Syntax Modification: control/subcontrol #473
Description
User Story:
Most OSCAL users treat subcontrols as controls. Each is actually a functional requirement statement. The use of subcontrol clarifies a logical grouping of related controls. Treatment of control and subcontrol is nearly identical in documentation and automation; however, the use of different syntax requires constant adjustment/alignment of the correct reference (control vs. subcontrol).
We already allow groups within groups, and parts within parts. OSCAL would be simplified, if control enhancements were simply treated as controls within controls, thus replacing the subcontrol element with a nested control element.
This would also allow any depth of nested controls, similar to the way we allow any depth of nested parts.
Goals:
- Simplify OSCAL catalog syntax by allowing "control" within "control", and using this construct instead of "subcontrol".
- Update all models to remove/replace the subcontrol concept with a similar control concept.
- Update all documentation to remove the concept of a control. Discuss parent and child controls instead.
Dependencies:
None
Acceptance Criteria
- Metaschemas are adjusted to allow control within control.
- Metaschemas are adjusted to remove subcontrol.
- 800-53 catalog and associated baselines are adjusted to replace "subcontrol" with "control".
- A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
- The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.