This repository contains associated data for the published paper Layered Security Guidance for Data Asset Management in Additive Manufacturing by Fahad Milaat and Joshua Lubell. An earlier version is available for free from NIST. The associated data is the source of the OSCAL representations in Section 4 of the paper. If you have not already read the paper, please read it now before proceeding any further.

This data was initially created using an XML authoring tool and validated against the OSCAL catalog and profile XML schemas. Using a multi-step process, it was converted into JSON and, subsequently, the YAML syntax presented in the paper.

src contains:

• csf-oscal-no-refs.xml: an XML representation of Cybersecurity Framework subcategory ID.AM-3 (omitting informative references) in OSCAL catalog format.
• XML representations in OSCAL profile format. csf-oscal-profile-ot-id.am-3.xml supplements ID.AM-3 with guidance from the Guide to Operational Technology Security. csf-oscal-profile-additive-id.am-3.xml adds a additional layer of Additive Manufacturing security guidance to ID.AM-3.

resolved contains XML representations of csf-oscal-profile-ot-id.am-3.xml and csf-oscal-profile-additive-id.am-3.xml after applying OSCAL's profile resolution algorithm. The algorothm implementation used is here. Profile resolution transforms an OSCAL profile into a "resolved" OSCAL catalog.

json contains the contents of src and resolved converted into JSON via OSCAL's XML-to-JSON converters.

yaml contains the contents of json converted into YAML via a third-party JSON-to-YAML converter. Since JSON is a subset of YAML, conversion from JSON to YAML is easy. JSON-to-YAML converters are plentiful.

css contains a Cascading Style Sheet for rendering the XML content in an XML authoring tool that supports CSS.