Baseline Reviewer

The Control Reviewer is an enhanced OSCAL catalog viewer designed to present the selections and adjustments made to the SP 800-53 control catalog by a baseline (described as an OSCAL profile), either as selected, or as loaded by the user. (Currently it only shows control selection, not control alterations or parameter settings; those are next.)

It can also be used plain, as a simple browser for the SP 800-53 control catalog.

Note: this analysis does not examine the documents actually linked (imported) by your profile. Instead, it examines every import directive as if the SP800-653 Rev 5 catalog were its intended source. For reference and comparison, please see the SP 800-53 Rev 5 catalog (copy) in this repository.

Limitations / tbd:

• Does not validate profiles - GIGO applies
• Conformance with OSCAL profile spec is work-in-progress as the spec evolves
• The (entire) SP800-53 control catalog is assumed for any and all imports. In other words, this viewer is safe to use only with profiles that call only the SP 800-53 catalog (no other or subordinate catalogs), and only once. In fact this application does not offer a view of a profile (yours or any) but of this catalog, using a profile as a point of reference for filtering.
• Supports import-control/with-id only, not import-control/matches. (Let us know if you need this or any of these features.)
• Similarly does not yet support import-control/@with-child-controls so control enhancements must be included explicitly.