GSA · Rene2mt · Oct 28, 2024 · Oct 31, 2024
@@ -1,4 +1,4 @@
 https://search.usa.gov/search
 http://csrc.nist.gov/ns/*
-https://fedramp.gov/ns/*
+http://fedramp.gov/ns/*
 http://www.first.org/cvss/v3
@@ -33,7 +33,7 @@ cybersecurity frameworks. They designed OSCAL to be extended where
 unique needs existed.
 
 {{<callout>}}
-_All FedRAMP extensions include a namespace (ns) flag set to `https://fedramp.gov/ns/oscal`._
+_All FedRAMP extensions include a namespace (ns) flag set to `http://fedramp.gov/ns/oscal`._
 {{</callout>}}
 
 NIST allows organizations to extend OSCAL anyplace `prop` fields or `part`
@@ -57,7 +57,7 @@ in their own name space without concern for overlapping names. The above
 approach ensures two different organizations can create their
 own extensions without concern for reusing the same name values.
 
-All FedRAMP extensions must have a namespace (`ns`) flag set to `https://fedramp.gov/ns/oscal`.
+All FedRAMP extensions must have a namespace (`ns`) flag set to `http://fedramp.gov/ns/oscal`.
 
 For example, if the core OSCAL syntax has a `status` field, but both
 FedRAMP and the payment card industry (PCI) require their own
@@ -83,12 +83,12 @@ flag using the syntax above.**
 
 #### FedRAMP Status Representation                                           
 {{< highlight xml "linenos=table" >}}
-  <prop name="status" ns="https://fedramp.gov/ns/oscal" value="FedRAMP Status" /> 
+  <prop name="status" ns="http://fedramp.gov/ns/oscal" value="FedRAMP Status" /> 
 {{< /highlight >}}
 
 #### XPath Query
 {{< highlight xml "linenos=table" >}}
-  //prop[@name="status"][@ns="https://fedramp.gov/ns/oscal"]
+  //prop[@name="status"][@ns="http://fedramp.gov/ns/oscal"]
 {{< /highlight >}}
 
 #### (Possible) PCI Status Representation
@@ -109,7 +109,7 @@ and `ns` flags as a pair.
 
 All FedRAMP extensions will appear as:
 {{< highlight xml "linenos=table" >}}
-  <prop name="____" ns="https://fedramp.gov/ns/oscal" value="Value"/>
+  <prop name="____" ns="http://fedramp.gov/ns/oscal" value="Value"/>
 {{< /highlight >}}
 
 **NOTE:** The catalog and profile OSCAL models also allow the `part`

@@ -302,15 +302,15 @@ FedRAMP's revision history requirements.
             <published>2022-06-01T00:00:00.000Z</published>
             <version>1.0</version>
             <oscal-version>1.1.2</oscal-version>
-            <prop name="party-uuid" ns="https://fedramp.gov/ns/oscal"
+            <prop name="party-uuid" ns="http://fedramp.gov/ns/oscal"
                 value="f84d8edc-d83e-440d-96c9-09b28c395ad5"/>
             <remarks><p>Initial publication.</p></remarks>
         </revision>
         <revision>
             <published>2022-06-01T00:00:00.000Z</published>
             <version>2.0</version>
             <oscal-version>1.1.2</oscal-version>
-            <prop name="party-uuid" ns="https://fedramp.gov/ns/oscal"
+            <prop name="party-uuid" ns="http://fedramp.gov/ns/oscal"
                 value="2e0db7cf-08f5-472e-9360-fb3a9698476d"/>
             <remarks><p>Updated for annual assessment.</p></remarks>
         </revision>
@@ -322,7 +322,7 @@ FedRAMP's revision history requirements.
 
 {{<callout>}}
 **FedRAMP Extension (Author)** \
-prop (`ns="https://fedramp.gov/ns/oscal"`):
+prop (`ns="http://fedramp.gov/ns/oscal"`):
 - `name="party-uuid"`
 
 {{</callout>}}
@@ -333,7 +333,7 @@ prop (`ns="https://fedramp.gov/ns/oscal"`):
 - Revision Date for Individual Entry: `/*/metadata/revision-history/revision[1]/published`
 - Description for Individual Entry: `/*/metadata/revision-history/revision[1]/remarks/string()`
 - Version for Individual Entry: `/*/metadata/revision-history/revision[1]/version`
-- Author for Individual Entry: `/*/metadata/party[@uuid=/*/metadata/revision-history/revision[1]/prop [@name='party-uuid'][@ns='https://fedramp.gov/ns/oscal']]/org/short-name`
+- Author for Individual Entry: `/*/metadata/party[@uuid=/*/metadata/revision-history/revision[1]/prop [@name='party-uuid'][@ns='http://fedramp.gov/ns/oscal']]/org/short-name`
 
 {{<callout>}}
 Replace XPath predicate "[1]" with "[2]", "[3]", etc.
@@ -455,12 +455,12 @@ assessor's organization.
     </party>
     <party uuid="uuid-of-person-1" type="person">
         <name>[SAMPLE]Person Name 1</name>
-        <prop name="title" ns="https://fedramp.gov/ns/oscal">Individual's Title</prop>
+        <prop name="title" ns="http://fedramp.gov/ns/oscal">Individual's Title</prop>
         <member-of-organization>uuid-of-csp</member-of-organization>         
     </party>
     <party uuid="uuid-of-person-2" type="person">
         <name>[SAMPLE]Person Name 2</name>
-        <prop name="title" ns="https://fedramp.gov/ns/oscal">Individual's Title</prop>
+        <prop name="title" ns="http://fedramp.gov/ns/oscal">Individual's Title</prop>
         <member-of-organization>uuid-of-csp</member-of-organization>         
     </party>
     <responsible-party role-id="cloud-service-provider">
@@ -480,14 +480,14 @@ Required Role IDs:
 - `cloud-service-provider`
 
 **FedRAMP Extension (Person's Title)** \
-prop (`ns="https://fedramp.gov/ns/oscal"`):
+prop (`ns="http://fedramp.gov/ns/oscal"`):
 - `name="title"`
 {{</callout>}}
 
 ##### XPath Queries
 
 - Approver’s Name: `(/*/metadata/party[@uuid=[/*/metadata/responsible-party[@role-id='content-approver']/party-uuid]]/party-name)[1]`
-- Approver’s Title: `(/*/metadata/party[@uuid=[/*/metadata/responsible-party[@role-id='content-approver'] /party-uuid]]/prop[@name='title'][@ns='https://fedramp.gov/ns/oscal'])[1]`
+- Approver’s Title: `(/*/metadata/party[@uuid=[/*/metadata/responsible-party[@role-id='content-approver'] /party-uuid]]/prop[@name='title'][@ns='http://fedramp.gov/ns/oscal'])[1]`
 
    NOTE: For each additional approver, replace the "[1]" with "[2]", "[3]", and so on.
 
@@ -527,13 +527,13 @@ property type, `fedramp-acronyms`.
 
     <resource uuid="985475ee-d4d6-4581-8fdf-d84d3d8caa48">
         <title>FedRAMP Applicable Laws and Regulations</title>
-        <prop ns="https://fedramp.gov/ns/oscal" name="type" value="fedramp-citations"/>
+        <prop ns="http://fedramp.gov/ns/oscal" name="type" value="fedramp-citations"/>
         <rlink href="https://-cut-/SSP-A12-FedRAMP-Laws-and-Regulations-Template.xlsx"/>
     </resource>
 
     <resource uuid="1a23a771-d481-4594-9a1a-71d584fa4123">
         <title>FedRAMP Master Acronym and Glossary</title>
-        <prop ns="https://fedramp.gov/ns/oscal" name="type" value="fedramp-acronyms"/>
+        <prop ns="http://fedramp.gov/ns/oscal" name="type" value="fedramp-acronyms"/>
         <rlink href="https://-cut-/FedRAMP_Master_Acronym_and_Glossary.pdf" />
     </resource>
 

@@ -13,6 +13,6 @@ valid.
 |**Well-Formed**|The XML or JSON file follows the rules defined for that format. <br /> Any tool that processes the format will recognize it as "well-formed," which means the tool can proceed with processing the XML or JSON. <br /> XML: [https://www.w3.org/TR/REC-xml/](https://www.w3.org/TR/REC-xml/) <br /> JSON: [https://json.org/](https://json.org/)|
 |**OSCAL Syntax**|The XML or JSON file only uses names and values defined by OSCAL.  OSCAL publishes schemas to verify syntax compliance based on the following standards: <br /> XML Syntax Validation: [XML Schema Definition Language (XSD) 1.1](https://www.w3.org/TR/xmlschema11-1/) <br /> JSON Syntax Validation: [JSON Schema, draft 07](https://json-schema.org/)|
 |**OSCAL Content**| For certain OSCAL fields, the OSCAL syntax validation tools also enforce content - allowing only a pre-defined set of values to be used in certain fields. <br /><br /> For example, Within the SSP model, impact levels within the information type assemblies only allow the following values: `fips-199-low`, `fips-199-moderate`, and `fips-199-high`. Any other value will cause an error when validating the file.|
-|**FedRAMP Syntax Extensions**    | OSCAL is designed to represent the commonality of most cybersecurity frameworks and provided the ability to extend the language for framework-specific needs. FedRAMP makes use of these extensions. <br /><br />OSCAL provides `prop` fields throughout most of its assemblies, always with a `name`, `class`, and `ns` (namespace) flag: <br /> `<prop name="" class="" ns="">Data</prop>` <br /><br /> In the core OSCAL syntax, the `ns` flag is never used. Where FedRAMP extends OSCAL, the value for `ns` is always: `https://fedramp.gov/ns/oscal` (case sensitive). <br /><br /> When `ns='https://fedramp.gov/ns/oscal'` the `name` flag is as defined by FedRAMP. If the `class` flag is present, that is also defined by FedRAMP.|
+|**FedRAMP Syntax Extensions**    | OSCAL is designed to represent the commonality of most cybersecurity frameworks and provided the ability to extend the language for framework-specific needs. FedRAMP makes use of these extensions. <br /><br />OSCAL provides `prop` fields throughout most of its assemblies, always with a `name`, `class`, and `ns` (namespace) flag: <br /> `<prop name="" class="" ns="">Data</prop>` <br /><br /> In the core OSCAL syntax, the `ns` flag is never used. Where FedRAMP extends OSCAL, the value for `ns` is always: `http://fedramp.gov/ns/oscal` (case sensitive). <br /><br /> When `ns='http://fedramp.gov/ns/oscal'` the `name` flag is as defined by FedRAMP. If the `class` flag is present, that is also defined by FedRAMP.|
 |**FedRAMP Content**| Today, FedRAMP content is enforced programmatically. FedRAMP intends to publish automated validation rules, which may be adopted by tool developers to verify OSCAL-based FedRAMP content is acceptable before submission. <br /><br />Initial validation rules ensure a package has all required elements and will evolve to perform more detailed validation. Separate details will be published about this in the near future.|
 
@@ -92,7 +92,7 @@ If the value is a URI fragment, such as #96445439-6ce1-4e22-beae-aa72cfe173d0, t
 <back-matter> 
   <resource uuid="96445439-6ce1-4e22-beae-aa72cfe173d0"> 
     <title>[System Name] [FIPS-199 Level] SSP</title> 
-    <prop name="type" ns="https://fedramp.gov/ns/oscal" value="system-security-plan"/> 
+    <prop name="type" ns="http://fedramp.gov/ns/oscal" value="system-security-plan"/> 
     <!-- Specify the XML or JSON file location. Only one required. --> 
     <rlink media-type="application/xml" href="./CSP_System_SSP.xml" /> 
     <rlink media-type="application/json" href="./CSP_System_SSP.json" /> 
@@ -145,7 +145,7 @@ Finally, any SSP component referenced by POA&M data must be duplicated, whether
 
 ##### POA&M Representation                                      
 {{< highlight xml "linenos=table" >}}
-<system-id identifier-type="https://fedramp.gov">F00000000</system-id> 
+<system-id identifier-type="http://fedramp.gov/ns/oscal">F00000000</system-id> 
 <local-definitions> 
   <component uuid="uuid-value" type="software"> 
     <!-- cut --> 
@@ -187,7 +187,7 @@ FedRAMP will be implementing a separate set of automated POA&M validation rules
       <!-- cut --> 
     </revisions> 
     <!-- New rev 5 prop --> 
-    <prop ns="https://fedramp.gov/ns/oscal" name="resolution-resource" value="ace2963d-ecb4-4be5-bdd0-1f6fd7610f41" /> 
+    <prop ns="http://fedramp.gov/ns/oscal" name="resolution-resource" value="ace2963d-ecb4-4be5-bdd0-1f6fd7610f41" /> 
   </metadata> 
   <!-- cut --> 
   <back-matter>