Add Registry and Resources

README.md

@@ -24,11 +24,11 @@ The FedRAMP PMO is releasing the following OSCAL content:
 
 *The FedRAMP OSCAL templates, registry, and implementation guides for rev 5 will be released in a few weeks*.
 
-- **FedRAMP OSCAL Templates:** The template files are pre-populated with FedRAMP extensions, defined-identifiers, and conformity tags where practical. They also include sample data, and are the basis for their respective guidance documents above. The FedRAMP OSCAL SSP, SAP, SAR, and POA&M template will be available soon in XML, JSON, and YAML formats.
+- **FedRAMP OSCAL Templates:** The template files are pre-populated with FedRAMP extensions, defined-identifiers, and conformity tags where practical. They also include sample data, and are the basis for their respective guidance documents above. The FedRAMP OSCAL SSP, SAP, SAR, and POA&M template are now available [here](./documents/) in XML, JSON, and YAML formats.
 
-- **FedRAMP OSCAL Registry** This registry is the authoritative source for all FedRAMP extensions to the OSCAL syntax, FedRAMP-defined identifiers, and accepted values. The FedRAMP OSCAL Registry will be available soon in XML format.
+- **FedRAMP OSCAL Registry** This registry is the authoritative source for all FedRAMP extensions to the OSCAL syntax, FedRAMP-defined identifiers, and accepted values. The FedRAMP OSCAL Registry is now available [here](./dist/content/rev5/resources) in XML format.
 
-- **Implementation Guides:** These documents help tool developers and content authors ensure any generated OSCAL-based FedRAMP deliverabes are fully compliant with FedRAMP’s extensions, defined identifiers, conformity tags, and acceptable values. The FedRAMP OSCAL implementation guides will be available soon in PDF format.
+- **Implementation Guides:** These documents help tool developers and content authors ensure any generated OSCAL-based FedRAMP deliverabes are fully compliant with FedRAMP’s extensions, defined identifiers, conformity tags, and acceptable values. The FedRAMP OSCAL implementation guides is now available [here](./documents/) in PDF format.
 
 Please ask questions or provide feedback on the items above above either via email to [[email protected]](mailto:[email protected]), as a comment to an existing [issue](https://github.com/GSA/fedramp-automation/issues), or as a new [issue](https://github.com/GSA/fedramp-automation/issues).
 

documents/README.md

@@ -4,27 +4,26 @@
 
 The following FedRAMP guides, based on the Open Security Controls Assessment Language (OSCAL), are available:
 
-- **Guide to OSCAL-based FedRAMP Content** <span style='color:red'>[START HERE]</span> ([rev 4](./rev4/Guide_to_OSCAL-based_FedRAMP_Content.pdf) | rev 5)
+- **Guide to OSCAL-based FedRAMP Content** <span style='color:red'>[START HERE]</span> ([rev 4](./rev4/Guide_to_OSCAL-based_FedRAMP_Content_rev4.pdf) | [rev 5](./rev5/Guide_to_OSCAL-based_FedRAMP_Content_rev5.pdf))
 
-- **Guide to OSCAL-based FedRAMP System Security Plans (SSP)** ([rev 4](./rev4/Guide_to_OSCAL-based_FedRAMP_System_Security_Plans_(SSP).pdf) | rev 5)
+- **Guide to OSCAL-based FedRAMP System Security Plans (SSP)** ([rev 4](./rev4/Guide_to_OSCAL-based_FedRAMP_System_Security_Plans_(SSP)_rev4.pdf) | [rev 5](./rev5/Guide_to_OSCAL-based_FedRAMP_System_Security_Plans_(SSP)_rev5.pdf))
 
-- **Guide to OSCAL-based FedRAMP Security Assessment Plans (SAP)** ([rev 4](./rev4/Guide_to_OSCAL-based_FedRAMP_Security_Assessment_Plans_(SAP).pdf) | rev 5)
+- **Guide to OSCAL-based FedRAMP Security Assessment Plans (SAP)** ([rev 4](./rev4/Guide_to_OSCAL-based_FedRAMP_Security_Assessment_Plans_(SAP)_rev4.pdf) | [rev 5](./rev5/Guide_to_OSCAL-based_FedRAMP_Security_Assessment_Plans_(SAP)_rev5.pdf))
 
-- **Guide to OSCAL-based FedRAMP Security Assessment Results (SAR)** ([rev 4](./rev4/Guide_to_OSCAL-based_FedRAMP_Security_Assessment_Results_(SAR).pdf) | rev 5)
+- **Guide to OSCAL-based FedRAMP Security Assessment Results (SAR)** ([rev 4](./rev4/Guide_to_OSCAL-based_FedRAMP_Security_Assessment_Results_(SAR).pdf) | [rev 5](./rev5/Guide_to_OSCAL-based_FedRAMP_Security_Assessment_Results_(SAR)_rev5.pdf))
 
-- **Guide to OSCAL-based FedRAMP Plan of Action and Milestones (POA&M)** ([rev 4](./rev4/Guide_to_OSCAL-based_FedRAMP_Plan_of_Action_and_Milestones_(POAM).pdf) | rev 5)
+- **Guide to OSCAL-based FedRAMP Plan of Action and Milestones (POA&M)** ([rev 4](./rev4/Guide_to_OSCAL-based_FedRAMP_Plan_of_Action_and_Milestones_(POAM)_rev4.pdf) | [rev 5](./rev5/Guide_to_OSCAL-based_FedRAMP_Plan_of_Action_and_Milestones_(POAM)_rev5.pdf))
 
 - **FedRAMP OSCAL Vendor Resource Summary** ([rev 4](./rev4/FedRAMP_OSCAL_Vendor_Resources.pdf) | rev 5)
 
 ---
+## FedRAMP OSCAL Registry
 
 The FedRAMP OSCAL Registry is now a machine-readable file using the NIST OSCAL Extensions Model:
 
-- FedRAMP Extensions XML - ([rev 4](../dist/content/rev4/resources/xml/FedRAMP_extensions.xml) | rev 5)
-- FedRAMP Extensions JSON - ([rev 4](../dist/content/rev4/resources/json/FedRAMP_extensions.json) | rev 5)
-- FedRAMP Extensions HTML - ([rev 4](./rev4/FedRAMP_extensions.html) | rev 5)
-- FedRAMP Extensions PDF - ([rev 4](./rev4/FedRAMP_extensions.pdf) | rev 5)
+- FedRAMP Extensions XML - ([rev 4](../dist/content/rev4/resources/xml/FedRAMP_extensions.xml) | [rev 5](../dist/content/rev5/resources/xml/FedRAMP_extensions.xml))
+- FedRAMP Extensions JSON - ([rev 4](../dist/content/rev4/resources/json/FedRAMP_extensions.json) | [rev 5](../dist/content/rev5/resources/json/FedRAMP_extensions.json))
+- FedRAMP Extensions HTML - ([rev 4 only](./rev4/FedRAMP_extensions.html))
+- FedRAMP Extensions PDF - ([rev 4 only](./rev4/FedRAMP_extensions.pdf))
 
----
-
-***NOTE: The rev 5 version of the FedRAMP content above is coming soon.***
+---

documents/rev4/README.md

@@ -15,10 +15,9 @@ This includes the following content:
 - **[Guide to OSCAL-based FedRAMP Plan of Action and Milestones (POA&M)](./Guide_to_OSCAL-based_FedRAMP_Plan_of_Action_and_Milestones_(POAM)_rev4.pdf)**
 
 **NOTE: The FedRAMP OSCAL Registry is now a machine-readable file using the DRAFT NIST OSCAL Extensions Model**
-- [xml](../../dist/content/resources/xml/FedRAMP_extensions.xml)
-- [json](../../dist/content/resources/json/FedRAMP_extensions.json)
-- [html](../FedRAMP_extensions.html)
-- [pdf](FedRAMP_Extensions.pdf)
-
-- **[FedRAMP OSCAL Vendor Resource Summary](./FedRAMP_OSCAL_Vendor_Resources.pdf)**
+- [xml](../../dist/content/rev4/resources/xml/FedRAMP_extensions.xml)
+- [json](../../dist/content/rev4/resources/json/FedRAMP_extensions.json)
+- [html](./FedRAMP_extensions.html)
+- [pdf](./FedRAMP_Extensions.pdf)
 
+- **[FedRAMP OSCAL Vendor Resource Summary](./FedRAMP_OSCAL_Vendor_Resources.pdf)**

src/content/rev5/resources/README.md

@@ -1,10 +1,50 @@
 <img src="https://github.com/GSA/fedramp-automation/raw/master/assets/FedRAMP_LOGO.png" alt="FedRAMP" width="76" height="94"><br />
 # Federal Risk and Authorization Management Program (FedRAMP) Automation
 
-## FedRAMP OSCAL Registry
+## FedRAMP OSCAL Resources
+
+These resources are experimental drafts, undergoing further updates in the near future.
+You are welcome to use them and provide feedback.
+Please let us know if you find them valuable.
+
+## FedRAMP OSCAL Registry and Resource Inventory
+
+The following resources are provided in both XML and JSON formats:
+- FedRAMP Extensions ([fedramp_extensions.xml](xml/fedramp_values.xml), [fedramp_values.json](json/fedramp_values.json))
+- FedRAMP Information Types ([fedramp_information-types.xml](xml/fedramp_information-types.xml), [fedramp_information-types.json](json/fedramp_information-types.json))
+
+### FedRAMP Values
+
+For your convenience, this file provides machine-readable constructs containing the acceptable values found in the FedRAMP OSCAL Registry [Acceptable Values (AV) Tab], as well as other helpful values.
+
+The content is provided in both XML and JSON formats. It is experimental and not documented at this time. It is also subject to change based on feedback.
+
+### FedRAMP Information Types
+
+The OSCAL-based SSP syntax allows an SSP author to identify the information ID of each information type within the system. FedRAMP only accepts NIST 800-60, Volume 2, Release 1 information types. 
+
+For your convenience, this file provides tool developers the relevant 800-60 V2R1 identifiers and associated details in both XML and JSON formats. 
+
+- JSON Format: nist-sp-800-60_vol2.json
+- XML Format: nist-sp-800-60_vol2.xml
+
+In anticipation of future changes to the information type references, such as when NIST updates SP 800-60 Volume 2, information types should be queried from this file using both the information-type id and the system, where these values match those in the information-type-id assembly within the SSP syntax.
+
+For example, an OSCAL-based FedRAMP SSP may contain the following:
+```
+<system-information>
+	<information-type name="Information Type Name" uuid="uuid-value">
+		<information-type-id system="https://doi.org/10.6028/NIST.SP.800-60v2r1">
+			C.2.4.1
+		</information-type-id>
+		<!-- cut -->
+</system-information>
+```
+
+The  file should be queried based on both:
+- `system = "https://doi.org/10.6028/NIST.SP.800-60v2r1"`; and
+- `id = "C.2.4.1"`
+
+
+
 
-Coming soon.  The following FedRAMP OSCAL registry items will be published in the next few weeks:
-- FedRAMP Extensions (XML)
-- FedRAMP Threats (XML)
-- FedRAMP Values (XML)
-- FedRAMP Information Types (XML)