Sync OSCAL Content

This tutorial provides how to use complyscribe sync-oscal-content sync OSCAL models to cac-content.

Currently, this command has three sub-command: component-definition and profile and catalog

Component-definition#

This command is to sync OSCAL Component Definition information to CaC content side.

The CLI performs the following sync:

• Sync OSCAL Component Definition parameters/rules changes to CaC content profile file
• Sync OSCAL Component Definition parameters/rules changes to CaC content control file
• Add a hint comment to the control file when a missing rule is found in the CaC content repo.
• Sync OSCAL Component Definition control status changes to CaC content control file. Since status mapping between cac and OSCAL is many-to-many relationship, if status can not be determined when sync, then add a comment to let user decide. Discussion detail in doc
• Add new option to cac var file when found variable exists but missing the option we sync.
• Sync OSCAL Component Definition statements field to CaC control notes field

1. Prerequisites#

• Initialize the complyscribe workspace.

• Clone the cac-content repository.

• Has an OSCAL Component Definition file, (transformed from CaC content using sync-cac-content component-definition cmd)

2. Run The CLI Sync-oscal-content Component-definition#

poetry run complyscribe sync-oscal-content component-definition \ 
--branch main \
--cac-content-root $cac_content_root_dir \
--committer-name tester \
--committer-email tester@redhat.com \
--dry-run \
--repo-path $complyscribe_workspace_root_dir \
--product $product-name \
--oscal-profile $oscal-profile-name

For more details about these options and additional flags, you can use the –help flag: poetry run complyscribe sync-oscal-content component-definition --help This will display a full list of available options and their descriptions.

Profile#

This command is to sync OSCAL Profile information to CaC content side.

The CLI performs the following sync:

• Sync OSCAL Profile control levels change to CaC control files

1. Prerequisites#

• Initialize the complyscribe workspace.

• Clone the cac-content repository.

• Have OSCAL Profile file, (transformed from CaC content using sync-cac-content profile cmd)

2. Run The CLI Sync-oscal-content Profile#

poetry run complyscribe sync-oscal-content profile \
--dry-run \
--repo-path $complyscribe_workspace_root_dir \
--committer-email tester@redhat.com \
--committer-name tester \
--branch main \
--cac-content-root $cac_content_root_dir \
--cac-policy-id cis_rhel8 \
--product rhel8

For more details about these options and additional flags, you can use the –help flag: poetry run complyscribe sync-oscal-content profile --help This will display a full list of available options and their descriptions.

Catalog#

This command is to sync OSCAL Catalog information to CaC content side.

The CLI performs the following sync:

• Sync OSCAL Catalog control parts field change to CaC control files control description field

1. Prerequisites#

• Initialize the complyscribe workspace.

• Clone the cac-content repository.

• An OSCAL Catalog file, (transformed from CaC content using sync-cac-content catalog cmd)

2. Run The CLI Sync-oscal-content Catalog#

poetry run complyscribe sync-oscal-content catalog \
--cac-policy-id nist_ocp4 \
--cac-content-root $cac_content_root_dir \
--repo-path $complyscribe_workspace_root_dir \
--committer-name tester \
--committer-email tester@redhat.com \
--branch main \
--dry-run

For more details about these options and additional flags, you can use the –help flag: poetry run complyscribe sync-oscal-content catalog --help This will display a full list of available options and their descriptions.