal.lib.profile.resolver.ProfileResolver;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.Option;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.net.URI;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+import java.util.Locale;
+
+import edu.umd.cs.findbugs.annotations.NonNull;
+
+public abstract class AbstractResolveCommand
+    extends AbstractTerminalCommand {
+  @NonNull
+  private static final List<ExtraArgument> EXTRA_ARGUMENTS = ObjectUtils.notNull(List.of(
+      new DefaultExtraArgument("file to resolve", true),
+      new DefaultExtraArgument("destination file", false)));
+  @NonNull
+  private static final Option AS_OPTION = ObjectUtils.notNull(
+      Option.builder()
+          .longOpt("as")
+          .hasArg()
+          .argName("FORMAT")
+          .desc("source format: xml, json, or yaml")
+          .build());
+  @NonNull
+  private static final Option TO_OPTION = ObjectUtils.notNull(
+      Option.builder()
+          .longOpt("to")
+          .required()
+          .hasArg().argName("FORMAT")
+          .desc("convert to format: xml, json, or yaml")
+          .build());
+  @NonNull
+  private static final Option OVERWRITE_OPTION = ObjectUtils.notNull(
+      Option.builder()
+          .longOpt("overwrite")
+          .desc("overwrite the destination if it exists")
+          .build());
+  @NonNull
+  private static final List<Option> OPTIONS = ObjectUtils.notNull(
+      List.of(
+          AS_OPTION,
+          TO_OPTION,
+          OVERWRITE_OPTION));
+
+  @Override
+  public String getDescription() {
+    return "Resolve the specified OSCAL Profile";
+  }
+
+  @Override
+  public Collection<? extends Option> gatherOptions() {
+    return OPTIONS;
+  }
+
+  @Override
+  public List<ExtraArgument> getExtraArguments() {
+    return EXTRA_ARGUMENTS;
+  }
+
+  @SuppressWarnings({
+      "PMD.CyclomaticComplexity", "PMD.CognitiveComplexity", // reasonable
+      "PMD.PreserveStackTrace" // intended
+  })
+  @Override
+  public void validateOptions(CallingContext callingContext, CommandLine cmdLine) throws InvalidArgumentException {
+    if (cmdLine.hasOption(AS_OPTION)) {
+      try {
+        String toFormatText = cmdLine.getOptionValue(AS_OPTION);
+        Format.valueOf(toFormatText.toUpperCase(Locale.ROOT));
+      } catch (IllegalArgumentException ex) {
+        InvalidArgumentException newEx = new InvalidArgumentException(
+            String.format("Invalid '%s' argument. The format must be one of: %s.",
+                OptionUtils.toArgument(AS_OPTION),
+                Arrays.asList(Format.values()).stream()
+                    .map(Enum::name)
+                    .collect(CustomCollectors.joiningWithOxfordComma("and"))));
+        newEx.setOption(AS_OPTION);
+        newEx.addSuppressed(ex);
+        throw newEx;
+      }
+    }
+
+    if (cmdLine.hasOption(TO_OPTION)) {
+      try {
+        String toFormatText = cmdLine.getOptionValue(TO_OPTION);
+        Format.valueOf(toFormatText.toUpperCase(Locale.ROOT));
+      } catch (IllegalArgumentException ex) {
+        InvalidArgumentException newEx
+            = new InvalidArgumentException("Invalid '--to' argument. The format must be one of: "
+                + Arrays.asList(Format.values()).stream()
+                    .map(Enum::name)
+                    .collect(CustomCollectors.joiningWithOxfordComma("and")));
+        newEx.setOption(AS_OPTION);
+        newEx.addSuppressed(ex);
+        throw newEx;
+      }
+    }
+
+    List<String> extraArgs = cmdLine.getArgList();
+    if (extraArgs.isEmpty()) {
+      throw new InvalidArgumentException("The source to resolve must be provided.");
+    }
+
+    File source = new File(extraArgs.get(0));
+    if (!source.exists()) {
+      throw new InvalidArgumentException("The provided source '" + source.getPath() + "' does not exist.");
+    }
+    if (!source.canRead()) {
+      throw new InvalidArgumentException("The provided source '" + source.getPath() + "' is not readable.");
+    }
+  }
+
+  @Override
+  public ICommandExecutor newExecutor(CallingContext callingContext, CommandLine cmdLine) {
+    return ICommandExecutor.using(callingContext, cmdLine, this::executeCommand);
+  }
+
+  @SuppressWarnings({
+      "PMD.OnlyOneReturn", // readability
+      "unused"
+  })
+  protected ExitStatus executeCommand(
+      @NonNull CallingContext callingContext,
+      @NonNull CommandLine cmdLine) {
+    List<String> extraArgs = cmdLine.getArgList();
+    Path source = resolvePathAgainstCWD(ObjectUtils.notNull(Paths.get(extraArgs.get(0))));
+
+    IBoundLoader loader = OscalBindingContext.instance().newBoundLoader();
+    loader.disableFeature(DeserializationFeature.DESERIALIZE_VALIDATE_CONSTRAINTS);
+
+    Format asFormat;
+    // attempt to determine the format
+    if (cmdLine.hasOption(AS_OPTION)) {
+      try {
+        String asFormatText = cmdLine.getOptionValue(AS_OPTION);
+        asFormat = Format.valueOf(asFormatText.toUpperCase(Locale.ROOT));
+      } catch (IllegalArgumentException ex) {
+        return ExitCode.INVALID_ARGUMENTS
+            .exitMessage("Invalid '--as' argument. The format must be one of: " + Arrays.stream(Format.values())
+                .map(Enum::name)
+                .collect(CustomCollectors.joiningWithOxfordComma("or")));
+      }
+    } else {
+      // attempt to determine the format
+      try {
+        asFormat = loader.detectFormat(ObjectUtils.notNull(source));
+      } catch (FileNotFoundException ex) {
+        // this case was already checked for
+        return ExitCode.IO_ERROR.exitMessage("The provided source file '" + source + "' does not exist.");
+      } catch (IOException ex) {
+        return ExitCode.PROCESSING_ERROR.exit().withThrowable(ex);
+      } catch (IllegalArgumentException ex) {
+        return ExitCode.INVALID_ARGUMENTS.exitMessage(
+            "Source file has unrecognizable format. Use '--as' to specify the format. The format must be one of: "
+                + Arrays.stream(Format.values())
+                    .map(Enum::name)
+                    .collect(CustomCollectors.joiningWithOxfordComma("or")));
+      }
+    }
+
+    source = source.toAbsolutePath();
+    assert source != null;
+
+    Format toFormat;
+    if (cmdLine.hasOption(TO_OPTION)) {
+      String toFormatText = cmdLine.getOptionValue(TO_OPTION);
+      toFormat = Format.valueOf(toFormatText.toUpperCase(Locale.ROOT));
+    } else {
+      toFormat = asFormat;
+    }
+
+    Path destination = null;
+    if (extraArgs.size() == 2) {
+      destination = Paths.get(extraArgs.get(1)).toAbsolutePath();
+    }
+
+    if (destination != null) {
+      if (Files.exists(destination)) {
+        if (!cmdLine.hasOption(OVERWRITE_OPTION)) {
+          return ExitCode.INVALID_ARGUMENTS.exitMessage("The provided destination '" + destination
+              + "' already exists and the --overwrite option was not provided.");
+        }
+        if (!Files.isWritable(destination)) {
+          return ExitCode.IO_ERROR.exitMessage("The provided destination '" + destination + "' is not writable.");
+        }
+      } else {
+        Path parent = destination.getParent();
+        if (parent != null) {
+          try {
+            Files.createDirectories(parent);
+          } catch (IOException ex) {
+            return ExitCode.INVALID_TARGET.exit().withThrowable(ex);
+          }
+        }
+      }
+    }
+
+    IDocumentNodeItem document;
+    try {
+      document = loader.loadAsNodeItem(asFormat, source);
+    } catch (IOException ex) {
+      return ExitCode.IO_ERROR.exit().withThrowable(ex);
+    }
+    Object object = document.getValue();
+    if (object == null) {
+      return ExitCode.INVALID_ARGUMENTS.exitMessage("The target profile contained no data");
+    }
+
+    if (object instanceof Catalog) {
+      // this is a catalog
+      return ExitCode.INVALID_ARGUMENTS.exitMessage("The target is already a catalog");
+    }
+
+    if (!(object instanceof Profile)) {
+      // this is something else
+      return ExitCode.INVALID_ARGUMENTS.exitMessage("The target is not a profile");
+    }
+
+    // this is a profile
+    URI sourceUri = ObjectUtils.notNull(source.toUri());
+
+    DynamicContext dynamicContext = new DynamicContext(
+        StaticContext.builder()
+            .baseUri(sourceUri)
+            .defaultModelNamespace(document.getNamespace())
+            .build());
+    dynamicContext.setDocumentLoader(loader);
+    ProfileResolver resolver = new ProfileResolver();
+    resolver.setDynamicContext(dynamicContext);
+
+    IDocumentNodeItem resolvedProfile;
+    try {
+      resolvedProfile = resolver.resolve(document);
+    } catch (IOException | ProfileResolutionException ex) {
+      return ExitCode.PROCESSING_ERROR
+          .exitMessage(
+              String.format("Unable to resolve profile '%s'. %s", document.getDocumentUri(), ex.getMessage()))
+          .withThrowable(ex);
+    }
+
+    // DefaultConstraintValidator validator = new
+    // DefaultConstraintValidator(dynamicContext);
+    // ((IBoundXdmNodeItem)resolvedProfile).validate(validator);
+    // validator.finalizeValidation();
+
+    ISerializer<Catalog> serializer
+        = OscalBindingContext.instance().newSerializer(toFormat, Catalog.class);
+    try {
+      if (destination == null) {
+        @SuppressWarnings({ "resource", "PMD.CloseResource" }) PrintStream stdOut = ObjectUtils.notNull(System.out);
+        serializer.serialize((Catalog) INodeItem.toValue(resolvedProfile), stdOut);
+      } else {
+        serializer.serialize((Catalog) INodeItem.toValue(resolvedProfile), destination);
+      }
+    } catch (IOException ex) {
+      return ExitCode.PROCESSING_ERROR.exit().withThrowable(ex);
+    }
+    return ExitCode.OK.exit();
+  }
+}
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ConvertCommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ConvertCommand.java
new file mode 100644
index 0000000..d4ccfd6
--- /dev/null
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ConvertCommand.java
@@ -0,0 +1,98 @@
+/*
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government and is
+ * being made available as a public service. Pursuant to title 17 United States
+ * Code Section 105, works of NIST employees are not subject to copyright
+ * protection in the United States. This software may be subject to foreign
+ * copyright. Permission in the United States and in foreign countries, to the
+ * extent that NIST may hold copyright, to use, copy, modify, create derivative
+ * works, and distribute this software and its documentation without fee is hereby
+ * granted on a non-exclusive basis, provided that this notice and disclaimer
+ * of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
+ * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+
+package gov.nist.secauto.oscal.tools.cli.core.commands;
+
+import gov.nist.secauto.metaschema.cli.commands.AbstractConvertSubcommand;
+import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext;
+import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor;
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
+import gov.nist.secauto.metaschema.databind.IBindingContext;
+import gov.nist.secauto.metaschema.databind.io.Format;
+import gov.nist.secauto.metaschema.databind.io.FormatDetector;
+import gov.nist.secauto.metaschema.databind.io.IBoundLoader;
+import gov.nist.secauto.metaschema.databind.io.ISerializer;
+import gov.nist.secauto.metaschema.databind.io.ModelDetector;
+import gov.nist.secauto.oscal.lib.OscalBindingContext;
+
+import org.apache.commons.cli.CommandLine;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Writer;
+import java.net.URI;
+
+import edu.umd.cs.findbugs.annotations.NonNull;
+
+public class ConvertCommand
+    extends AbstractConvertSubcommand {
+  @Override
+  public String getDescription() {
+    return "Check that the specified OSCAL instance is well-formed and valid to an OSCAL model.";
+  }
+
+  @Override
+  public ICommandExecutor newExecutor(CallingContext callingContext, CommandLine commandLine) {
+    return new OscalCommandExecutor(callingContext, commandLine);
+  }
+
+  private static final class OscalCommandExecutor
+      extends AbstractConversionCommandExecutor {
+
+    private OscalCommandExecutor(
+        @NonNull CallingContext callingContext,
+        @NonNull CommandLine commandLine) {
+      super(callingContext, commandLine);
+    }
+
+    @Override
+    protected IBindingContext getBindingContext() {
+      return OscalBindingContext.instance();
+    }
+
+    @Override
+    protected void handleConversion(URI source, Format toFormat, Writer writer, IBoundLoader loader)
+        throws FileNotFoundException, IOException {
+
+      Class<? extends IBoundObject> boundClass;
+      IBoundObject object;
+      try (InputStream is = source.toURL().openStream()) {
+        FormatDetector.Result formatResult = loader.detectFormat(is);
+        Format sourceformat = formatResult.getFormat();
+        try (InputStream fis = formatResult.getDataStream()) {
+          ModelDetector.Result modelResult = loader.detectModel(fis, sourceformat);
+          boundClass = modelResult.getBoundClass();
+          try (InputStream mis = modelResult.getDataStream()) {
+            object = loader.load(boundClass, sourceformat, mis, source);
+          }
+        }
+      }
+      ISerializer<?> serializer = getBindingContext().newSerializer(toFormat, boundClass);
+      serializer.serialize(object, writer);
+    }
+  }
+}
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ResolveCommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ResolveCommand.java
new file mode 100644
index 0000000..73d55d0
--- /dev/null
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ResolveCommand.java
@@ -0,0 +1,41 @@
+/*
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government and is
+ * being made available as a public service. Pursuant to title 17 United States
+ * Code Section 105, works of NIST employees are not subject to copyright
+ * protection in the United States. This software may be subject to foreign
+ * copyright. Permission in the United States and in foreign countries, to the
+ * extent that NIST may hold copyright, to use, copy, modify, create derivative
+ * works, and distribute this software and its documentation without fee is hereby
+ * granted on a non-exclusive basis, provided that this notice and disclaimer
+ * of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
+ * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+
+package gov.nist.secauto.oscal.tools.cli.core.commands;
+
+import edu.umd.cs.findbugs.annotations.NonNull;
+
+public class ResolveCommand
+    extends AbstractResolveCommand {
+
+  @NonNull
+  private static final String COMMAND = "resolve-profile";
+
+  @Override
+  public String getName() {
+    return COMMAND;
+  }
+}
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ValidateCommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ValidateCommand.java
new file mode 100644
index 0000000..fa1b624
--- /dev/null
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ValidateCommand.java
@@ -0,0 +1,71 @@
+/*
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government and is
+ * being made available as a public service. Pursuant to title 17 United States
+ * Code Section 105, works of NIST employees are not subject to copyright
+ * protection in the United States. This software may be subject to foreign
+ * copyright. Permission in the United States and in foreign countries, to the
+ * extent that NIST may hold copyright, to use, copy, modify, create derivative
+ * works, and distribute this software and its documentation without fee is hereby
+ * granted on a non-exclusive basis, provided that this notice and disclaimer
+ * of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
+ * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+
+package gov.nist.secauto.oscal.tools.cli.core.commands;
+
+import gov.nist.secauto.metaschema.core.model.util.JsonUtil;
+import gov.nist.secauto.metaschema.core.model.util.XmlUtil;
+import gov.nist.secauto.metaschema.core.util.CollectionUtil;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
+import gov.nist.secauto.oscal.lib.OscalBindingContext;
+
+import org.json.JSONObject;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.xml.transform.Source;
+
+import edu.umd.cs.findbugs.annotations.NonNull;
+
+public class ValidateCommand
+    extends AbstractOscalValidationSubcommand {
+  @Override
+  public String getDescription() {
+    return "Check that the specified OSCAL instance is well-formed and valid to an OSCAL model.";
+  }
+
+  @Override
+  @NonNull
+  public List<Source> getOscalXmlSchemas() throws IOException {
+    List<Source> retval = new LinkedList<>();
+    retval.add(
+        XmlUtil.getStreamSource(ObjectUtils.requireNonNull(
+            OscalBindingContext.class.getResource("/schema/xml/oscal-complete_schema.xsd"))));
+    return CollectionUtil.unmodifiableList(retval);
+  }
+
+  @Override
+  @NonNull
+  public JSONObject getOscalJsonSchema() throws IOException {
+    try (InputStream is = ObjectUtils.requireNonNull(
+        OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-complete_schema.json"))) {
+      return JsonUtil.toJsonObject(is);
+    }
+  }
+}
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ConvertSubcommand.java
index 6c42df3..5081a81 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ConvertSubcommand.java
@@ -26,8 +26,9 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.assessmentplan;
 
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.AssessmentPlan;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 
 public class ConvertSubcommand
     extends AbstractOscalConvertSubcommand {
@@ -37,7 +38,7 @@ public String getDescription() {
   }
 
   @Override
-  public Class<?> getOscalClass() {
+  public Class<? extends IBoundObject> getOscalClass() {
     return AssessmentPlan.class;
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ValidateSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ValidateSubcommand.java
index 2824d39..c541b0b 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ValidateSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ValidateSubcommand.java
@@ -26,23 +26,24 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.assessmentplan;
 
-import gov.nist.secauto.metaschema.binding.io.xml.XmlUtil;
-import gov.nist.secauto.metaschema.model.common.util.CollectionUtil;
-import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
-import gov.nist.secauto.metaschema.model.common.validation.JsonSchemaContentValidator;
+import gov.nist.secauto.metaschema.core.model.util.JsonUtil;
+import gov.nist.secauto.metaschema.core.model.util.XmlUtil;
+import gov.nist.secauto.metaschema.core.util.CollectionUtil;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalValidationSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractDeprecatedOscalValidationSubcommand;
 
 import org.json.JSONObject;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.util.LinkedList;
 import java.util.List;
 
 import javax.xml.transform.Source;
 
 public class ValidateSubcommand
-    extends AbstractOscalValidationSubcommand {
+    extends AbstractDeprecatedOscalValidationSubcommand {
   @Override
   public String getDescription() {
     return "Check that the specified OSCAL instance is well-formed and valid to the System Assessment Plan model.";
@@ -52,16 +53,16 @@ public String getDescription() {
   protected List<Source> getOscalXmlSchemas() throws IOException {
     List<Source> retval = new LinkedList<>();
     retval.add(
-        ObjectUtils.requireNonNull(
-            XmlUtil.getStreamSource(
-                OscalBindingContext.class.getResource("/schema/xml/oscal-ap_schema.xsd"))));
+        XmlUtil.getStreamSource(ObjectUtils.requireNonNull(
+            OscalBindingContext.class.getResource("/schema/xml/oscal-ap_schema.xsd"))));
     return CollectionUtil.unmodifiableList(retval);
   }
 
   @Override
-  protected JSONObject getOscalJsonSchema() {
-    return JsonSchemaContentValidator.toJsonObject(
-        ObjectUtils.requireNonNull(
-            OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-ap_schema.json")));
+  protected JSONObject getOscalJsonSchema() throws IOException {
+    try (InputStream is = ObjectUtils.requireNonNull(
+        OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-ap_schema.json"))) {
+      return JsonUtil.toJsonObject(is);
+    }
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ConvertSubcommand.java
index 10f855f..667480f 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ConvertSubcommand.java
@@ -26,8 +26,9 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.assessmentresults;
 
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.AssessmentResults;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 
 public class ConvertSubcommand
     extends AbstractOscalConvertSubcommand {
@@ -37,7 +38,7 @@ public String getDescription() {
   }
 
   @Override
-  public Class<?> getOscalClass() {
+  public Class<? extends IBoundObject> getOscalClass() {
     return AssessmentResults.class;
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ValidateSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ValidateSubcommand.java
index fb6be56..8b0f2bc 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ValidateSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ValidateSubcommand.java
@@ -26,23 +26,24 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.assessmentresults;
 
-import gov.nist.secauto.metaschema.binding.io.xml.XmlUtil;
-import gov.nist.secauto.metaschema.model.common.util.CollectionUtil;
-import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
-import gov.nist.secauto.metaschema.model.common.validation.JsonSchemaContentValidator;
+import gov.nist.secauto.metaschema.core.model.util.JsonUtil;
+import gov.nist.secauto.metaschema.core.model.util.XmlUtil;
+import gov.nist.secauto.metaschema.core.util.CollectionUtil;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalValidationSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractDeprecatedOscalValidationSubcommand;
 
 import org.json.JSONObject;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.util.LinkedList;
 import java.util.List;
 
 import javax.xml.transform.Source;
 
 public class ValidateSubcommand
-    extends AbstractOscalValidationSubcommand {
+    extends AbstractDeprecatedOscalValidationSubcommand {
   @Override
   public String getDescription() {
     return "Check that the specified OSCAL instance is well-formed and valid to the System Assessment Results model";
@@ -52,16 +53,16 @@ public String getDescription() {
   protected List<Source> getOscalXmlSchemas() throws IOException {
     List<Source> retval = new LinkedList<>();
     retval.add(
-        ObjectUtils.requireNonNull(
-            XmlUtil.getStreamSource(
-                OscalBindingContext.class.getResource("/schema/xml/oscal-ar_schema.xsd"))));
+        XmlUtil.getStreamSource(ObjectUtils.requireNonNull(
+            OscalBindingContext.class.getResource("/schema/xml/oscal-ar_schema.xsd"))));
     return CollectionUtil.unmodifiableList(retval);
   }
 
   @Override
-  protected JSONObject getOscalJsonSchema() {
-    return JsonSchemaContentValidator.toJsonObject(
-        ObjectUtils.requireNonNull(
-            OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-ar_schema.json")));
+  protected JSONObject getOscalJsonSchema() throws IOException {
+    try (InputStream is = ObjectUtils.requireNonNull(
+        OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-ar_schema.json"))) {
+      return JsonUtil.toJsonObject(is);
+    }
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ConvertSubcommand.java
index f665a91..b1ec4fd 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ConvertSubcommand.java
@@ -26,8 +26,9 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.catalog;
 
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.Catalog;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 
 public class ConvertSubcommand
     extends AbstractOscalConvertSubcommand {
@@ -38,7 +39,7 @@ public String getDescription() {
   }
 
   @Override
-  public Class<?> getOscalClass() {
+  public Class<? extends IBoundObject> getOscalClass() {
     return Catalog.class;
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ValidateSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ValidateSubcommand.java
index f922ebc..30b46ce 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ValidateSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ValidateSubcommand.java
@@ -26,23 +26,24 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.catalog;
 
-import gov.nist.secauto.metaschema.binding.io.xml.XmlUtil;
-import gov.nist.secauto.metaschema.model.common.util.CollectionUtil;
-import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
-import gov.nist.secauto.metaschema.model.common.validation.JsonSchemaContentValidator;
+import gov.nist.secauto.metaschema.core.model.util.JsonUtil;
+import gov.nist.secauto.metaschema.core.model.util.XmlUtil;
+import gov.nist.secauto.metaschema.core.util.CollectionUtil;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalValidationSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractDeprecatedOscalValidationSubcommand;
 
 import org.json.JSONObject;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.util.LinkedList;
 import java.util.List;
 
 import javax.xml.transform.Source;
 
 public class ValidateSubcommand
-    extends AbstractOscalValidationSubcommand {
+    extends AbstractDeprecatedOscalValidationSubcommand {
   @Override
   public String getDescription() {
     return "Check that the specified OSCAL instance is well-formed and valid to the Catalog model.";
@@ -52,15 +53,16 @@ public String getDescription() {
   protected List<Source> getOscalXmlSchemas() throws IOException {
     List<Source> retval = new LinkedList<>();
     retval.add(
-        ObjectUtils.requireNonNull(
-            XmlUtil.getStreamSource(OscalBindingContext.class.getResource("/schema/xml/oscal-catalog_schema.xsd"))));
+        XmlUtil.getStreamSource(ObjectUtils.requireNonNull(
+            OscalBindingContext.class.getResource("/schema/xml/oscal-catalog_schema.xsd"))));
     return CollectionUtil.unmodifiableList(retval);
   }
 
   @Override
-  protected JSONObject getOscalJsonSchema() {
-    return JsonSchemaContentValidator.toJsonObject(
-        ObjectUtils.requireNonNull(
-            OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-catalog_schema.json")));
+  protected JSONObject getOscalJsonSchema() throws IOException {
+    try (InputStream is = ObjectUtils.requireNonNull(
+        OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-catalog_schema.json"))) {
+      return JsonUtil.toJsonObject(is);
+    }
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ConvertSubcommand.java
index cfc91e5..ea54309 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ConvertSubcommand.java
@@ -26,8 +26,9 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.componentdefinition;
 
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.ComponentDefinition;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 
 public class ConvertSubcommand
     extends AbstractOscalConvertSubcommand {
@@ -37,7 +38,7 @@ public String getDescription() {
   }
 
   @Override
-  public Class<?> getOscalClass() {
+  public Class<? extends IBoundObject> getOscalClass() {
     return ComponentDefinition.class;
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ValidateSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ValidateSubcommand.java
index 6dc51d6..e104b06 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ValidateSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ValidateSubcommand.java
@@ -26,23 +26,24 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.componentdefinition;
 
-import gov.nist.secauto.metaschema.binding.io.xml.XmlUtil;
-import gov.nist.secauto.metaschema.model.common.util.CollectionUtil;
-import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
-import gov.nist.secauto.metaschema.model.common.validation.JsonSchemaContentValidator;
+import gov.nist.secauto.metaschema.core.model.util.JsonUtil;
+import gov.nist.secauto.metaschema.core.model.util.XmlUtil;
+import gov.nist.secauto.metaschema.core.util.CollectionUtil;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalValidationSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractDeprecatedOscalValidationSubcommand;
 
 import org.json.JSONObject;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.util.LinkedList;
 import java.util.List;
 
 import javax.xml.transform.Source;
 
 public class ValidateSubcommand
-    extends AbstractOscalValidationSubcommand {
+    extends AbstractDeprecatedOscalValidationSubcommand {
   @Override
   public String getDescription() {
     return "Check that the specified OSCAL instance is well-formed and valid to the Component Definition model.";
@@ -52,15 +53,16 @@ public String getDescription() {
   protected List<Source> getOscalXmlSchemas() throws IOException {
     List<Source> retval = new LinkedList<>();
     retval.add(
-        ObjectUtils.requireNonNull(
-            XmlUtil.getStreamSource(OscalBindingContext.class.getResource("/schema/xml/oscal-component-definition_schema.xsd"))));
+        XmlUtil.getStreamSource(ObjectUtils.requireNonNull(
+            OscalBindingContext.class.getResource("/schema/xml/oscal-component-definition_schema.xsd"))));
     return CollectionUtil.unmodifiableList(retval);
   }
 
   @Override
-  protected JSONObject getOscalJsonSchema() {
-    return JsonSchemaContentValidator.toJsonObject(
-        ObjectUtils.requireNonNull(
-            OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-component-definition_schema.json")));
+  protected JSONObject getOscalJsonSchema() throws IOException {
+    try (InputStream is = ObjectUtils.requireNonNull(
+        OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-component-definition_schema.json"))) {
+      return JsonUtil.toJsonObject(is);
+    }
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/metaschema/MetaschemaCommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/metaschema/MetaschemaCommand.java
index f86918a..9c1f0a3 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/metaschema/MetaschemaCommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/metaschema/MetaschemaCommand.java
@@ -28,9 +28,7 @@
 
 import com.google.auto.service.AutoService;
 
-import gov.nist.secauto.metaschema.cli.commands.GenerateSchemaCommand;
-import gov.nist.secauto.metaschema.cli.commands.ValidateContentWithMetaschemaCommand;
-import gov.nist.secauto.metaschema.cli.commands.ValidateMetaschemaCommand;
+import gov.nist.secauto.metaschema.cli.commands.MetaschemaCommands;
 import gov.nist.secauto.metaschema.cli.processor.command.AbstractParentCommand;
 import gov.nist.secauto.metaschema.cli.processor.command.ICommand;
 
@@ -41,9 +39,7 @@ public class MetaschemaCommand
 
   public MetaschemaCommand() {
     super(true);
-    addCommandHandler(new GenerateSchemaCommand());
-    addCommandHandler(new ValidateMetaschemaCommand());
-    addCommandHandler(new ValidateContentWithMetaschemaCommand());
+    MetaschemaCommands.COMMANDS.forEach(this::addCommandHandler);
   }
 
   @Override
@@ -53,6 +49,6 @@ public String getName() {
 
   @Override
   public String getDescription() {
-    return "Perform an operation on a Metaschema";
+    return "Perform an operation on a Module";
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractDeprecatedOscalValidationSubcommand.java
similarity index 72%
rename from src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalConvertSubcommand.java
rename to src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractDeprecatedOscalValidationSubcommand.java
index 7d50542..280b77c 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractDeprecatedOscalValidationSubcommand.java
@@ -26,44 +26,40 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.oscal;
 
-import gov.nist.secauto.metaschema.binding.IBindingContext;
-import gov.nist.secauto.metaschema.cli.commands.AbstractConvertSubcommand;
 import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext;
+import gov.nist.secauto.metaschema.cli.processor.ExitStatus;
 import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor;
-import gov.nist.secauto.oscal.lib.OscalBindingContext;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalValidationSubcommand;
 
 import org.apache.commons.cli.CommandLine;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import edu.umd.cs.findbugs.annotations.NonNull;
 
-public abstract class AbstractOscalConvertSubcommand
-    extends AbstractConvertSubcommand {
-
-  @NonNull
-  public abstract Class<?> getOscalClass();
+public abstract class AbstractDeprecatedOscalValidationSubcommand
+    extends AbstractOscalValidationSubcommand {
+  private static final Logger LOGGER = LogManager.getLogger(AbstractDeprecatedOscalValidationSubcommand.class);
 
   @Override
   public ICommandExecutor newExecutor(CallingContext callingContext, CommandLine commandLine) {
-    return new OscalCommandExecutor(callingContext, commandLine);
+    return new DeprecatedOscalCommandExecutor(callingContext, commandLine);
   }
 
-  private class OscalCommandExecutor
-      extends AbstractConversionCommandExecutor {
+  protected final class DeprecatedOscalCommandExecutor
+      extends AbstractOscalValidationSubcommand.OscalCommandExecutor {
 
-    private OscalCommandExecutor(
+    private DeprecatedOscalCommandExecutor(
         @NonNull CallingContext callingContext,
         @NonNull CommandLine commandLine) {
       super(callingContext, commandLine);
     }
 
     @Override
-    protected IBindingContext getBindingContext() {
-      return OscalBindingContext.instance();
-    }
+    public ExitStatus execute() {
+      LOGGER.atWarn().log("This command path is deprecated. Please use 'validate'.");
 
-    @Override
-    protected Class<?> getLoadedClass() {
-      return getOscalClass();
+      return super.execute();
     }
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ConvertSubcommand.java
index 2f7ded3..50357e2 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ConvertSubcommand.java
@@ -26,8 +26,9 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.poam;
 
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.PlanOfActionAndMilestones;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 
 public class ConvertSubcommand
     extends AbstractOscalConvertSubcommand {
@@ -37,7 +38,7 @@ public String getDescription() {
   }
 
   @Override
-  public Class<?> getOscalClass() {
+  public Class<? extends IBoundObject> getOscalClass() {
     return PlanOfActionAndMilestones.class;
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ValidateSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ValidateSubcommand.java
index a26c409..6b09acb 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ValidateSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ValidateSubcommand.java
@@ -26,23 +26,24 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.poam;
 
-import gov.nist.secauto.metaschema.binding.io.xml.XmlUtil;
-import gov.nist.secauto.metaschema.model.common.util.CollectionUtil;
-import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
-import gov.nist.secauto.metaschema.model.common.validation.JsonSchemaContentValidator;
+import gov.nist.secauto.metaschema.core.model.util.JsonUtil;
+import gov.nist.secauto.metaschema.core.model.util.XmlUtil;
+import gov.nist.secauto.metaschema.core.util.CollectionUtil;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalValidationSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractDeprecatedOscalValidationSubcommand;
 
 import org.json.JSONObject;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.util.LinkedList;
 import java.util.List;
 
 import javax.xml.transform.Source;
 
 public class ValidateSubcommand
-    extends AbstractOscalValidationSubcommand {
+    extends AbstractDeprecatedOscalValidationSubcommand {
   @Override
   public String getDescription() {
     return "Check that the specified OSCAL instance is well-formed"
@@ -52,17 +53,17 @@ public String getDescription() {
   @Override
   protected List<Source> getOscalXmlSchemas() throws IOException {
     List<Source> retval = new LinkedList<>();
-    retval
-        .add(
-            ObjectUtils.requireNonNull(
-                XmlUtil.getStreamSource(OscalBindingContext.class.getResource("/schema/xml/oscal-poam_schema.xsd"))));
+    retval.add(
+        XmlUtil.getStreamSource(ObjectUtils.requireNonNull(
+            OscalBindingContext.class.getResource("/schema/xml/oscal-poam_schema.xsd"))));
     return CollectionUtil.unmodifiableList(retval);
   }
 
   @Override
-  protected JSONObject getOscalJsonSchema() {
-    return JsonSchemaContentValidator.toJsonObject(
-        ObjectUtils.requireNonNull(
-            OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-poam_schema.json")));
+  protected JSONObject getOscalJsonSchema() throws IOException {
+    try (InputStream is = ObjectUtils.requireNonNull(
+        OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-poam_schema.json"))) {
+      return JsonUtil.toJsonObject(is);
+    }
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ConvertSubcommand.java
index f21deea..60436e8 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ConvertSubcommand.java
@@ -26,8 +26,9 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.profile;
 
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.Profile;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 
 public class ConvertSubcommand
     extends AbstractOscalConvertSubcommand {
@@ -37,7 +38,7 @@ public String getDescription() {
   }
 
   @Override
-  public Class<?> getOscalClass() {
+  public Class<? extends IBoundObject> getOscalClass() {
     return Profile.class;
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ResolveSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ResolveSubcommand.java
index b455e73..b96be9f 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ResolveSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ResolveSubcommand.java
@@ -26,84 +26,22 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.profile;
 
-import gov.nist.secauto.metaschema.binding.io.DeserializationFeature;
-import gov.nist.secauto.metaschema.binding.io.Format;
-import gov.nist.secauto.metaschema.binding.io.IBoundLoader;
-import gov.nist.secauto.metaschema.binding.io.ISerializer;
 import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext;
-import gov.nist.secauto.metaschema.cli.processor.ExitCode;
 import gov.nist.secauto.metaschema.cli.processor.ExitStatus;
-import gov.nist.secauto.metaschema.cli.processor.InvalidArgumentException;
-import gov.nist.secauto.metaschema.cli.processor.OptionUtils;
-import gov.nist.secauto.metaschema.cli.processor.command.AbstractTerminalCommand;
-import gov.nist.secauto.metaschema.cli.processor.command.DefaultExtraArgument;
-import gov.nist.secauto.metaschema.cli.processor.command.ExtraArgument;
-import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor;
-import gov.nist.secauto.metaschema.model.common.metapath.DynamicContext;
-import gov.nist.secauto.metaschema.model.common.metapath.StaticContext;
-import gov.nist.secauto.metaschema.model.common.metapath.item.IDocumentNodeItem;
-import gov.nist.secauto.metaschema.model.common.util.CustomCollectors;
-import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
-import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.lib.model.Catalog;
-import gov.nist.secauto.oscal.lib.model.Profile;
-import gov.nist.secauto.oscal.lib.profile.resolver.ProfileResolutionException;
-import gov.nist.secauto.oscal.lib.profile.resolver.ProfileResolver;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractResolveCommand;
 
 import org.apache.commons.cli.CommandLine;
-import org.apache.commons.cli.Option;
-
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.net.URI;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.List;
-import java.util.Locale;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import edu.umd.cs.findbugs.annotations.NonNull;
 
 public class ResolveSubcommand
-    extends AbstractTerminalCommand {
+    extends AbstractResolveCommand {
+  private static final Logger LOGGER = LogManager.getLogger(ResolveSubcommand.class);
 
   @NonNull
   private static final String COMMAND = "resolve";
-  @NonNull
-  private static final List<ExtraArgument> EXTRA_ARGUMENTS = ObjectUtils.notNull(List.of(
-      new DefaultExtraArgument("file to resolve", true),
-      new DefaultExtraArgument("destination file", false)));
-  @NonNull
-  private static final Option AS_OPTION = ObjectUtils.notNull(
-      Option.builder()
-          .longOpt("as")
-          .hasArg()
-          .argName("FORMAT")
-          .desc("source format: xml, json, or yaml")
-          .build());
-  @NonNull
-  private static final Option TO_OPTION = ObjectUtils.notNull(
-      Option.builder()
-          .longOpt("to")
-          .required()
-          .hasArg().argName("FORMAT")
-          .desc("convert to format: xml, json, or yaml")
-          .build());
-  @NonNull
-  private static final Option OVERWRITE_OPTION = ObjectUtils.notNull(
-      Option.builder()
-          .longOpt("overwrite")
-          .desc("overwrite the destination if it exists")
-          .build());
-  @NonNull
-  private static final List<Option> OPTIONS = ObjectUtils.notNull(
-      List.of(
-          AS_OPTION,
-          TO_OPTION,
-          OVERWRITE_OPTION));
 
   @Override
   public String getName() {
@@ -111,203 +49,9 @@ public String getName() {
   }
 
   @Override
-  public String getDescription() {
-    return "Resolve the specified OSCAL Profile";
-  }
-
-  @Override
-  public Collection<? extends Option> gatherOptions() {
-    return OPTIONS;
-  }
-
-  @Override
-  public List<ExtraArgument> getExtraArguments() {
-    return EXTRA_ARGUMENTS;
-  }
-
-  @SuppressWarnings({
-      "PMD.CyclomaticComplexity", "PMD.CognitiveComplexity", // reasonable
-      "PMD.PreserveStackTrace" // intended
-  })
-  @Override
-  public void validateOptions(CallingContext callingContext, CommandLine cmdLine) throws InvalidArgumentException {
-    if (cmdLine.hasOption(AS_OPTION)) {
-      try {
-        String toFormatText = cmdLine.getOptionValue(AS_OPTION);
-        Format.valueOf(toFormatText.toUpperCase(Locale.ROOT));
-      } catch (IllegalArgumentException ex) {
-        InvalidArgumentException newEx = new InvalidArgumentException(
-            String.format("Invalid '%s' argument. The format must be one of: %s.",
-                OptionUtils.toArgument(AS_OPTION),
-                Arrays.asList(Format.values()).stream()
-                    .map(format -> format.name())
-                    .collect(CustomCollectors.joiningWithOxfordComma("and"))));
-        newEx.setOption(AS_OPTION);
-        newEx.addSuppressed(ex);
-        throw newEx;
-      }
-    }
-
-    if (cmdLine.hasOption(TO_OPTION)) {
-      try {
-        String toFormatText = cmdLine.getOptionValue(TO_OPTION);
-        Format.valueOf(toFormatText.toUpperCase(Locale.ROOT));
-      } catch (IllegalArgumentException ex) {
-        InvalidArgumentException newEx
-            = new InvalidArgumentException("Invalid '--to' argument. The format must be one of: "
-                + Arrays.asList(Format.values()).stream()
-                    .map(format -> format.name())
-                    .collect(CustomCollectors.joiningWithOxfordComma("and")));
-        newEx.setOption(AS_OPTION);
-        newEx.addSuppressed(ex);
-        throw newEx;
-      }
-    }
-
-    List<String> extraArgs = cmdLine.getArgList();
-    if (extraArgs.isEmpty()) {
-      throw new InvalidArgumentException("The source to resolve must be provided.");
-    }
-
-    File source = new File(extraArgs.get(0));
-    if (!source.exists()) {
-      throw new InvalidArgumentException("The provided source '" + source.getPath() + "' does not exist.");
-    }
-    if (!source.canRead()) {
-      throw new InvalidArgumentException("The provided source '" + source.getPath() + "' is not readable.");
-    }
-  }
-
-  @Override
-  public ICommandExecutor newExecutor(CallingContext callingContext, CommandLine cmdLine) {
-    return ICommandExecutor.using(callingContext, cmdLine, this::executeCommand);
-  }
-
-  @SuppressWarnings({
-      "PMD.OnlyOneReturn", // readability
-      "unused"
-  })
-  protected ExitStatus executeCommand(
-      @NonNull CallingContext callingContext,
-      @NonNull CommandLine cmdLine) {
-    List<String> extraArgs = cmdLine.getArgList();
-    Path source = resolvePathAgainstCWD(ObjectUtils.notNull(Paths.get(extraArgs.get(0))));
-
-    IBoundLoader loader = OscalBindingContext.instance().newBoundLoader();
-    loader.disableFeature(DeserializationFeature.DESERIALIZE_VALIDATE_CONSTRAINTS);
-
-    Format asFormat;
-    // attempt to determine the format
-    if (cmdLine.hasOption(AS_OPTION)) {
-      try {
-        String asFormatText = cmdLine.getOptionValue(AS_OPTION);
-        asFormat = Format.valueOf(asFormatText.toUpperCase(Locale.ROOT));
-      } catch (IllegalArgumentException ex) {
-        return ExitCode.INVALID_ARGUMENTS
-            .exitMessage("Invalid '--as' argument. The format must be one of: " + Arrays.stream(Format.values())
-                .map(format -> format.name())
-                .collect(CustomCollectors.joiningWithOxfordComma("or")));
-      }
-    } else {
-      // attempt to determine the format
-      try {
-        asFormat = loader.detectFormat(ObjectUtils.notNull(source));
-      } catch (FileNotFoundException ex) {
-        // this case was already checked for
-        return ExitCode.IO_ERROR.exitMessage("The provided source file '" + source + "' does not exist.");
-      } catch (IOException ex) {
-        return ExitCode.PROCESSING_ERROR.exit().withThrowable(ex);
-      } catch (IllegalArgumentException ex) {
-        return ExitCode.INVALID_ARGUMENTS.exitMessage(
-            "Source file has unrecognizable format. Use '--as' to specify the format. The format must be one of: "
-                + Arrays.stream(Format.values())
-                    .map(format -> format.name())
-                    .collect(CustomCollectors.joiningWithOxfordComma("or")));
-      }
-    }
-
-    source = source.toAbsolutePath();
-
-    Format toFormat;
-    if (cmdLine.hasOption(TO_OPTION)) {
-      String toFormatText = cmdLine.getOptionValue(TO_OPTION);
-      toFormat = Format.valueOf(toFormatText.toUpperCase(Locale.ROOT));
-    } else {
-      toFormat = asFormat;
-    }
-
-    Path destination = null;
-    if (extraArgs.size() == 2) {
-      destination = Paths.get(extraArgs.get(1)).toAbsolutePath();
-    }
-
-    if (destination != null) {
-      if (Files.exists(destination)) {
-        if (!cmdLine.hasOption(OVERWRITE_OPTION)) {
-          return ExitCode.INVALID_ARGUMENTS.exitMessage("The provided destination '" + destination
-              + "' already exists and the --overwrite option was not provided.");
-        }
-        if (!Files.isWritable(destination)) {
-          return ExitCode.IO_ERROR.exitMessage("The provided destination '" + destination + "' is not writable.");
-        }
-      } else {
-        Path parent = destination.getParent();
-        if (parent != null) {
-          try {
-            Files.createDirectories(parent);
-          } catch (IOException ex) {
-            return ExitCode.INVALID_TARGET.exit().withThrowable(ex);
-          }
-        }
-      }
-    }
-
-    IDocumentNodeItem document;
-    try {
-      document = loader.loadAsNodeItem(asFormat, loader.toInputSource(ObjectUtils.notNull(source.toUri())));
-    } catch (IOException ex) {
-      return ExitCode.IO_ERROR.exit().withThrowable(ex);
-    }
-    Object object = document.getValue();
-    if (object instanceof Catalog) {
-      // this is a catalog
-      return ExitCode.INVALID_ARGUMENTS.exitMessage("The target file is already a catalog");
-    } else if (object instanceof Profile) {
-      // this is a profile
-      StaticContext staticContext = new StaticContext();
-      URI sourceUri = ObjectUtils.notNull(source.toUri());
-      staticContext.setBaseUri(sourceUri);
-      DynamicContext dynamicContext = staticContext.newDynamicContext();
-      dynamicContext.setDocumentLoader(loader);
-      ProfileResolver resolver = new ProfileResolver();
-      resolver.setDynamicContext(dynamicContext);
-
-      IDocumentNodeItem resolvedProfile;
-      try {
-        resolvedProfile = resolver.resolve(document);
-      } catch (IOException | ProfileResolutionException ex) {
-        return ExitCode.PROCESSING_ERROR
-            .exitMessage(
-                String.format("Unable to resolve profile '%s'. %s", document.getDocumentUri(), ex.getMessage()))
-            .withThrowable(ex);
-      }
-
-      // DefaultConstraintValidator validator = new DefaultConstraintValidator(dynamicContext);
-      // ((IBoundXdmNodeItem)resolvedProfile).validate(validator);
-      // validator.finalizeValidation();
+  protected ExitStatus executeCommand(CallingContext callingContext, CommandLine cmdLine) {
+    LOGGER.atWarn().log("This command path is deprecated. Please use 'resolve-profile'.");
 
-      ISerializer<Catalog> serializer
-          = OscalBindingContext.instance().newSerializer(toFormat, Catalog.class);
-      try {
-        if (destination == null) {
-          serializer.serialize((Catalog) resolvedProfile.getValue(), ObjectUtils.notNull(System.out));
-        } else {
-          serializer.serialize((Catalog) resolvedProfile.getValue(), destination);
-        }
-      } catch (IOException ex) {
-        return ExitCode.PROCESSING_ERROR.exit().withThrowable(ex);
-      }
-    }
-    return ExitCode.OK.exit();
+    return super.executeCommand(callingContext, cmdLine);
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ValidateSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ValidateSubcommand.java
index 6456b75..7462bd4 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ValidateSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ValidateSubcommand.java
@@ -26,23 +26,24 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.profile;
 
-import gov.nist.secauto.metaschema.binding.io.xml.XmlUtil;
-import gov.nist.secauto.metaschema.model.common.util.CollectionUtil;
-import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
-import gov.nist.secauto.metaschema.model.common.validation.JsonSchemaContentValidator;
+import gov.nist.secauto.metaschema.core.model.util.JsonUtil;
+import gov.nist.secauto.metaschema.core.model.util.XmlUtil;
+import gov.nist.secauto.metaschema.core.util.CollectionUtil;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalValidationSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractDeprecatedOscalValidationSubcommand;
 
 import org.json.JSONObject;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.util.LinkedList;
 import java.util.List;
 
 import javax.xml.transform.Source;
 
 public class ValidateSubcommand
-    extends AbstractOscalValidationSubcommand {
+    extends AbstractDeprecatedOscalValidationSubcommand {
   @Override
   public String getDescription() {
     return "Check that the specified OSCAL Profile is well-formed and valid to the Profile model.";
@@ -52,15 +53,16 @@ public String getDescription() {
   protected List<Source> getOscalXmlSchemas() throws IOException {
     List<Source> retval = new LinkedList<>();
     retval.add(
-        ObjectUtils.requireNonNull(
-            XmlUtil.getStreamSource(OscalBindingContext.class.getResource("/schema/xml/oscal-profile_schema.xsd"))));
+        XmlUtil.getStreamSource(ObjectUtils.requireNonNull(
+            OscalBindingContext.class.getResource("/schema/xml/oscal-profile_schema.xsd"))));
     return CollectionUtil.unmodifiableList(retval);
   }
 
   @Override
-  protected JSONObject getOscalJsonSchema() {
-    return JsonSchemaContentValidator.toJsonObject(
-        ObjectUtils.requireNonNull(
-            OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-profile_schema.json")));
+  protected JSONObject getOscalJsonSchema() throws IOException {
+    try (InputStream is = ObjectUtils.requireNonNull(
+        OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-profile_schema.json"))) {
+      return JsonUtil.toJsonObject(is);
+    }
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ConvertSubcommand.java
index ab14d6d..f233a69 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ConvertSubcommand.java
@@ -26,8 +26,9 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.ssp;
 
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.SystemSecurityPlan;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 
 public class ConvertSubcommand
     extends AbstractOscalConvertSubcommand {
@@ -37,7 +38,7 @@ public String getDescription() {
   }
 
   @Override
-  public Class<?> getOscalClass() {
+  public Class<? extends IBoundObject> getOscalClass() {
     return SystemSecurityPlan.class;
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ValidateSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ValidateSubcommand.java
index 15d2e92..78f0db5 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ValidateSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ValidateSubcommand.java
@@ -26,23 +26,24 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.ssp;
 
-import gov.nist.secauto.metaschema.binding.io.xml.XmlUtil;
-import gov.nist.secauto.metaschema.model.common.util.CollectionUtil;
-import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
-import gov.nist.secauto.metaschema.model.common.validation.JsonSchemaContentValidator;
+import gov.nist.secauto.metaschema.core.model.util.JsonUtil;
+import gov.nist.secauto.metaschema.core.model.util.XmlUtil;
+import gov.nist.secauto.metaschema.core.util.CollectionUtil;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalValidationSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractDeprecatedOscalValidationSubcommand;
 
 import org.json.JSONObject;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.util.LinkedList;
 import java.util.List;
 
 import javax.xml.transform.Source;
 
 public class ValidateSubcommand
-    extends AbstractOscalValidationSubcommand {
+    extends AbstractDeprecatedOscalValidationSubcommand {
   @Override
   public String getDescription() {
     return "Check that the specified OSCAL instance is well-formed and valid to the System Security Plan model.";
@@ -52,15 +53,16 @@ public String getDescription() {
   protected List<Source> getOscalXmlSchemas() throws IOException {
     List<Source> retval = new LinkedList<>();
     retval.add(
-        ObjectUtils.requireNonNull(
-            XmlUtil.getStreamSource(OscalBindingContext.class.getResource("/schema/xml/oscal-ssp_schema.xsd"))));
+        XmlUtil.getStreamSource(ObjectUtils.requireNonNull(
+            OscalBindingContext.class.getResource("/schema/xml/oscal-ssp_schema.xsd"))));
     return CollectionUtil.unmodifiableList(retval);
   }
 
   @Override
-  protected JSONObject getOscalJsonSchema() {
-    return JsonSchemaContentValidator.toJsonObject(
-        ObjectUtils.requireNonNull(
-            OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-ssp_schema.json")));
+  protected JSONObject getOscalJsonSchema() throws IOException {
+    try (InputStream is = ObjectUtils.requireNonNull(
+        OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-ssp_schema.json"))) {
+      return JsonUtil.toJsonObject(is);
+    }
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/operations/XMLOperations.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/operations/XMLOperations.java
index d4ec651..50b07a6 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/operations/XMLOperations.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/operations/XMLOperations.java
@@ -26,7 +26,8 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.operations;
 
-import gov.nist.secauto.metaschema.binding.io.xml.XmlUtil;
+import gov.nist.secauto.metaschema.core.model.util.XmlUtil;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 
 import net.sf.saxon.jaxp.SaxonTransformerFactory;
 
@@ -52,7 +53,8 @@ private XMLOperations() {
 
   public static void renderCatalogHTML(File input, File result) throws IOException, TransformerException {
     render(input, result,
-        XmlUtil.getStreamSource(XMLOperations.class.getResource("/xsl/oscal-for-bootstrap-html.xsl")));
+        XmlUtil.getStreamSource(ObjectUtils.requireNonNull(
+            XMLOperations.class.getResource("/xsl/oscal-for-bootstrap-html.xsl"))));
   }
 
   public static void renderProfileHTML(File input, File result) throws IOException, TransformerException {
@@ -63,12 +65,14 @@ public static void renderProfileHTML(File input, File result) throws IOException
     File temp = File.createTempFile("resolved-profile", ".xml");
 
     try {
-      Transformer transformer = transfomerFactory
-          .newTransformer(XmlUtil.getStreamSource(XMLOperations.class.getResource("/xsl/profile-resolver.xsl")));
+      Transformer transformer = transfomerFactory.newTransformer(
+          XmlUtil.getStreamSource(ObjectUtils.requireNonNull(
+              XMLOperations.class.getResource("/xsl/profile-resolver.xsl"))));
       transformer.transform(new StreamSource(input), new StreamResult(temp));
 
       transformer = transfomerFactory.newTransformer(
-          XmlUtil.getStreamSource(XMLOperations.class.getResource("/xsl/oscal-for-bootstrap-html.xsl")));
+          XmlUtil.getStreamSource(ObjectUtils.requireNonNull(
+              XMLOperations.class.getResource("/xsl/oscal-for-bootstrap-html.xsl"))));
       transformer.transform(new StreamSource(temp), new StreamResult(result));
     } finally {
       if (!temp.delete()) {
@@ -76,8 +80,10 @@ public static void renderProfileHTML(File input, File result) throws IOException
       }
     }
 
-    // TransformerHandler resolverHandler = transfomerFactory.newTransformerHandler(resolver);
-    // TransformerHandler rendererHandler = transfomerFactory.newTransformerHandler(renderer);
+    // TransformerHandler resolverHandler =
+    // transfomerFactory.newTransformerHandler(resolver);
+    // TransformerHandler rendererHandler =
+    // transfomerFactory.newTransformerHandler(renderer);
     //
     // resolverHandler.setResult(new SAXResult(rendererHandler));
     // rendererHandler.setResult(new StreamResult(result));
diff --git a/src/main/resources/log4j2.xml b/src/main/resources/log4j2.xml
index b174b3f..9965634 100644
--- a/src/main/resources/log4j2.xml
+++ b/src/main/resources/log4j2.xml
@@ -2,12 +2,17 @@
 <!DOCTYPE Configuration>
 <Configuration verbose="true">
 	<Appenders>
-		<Console name="console-trace" target="SYSTEM_ERR" immediateFlush="true">
-			<PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n" charset="UTF-8" />
+		<Console name="console-trace" target="SYSTEM_OUT" immediateFlush="true">
+			<PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %highlight{%m}{DEBUG=green, TRACE=blue}%n" charset="UTF-8" />
 			<ThresholdFilter level="INFO" onMatch="DENY" onMismatch="ACCEPT" />
 		</Console>
-		<Console name="console-info" target="SYSTEM_ERR" immediateFlush="true">
-			<PatternLayout pattern="%m%n" charset="UTF-8" />
+		<Console name="console-info" target="SYSTEM_OUT" immediateFlush="true">
+<!-- 			<PatternLayout pattern="%highlight{%m}{WARN=yellow bold, INFO=magenta}%n" charset="UTF-8" />-->
+			<PatternLayout charset="UTF-8">
+				<LevelPatternSelector defaultPattern="%m%n">
+					<PatternMatch key="WARN" pattern="%style{%m}{bright yellow}%n"/>
+				</LevelPatternSelector>
+			</PatternLayout>
 			<Filters>
 				<ThresholdFilter level="ERROR" onMatch="DENY" onMismatch="ACCEPT" />
 				<ThresholdFilter level="DEBUG" onMatch="DENY" onMismatch="NEUTRAL" />
@@ -16,7 +21,12 @@
 		</Console>
 		<Console name="console-error" target="SYSTEM_ERR" immediateFlush="true">
 <!--			<PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n" charset="UTF-8" />-->
-			<PatternLayout pattern="%m%n" charset="UTF-8" />
+			<PatternLayout charset="UTF-8">
+				<LevelPatternSelector defaultPattern="%style{%m}{bright red}%n">
+					<PatternMatch key="FATAL" pattern="%style{%-5level: %m}{bright magenta}%n"/>
+				</LevelPatternSelector>
+			</PatternLayout>
+<!--			<PatternLayout pattern="%highlight{%m%n}{FATAL=red blink, ERROR=red bold}" charset="UTF-8" />-->
 			<ThresholdFilter level="ERROR" onMatch="ACCEPT" onMismatch="DENY" />
 		</Console>
 	</Appenders>
diff --git a/src/test/java/gov/nist/secauto/oscal/tools/cli/core/CLITest.java b/src/test/java/gov/nist/secauto/oscal/tools/cli/core/CLITest.java
index 80351e4..2ebe391 100644
--- a/src/test/java/gov/nist/secauto/oscal/tools/cli/core/CLITest.java
+++ b/src/test/java/gov/nist/secauto/oscal/tools/cli/core/CLITest.java
@@ -30,26 +30,30 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 
-import gov.nist.secauto.metaschema.binding.io.Format;
 import gov.nist.secauto.metaschema.cli.processor.ExitCode;
 import gov.nist.secauto.metaschema.cli.processor.ExitStatus;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
+import gov.nist.secauto.metaschema.databind.io.Format;
 import gov.nist.secauto.oscal.lib.profile.resolver.ProfileResolutionException;
 
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 
+import java.io.IOException;
+import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.stream.Stream;
 
 import edu.umd.cs.findbugs.annotations.NonNull;
 
-public class CLITest {
+class CLITest {
   void evaluateResult(@NonNull ExitStatus status, @NonNull ExitCode expectedCode) {
     status.generateMessage(true);
     assertAll(
@@ -61,13 +65,26 @@ void evaluateResult(@NonNull ExitStatus status, @NonNull ExitCode expectedCode,
       @NonNull Class<? extends Throwable> thrownClass) {
     status.generateMessage(true);
     Throwable thrown = status.getThrowable();
-    assert thrown != null;
     assertAll(
         () -> assertEquals(expectedCode, status.getExitCode(), "exit code mismatch"),
-        () -> assertEquals(thrownClass, thrown.getClass(), "expected Throwable mismatch"));
+        () -> assertEquals(
+            thrownClass,
+            thrown == null ? null : thrown.getClass(),
+            "Throwable mismatch"));
   }
 
-  private static Stream<Arguments> providesValues() {
+  private static String generateOutputPath(@NonNull Path source, @NonNull Format targetFormat) throws IOException {
+    String filename = ObjectUtils.notNull(source.getFileName()).toString();
+
+    int pos = filename.lastIndexOf('.');
+    filename = filename.substring(0, pos) + "_converted" + targetFormat.getDefaultExtension();
+
+    Path dir = Files.createDirectories(Path.of("target/oscal-cli-convert"));
+
+    return dir.resolve(filename).toString();
+  }
+
+  private static Stream<Arguments> providesValues() throws IOException {
     final String[] commands = { "ap", "ar", "catalog", "component-definition", "profile", "poam", "ssp" };
     final Map<Format, List<Format>> formatEntries = Map.of(
         Format.XML, Arrays.asList(Format.JSON, Format.YAML),
@@ -76,42 +93,155 @@ private static Stream<Arguments> providesValues() {
     List<Arguments> values = new ArrayList<>();
 
     values.add(Arguments.of(new String[] { "--version" }, ExitCode.OK, null));
-    // TODO: Test all data formats once usnistgov/oscal-cli#216 fix merged.
-    Path path = Paths.get("src/test/resources/cli/example_profile_invalid" + Format.XML.getDefaultExtension());
-    values.add(
-        Arguments.of(new String[] { "profile", "resolve", "--to=" + Format.XML.name().toLowerCase(), path.toString() },
-            ExitCode.PROCESSING_ERROR, ProfileResolutionException.class));
-
     for (String cmd : commands) {
+      // test helps
       values.add(Arguments.of(new String[] { cmd, "validate", "-h" }, ExitCode.OK, null));
-      // TODO: Update when usnistgov/oscal-cli#210 fix merged.
-      values.add(Arguments.of(new String[] { cmd, "convert", "-h" }, ExitCode.INVALID_COMMAND, null));
+      values.add(Arguments.of(new String[] { cmd, "convert", "-h" }, ExitCode.OK, null));
 
       for (Format format : Format.values()) {
-        path = Paths.get("src/test/resources/cli/example_" + cmd + "_invalid" + format.getDefaultExtension());
-        values.add(Arguments.of(new String[] { cmd, "validate", path.toString() }, ExitCode.FAIL, null));
-        path = Paths.get("src/test/resources/cli/example_" + cmd + "_valid" + format.getDefaultExtension());
-        values.add(Arguments.of(new String[] { cmd, "validate", path.toString() }, ExitCode.OK, null));
-        path = Paths.get("src/test/resources/cli/example_profile_valid" + format.getDefaultExtension());
-        List<Format> targetFormats = formatEntries.get(format);
-        for (Format targetFormat : targetFormats) {
-          path = Paths.get("src/test/resources/cli/example_" + cmd + "_valid" + format.getDefaultExtension());
-          String outputPath = path.toString().replace(format.getDefaultExtension(),
-              "_converted" + targetFormat.getDefaultExtension());
-          values.add(Arguments.of(new String[] { cmd, "convert", "--to=" + targetFormat.name().toLowerCase(),
-              path.toString(), outputPath, "--overwrite" }, ExitCode.OK, null));
-          // TODO: Update when usnistgov/oscal#217 fix merged.
-          path = Paths.get("src/test/resources/cli/example_" + cmd + "_invalid" + format.getDefaultExtension());
-          outputPath = path.toString().replace(format.getDefaultExtension(),
-              "_converted" + targetFormat.getDefaultExtension());
-          values.add(Arguments.of(new String[] { cmd, "convert", "--to=" + targetFormat.name().toLowerCase(),
-              path.toString(), outputPath, "--overwrite" }, ExitCode.OK, null));
+        String sourceExtension = format.getDefaultExtension();
+        // test command path-specific commands
+        values.add(
+            Arguments.of(
+                new String[] {
+                    cmd,
+                    "validate",
+                    "-o",
+                    "target/" + cmd + "-invalid-" + format.name().toLowerCase(Locale.ROOT) + "-sarif.json",
+                    Paths.get("src/test/resources/cli/example_" + cmd + "_invalid" + sourceExtension).toString()
+                },
+                ExitCode.FAIL,
+                null));
+        values.add(
+            Arguments.of(
+                new String[] {
+                    cmd,
+                    "validate",
+                    "-o",
+                    "target/" + cmd + "-valid-" + format.name().toLowerCase(Locale.ROOT) + "-sarif.json",
+                    Paths.get("src/test/resources/cli/example_" + cmd + "_valid" + sourceExtension).toString()
+                },
+                ExitCode.OK,
+                null));
+
+        // test general commands
+        values.add(
+            Arguments.of(
+                new String[] {
+                    "validate",
+                    "-o",
+                    "target/" + cmd + "-invalid-" + format.name().toLowerCase(Locale.ROOT) + "-sarif.json",
+                    Paths.get("src/test/resources/cli/example_" + cmd + "_invalid" + sourceExtension).toString()
+                },
+                ExitCode.FAIL,
+                null));
+        values.add(
+            Arguments.of(
+                new String[] {
+                    "validate",
+                    "-o",
+                    "target/" + cmd + "-valid-" + format.name().toLowerCase(Locale.ROOT) + "-sarif.json",
+                    Paths.get("src/test/resources/cli/example_" + cmd + "_valid" + sourceExtension).toString()
+                },
+                ExitCode.OK,
+                null));
+
+        for (Format targetFormat : formatEntries.get(format)) {
+          Path path = Paths.get("src/test/resources/cli/example_" + cmd + "_valid" + sourceExtension);
+          // test command path-specific command
+          values.add(
+              Arguments.of(
+                  new String[] {
+                      cmd,
+                      "convert",
+                      "--to=" + targetFormat.name().toLowerCase(Locale.ROOT),
+                      path.toString(),
+                      generateOutputPath(path, targetFormat),
+                      "--overwrite"
+                  },
+                  ExitCode.OK,
+                  null));
+          // test general command
+          values.add(
+              Arguments.of(
+                  new String[] {
+                      "convert",
+                      "--to=" + targetFormat.name().toLowerCase(Locale.ROOT),
+                      path.toString(),
+                      generateOutputPath(path, targetFormat),
+                      "--overwrite"
+                  },
+                  ExitCode.OK,
+                  null));
+
+          // test command path-specific command
+          path = Paths.get("src/test/resources/cli/example_" + cmd + "_invalid" + sourceExtension);
+          values.add(
+              Arguments.of(
+                  new String[] {
+                      cmd,
+                      "convert",
+                      "--to=" + targetFormat.name().toLowerCase(Locale.ROOT),
+                      path.toString(),
+                      generateOutputPath(path, targetFormat),
+                      "--overwrite"
+                  },
+                  ExitCode.OK,
+                  null));
+          // test general command
+          values.add(
+              Arguments.of(
+                  new String[] {
+                      "convert",
+                      "--to=" + targetFormat.name().toLowerCase(Locale.ROOT),
+                      path.toString(),
+                      generateOutputPath(path, targetFormat),
+                      "--overwrite"
+                  },
+                  ExitCode.OK,
+                  null));
         }
-        if (cmd == "profile") {
-          path = Paths.get("src/test/resources/cli/example_profile_valid" + format.getDefaultExtension());
-          values
-              .add(Arguments.of(new String[] { cmd, "resolve", "--to=" + format.name().toLowerCase(), path.toString() },
-                  ExitCode.OK, null));
+        if ("profile".equals(cmd)) {
+          // test command path-specific command
+          values.add(
+              Arguments.of(
+                  new String[] {
+                      "profile",
+                      "resolve",
+                      "--to=" + format.name().toLowerCase(Locale.ROOT),
+                      Paths.get("src/test/resources/cli/example_profile_valid" + sourceExtension).toString()
+                  },
+                  ExitCode.OK,
+                  null));
+          values.add(
+              Arguments.of(
+                  new String[] {
+                      "profile",
+                      "resolve",
+                      "--to=" + format.name().toLowerCase(Locale.ROOT),
+                      Paths.get("src/test/resources/cli/example_profile_invalid" + sourceExtension).toString()
+                  },
+                  ExitCode.PROCESSING_ERROR,
+                  ProfileResolutionException.class));
+          // test general command
+          values.add(
+              Arguments.of(
+                  new String[] {
+                      "resolve-profile",
+                      "--to=" + format.name().toLowerCase(Locale.ROOT),
+                      Paths.get("src/test/resources/cli/example_profile_valid" + sourceExtension).toString()
+                  },
+                  ExitCode.OK,
+                  null));
+          values.add(
+              Arguments.of(
+                  new String[] {
+                      "resolve-profile",
+                      "--to=" + format.name().toLowerCase(Locale.ROOT),
+                      Paths.get("src/test/resources/cli/example_profile_invalid" + sourceExtension).toString()
+                  },
+                  ExitCode.PROCESSING_ERROR,
+                  ProfileResolutionException.class));
         }
       }
     }
diff --git a/src/test/java/gov/nist/secauto/oscal/tools/cli/core/NullYamlValuesTest.java b/src/test/java/gov/nist/secauto/oscal/tools/cli/core/NullYamlValuesTest.java
index 0e637b0..08190c4 100644
--- a/src/test/java/gov/nist/secauto/oscal/tools/cli/core/NullYamlValuesTest.java
+++ b/src/test/java/gov/nist/secauto/oscal/tools/cli/core/NullYamlValuesTest.java
@@ -28,9 +28,9 @@
 
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
-import gov.nist.secauto.metaschema.binding.io.Format;
-import gov.nist.secauto.metaschema.binding.io.IBoundLoader;
-import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
+import gov.nist.secauto.metaschema.databind.io.Format;
+import gov.nist.secauto.metaschema.databind.io.IBoundLoader;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
 import gov.nist.secauto.oscal.lib.model.AssessmentResults;
 
@@ -38,9 +38,9 @@
 import org.junit.jupiter.api.Test;
 
 import java.io.IOException;
-import java.net.URISyntaxException;
+import java.nio.file.Paths;
 
-public class NullYamlValuesTest {
+class NullYamlValuesTest {
   private static OscalBindingContext bindingContext;
   private static IBoundLoader loader;
 
@@ -52,11 +52,12 @@ static void initialize() {
 
   @SuppressWarnings("null")
   @Test
-  void testLoadYamlNullVar1() throws IOException, URISyntaxException {
-    // the YAML catalog is currently malformed, this will create a proper one for this test
+  void testLoadYamlNullVar1() throws IOException {
+    // the YAML catalog is currently malformed, this will create a proper one for
+    // this test
     AssessmentResults data
         = loader.load(
-            ObjectUtils.requireNonNull(NullYamlValuesTest.class.getResource("/yaml-null/example_ar_nullvar-1.yaml")));
+            ObjectUtils.requireNonNull(Paths.get("src/test/resources/yaml-null/example_ar_nullvar-1.yaml")));
 
     bindingContext.newSerializer(Format.XML, AssessmentResults.class).serialize(data, System.out);
     bindingContext.newSerializer(Format.JSON, AssessmentResults.class).serialize(data, System.out);
@@ -67,11 +68,12 @@ void testLoadYamlNullVar1() throws IOException, URISyntaxException {
 
   @SuppressWarnings("null")
   @Test
-  void testLoadYamlNullVar2() throws IOException, URISyntaxException {
-    // the YAML catalog is currently malformed, this will create a proper one for this test
+  void testLoadYamlNullVar2() throws IOException {
+    // the YAML catalog is currently malformed, this will create a proper one for
+    // this test
     AssessmentResults data
         = loader.load(
-            ObjectUtils.requireNonNull(NullYamlValuesTest.class.getResource("/yaml-null/example_ar_nullvar-2.yaml")));
+            ObjectUtils.requireNonNull(Paths.get("src/test/resources/yaml-null/example_ar_nullvar-2.yaml")));
 
     bindingContext.newSerializer(Format.XML, AssessmentResults.class).serialize(data, System.out);
     bindingContext.newSerializer(Format.JSON, AssessmentResults.class).serialize(data, System.out);
@@ -82,11 +84,12 @@ void testLoadYamlNullVar2() throws IOException, URISyntaxException {
 
   @SuppressWarnings("null")
   @Test
-  void testLoadYamlNullVar3() throws IOException, URISyntaxException {
-    // the YAML catalog is currently malformed, this will create a proper one for this test
+  void testLoadYamlNullVar3() throws IOException {
+    // the YAML catalog is currently malformed, this will create a proper one for
+    // this test
     AssessmentResults data
         = loader.load(
-            ObjectUtils.requireNonNull(NullYamlValuesTest.class.getResource("/yaml-null/example_ar_nullvar-3.yaml")));
+            ObjectUtils.requireNonNull(Paths.get("src/test/resources/yaml-null/example_ar_nullvar-3.yaml")));
 
     bindingContext.newSerializer(Format.XML, AssessmentResults.class).serialize(data, System.out);
     bindingContext.newSerializer(Format.JSON, AssessmentResults.class).serialize(data, System.out);
diff --git a/src/test/java/gov/nist/secauto/oscal/tools/cli/core/commands/Issue96ClassLoaderTest.java b/src/test/java/gov/nist/secauto/oscal/tools/cli/core/commands/Issue96ClassLoaderTest.java
index f95e1b4..da71f20 100644
--- a/src/test/java/gov/nist/secauto/oscal/tools/cli/core/commands/Issue96ClassLoaderTest.java
+++ b/src/test/java/gov/nist/secauto/oscal/tools/cli/core/commands/Issue96ClassLoaderTest.java
@@ -28,14 +28,12 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
-
 import org.junit.jupiter.api.Test;
 
 class Issue96ClassLoaderTest {
   /**
-   * Regression tests for usnistgov/oscal-cli#96. See information at this URL for more details.
-   * https://github.com/usnistgov/oscal-cli/issues/96
+   * Regression tests for usnistgov/oscal-cli#96. See information at this URL for
+   * more details. https://github.com/usnistgov/oscal-cli/issues/96
    */
   @Test
   void testAssessmentPlanClassLoader() {
diff --git a/src/test/resources/cli/example_ap_invalid.yml b/src/test/resources/cli/example_ap_invalid.yaml
similarity index 100%
rename from src/test/resources/cli/example_ap_invalid.yml
rename to src/test/resources/cli/example_ap_invalid.yaml
diff --git a/src/test/resources/cli/example_ap_valid.yml b/src/test/resources/cli/example_ap_valid.yaml
similarity index 100%
rename from src/test/resources/cli/example_ap_valid.yml
rename to src/test/resources/cli/example_ap_valid.yaml
diff --git a/src/test/resources/cli/example_ar_invalid.yml b/src/test/resources/cli/example_ar_invalid.yaml
similarity index 100%
rename from src/test/resources/cli/example_ar_invalid.yml
rename to src/test/resources/cli/example_ar_invalid.yaml
diff --git a/src/test/resources/cli/example_ar_valid.yml b/src/test/resources/cli/example_ar_valid.yaml
similarity index 100%
rename from src/test/resources/cli/example_ar_valid.yml
rename to src/test/resources/cli/example_ar_valid.yaml
diff --git a/src/test/resources/cli/example_catalog_invalid.yml b/src/test/resources/cli/example_catalog_invalid.yaml
similarity index 100%
rename from src/test/resources/cli/example_catalog_invalid.yml
rename to src/test/resources/cli/example_catalog_invalid.yaml
diff --git a/src/test/resources/cli/example_catalog_valid.yml b/src/test/resources/cli/example_catalog_valid.yaml
similarity index 100%
rename from src/test/resources/cli/example_catalog_valid.yml
rename to src/test/resources/cli/example_catalog_valid.yaml
diff --git a/src/test/resources/cli/example_component-definition_invalid.yml b/src/test/resources/cli/example_component-definition_invalid.yaml
similarity index 100%
rename from src/test/resources/cli/example_component-definition_invalid.yml
rename to src/test/resources/cli/example_component-definition_invalid.yaml
diff --git a/src/test/resources/cli/example_component-definition_valid.yml b/src/test/resources/cli/example_component-definition_valid.yaml
similarity index 100%
rename from src/test/resources/cli/example_component-definition_valid.yml
rename to src/test/resources/cli/example_component-definition_valid.yaml
diff --git a/src/test/resources/cli/example_poam_invalid.yml b/src/test/resources/cli/example_poam_invalid.yaml
similarity index 100%
rename from src/test/resources/cli/example_poam_invalid.yml
rename to src/test/resources/cli/example_poam_invalid.yaml
diff --git a/src/test/resources/cli/example_poam_valid.yml b/src/test/resources/cli/example_poam_valid.yaml
similarity index 100%
rename from src/test/resources/cli/example_poam_valid.yml
rename to src/test/resources/cli/example_poam_valid.yaml
diff --git a/src/test/resources/cli/example_profile_invalid.yml b/src/test/resources/cli/example_profile_invalid.yaml
similarity index 100%
rename from src/test/resources/cli/example_profile_invalid.yml
rename to src/test/resources/cli/example_profile_invalid.yaml
diff --git a/src/test/resources/cli/example_profile_valid.yml b/src/test/resources/cli/example_profile_valid.yaml
similarity index 100%
rename from src/test/resources/cli/example_profile_valid.yml
rename to src/test/resources/cli/example_profile_valid.yaml
diff --git a/src/test/resources/cli/example_ssp_invalid.yml b/src/test/resources/cli/example_ssp_invalid.yaml
similarity index 100%
rename from src/test/resources/cli/example_ssp_invalid.yml
rename to src/test/resources/cli/example_ssp_invalid.yaml
diff --git a/src/test/resources/cli/example_ssp_valid.yml b/src/test/resources/cli/example_ssp_valid.yaml
similarity index 100%
rename from src/test/resources/cli/example_ssp_valid.yml
rename to src/test/resources/cli/example_ssp_valid.yaml