From 2b848fa5ab2b2edf7fcdab24824ad2bcd00e7564 Mon Sep 17 00:00:00 2001 From: OSCAL GitHub Actions Bot Date: Tue, 11 Jul 2023 12:45:21 +0000 Subject: [PATCH] Publishing generated metaschema resources [ci skip] --- ..._assessment-plan_xml-to-json-converter.xsl | 3606 +- ...sessment-results_xml-to-json-converter.xsl | 6310 +-- .../oscal_catalog_xml-to-json-converter.xsl | 2786 +- .../oscal_complete_xml-to-json-converter.xsl | 30555 ++++++++------ .../oscal_component_xml-to-json-converter.xsl | 2363 +- .../oscal_mapping_xml-to-json-converter.xsl | 2526 ++ .../oscal_poam_xml-to-json-converter.xsl | 5231 ++- .../oscal_profile_xml-to-json-converter.xsl | 2782 +- .../oscal_ssp_xml-to-json-converter.xsl | 4005 +- json/schema/oscal_assessment-plan_schema.json | 5832 +-- .../oscal_assessment-results_schema.json | 6193 +-- json/schema/oscal_catalog_schema.json | 2237 +- json/schema/oscal_complete_schema.json | 10340 ++--- json/schema/oscal_component_schema.json | 3207 +- json/schema/oscal_mapping_schema.json | 946 + json/schema/oscal_poam_schema.json | 5952 +-- json/schema/oscal_profile_schema.json | 2578 +- json/schema/oscal_ssp_schema.json | 4253 +- ..._assessment-plan_json-to-xml-converter.xsl | 3448 +- ...sessment-results_json-to-xml-converter.xsl | 6344 +-- .../oscal_catalog_json-to-xml-converter.xsl | 2736 +- .../oscal_complete_json-to-xml-converter.xsl | 34171 +++++++++------- .../oscal_component_json-to-xml-converter.xsl | 2143 +- .../oscal_mapping_json-to-xml-converter.xsl | 2571 ++ .../oscal_poam_json-to-xml-converter.xsl | 5150 ++- .../oscal_profile_json-to-xml-converter.xsl | 2637 +- .../oscal_ssp_json-to-xml-converter.xsl | 3805 +- xml/schema/oscal_assessment-plan_schema.xsd | 2420 +- .../oscal_assessment-results_schema.xsd | 2656 +- xml/schema/oscal_catalog_schema.xsd | 1607 +- xml/schema/oscal_complete_schema.xsd | 4869 ++- xml/schema/oscal_component_schema.xsd | 1630 +- xml/schema/oscal_mapping_schema.xsd | 1812 + xml/schema/oscal_poam_schema.xsd | 2464 +- xml/schema/oscal_profile_schema.xsd | 1881 +- xml/schema/oscal_ssp_schema.xsd | 2150 +- 36 files changed, 103810 insertions(+), 82386 deletions(-) create mode 100644 json/convert/oscal_mapping_xml-to-json-converter.xsl create mode 100644 json/schema/oscal_mapping_schema.json create mode 100644 xml/convert/oscal_mapping_json-to-xml-converter.xsl create mode 100644 xml/schema/oscal_mapping_schema.xsd diff --git a/json/convert/oscal_assessment-plan_xml-to-json-converter.xsl b/json/convert/oscal_assessment-plan_xml-to-json-converter.xsl index 4ae3556eab..d6414877b8 100644 --- a/json/convert/oscal_assessment-plan_xml-to-json-converter.xsl +++ b/json/convert/oscal_assessment-plan_xml-to-json-converter.xsl @@ -1,11 +1,11 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + version="3.0" + exclude-result-prefixes="#all" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + select="$file ! document(.,$source-xml)"> { $err:description } @@ -60,7 +60,7 @@ + select="xml-to-json($new-json-xml, $write-options)"> { $err:description } @@ -76,12 +76,12 @@ - + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -115,7 +115,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -176,11 +176,18 @@ + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -188,67 +195,28 @@ + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - + + + + @@ -271,21 +239,14 @@ - + - + + - - - - - - - - - + @@ -300,65 +261,8 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + @@ -368,7 +272,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -379,7 +283,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -420,7 +324,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -449,7 +353,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -465,7 +369,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -474,7 +378,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -511,7 +415,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -550,7 +454,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -565,7 +469,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -595,7 +499,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -611,17 +515,17 @@ + group-by="true()"> + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose"> + as-type="markup-multiline" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE"> @@ -643,7 +547,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -659,17 +563,17 @@ + group-by="true()"> + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose"> + as-type="markup-multiline" + _metaschema-xml-id="/assembly/oscal-assessment-common/assessment-part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-assessment-common/assessment-part/prose/PROSE"> @@ -691,7 +595,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -730,11 +634,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="reviewed-controls" + gi="reviewed-controls"> reviewed-controls @@ -771,41 +675,41 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="include-all" + key="include-all" + gi="include-all"> include-all + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="select-objective-by-id" + gi="include-objective"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="select-objective-by-id" + gi="exclude-objective"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="related-controls" + gi="related-controls"> related-controls @@ -842,7 +746,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -880,7 +784,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -903,7 +807,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -926,11 +830,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="assessment-assets" + gi="assessment-assets"> assessment-assets @@ -951,7 +855,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1012,7 +916,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1050,7 +954,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1066,80 +970,80 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks + group-by="true()"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + gi="role-id" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="function-performed" + gi="function-performed" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1149,689 +1053,770 @@ + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + key="value" + gi="value"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + + + + + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + as-type="string" + name="resource-fragment" + key="resource-fragment" + gi="resource-fragment"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> - + - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="location-type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="type" + key="type" + gi="type"> - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="string" + name="type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + + + + + + as-type="dateTime-with-timezone" + name="date" + key="date" + gi="date"> + + + + + + + + + + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="system-component-type" + key="type" + gi="type"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="state" + key="state" + gi="state"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="nonNegativeInteger" + name="start" + key="start" + gi="start"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="nonNegativeInteger" + name="end" + key="end" + gi="end"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="transport" + key="transport" + gi="transport"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="objective-id" + key="objective-id" + gi="objective-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="type" + key="type" + gi="type"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="subject-uuid" + key="subject-uuid" + gi="subject-uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="subject-type" + key="type" + gi="type"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="date" + key="date" + gi="date"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="positiveInteger" + name="period" + key="period" + gi="period"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="unit" + key="unit" + gi="unit"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="task-uuid" + key="task-uuid" + gi="task-uuid"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="activity-uuid" + key="activity-uuid" + gi="activity-uuid"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + priority="3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="filename" + key="filename" + gi="filename"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1841,15 +1826,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1859,15 +1844,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1877,15 +1862,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1895,15 +1880,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1913,8 +1898,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1940,14 +1925,14 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -1955,15 +1940,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1973,15 +1958,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1991,15 +1976,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -2009,15 +1994,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -2027,15 +2012,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -2045,15 +2030,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2063,13 +2048,13 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -2077,15 +2062,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2094,16 +2079,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2113,15 +2124,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -2131,37 +2142,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2170,16 +2181,62 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2189,8 +2246,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2211,29 +2268,29 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -2243,15 +2300,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -2261,15 +2318,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -2279,15 +2336,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -2297,27 +2354,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -2325,29 +2382,30 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2356,16 +2414,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -2375,15 +2501,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -2393,13 +2519,13 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="external-id" + gi="external-id"> @@ -2407,15 +2533,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2425,27 +2551,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -2453,8 +2579,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2472,29 +2598,29 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -2504,15 +2630,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -2522,15 +2648,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -2540,15 +2666,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -2558,29 +2684,65 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + text + + + + + + + + + + + text + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2590,12 +2752,12 @@ + priority="3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="local-definitions" + gi="local-definitions"> local-definitions @@ -2638,15 +2800,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2656,37 +2818,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -2696,15 +2858,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2714,8 +2876,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2726,15 +2888,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2744,15 +2906,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2762,37 +2924,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2802,15 +2964,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2820,8 +2982,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2850,15 +3012,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2868,15 +3030,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2886,15 +3048,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2904,15 +3066,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -2922,37 +3084,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2962,15 +3124,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2980,59 +3142,59 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3042,15 +3204,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3060,15 +3222,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3078,15 +3240,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3096,37 +3258,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3136,8 +3298,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3169,15 +3331,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3187,37 +3349,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3227,37 +3389,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3267,8 +3429,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3305,37 +3467,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3345,8 +3507,8 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3360,22 +3522,22 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3389,22 +3551,22 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3441,37 +3603,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3481,15 +3643,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3499,37 +3661,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3539,8 +3701,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3577,37 +3739,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3617,8 +3779,8 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3632,22 +3794,22 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3661,22 +3823,22 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3713,37 +3875,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3753,15 +3915,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3771,12 +3933,12 @@ + priority="3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="terms-and-conditions" + gi="terms-and-conditions"> terms-and-conditions @@ -3790,15 +3952,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3808,15 +3970,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3826,37 +3988,37 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3866,8 +4028,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3904,37 +4066,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3944,8 +4106,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3959,22 +4121,22 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3988,22 +4150,22 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4040,37 +4202,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4080,37 +4242,37 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4120,15 +4282,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4138,15 +4300,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4156,15 +4318,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4174,37 +4336,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -4214,15 +4376,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4232,8 +4394,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4244,15 +4406,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4262,15 +4424,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4280,8 +4442,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4311,15 +4473,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4329,15 +4491,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4347,8 +4509,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4377,15 +4539,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4395,15 +4557,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4413,15 +4575,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4431,37 +4593,37 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4471,8 +4633,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4484,8 +4646,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4495,13 +4657,13 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="within-date-range" + key="within-date-range" + gi="within-date-range"> within-date-range @@ -4510,13 +4672,13 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="at-frequency" + key="at-frequency" + gi="at-frequency"> at-frequency @@ -4525,8 +4687,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4534,8 +4696,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4571,15 +4733,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4589,15 +4751,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4607,37 +4769,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4647,15 +4809,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4665,15 +4827,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4683,37 +4845,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4723,15 +4885,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4741,15 +4903,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4759,15 +4921,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4777,8 +4939,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4811,15 +4973,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4829,35 +4991,35 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -4865,8 +5027,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4890,15 +5052,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4908,15 +5070,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4926,8 +5088,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4942,14 +5104,14 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -4961,10 +5123,10 @@ + mode="cast-prose" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -4972,43 +5134,43 @@ + name="ns" + select="/*/@namespace"/> + match="group" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="group[@in-json='BY_KEY']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../@json-key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="group[@in-json='SINGLETON_OR_ARRAY'][count(*)=1]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="group/assembly | group/field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5026,10 +5188,10 @@ + priority="3" + match="group/field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5038,33 +5200,33 @@ + match="/assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../value/@key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="flag" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> + priority="2" + match="field[exists(@json-key-flag)]/value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5099,12 +5261,12 @@ + match="value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> @@ -5117,46 +5279,46 @@ + match="*" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-line']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-multiline']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + name="conditional-lf" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()[empty(ancestor::pre)]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5165,18 +5327,18 @@ + mode="md" + match="p" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="h1 | h2 | h3 | h4 | h5 | h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5184,40 +5346,40 @@ # + mode="mark" + match="h1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"># ## + mode="mark" + match="h2" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">## ### + mode="mark" + match="h3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">### #### + mode="mark" + match="h4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">#### ##### + mode="mark" + match="h5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">##### ###### + mode="mark" + match="h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">###### + mode="md" + match="table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="tr" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5231,19 +5393,19 @@ + mode="md" + match="th | td" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> | | + mode="md" + priority="1" + match="pre" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ``` @@ -5252,24 +5414,24 @@ ``` + mode="md" + priority="1" + match="ul | ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="ul//ul | ol//ol | ol//ul | ul//ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5279,9 +5441,9 @@ + mode="md" + match="ol/li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5291,49 +5453,49 @@ + mode="md" + match="code | span[contains(@class, 'code')]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ` ` + mode="md" + match="em | i" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> * * + mode="md" + match="strong | b" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ** ** + mode="md" + match="q" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> " " + mode="md" + match="insert" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> {{ insert: }} + mode="md" + match="a" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> [ ] @@ -5342,9 +5504,9 @@ ) + mode="md" + match="img" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ![ ] diff --git a/json/convert/oscal_assessment-results_xml-to-json-converter.xsl b/json/convert/oscal_assessment-results_xml-to-json-converter.xsl index 73b5a09c33..7f9bc3a1e8 100644 --- a/json/convert/oscal_assessment-results_xml-to-json-converter.xsl +++ b/json/convert/oscal_assessment-results_xml-to-json-converter.xsl @@ -1,11 +1,11 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + version="3.0" + exclude-result-prefixes="#all" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + select="$file ! document(.,$source-xml)"> { $err:description } @@ -60,7 +60,7 @@ + select="xml-to-json($new-json-xml, $write-options)"> { $err:description } @@ -76,16 +76,16 @@ - + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="assessment-results" + gi="assessment-results"> assessment-results @@ -107,7 +107,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -168,11 +168,18 @@ + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -180,67 +187,28 @@ + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - + + + + @@ -263,21 +231,14 @@ - + - + + - - - - - - - - - + @@ -292,65 +253,8 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + @@ -360,7 +264,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -371,7 +275,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -401,7 +305,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -417,17 +321,17 @@ + group-by="true()"> + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose"> + as-type="markup-multiline" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE"> @@ -449,7 +353,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -465,17 +369,17 @@ + group-by="true()"> + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose"> + as-type="markup-multiline" + _metaschema-xml-id="/assembly/oscal-assessment-common/assessment-part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-assessment-common/assessment-part/prose/PROSE"> @@ -497,7 +401,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -536,11 +440,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="reviewed-controls" + gi="reviewed-controls"> reviewed-controls @@ -577,37 +481,37 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="include-all" + key="include-all" + gi="include-all"> include-all + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="select-objective-by-id" + gi="include-objective"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="select-objective-by-id" + gi="exclude-objective"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -636,11 +540,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="related-controls" + gi="related-controls"> related-controls @@ -677,7 +581,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -734,7 +638,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -775,7 +679,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -791,7 +695,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -800,7 +704,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -837,7 +741,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -876,7 +780,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -891,11 +795,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="assessment-assets" + gi="assessment-assets"> assessment-assets @@ -916,7 +820,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -977,7 +881,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1040,7 +944,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1078,7 +982,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1101,7 +1005,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1124,7 +1028,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1132,7 +1036,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1169,7 +1073,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1230,7 +1134,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1253,7 +1157,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1276,7 +1180,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1345,7 +1249,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1373,7 +1277,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1420,7 +1324,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1450,11 +1354,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="implementation-status" + gi="implementation-status"> implementation-status @@ -1463,7 +1367,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1479,87 +1383,87 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks + group-by="true()"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + gi="role-id" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="function-performed" + gi="function-performed" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="risk-status" + key="status" + gi="status" + in-json="SCALAR"> status @@ -1569,7 +1473,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1580,14 +1484,14 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="risk-status" + key="status-change" + gi="status-change" + in-json="SCALAR"> status-change @@ -1597,7 +1501,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1607,1072 +1511,1153 @@ + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + key="value" + gi="value"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + + + + + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + as-type="string" + name="resource-fragment" + key="resource-fragment" + gi="resource-fragment"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> - + - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="location-type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="type" + key="type" + gi="type"> - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="string" + name="type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="dateTime-with-timezone" + name="date" + key="date" + gi="date"> - - + + - + + as-type="uri" + name="system" + key="system" + gi="system"> - - + + - + + + + + + + + + + + + as-type="token" + name="name" + key="name" + gi="name"> + + + + + + + + + + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="objective-id" + key="objective-id" + gi="objective-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="system-component-type" + key="type" + gi="type"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="state" + key="state" + gi="state"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="nonNegativeInteger" + name="start" + key="start" + gi="start"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="nonNegativeInteger" + name="end" + key="end" + gi="end"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="transport" + key="transport" + gi="transport"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="type" + key="type" + gi="type"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="date" + key="date" + gi="date"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="positiveInteger" + name="period" + key="period" + gi="period"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="unit" + key="unit" + gi="unit"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="task-uuid" + key="task-uuid" + gi="task-uuid"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="activity-uuid" + key="activity-uuid" + gi="activity-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="type" + key="type" + gi="type"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="subject-uuid" + key="subject-uuid" + gi="subject-uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="subject-type" + key="type" + gi="type"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="party-uuid" + key="party-uuid" + gi="party-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="task-uuid" + key="task-uuid" + gi="task-uuid"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="subject-placeholder-uuid" + key="subject-placeholder-uuid" + gi="subject-placeholder-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="type" + key="type" + gi="type"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="actor-uuid" + key="actor-uuid" + gi="actor-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="subject-uuid" + key="subject-uuid" + gi="subject-uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="subject-type" + key="type" + gi="type"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="system" + key="system" + gi="system"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="system" + key="system" + gi="system"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + key="value" + gi="value"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="implementation-uuid" + key="implementation-uuid" + gi="implementation-uuid"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="lifecycle" + key="lifecycle" + gi="lifecycle"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="response-uuid" + key="response-uuid" + gi="response-uuid"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="observation-uuid" + key="observation-uuid" + gi="observation-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="type" + key="type" + gi="type"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="target-id" + key="target-id" + gi="target-id"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="state" + key="state" + gi="state"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="reason" + key="reason" + gi="reason"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="state" + key="state" + gi="state"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="observation-uuid" + key="observation-uuid" + gi="observation-uuid"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="risk-uuid" + key="risk-uuid" + gi="risk-uuid"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + priority="3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="filename" + key="filename" + gi="filename"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2682,15 +2667,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -2700,15 +2685,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -2718,15 +2703,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -2736,15 +2721,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -2754,8 +2739,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2781,14 +2766,14 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -2796,15 +2781,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2814,15 +2799,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -2832,15 +2817,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -2850,15 +2835,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -2868,15 +2853,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -2886,15 +2871,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2904,13 +2889,13 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -2918,15 +2903,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2935,16 +2920,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2954,15 +2965,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -2972,37 +2983,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3011,16 +3022,62 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3030,8 +3087,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3052,29 +3109,29 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -3084,15 +3141,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -3102,15 +3159,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -3120,15 +3177,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -3138,27 +3195,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -3166,29 +3223,30 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3197,16 +3255,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -3216,15 +3342,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -3234,13 +3360,13 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="external-id" + gi="external-id"> @@ -3248,15 +3374,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3266,27 +3392,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -3294,8 +3420,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3313,29 +3439,29 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -3345,15 +3471,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -3363,15 +3489,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -3381,15 +3507,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -3399,29 +3525,65 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + text + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + + + + + + + text @@ -3431,12 +3593,12 @@ + priority="3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="local-definitions" + gi="local-definitions"> local-definitions @@ -3458,37 +3620,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3498,15 +3660,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3516,15 +3678,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3534,15 +3696,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3552,37 +3714,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3592,8 +3754,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3625,15 +3787,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3643,37 +3805,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3683,37 +3845,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3723,8 +3885,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3761,37 +3923,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3801,8 +3963,8 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3816,22 +3978,22 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3845,22 +4007,22 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3897,37 +4059,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3937,15 +4099,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3955,37 +4117,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3995,8 +4157,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4033,37 +4195,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4073,8 +4235,8 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4088,22 +4250,22 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4117,22 +4279,22 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4169,37 +4331,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4209,15 +4371,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4227,15 +4389,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4245,37 +4407,37 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> start @@ -4285,15 +4447,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end" + in-json="SCALAR"> end @@ -4303,15 +4465,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4321,12 +4483,12 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="local-definitions" + gi="local-definitions"> local-definitions @@ -4362,15 +4524,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4380,37 +4542,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -4420,15 +4582,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4438,8 +4600,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4450,15 +4612,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4468,15 +4630,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4486,37 +4648,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4526,15 +4688,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4544,8 +4706,8 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4574,15 +4736,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4592,15 +4754,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4610,15 +4772,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4628,15 +4790,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -4646,37 +4808,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4686,15 +4848,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4704,37 +4866,37 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4744,37 +4906,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -4784,15 +4946,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4802,8 +4964,8 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4814,15 +4976,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4832,15 +4994,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4850,8 +5012,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4881,15 +5043,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4899,15 +5061,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4917,8 +5079,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4947,15 +5109,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4965,15 +5127,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4983,15 +5145,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5001,37 +5163,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5041,8 +5203,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5054,8 +5216,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5065,13 +5227,13 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="within-date-range" + key="within-date-range" + gi="within-date-range"> within-date-range @@ -5080,13 +5242,13 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="at-frequency" + key="at-frequency" + gi="at-frequency"> at-frequency @@ -5095,8 +5257,8 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5104,8 +5266,8 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5141,15 +5303,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5159,15 +5321,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5177,37 +5339,37 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5217,15 +5379,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5235,15 +5397,15 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5253,37 +5415,37 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5293,15 +5455,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5311,15 +5473,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5329,15 +5491,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5347,37 +5509,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5387,8 +5549,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5425,37 +5587,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5465,8 +5627,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5480,22 +5642,22 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5509,22 +5671,22 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5561,37 +5723,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5601,8 +5763,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5622,15 +5784,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5640,15 +5802,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5658,15 +5820,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5676,8 +5838,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5693,8 +5855,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5734,15 +5896,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5752,37 +5914,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> start @@ -5792,15 +5954,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end" + in-json="SCALAR"> end @@ -5810,15 +5972,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5828,15 +5990,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5846,15 +6008,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5864,37 +6026,37 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5904,15 +6066,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5922,15 +6084,15 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5940,12 +6102,12 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -5960,37 +6122,37 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6000,15 +6162,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6018,15 +6180,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6036,15 +6198,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -6054,37 +6216,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6094,43 +6256,43 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="method" + gi="method" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="type" + gi="type" + in-json="SCALAR"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6140,15 +6302,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6158,15 +6320,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6176,37 +6338,37 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6216,15 +6378,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6234,15 +6396,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6252,12 +6414,12 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -6272,37 +6434,37 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6312,15 +6474,15 @@ + priority="19" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6330,15 +6492,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6348,8 +6510,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -6373,15 +6535,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -6391,15 +6553,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6409,8 +6571,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -6433,37 +6595,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6473,15 +6635,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="collected" + key="collected" + gi="collected" + in-json="SCALAR"> collected @@ -6491,15 +6653,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="expires" + key="expires" + gi="expires" + in-json="SCALAR"> expires @@ -6509,15 +6671,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -6527,59 +6689,59 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="statement" + key="statement" + gi="statement" + in-json="SCALAR"> statement + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6589,15 +6751,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6607,15 +6769,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6625,15 +6787,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6643,37 +6805,37 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6683,15 +6845,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6701,15 +6863,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6719,12 +6881,12 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -6739,37 +6901,37 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6779,15 +6941,15 @@ + priority="19" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6797,15 +6959,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6815,15 +6977,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6833,15 +6995,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6851,15 +7013,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6869,15 +7031,15 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6887,37 +7049,37 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6927,15 +7089,15 @@ + priority="19" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6945,15 +7107,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6963,12 +7125,12 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -6983,37 +7145,37 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7023,15 +7185,15 @@ + priority="20" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7041,15 +7203,15 @@ + priority="19" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7059,8 +7221,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7084,15 +7246,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7102,8 +7264,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7133,37 +7295,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7173,8 +7335,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7198,15 +7360,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -7216,15 +7378,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7234,15 +7396,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="deadline" + key="deadline" + gi="deadline" + in-json="SCALAR"> deadline @@ -7252,8 +7414,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7299,15 +7461,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -7317,37 +7479,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7357,15 +7519,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7375,15 +7537,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7393,15 +7555,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7411,37 +7573,37 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7451,15 +7613,15 @@ + priority="20" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7469,15 +7631,15 @@ + priority="19" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7487,12 +7649,12 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -7507,37 +7669,37 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7547,15 +7709,15 @@ + priority="21" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7565,15 +7727,15 @@ + priority="20" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7583,8 +7745,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7615,8 +7777,8 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7640,15 +7802,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -7658,15 +7820,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7676,15 +7838,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -7694,37 +7856,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7734,15 +7896,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -7752,37 +7914,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7792,8 +7954,8 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7805,8 +7967,8 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7816,13 +7978,13 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="within-date-range" + key="within-date-range" + gi="within-date-range"> within-date-range @@ -7831,13 +7993,13 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="at-frequency" + key="at-frequency" + gi="at-frequency"> at-frequency @@ -7846,8 +8008,8 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7855,8 +8017,8 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7892,15 +8054,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7910,15 +8072,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7928,37 +8090,37 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7968,15 +8130,15 @@ + priority="20" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7986,15 +8148,15 @@ + priority="19" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8004,37 +8166,37 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8044,15 +8206,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8062,15 +8224,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8080,15 +8242,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8098,8 +8260,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -8115,8 +8277,8 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -8157,15 +8319,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -8175,37 +8337,37 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> start @@ -8215,15 +8377,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end" + in-json="SCALAR"> end @@ -8233,15 +8395,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8251,8 +8413,8 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -8281,15 +8443,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8299,15 +8461,15 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8317,15 +8479,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8335,37 +8497,37 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8375,15 +8537,15 @@ + priority="21" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8393,15 +8555,15 @@ + priority="20" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8411,12 +8573,12 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -8431,37 +8593,37 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="19" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8471,15 +8633,15 @@ + priority="22" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8489,15 +8651,15 @@ + priority="21" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8507,23 +8669,23 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -8533,37 +8695,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8573,15 +8735,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8591,15 +8753,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8609,15 +8771,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8627,37 +8789,37 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8667,15 +8829,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8685,15 +8847,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8703,12 +8865,12 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -8723,37 +8885,37 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8763,15 +8925,15 @@ + priority="19" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8781,15 +8943,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8799,15 +8961,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -8817,37 +8979,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8857,8 +9019,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -8870,15 +9032,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="implementation-statement-uuid" + key="implementation-statement-uuid" + gi="implementation-statement-uuid" + in-json="SCALAR"> implementation-statement-uuid @@ -8888,24 +9050,24 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -8938,15 +9100,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -8956,35 +9118,35 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -8992,8 +9154,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -9017,15 +9179,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9035,15 +9197,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9053,8 +9215,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -9069,14 +9231,14 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -9088,10 +9250,10 @@ + mode="cast-prose" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -9099,43 +9261,43 @@ + name="ns" + select="/*/@namespace"/> + match="group" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="group[@in-json='BY_KEY']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../@json-key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="group[@in-json='SINGLETON_OR_ARRAY'][count(*)=1]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="group/assembly | group/field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -9153,10 +9315,10 @@ + priority="3" + match="group/field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -9165,33 +9327,33 @@ + match="/assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../value/@key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="flag" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> + priority="2" + match="field[exists(@json-key-flag)]/value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -9226,12 +9388,12 @@ + match="value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> @@ -9244,46 +9406,46 @@ + match="*" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-line']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-multiline']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + name="conditional-lf" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()[empty(ancestor::pre)]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -9292,18 +9454,18 @@ + mode="md" + match="p" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="h1 | h2 | h3 | h4 | h5 | h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -9311,40 +9473,40 @@ # + mode="mark" + match="h1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"># ## + mode="mark" + match="h2" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">## ### + mode="mark" + match="h3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">### #### + mode="mark" + match="h4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">#### ##### + mode="mark" + match="h5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">##### ###### + mode="mark" + match="h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">###### + mode="md" + match="table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="tr" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -9358,19 +9520,19 @@ + mode="md" + match="th | td" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> | | + mode="md" + priority="1" + match="pre" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ``` @@ -9379,24 +9541,24 @@ ``` + mode="md" + priority="1" + match="ul | ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="ul//ul | ol//ol | ol//ul | ul//ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -9406,9 +9568,9 @@ + mode="md" + match="ol/li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -9418,49 +9580,49 @@ + mode="md" + match="code | span[contains(@class, 'code')]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ` ` + mode="md" + match="em | i" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> * * + mode="md" + match="strong | b" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ** ** + mode="md" + match="q" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> " " + mode="md" + match="insert" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> {{ insert: }} + mode="md" + match="a" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> [ ] @@ -9469,9 +9631,9 @@ ) + mode="md" + match="img" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ![ ] diff --git a/json/convert/oscal_catalog_xml-to-json-converter.xsl b/json/convert/oscal_catalog_xml-to-json-converter.xsl index e125fc2934..bfdc9adfe4 100644 --- a/json/convert/oscal_catalog_xml-to-json-converter.xsl +++ b/json/convert/oscal_catalog_xml-to-json-converter.xsl @@ -1,11 +1,11 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + version="3.0" + exclude-result-prefixes="#all" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + select="$file ! document(.,$source-xml)"> { $err:description } @@ -60,7 +60,7 @@ + select="xml-to-json($new-json-xml, $write-options)"> { $err:description } @@ -76,12 +76,12 @@ - + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -117,7 +117,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -178,11 +178,18 @@ + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -190,67 +197,28 @@ + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - + + + + @@ -273,21 +241,14 @@ - + - + + - - - - - - - - - + @@ -302,65 +263,8 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + @@ -370,7 +274,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -418,7 +322,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -432,21 +336,21 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + group-by="true()"> + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose"> + as-type="markup-multiline" + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE"> @@ -454,7 +358,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -471,7 +375,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -505,6 +409,7 @@ + @@ -515,7 +420,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -531,17 +436,17 @@ + group-by="true()"> + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose"> + as-type="markup-multiline" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE"> @@ -562,8 +467,118 @@ + + + + + target-resource + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -614,7 +629,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -630,67 +645,67 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks + group-by="true()"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="parameter-value" + gi="value" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -700,380 +715,534 @@ + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + key="value" + gi="value"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + as-type="token" + name="group" + key="group" + gi="group"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> - + - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="location-type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="type" + key="type" + gi="type"> - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="string" + name="type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + + + + + + + + + + + + + + + + + + + + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="depends-on" + key="depends-on" + deprecated="1.0.1" + gi="depends-on"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="how-many" + key="how-many" + gi="how-many"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + priority="3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="filename" + key="filename" + gi="filename"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1083,15 +1252,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1101,15 +1270,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1119,15 +1288,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1137,15 +1306,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1155,8 +1324,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1182,14 +1351,14 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -1197,15 +1366,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1215,15 +1384,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1233,15 +1402,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1251,15 +1420,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1269,15 +1438,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1287,15 +1456,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1305,13 +1474,13 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -1319,15 +1488,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1336,16 +1505,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1355,15 +1550,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1373,37 +1568,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1412,16 +1607,62 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1431,8 +1672,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1453,29 +1694,29 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -1485,15 +1726,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -1503,15 +1744,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -1521,15 +1762,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -1539,27 +1780,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -1567,29 +1808,30 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1598,16 +1840,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -1617,15 +1927,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1635,13 +1945,13 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="external-id" + gi="external-id"> @@ -1649,15 +1959,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1667,27 +1977,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -1695,8 +2005,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1714,29 +2024,29 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -1746,15 +2056,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -1764,15 +2074,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -1782,15 +2092,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -1800,29 +2110,65 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + text + + + + + + + + + + + text + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1832,15 +2178,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1850,15 +2196,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -1868,52 +2214,52 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1921,15 +2267,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -1939,29 +2285,29 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1971,15 +2317,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1989,15 +2335,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -2007,52 +2353,52 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2060,15 +2406,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -2078,29 +2424,29 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2110,15 +2456,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2128,15 +2474,124 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + text + + + + + + + + + + + mapping + + + + + + + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + relationship + + + + + + + + + + + + text + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2146,15 +2601,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2164,15 +2619,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2182,15 +2637,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -2200,52 +2655,52 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2253,15 +2708,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -2271,29 +2726,29 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2303,15 +2758,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2321,15 +2776,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2339,15 +2794,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2357,15 +2812,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2375,15 +2830,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -2393,52 +2848,52 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage + group-by="true()"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2446,15 +2901,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -2464,29 +2919,29 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2496,15 +2951,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2514,15 +2969,124 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + text + + + + + + + + + + + mapping + + + + + + + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + relationship + + + + + + + + + + + + text + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2532,8 +3096,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2566,15 +3130,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2584,35 +3148,35 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -2620,8 +3184,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2645,15 +3209,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2663,15 +3227,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2681,8 +3245,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2697,14 +3261,14 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -2716,10 +3280,10 @@ + mode="cast-prose" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -2727,43 +3291,43 @@ + name="ns" + select="/*/@namespace"/> + match="group" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="group[@in-json='BY_KEY']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../@json-key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="group[@in-json='SINGLETON_OR_ARRAY'][count(*)=1]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="group/assembly | group/field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -2781,10 +3345,10 @@ + priority="3" + match="group/field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -2793,33 +3357,33 @@ + match="/assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../value/@key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="flag" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> + priority="2" + match="field[exists(@json-key-flag)]/value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -2854,12 +3418,12 @@ + match="value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> @@ -2872,46 +3436,46 @@ + match="*" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-line']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-multiline']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + name="conditional-lf" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()[empty(ancestor::pre)]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -2920,18 +3484,18 @@ + mode="md" + match="p" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="h1 | h2 | h3 | h4 | h5 | h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -2939,40 +3503,40 @@ # + mode="mark" + match="h1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"># ## + mode="mark" + match="h2" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">## ### + mode="mark" + match="h3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">### #### + mode="mark" + match="h4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">#### ##### + mode="mark" + match="h5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">##### ###### + mode="mark" + match="h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">###### + mode="md" + match="table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="tr" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -2986,19 +3550,19 @@ + mode="md" + match="th | td" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> | | + mode="md" + priority="1" + match="pre" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ``` @@ -3007,24 +3571,24 @@ ``` + mode="md" + priority="1" + match="ul | ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="ul//ul | ol//ol | ol//ul | ul//ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3034,9 +3598,9 @@ + mode="md" + match="ol/li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3046,49 +3610,49 @@ + mode="md" + match="code | span[contains(@class, 'code')]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ` ` + mode="md" + match="em | i" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> * * + mode="md" + match="strong | b" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ** ** + mode="md" + match="q" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> " " + mode="md" + match="insert" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> {{ insert: }} + mode="md" + match="a" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> [ ] @@ -3097,9 +3661,9 @@ ) + mode="md" + match="img" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ![ ] diff --git a/json/convert/oscal_complete_xml-to-json-converter.xsl b/json/convert/oscal_complete_xml-to-json-converter.xsl index 887ddade54..3e21a5b344 100644 --- a/json/convert/oscal_complete_xml-to-json-converter.xsl +++ b/json/convert/oscal_complete_xml-to-json-converter.xsl @@ -1,11 +1,11 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + version="3.0" + exclude-result-prefixes="#all" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + select="$file ! document(.,$source-xml)"> { $err:description } @@ -60,7 +60,7 @@ + select="xml-to-json($new-json-xml, $write-options)"> { $err:description } @@ -76,12 +76,12 @@ - + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -117,7 +117,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -178,11 +178,18 @@ + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -190,67 +197,28 @@ + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - + + + + @@ -273,21 +241,14 @@ - + - + + - - - - - - - - - + @@ -302,65 +263,8 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + @@ -370,7 +274,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -418,7 +322,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -432,21 +336,21 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + group-by="true()"> + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose"> + as-type="markup-multiline" + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE"> @@ -454,7 +358,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -471,7 +375,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -505,6 +409,7 @@ + @@ -515,7 +420,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -531,17 +436,17 @@ + group-by="true()"> + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose"> + as-type="markup-multiline" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE"> @@ -563,7 +468,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -579,17 +484,17 @@ + group-by="true()"> + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose"> + as-type="markup-multiline" + _metaschema-xml-id="/assembly/oscal-assessment-common/assessment-part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-assessment-common/assessment-part/prose/PROSE"> @@ -610,20 +515,38 @@ - + - - - - - - + + + target-resource + + + + + + + + + + + + + + + + + + + @@ -638,31 +561,102 @@ - - + + + - - + + - - + + + + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + target + + + + + + + + + + + + + + + + + + + + + + + + + @@ -703,8 +697,8 @@ - - + + @@ -712,24 +706,146 @@ - + - - - back-matter - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + back-matter + + + + + + + + + + + + + + + mapping-collection + + + http://csrc.nist.gov/ns/oscal/1.0 + + + + + + + + + + + + + + + + + + mapping + + + + + + + + + + + + + + + + + + source-resource + + + + + + + + + + + + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -753,7 +869,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -775,19 +891,26 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="include-all" + key="include-all" + gi="include-all"> include-all + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -800,7 +923,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -822,7 +945,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -844,80 +967,12 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="component-definition" + gi="component-definition"> component-definition @@ -951,16 +1006,16 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="import-component-definition" + gi="import-component-definition"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1006,8 +1061,8 @@ - + @@ -1048,7 +1103,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1077,7 +1132,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1093,7 +1148,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1102,7 +1157,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1117,7 +1172,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1155,7 +1210,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1163,11 +1218,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="system-security-plan" + gi="system-security-plan"> system-security-plan @@ -1184,7 +1239,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1195,11 +1250,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="system-characteristics" + gi="system-characteristics"> system-characteristics @@ -1246,11 +1301,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="system-information" + gi="system-information"> system-information @@ -1277,30 +1332,15 @@ - - - - - security-impact-level - - - - - - - + - + - authorization-boundary + confidentiality-impact - @@ -1315,22 +1355,18 @@ - - - - - - - - + + + - + - - - + + + integrity-impact + @@ -1345,20 +1381,18 @@ - - + + + - + - + - network-architecture + availability-impact - @@ -1373,18 +1407,119 @@ - - - - - - - - + + + + + + + + + + security-impact-level + + + + + + + + + + + authorization-boundary + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + network-architecture + + + + + + + + + + + + + + + + + + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1416,11 +1551,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="system-implementation" + gi="system-implementation"> system-implementation @@ -1470,7 +1605,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1509,7 +1644,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1524,7 +1659,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1561,7 +1696,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1615,11 +1750,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="implementation-status" + gi="implementation-status"> implementation-status @@ -1628,7 +1763,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1662,7 +1797,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1673,7 +1808,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1703,7 +1838,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1742,11 +1877,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="reviewed-controls" + gi="reviewed-controls"> reviewed-controls @@ -1783,29 +1918,29 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="select-objective-by-id" + gi="include-objective"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="select-objective-by-id" + gi="exclude-objective"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="related-controls" + gi="related-controls"> related-controls @@ -1842,7 +1977,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1880,7 +2015,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1903,7 +2038,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1926,11 +2061,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="assessment-assets" + gi="assessment-assets"> assessment-assets @@ -1951,7 +2086,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2012,7 +2147,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2050,11 +2185,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="assessment-results" + gi="assessment-results"> assessment-results @@ -2076,7 +2211,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2087,7 +2222,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2144,7 +2279,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2205,7 +2340,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2213,7 +2348,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2250,7 +2385,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2311,7 +2446,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2334,7 +2469,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2357,7 +2492,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2426,7 +2561,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2454,7 +2589,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2500,42 +2635,12 @@ - - - - - target - - - - - - - - - - - - - - - - - - - - - - - - + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="plan-of-action-and-milestones" + gi="plan-of-action-and-milestones"> plan-of-action-and-milestones @@ -2561,6 +2666,13 @@ + + + + + + + @@ -2572,11 +2684,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="local-definitions" + gi="local-definitions"> local-definitions @@ -2594,11 +2706,12 @@ + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2625,6 +2738,13 @@ + + + + + + + @@ -2643,67 +2763,67 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks + group-by="true()"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="parameter-value" + gi="value" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2712,13 +2832,26 @@ + + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="system-id" + gi="system-id"> system-id @@ -2729,40 +2862,40 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + gi="role-id" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="function-performed" + gi="function-performed" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="risk-status" + key="status" + gi="status" + in-json="SCALAR"> status @@ -2772,7 +2905,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2783,14 +2916,14 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="risk-status" + key="status-change" + gi="status-change" + in-json="SCALAR"> status-change @@ -2800,1804 +2933,1998 @@ + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + key="value" + gi="value"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + as-type="token" + name="group" + key="group" + gi="group"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> - + + as-type="string" + name="resource-fragment" + key="resource-fragment" + gi="resource-fragment"> - + + + + + + - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="token" + name="location-type" + key="type" + gi="type"> - + + as-type="string" + name="type" + key="type" + gi="type"> - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="string" + name="type" + key="type" + gi="type"> - + + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + + + + + + + + + + + + + + + + + + + + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="depends-on" + key="depends-on" + deprecated="1.0.1" + gi="depends-on"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="how-many" + key="how-many" + gi="how-many"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="string" + name="id-ref" + key="id-ref" + gi="id-ref"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="uri-reference" + name="href" + key="href" + gi="href"> - + + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + priority="3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> - + + as-type="token" + name="filename" + key="filename" + gi="filename"> - + + + + + + + + + + + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="with-child-controls" + key="with-child-controls" + gi="with-child-controls"> - + + as-type="string" + name="pattern" + key="pattern" + gi="pattern"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="method" + key="method" + gi="method"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="order" + key="order" + gi="order"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="param-id" + key="param-id" + gi="param-id"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="depends-on" + key="depends-on" + deprecated="1.0.1" + gi="depends-on"> - + + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> - + + as-type="token" + name="by-name" + key="by-name" + gi="by-name"> - + + as-type="token" + name="by-class" + key="by-class" + gi="by-class"> - + + as-type="token" + name="by-id" + key="by-id" + gi="by-id"> - + + as-type="token" + name="by-item-name" + key="by-item-name" + gi="by-item-name"> - + + as-type="token" + name="by-ns" + key="by-ns" + gi="by-ns"> - + + as-type="token" + name="position" + key="position" + default="ending" + gi="position"> - + + as-type="token" + name="by-id" + key="by-id" + gi="by-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="defined-component-type" + key="type" + gi="type"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="nonNegativeInteger" + name="start" + key="start" + gi="start"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="nonNegativeInteger" + name="end" + key="end" + gi="end"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="transport" + key="transport" + gi="transport"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="source" + key="source" + gi="source"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="param-id" + key="param-id" + gi="param-id"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + key="statement-id" + gi="statement-id"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="identifier-type" + key="identifier-type" + gi="identifier-type"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="system" + key="system" + gi="system"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="system-component-type" + key="type" + gi="type"> - + + as-type="token" + name="state" + key="state" + gi="state"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + key="statement-id" + gi="statement-id"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="state" + key="state" + gi="state"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="provided-uuid" + key="provided-uuid" + gi="provided-uuid"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="provided-uuid" + key="provided-uuid" + gi="provided-uuid"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="responsibility-uuid" + key="responsibility-uuid" + gi="responsibility-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="objective-id" + key="objective-id" + gi="objective-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="type" + key="type" + gi="type"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="subject-uuid" + key="subject-uuid" + gi="subject-uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="subject-type" + key="type" + gi="type"> - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="date" + key="date" + gi="date"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="positiveInteger" + name="period" + key="period" + gi="period"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="unit" + key="unit" + gi="unit"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="task-uuid" + key="task-uuid" + gi="task-uuid"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="activity-uuid" + key="activity-uuid" + gi="activity-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="party-uuid" + key="party-uuid" + gi="party-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="task-uuid" + key="task-uuid" + gi="task-uuid"> - + + as-type="uuid" + name="subject-placeholder-uuid" + key="subject-placeholder-uuid" + gi="subject-placeholder-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="type" + key="type" + gi="type"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="actor-uuid" + key="actor-uuid" + gi="actor-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="subject-uuid" + key="subject-uuid" + gi="subject-uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="subject-type" + key="type" + gi="type"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="system" + key="system" + gi="system"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="system" + key="system" + gi="system"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + key="value" + gi="value"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="implementation-uuid" + key="implementation-uuid" + gi="implementation-uuid"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="lifecycle" + key="lifecycle" + gi="lifecycle"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="response-uuid" + key="response-uuid" + gi="response-uuid"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="observation-uuid" + key="observation-uuid" + gi="observation-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="type" + key="type" + gi="type"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="target-id" + key="target-id" + gi="target-id"> - + + as-type="token" + name="state" + key="state" + gi="state"> - + + as-type="token" + name="reason" + key="reason" + gi="reason"> - + + as-type="uuid" + name="observation-uuid" + key="observation-uuid" + gi="observation-uuid"> - + + as-type="uuid" + name="risk-uuid" + key="risk-uuid" + gi="risk-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + as-type="uuid" + name="finding-uuid" + key="finding-uuid" + gi="finding-uuid"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="observation-uuid" + key="observation-uuid" + gi="observation-uuid"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="risk-uuid" + key="risk-uuid" + gi="risk-uuid"> + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4607,15 +4934,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -4625,15 +4952,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -4643,15 +4970,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -4661,15 +4988,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -4679,8 +5006,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4706,14 +5033,14 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -4721,15 +5048,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4739,15 +5066,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -4757,15 +5084,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -4775,15 +5102,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -4793,15 +5120,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -4811,15 +5138,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4829,13 +5156,13 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -4843,15 +5170,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4860,16 +5187,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4879,15 +5232,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -4897,37 +5250,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4936,16 +5289,62 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4955,8 +5354,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4977,29 +5376,29 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -5009,15 +5408,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -5027,15 +5426,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -5045,15 +5444,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -5063,27 +5462,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -5091,29 +5490,30 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5122,16 +5522,84 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -5141,15 +5609,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -5159,13 +5627,13 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="external-id" + gi="external-id"> @@ -5173,15 +5641,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5191,27 +5659,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -5219,8 +5687,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5238,29 +5706,29 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -5270,15 +5738,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -5288,15 +5756,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -5306,15 +5774,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -5324,29 +5792,65 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + text + + + + + + + + + + + text + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5356,15 +5860,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5374,15 +5878,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -5392,52 +5896,52 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5445,15 +5949,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -5463,29 +5967,29 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5495,15 +5999,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5513,15 +6017,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -5531,52 +6035,52 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5584,15 +6088,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -5602,29 +6106,29 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5634,15 +6138,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5652,15 +6156,124 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + text + + + + + + + + + + + mapping + + + + + + + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + relationship + + + + + + + + + + + + text + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5670,15 +6283,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5688,15 +6301,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5706,15 +6319,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -5724,52 +6337,52 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5777,15 +6390,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -5795,29 +6408,29 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5827,15 +6440,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5845,15 +6458,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5863,15 +6476,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5881,15 +6494,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5899,15 +6512,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -5917,52 +6530,52 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage + group-by="true()"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5970,15 +6583,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -5988,29 +6601,29 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6020,15 +6633,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -6038,15 +6651,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6055,88 +6668,197 @@ - + - + + + mapping + - - - - - - - - - - - - - - - - - - - + + + - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - description + text - - + + + + + + + + + + relationship + + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + description + + + + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -6144,8 +6866,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -6169,15 +6891,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6187,15 +6909,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6205,8 +6927,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -6221,14 +6943,14 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -6239,16 +6961,16 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -6257,16 +6979,16 @@ - + + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -6275,16 +6997,16 @@ - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -6293,16 +7015,16 @@ - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -6311,16 +7033,16 @@ - + + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -6329,9 +7051,9 @@ - + @@ -6356,31 +7078,31 @@ - + + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -6389,16 +7111,16 @@ - + + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -6407,16 +7129,16 @@ - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -6425,16 +7147,16 @@ - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -6443,16 +7165,16 @@ - + + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -6461,16 +7183,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6479,30 +7201,30 @@ - + + as-type="string" + name="document-id" + gi="document-id"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6511,16 +7233,42 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -6529,16 +7277,16 @@ - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -6547,38 +7295,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6587,16 +7335,62 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -6605,9 +7399,9 @@ - + @@ -6627,30 +7421,30 @@ - + + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -6659,16 +7453,16 @@ - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -6677,16 +7471,16 @@ - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -6695,16 +7489,16 @@ - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -6713,58 +7507,59 @@ - + + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> - + + as-type="string" + name="telephone-number" + gi="telephone-number"> - + + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6773,34 +7568,102 @@ - - - - - name - - - - - - - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + name + + + + + + + + + short-name @@ -6809,30 +7672,30 @@ - + + as-type="string" + name="external-id" + gi="external-id"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6841,37 +7704,37 @@ - + + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> - + + as-type="string" + name="telephone-number" + gi="telephone-number"> - + @@ -6888,30 +7751,30 @@ - + + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -6920,16 +7783,16 @@ - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -6938,16 +7801,16 @@ - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -6956,16 +7819,16 @@ - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -6974,30 +7837,30 @@ - + + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7006,185 +7869,124 @@ - - - - - - - - - - - - - - - - - - - - - + - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - combine + text - - + + + + - + - + - flat + text - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - as-is + text - - + + - + - + - custom + text - - - - - - - - - - - - - - - + + + + - + + as-type="token" + name="relationship" + key="relationship" + gi="relationship"> - title + relationship - - + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7193,71 +7995,1360 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - label + text - + - - - usage - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + description + + + + + + + + + + + + + + + + + + + + + + citation + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + base64 + + + + + + + + + + + + + title + + + + + + + + + + + published + + + + + + + + + + + last-modified + + + + + + + + + + + version + + + + + + + + + + + oscal-version + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + revisions + + + + + + + + + title + + + + + + + + + + + published + + + + + + + + + + + last-modified + + + + + + + + + + + version + + + + + + + + + + + oscal-version + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + short-name + + + + + + + + + + + description + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + address + + + + + + + + + + + + + + + + + + + + + + + + + + + + city + + + + + + + + + + + state + + + + + + + + + + + postal-code + + + + + + + + + + + country + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + name + + + + + + + + + + + short-name + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + city + + + + + + + + + + + state + + + + + + + + + + + postal-code + + + + + + + + + + + country + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + combine + + + + + + + + + flat + + + + + + + + as-is + + + + + + + + + + + custom + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + text + + + + + + + + + + + label + + + + + + + + + + + usage + + + group-by="true()"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7265,15 +9356,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -7283,29 +9374,29 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7315,15 +9406,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -7333,15 +9424,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7351,8 +9442,8 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7372,31 +9463,9 @@ - - - - - - - - - - - - - - + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7416,31 +9485,9 @@ - - - - - - - - - - - - - - + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7460,31 +9507,9 @@ - - - - - - - - - - - - - - + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7504,31 +9529,9 @@ - - - - - - - - - - - - - - + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7575,15 +9578,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7593,15 +9596,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -7611,52 +9614,52 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7664,15 +9667,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -7681,30 +9684,102 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -7714,15 +9789,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7732,15 +9807,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -7750,52 +9825,52 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage + group-by="true()"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7803,15 +9878,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -7821,29 +9896,29 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7853,15 +9928,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -7871,15 +9946,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7889,8 +9964,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -7923,15 +9998,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -7941,35 +10016,35 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -7977,8 +10052,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -8002,15 +10077,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8020,15 +10095,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8038,8 +10113,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -8054,14 +10129,14 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -8073,15 +10148,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -8091,15 +10166,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -8109,15 +10184,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -8127,15 +10202,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -8145,15 +10220,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -8163,8 +10238,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -8190,14 +10265,14 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -8205,15 +10280,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -8223,15 +10298,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -8241,15 +10316,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -8259,15 +10334,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -8277,15 +10352,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -8295,15 +10370,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8313,13 +10388,13 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -8327,15 +10402,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8344,16 +10419,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -8363,15 +10464,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -8381,37 +10482,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8420,16 +10521,62 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -8439,8 +10586,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -8461,29 +10608,29 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -8493,15 +10640,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -8511,15 +10658,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -8529,15 +10676,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -8547,27 +10694,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -8575,29 +10722,30 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8606,16 +10754,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -8625,15 +10841,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -8643,13 +10859,13 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="external-id" + gi="external-id"> @@ -8657,15 +10873,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8675,27 +10891,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -8703,8 +10919,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -8722,29 +10938,29 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -8754,15 +10970,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -8772,15 +10988,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -8790,15 +11006,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -8808,29 +11024,65 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + text + + + + + + + + + + + text + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8840,15 +11092,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -8858,37 +11110,37 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -8898,15 +11150,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8916,15 +11168,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8934,15 +11186,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -8952,8 +11204,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -8990,37 +11242,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9030,22 +11282,22 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -9090,37 +11342,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9130,29 +11382,29 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9162,8 +11414,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -9194,37 +11446,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9234,15 +11486,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9252,37 +11504,37 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9292,30 +11544,30 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -9352,37 +11604,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9392,22 +11644,22 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -9452,37 +11704,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9492,29 +11744,29 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9524,8 +11776,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -9556,37 +11808,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9596,15 +11848,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9614,8 +11866,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -9648,15 +11900,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -9666,35 +11918,35 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -9702,8 +11954,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -9727,15 +11979,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9745,15 +11997,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9763,8 +12015,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -9779,14 +12031,14 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -9797,106 +12049,409 @@ - + + + + + title + + + + + + + + + + + published + + + + + + + + + + + last-modified + + + + + + + + + + + version + + + + + + + + + + + oscal-version + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + revisions + + + + + + + + + title + + + + + + + + + + + published + + + + + + + + + + + last-modified + + + + + + + + + + + version + + + + + + + + + + + oscal-version + + + + + + + + + + + text + + + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - published + title - - + + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - last-modified + short-name - + - + - + - version + description - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - oscal-version + text - - + + - + - + + - - - - + + + + + + + + + + + + + + + + + + + + + + @@ -9914,31 +12469,16 @@ - - - - - revisions - - - - - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -9947,120 +12487,167 @@ - + - + - published + address - + + + + + + + + + + + + + + + + + + - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> - last-modified + city - + - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> - version + state - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> - oscal-version + postal-code - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> - text + country - - + + - + - - + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + - + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -10069,34 +12656,102 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> - title + name - - + + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -10105,38 +12760,30 @@ - + - - - description - - - - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -10145,32 +12792,39 @@ - + - - title - - - + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + + - + - - - address - + + + + + + + + + + @@ -10185,30 +12839,30 @@ - + + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -10217,16 +12871,16 @@ - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -10235,16 +12889,16 @@ - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -10253,16 +12907,16 @@ - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -10271,58 +12925,142 @@ - + - + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + - + - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + system-name + + - + - + as-type="string" + name="system-name-short" + key="system-name-short" + gi="system-name-short" + in-json="SCALAR"> + + system-name-short + + - + + + + + description + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -10331,66 +13069,173 @@ - + + as-type="date" + name="date-authorized" + key="date-authorized" + gi="date-authorized" + in-json="SCALAR"> - name + date-authorized - + - + + as-type="string" + name="security-sensitivity-level" + key="security-sensitivity-level" + gi="security-sensitivity-level" + in-json="SCALAR"> - short-name + security-sensitivity-level - + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + description + + + + + + + + + + + + + + + + + + + + + + - - + as-type="string" + name="information-type-id" + gi="information-type-id" + in-json="SCALAR"> + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -10399,163 +13244,168 @@ - + - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + - + - - + as-type="string" + name="base" + key="base" + gi="base" + in-json="SCALAR"> + + base + + - - - - - - - - - - - - - - - - - - + + as-type="string" + name="selected" + key="selected" + gi="selected" + in-json="SCALAR"> + + selected + - + - + - city + adjustment-justification - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - state + text - - + + - + + as-type="string" + name="base" + key="base" + gi="base" + in-json="SCALAR"> - postal-code + base - + + as-type="string" + name="selected" + key="selected" + gi="selected" + in-json="SCALAR"> - country + selected - + - - - + + + adjustment-justification + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -10564,249 +13414,260 @@ - + + as-type="string" + name="base" + key="base" + gi="base" + in-json="SCALAR"> - system-name + base - + + as-type="string" + name="selected" + key="selected" + gi="selected" + in-json="SCALAR"> - system-name-short + selected - + + collapsible="no" + as-type="markup-multiline" + name="adjustment-justification" + key="adjustment-justification" + gi="adjustment-justification" + in-json="SCALAR"> - description + adjustment-justification + group-by="true()"> - + + as-type="string" + name="security-objective-confidentiality" + key="security-objective-confidentiality" + gi="security-objective-confidentiality" + in-json="SCALAR"> - text + security-objective-confidentiality - - + + - + + as-type="string" + name="security-objective-integrity" + key="security-objective-integrity" + gi="security-objective-integrity" + in-json="SCALAR"> - date-authorized + security-objective-integrity - + - + + as-type="string" + name="security-objective-availability" + key="security-objective-availability" + gi="security-objective-availability" + in-json="SCALAR"> - security-sensitivity-level + security-objective-availability - + - + - text + status - - - - + + + - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + description + + + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + - - - - - - - - - - + + + text + + + + + - + - - + as-type="markup-line" + name="caption" + key="caption" + gi="caption" + in-json="SCALAR"> + + caption + + + + + + + + + + + description + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -10815,45 +13676,38 @@ - + - + - confidentiality-impact + description - - - - - - - - - - - - - - - - - - + + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -10862,103 +13716,96 @@ - + + as-type="markup-line" + name="caption" + key="caption" + gi="caption" + in-json="SCALAR"> - base + caption - - + + - + + + + + description + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - selected + text - - + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> - adjustment-justification + description + group-by="true()"> - - - - - integrity-impact - - - - - - - - - - - - - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -10967,74 +13814,67 @@ - + + as-type="markup-line" + name="caption" + key="caption" + gi="caption" + in-json="SCALAR"> - base + caption - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - selected + text - - + + - + - + - adjustment-justification + text - - - - + + - + - - - availability-impact - + + + @@ -11049,225 +13889,151 @@ - - - + + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - base + text - - + + - + + as-type="uuid" + name="party-uuid" + key="party-uuid" + gi="party-uuid" + in-json="SCALAR"> - selected + party-uuid - + - - - - - adjustment-justification - - - - - - - - - + + as-type="date" + name="date-authorized" + key="date-authorized" + gi="date-authorized" + in-json="SCALAR"> - security-objective-confidentiality + date-authorized - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - security-objective-integrity + title - - + + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - security-objective-availability + short-name - - - - - status - - - - - - - - - - description - - - - - - - - - - - - - text - - - - - - - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -11276,194 +14042,202 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - caption + title - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> - text + purpose - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - caption + text - + - + - description + status - - - - + + + + + + + + + text + + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -11472,34 +14246,64 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - caption + text - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -11508,16 +14312,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -11526,60 +14330,131 @@ - + - - - - - + + + control-implementation + + + + - - + + - - - - + - + - title + description - - + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -11588,110 +14463,144 @@ - + - - party-uuid - - + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - date-authorized + text - - + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - short-name + text - - + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -11700,114 +14609,181 @@ - + - - title - - - + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + + - + + + + + export + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - purpose + text - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -11816,28 +14792,70 @@ - + - - - status - - + + + + + + + + + + + + + + + + + + + + + + + + + - + + + + + description + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -11846,56 +14864,87 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -11904,16 +14953,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -11922,12 +14971,14 @@ - + - - + + + + @@ -11942,8 +14993,8 @@ - - + + @@ -11952,34 +15003,38 @@ - + - + - text + description - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -11988,76 +15043,105 @@ - + - + - control-implementation + text - - - - - - - - - - - - - - - - + + + + - + + + + + text + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + + + + + + + - + - - - + + + export + + @@ -12072,29 +15156,15 @@ - - - - - - - - - - - - - - - - + + - - + + @@ -12103,48 +15173,38 @@ - + - + - text + description - - - - - - - - - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -12153,13 +15213,13 @@ - + - - + + @@ -12181,84 +15241,41 @@ - - - - - - - - - - - - text - - - - - - - - - - - text - - - - - - - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -12267,28 +15284,31 @@ - + - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + - + - - - export - + + + @@ -12304,15 +15324,8 @@ - - - - - - - - - + + @@ -12321,38 +15334,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -12361,12 +15374,31 @@ - + - + + + text + + + + + + + + + + @@ -12389,41 +15421,40 @@ - - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -12432,16 +15463,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -12450,13 +15481,13 @@ - + - + - + @@ -12482,38 +15513,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -12522,16 +15553,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -12540,13 +15571,31 @@ - + - + + + text + + + + + + + + + - + @@ -12555,88 +15604,88 @@ - - + + - - + + + + + - + + + + + title + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + - - text - - - + as-type="string" + name="document-id" + gi="document-id"> + + + - + - + - text + citation - - - - - - - - - - - + @@ -12651,48 +15700,36 @@ - - - - - - - - - + - + - description + text - - - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -12701,105 +15738,141 @@ - + + + + + + + + + + + + + + + + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> - text + base64 - - + + + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - description + published - - - - + + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - text + last-modified - - + + - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> + + version + - + - + - export + oscal-version - + + + + + + + + + + + + + @@ -12814,126 +15887,124 @@ - - - - - - - - - - - - - - - + - + - description + revisions - - - - - - + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - - - - - - - - - - - - - - - - - - - - - - - - - - + + + published + + + + + - + - + - description + last-modified - - - - + + - + + + + + version + + + + + + + + + + + oscal-version + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -12942,16 +16013,30 @@ - + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -12960,13 +16045,14 @@ - + - - - + + + + @@ -12982,155 +16068,77 @@ - - - - - - - - - - - - description - - - - - - - - - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - text + short-name - - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - - - - - text - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -13139,30 +16147,44 @@ - + - + - - - - + + + + - - + + - - + + + + + + + + + + + + + + + + @@ -13171,179 +16193,209 @@ - + - + - description + title - - - - + + - + - + - text + address - - + + + + + + + + + + + + + + + + + + + - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> - text + city - - + + - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> - text + state - - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> - title + postal-code - - + + - + - + - description + country - - - - + + + + + + + + + + + + + + + + + + + - + - - + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + - + - + - citation + text - + + + + + + + + + + + + + + + + + + + @@ -13358,311 +16410,269 @@ - - - - - - - text - - - - - - - - - - - text - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> - base64 + name - - - + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - title + short-name - - + + - + - - published - - + as-type="string" + name="external-id" + gi="external-id"> + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - last-modified + text - - + + - + - - version - - + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + - + - - oscal-version - - + as-type="string" + name="telephone-number" + gi="telephone-number"> + + - + - - - - - - - - - - - - - - - + + + + - + + + + - + - - - revisions - - - + + + + + - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> - title + city - - + + - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> - published + state - + - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> - last-modified + postal-code - + - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> - version + country - + - - oscal-version - - + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -13671,30 +16681,16 @@ - - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -13703,260 +16699,312 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + + + + local-definitions + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - short-name + title - - + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> - text + purpose - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - address + status - - - - - - - - - - - - + + - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - city + text - - + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - state + title - - + + - + - + - postal-code + description - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - country + text - - + + - + - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + - + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + - + - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -13965,34 +17013,34 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - name + title - - + + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -14001,30 +17049,38 @@ - + - - - - + + + description + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -14032,164 +17088,173 @@ - - - - - - - - - - + + - - - + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + + + - + - - - - - - - - - - - - - - + + + description + + + + + + + - + - - - + + + description + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - city + text - - + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - state + title - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - postal-code + text - - + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - country + title - - + + - + - - - + + + description + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -14198,46 +17263,31 @@ - + - - - local-definitions - - - - - - - - - - - - - - - - - + + + + + + - - + + - - + + + @@ -14246,16 +17296,16 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -14264,56 +17314,78 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - purpose + text - + + + + + description + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -14322,118 +17394,148 @@ - + - - - status - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - + - text + description - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - - - description - - - - - - - + + + + + + + + + + - + - - text - - - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + + - + + + + + + + + + + + + + + - - text - - - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + + - + - - + + @@ -14448,8 +17550,16 @@ - - + + + + + + + + + + @@ -14458,34 +17568,38 @@ - + - + - text + description - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -14494,74 +17608,56 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - - - - - short-name - - - - - - - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -14570,78 +17666,76 @@ - - - - - title - - - - - - - + - - - description - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -14650,92 +17744,152 @@ - + + + + + + + + + + + + + + - - title - - - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + + - + + + + + + + + + + + + + + - - text - - - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - title + description - - + + + + - + - + - description + text - - - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -14744,49 +17898,35 @@ - + - - - - - - - - - - - - - - - - - - - - - + + + terms-and-conditions + + + - - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -14795,38 +17935,16 @@ - - - - - description - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -14835,38 +17953,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -14875,9 +17993,9 @@ - + @@ -14913,38 +18031,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -14953,9 +18071,9 @@ - + @@ -14968,23 +18086,23 @@ - + + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> - + @@ -14997,23 +18115,23 @@ - + + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> - + @@ -15049,38 +18167,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -15089,16 +18207,38 @@ - + + + + + description + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -15107,38 +18247,110 @@ - + + + + + text + + + + + + + + + + + text + + + + + + + + + + + title + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + + + + purpose + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -15147,12 +18359,127 @@ - + + + + + status + + + + + + + + + + text + + + + + + + + + + + title + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + text + + + + + + + - - + + @@ -15167,16 +18494,8 @@ - - - - - - - - - - + + @@ -15185,38 +18504,92 @@ - + + + + + text + + + + + + + + + + + text + + + + + + + + + + + title + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -15225,70 +18598,75 @@ - + - - - - - - - - - + + + timing + + + + - + - - - - - + + + on-date + + + - + - - - - - - - - - + + + within-date-range + + + - + - - - - - + + + at-frequency + + + + - + - - + + + + + + + + + @@ -15303,16 +18681,15 @@ - - - + + - - + + @@ -15321,38 +18698,74 @@ - + + + + + text + + + + + + + + + + + text + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -15361,16 +18774,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -15379,53 +18792,74 @@ - + - + - terms-and-conditions + text - - - - - - - - + + + + - + + + + + description + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -15434,38 +18868,34 @@ - + - + - description + text - - - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -15474,11 +18904,13 @@ - + - + + + @@ -15487,108 +18919,97 @@ - - - - - - - - - - + + - - + + + + - + + + + + title + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + - - text - - - + as-type="string" + name="document-id" + gi="document-id"> + + + - + - - - - + + + citation + + + + - - - - - - - - - - - - - - - - + + @@ -15596,184 +19017,219 @@ - + - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + - + - - - - - - - - - - - - - - - - - - - - - - - - - - + + + text + + + + + + + + + + + + + - - + - + - description + base64 - - - - + + + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - description + published - - - - + + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - text + last-modified - - + + - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> - text + version - - + + - + + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> - text + oscal-version - - + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + revisions + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -15782,86 +19238,88 @@ - + - + - description + published - - - - + + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - purpose + last-modified - - + + - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> - text + version - - + + - + - + - status + oscal-version - - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -15870,31 +19328,47 @@ - + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - - + + + + @@ -15909,26 +19383,19 @@ - - - - - - - - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -15937,16 +19404,56 @@ - + + + + + short-name + + + + + + + + + + + description + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -15955,28 +19462,44 @@ - + - - - - + + + + + + - - + + - - + + + + + + + + + + + + + + + + @@ -15985,169 +19508,209 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - text + address - - + + + + + + + + + + + + + + + + + + + - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> - title + city - - + + - + - + - description + state - - - - + + - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> - text + postal-code - - + + - + - + - timing + country - - - - + + + + - + - - - on-date - - - + + + + + - + - - - within-date-range - - - - + + + + + + - + - - - at-frequency - - - - + + + + + - + - - - - + + + text + + + + + - + - - + + + + + + + + + + + + @@ -16162,15 +19725,36 @@ - - + + - - + + + + + + + + + + + + + + + + + + + + + + + @@ -16179,74 +19763,66 @@ - + + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> - text + name - - + + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - text + short-name - - + + - + - - - description - - - - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -16255,92 +19831,163 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> - text + city - - + + - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> - text + state - - + + - + - + - description + postal-code - - - - + + - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> - text + country - - + + - + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -16349,16 +19996,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -16367,16 +20014,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -16385,147 +20032,159 @@ - + - - - - - - - - - - - - - + + + local-definitions + + + - - - + + - - - - - - title - - - - - - - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + - - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + - + - + - citation + title - - - - - - - - - - - - - - - - + + + + + + + + + + text + + + + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + + + + + description + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -16534,51 +20193,49 @@ - + - - - - - + + + + + + + + + + + + + + + + + + + + + + - - - - - base64 - - - - - - - - - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -16587,88 +20244,92 @@ - + - + - published + description - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - last-modified + text - - + + - + - + - version + description - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - oscal-version + text - - + + - + - - - - - - + + @@ -16683,124 +20344,192 @@ + + + + + + + + + + + + + + + - + - + - revisions + description - - + + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - - - published - - - - - + + + + + + + + + + - + - - last-modified - - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + - + + + + + + + + + + + + + + - - version - - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - oscal-version + description - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -16809,30 +20538,16 @@ - - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -16841,74 +20556,116 @@ - + - + - title + description - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - short-name + text - - + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -16917,184 +20674,152 @@ - - - - - title - - - - - - - + - - - address - - - - + + + + - - - - - + - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + - + - - - city - - - - - + + + + + + + + + + - + - - state - - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + - + - - - postal-code - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - + - country + description - - - - - - - - - - - - - - - - - - - + + + + - + - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + - - + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -17103,231 +20828,239 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - name + title - - + + - + - + - short-name + description - - + + + + - + - - + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> + + start + + - + + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end" + in-json="SCALAR"> - text + end - - - - - - - - - + - + - - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + - + - - - - + + + local-definitions + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - city + title - - + + - + - + - state + description - - + + + + - + + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> - postal-code + purpose - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - country + text - - + + - + - - - - - + + + status + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -17336,65 +21069,56 @@ - + - + - local-definitions + title - - - - - - - - - - - - - - - - + + + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -17403,34 +21127,82 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -17439,16 +21211,16 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -17457,38 +21229,56 @@ - + + + + + short-name + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -17497,49 +21287,16 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -17548,156 +21305,96 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> - text + purpose - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - description - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -17706,70 +21403,61 @@ - + - - - - - - - - - + + + status + + + - + - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + - - - - - - - - - - - - - - + - - + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + + + - + - - + + + @@ -17784,16 +21472,8 @@ - - - - - - - - - - + + @@ -17802,96 +21482,34 @@ - - - - - description - - - - - - - - - - - - - text - - - - - - - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - - - - - description - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -17900,12 +21518,12 @@ - + - - + + @@ -17920,16 +21538,8 @@ - - - - - - - - - - + + @@ -17938,38 +21548,92 @@ - + + + + + text + + + + + + + + + + + text + + + + + + + + + + + title + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -17978,70 +21642,75 @@ - + - - - - - - - - - + + + timing + + + + - + - - - - - + + + on-date + + + - + - - - - - - - - - + + + within-date-range + + + - + - - - - - + + + at-frequency + + + + - + - - + + + + + + + + + @@ -18056,16 +21725,15 @@ - - - + + - - + + @@ -18074,38 +21742,16 @@ - - - - - description - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -18114,16 +21760,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -18132,92 +21778,56 @@ - - - - - title - - - - - - - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - - - - - start - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - end + text - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -18226,115 +21836,74 @@ - - - - - local-definitions - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - purpose + text - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -18343,28 +21912,16 @@ - - - - - status - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -18373,74 +21930,56 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - - - - - text - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -18449,12 +21988,12 @@ - + - - + + @@ -18469,8 +22008,16 @@ - - + + + + + + + + + + @@ -18479,34 +22026,38 @@ - + - + - text + description - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -18515,220 +22066,209 @@ - + - - - title - - - - - + + + + + + + + + + - + - - short-name - - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + - + - - - description - - - - - - - + + + + + + + + + + - + - - text - - - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + + - + - - - title - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - - - description - - - - - - - + + + + + + + + + + + + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - purpose + text - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - - - - - status - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -18737,31 +22277,33 @@ - + - + - title + assessment-log - - - - + + + + + + + + - + - + + + + @@ -18776,8 +22318,15 @@ - - + + + + + + + + + @@ -18786,16 +22335,16 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -18804,64 +22353,74 @@ - + + + + + description + + + + + + + + + + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> - text + start - - + + - + - - - - - - - - - - - - - - - - - - - - - - - - - + + + end + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -18870,16 +22429,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -18888,56 +22447,56 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -18946,96 +22505,53 @@ - - - - - timing - - - - - - - + - + - on-date + text - - + + + + - + - + - within-date-range + text - - - + + + + - + - + - at-frequency + identified-subject - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -19043,37 +22559,40 @@ - - + - + - text + description - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19082,38 +22601,16 @@ - - - - - description - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19122,16 +22619,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19140,56 +22637,56 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19198,16 +22695,44 @@ - + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19216,16 +22741,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19234,16 +22759,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19252,38 +22777,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19292,76 +22817,34 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - + - description + text - - - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19370,134 +22853,58 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - + + + identified-subject + + + + - - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19506,37 +22913,16 @@ - - - - - - - - - - - - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19545,34 +22931,16 @@ - - - - - title - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19581,33 +22949,14 @@ - - - - - assessment-log - - - - - - - - - - - + - - + + + - - - @@ -19622,15 +22971,61 @@ - - + + + + + + + + title + + + + + + + + + + + text + + + + + + + + + + + + + - - + + @@ -19639,16 +23034,92 @@ - + + + + + description + + + + + + + + + + + + + text + + + + + + + + + + + collected + + + + + + + + + + + expires + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -19657,74 +23128,78 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + - + - start + statement - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - end + text - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19733,16 +23208,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19751,16 +23226,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19769,38 +23244,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19809,16 +23284,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19827,16 +23302,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19845,13 +23320,13 @@ - + + key="identified-subject" + gi="identified-subject"> identified-subject @@ -19865,38 +23340,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19905,16 +23380,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19923,16 +23398,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19941,56 +23416,52 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - description + text - - - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -19999,44 +23470,56 @@ - + - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + - + - - - + + + description + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20045,16 +23528,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20063,16 +23546,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20081,38 +23564,58 @@ - + + + + + identified-subject + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20121,16 +23624,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20139,16 +23642,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20157,17 +23660,71 @@ - + - + + + + + + + + + + + + + + + + + + + + + + + + - identified-subject + text - + + + + + + + + + + + + + + + + + + + + + + + + + @@ -20177,74 +23734,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - - - - - text - - - - - - - - - - - text - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20253,9 +23774,9 @@ - + @@ -20278,16 +23799,16 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -20296,16 +23817,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20314,12 +23835,32 @@ - + - - + + + deadline + + + + + + + + + + + + @@ -20335,41 +23876,80 @@ + + + + + + + + + + + + + + + + + + + + + - + + + + + title + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20378,114 +23958,92 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - collected + text - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - expires + text - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - - - - - - - - - - statement - - - + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20494,16 +24052,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20512,16 +24070,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20530,56 +24088,58 @@ - + - + - text + identified-subject - - - - + + + + + + + + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20588,16 +24148,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20606,16 +24166,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20624,17 +24184,12 @@ - + - - - identified-subject - - + + @@ -20642,76 +24197,78 @@ + + + + + + + + + + + + + + + + + - - - - - description - - - - - - - - - + - - - text - - - - - + + + + + + + + + + + + + + + + + + + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20720,52 +24277,56 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - text + description - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20774,56 +24335,56 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20832,53 +24393,96 @@ - + - + - text + timing - - - - + + + + - + - + - text + on-date - - - - + + - + - + - identified-subject + within-date-range - + + + + + + + + + at-frequency + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -20886,40 +24490,37 @@ + - + - + - description + text - - - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20928,16 +24529,38 @@ - + + + + + description + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20946,16 +24569,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -20964,41 +24587,16 @@ - - - - - - - - - - - - - - - - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21007,130 +24605,74 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - - - - - - - - - - - - - - - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21139,33 +24681,51 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - deadline + text - - + + - + - + + + risk-log + + + + + + + + + + + + + - + + @@ -21180,22 +24740,16 @@ - - - - - - - - - + + - - + + + @@ -21204,16 +24758,16 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -21222,92 +24776,74 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - - - - - text - - - - - - - + + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> - text + start - - + + - + + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end" + in-json="SCALAR"> - text + end - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21316,38 +24852,46 @@ - + - - - description - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21356,16 +24900,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21374,16 +24918,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21392,58 +24936,38 @@ - - - - - identified-subject - - - - - - - - - - - - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21452,16 +24976,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21470,16 +24994,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21488,12 +25012,17 @@ - + - - + + + identified-subject + + @@ -21501,78 +25030,40 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - + - title + description - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21581,56 +25072,34 @@ - + - - title - - - - - - - - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - description + text - - - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21639,16 +25108,24 @@ - + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -21657,38 +25134,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21697,116 +25174,34 @@ - - - - - timing - - - - - - - - - - - on-date - - - - - - - - - within-date-range - - - - - - + - + - at-frequency + text - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21815,16 +25210,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21833,38 +25228,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21873,16 +25268,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21891,16 +25286,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21909,38 +25304,58 @@ - + + + + + identified-subject + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21949,16 +25364,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21967,16 +25382,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -21985,16 +25400,56 @@ - + + + + + title + + + + + + + + + + + description + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -22003,33 +25458,61 @@ - + - + - risk-log + status - - - - - - - + + + - + - + + + implementation-statement-uuid + + + + + + + + + + + + + + + + + + + + + - - @@ -22037,41 +25520,35 @@ - - - - - - - - - + + - - - + + + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -22080,88 +25557,51 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - - - - - start - - - - - - - + - - end - - + as-type="string" + name="document-id" + gi="document-id"> + + - + - + - text + citation - - - - - - - - - + @@ -22176,26 +25616,18 @@ - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -22204,16 +25636,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -22222,254 +25654,273 @@ - + + + + + + + + + + + + + + + + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> - text + base64 - - + + + + - + - + - description + title - - - - + + - + + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> - text + published - - + + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - text + last-modified - - + + - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> - text + version - - + + - + - + - identified-subject + oscal-version - - - + + + + + + + + + + + + + + + + + + + + + + + - + - + - description + revisions - - - - - - + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> - text + published - - + + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - text + last-modified - - + + - - - - - - - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> - title + version - - + + - + - + - description + oscal-version - - - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -22478,16 +25929,30 @@ - + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -22496,74 +25961,100 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - text + short-name - - + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -22572,251 +26063,255 @@ - + - - - text - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - identified-subject + address - - - + + + + + + + - + - - - description - - - - - + + + - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> - text + city - - + + - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> - text + state - - + + - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> - text + postal-code - - + + - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> - title + country - - + + - + - - - description - - - - - + + + - + - - text - - - + as-type="string" + name="telephone-number" + gi="telephone-number"> + + + - + - - - status - - - - - + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - implementation-statement-uuid + text - - + + - - - - - - - - - - - - - + - + - - + + + + + + + + + + @@ -22824,114 +26319,111 @@ - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + - - + + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> - title + name - - + + - + - + - description + short-name - - - - + + - + + as-type="string" + name="external-id" + gi="external-id"> - + - - - - - citation - - - - - - - - - - - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -22940,323 +26432,275 @@ - + - - text - - - + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + + - + - - - - - + + + + + + + + + + + + + + + + + - + - - base64 - - - - + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> - title + city - - + + - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> - published + state - + - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> - last-modified + postal-code - + - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> - version + country - + - - oscal-version - - + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - revisions - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - published + text - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - last-modified + text - - + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - version + title - - + + - + - + - oscal-version + description - - + + + + - + + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> - text + purpose - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -23265,74 +26709,86 @@ - + + + + + status + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - short-name + title - - + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -23341,184 +26797,188 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - - - address - - - - + + + + - - - - + + + + + + + + + + + + + + + - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - city + text - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - state + text - - + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - postal-code + title - - + + - + - + - country + description - - + + + + - + - - + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> + + purpose + + + - + - - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + - + - - - - - + + + status + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -23527,66 +26987,83 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - name + title - - + + - + - - - short-name - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + - + - - - + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -23595,163 +27072,168 @@ - - - - - - - - - - - - - - - - - - + - - - - + + + + + + + + + + + - - - - + + + + + + + + - + - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - city + text - - + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - state + title - - + + - + - + - postal-code + description - - + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - country + text + + + + + + + + - + - + as-type="token" + name="type" + gi="type" + in-json="SCALAR"> + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -23760,74 +27242,92 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + + + + text + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - purpose + text - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -23836,28 +27336,16 @@ - - - - - status - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -23866,56 +27354,58 @@ - + - + - title + identified-subject - - - - + + + + + + + + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -23924,16 +27414,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -23942,12 +27432,32 @@ - + - - + + + text + + + + + + + + + + + + @@ -23962,8 +27472,61 @@ - - + + + + + + + + title + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + @@ -23972,16 +27535,38 @@ - + + + + + description + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -23990,34 +27575,52 @@ - + + as-type="dateTime-with-timezone" + name="collected" + key="collected" + gi="collected" + in-json="SCALAR"> - text + collected - - + + - + + + + + expires + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -24026,84 +27629,78 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + - + - text + statement - - - - - - - - - - + + + + - + - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24112,16 +27709,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24130,16 +27727,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24148,38 +27745,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24188,16 +27785,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24206,16 +27803,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24224,13 +27821,13 @@ - + + key="identified-subject" + gi="identified-subject"> identified-subject @@ -24244,38 +27841,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24284,16 +27881,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24302,16 +27899,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24320,59 +27917,34 @@ - - - - - - - - - - - - - - - - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24381,62 +27953,16 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - description - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24445,114 +27971,56 @@ - - - - - collected - - - - - - - - - - - expires - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - - - - - - - - - - statement - - - + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24561,16 +28029,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24579,16 +28047,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24597,56 +28065,58 @@ - + - + - text + identified-subject - - - - + + + + + + + + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24655,16 +28125,34 @@ - + + + + + text + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24673,16 +28161,41 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24691,17 +28204,28 @@ - + - - - identified-subject - - + + + + + + + + + + + + + + + + + + @@ -24711,38 +28235,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24751,52 +28275,59 @@ - + - - - text - - - - - + + + + + + + + + + + + + + + + + + + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24805,92 +28336,121 @@ - + + as-type="dateTime-with-timezone" + name="deadline" + key="deadline" + gi="deadline" + in-json="SCALAR"> - text + deadline - - + + - + - - - text - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24899,16 +28459,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24917,16 +28477,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -24935,76 +28495,56 @@ - + - + - identified-subject + text - - - - - - - - - + + + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - - - - - text - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25013,16 +28553,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25031,71 +28571,35 @@ - - - - - - - - - - - - - - - - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + identified-subject + + @@ -25105,38 +28609,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25145,59 +28649,34 @@ - - - - - - - - - - - - - - - - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25206,31 +28685,19 @@ - - - - - deadline - - - - - - - + - + - + + + + + + + @@ -25247,22 +28714,26 @@ - - - - - - - - - + + + + + + + + + + + - - + + @@ -25271,16 +28742,16 @@ - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -25289,38 +28760,74 @@ - + + + + + text + + + + + + + + + + + title + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25329,16 +28836,56 @@ - + + + + + title + + + + + + + + + + + description + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25347,16 +28894,116 @@ - + + + + + timing + + + + + + + + + + + on-date + + + + + + + + + within-date-range + + + + + + + + + + at-frequency + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25365,16 +29012,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25383,38 +29030,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25423,16 +29070,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25440,17 +29087,17 @@ - - + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25459,58 +29106,38 @@ - - - - - identified-subject - - - - - - - - - - - - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25519,16 +29146,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25537,16 +29164,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25555,21 +29182,51 @@ - + - - - - + + + text + + + + + + + + + + + risk-log + + + + + + + + + + + @@ -25584,26 +29241,16 @@ - - - - - - - - - - - + + - - + + + @@ -25612,52 +29259,16 @@ - - - - - title - - - - - - - - - - - text - - - - - - - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -25666,96 +29277,74 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> - text + start - - + + - + - - title - - - - - - - - - + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end" + in-json="SCALAR"> - description + end - - - - + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25764,75 +29353,12 @@ - - - - - timing - - - - - - - - - - - on-date - - - - - - - - - within-date-range - - - - - - - - - - at-frequency - - - - - - - - - - - - - + - - + + @@ -25847,15 +29373,8 @@ - - - - - - - - - + + @@ -25864,16 +29383,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25882,16 +29401,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25900,38 +29419,56 @@ - + + + + + text + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25940,16 +29477,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25958,16 +29495,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -25976,56 +29513,58 @@ - + + + + + identified-subject + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - - - - - text - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26034,16 +29573,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26052,16 +29591,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26070,75 +29609,24 @@ - - - - - risk-log - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -26147,74 +29635,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - - - - - start - - - - - - - - - - - end - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26223,46 +29675,16 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26271,16 +29693,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26289,16 +29711,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26307,38 +29729,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26347,16 +29769,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26365,16 +29787,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26383,13 +29805,13 @@ - + + key="identified-subject" + gi="identified-subject"> identified-subject @@ -26403,38 +29825,38 @@ - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26443,16 +29865,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26461,16 +29883,16 @@ - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26479,24 +29901,121 @@ - + + + + + title + + + + + + + + + + + description + + + + + + + + + + + + + text + + + + + + + + + + + status + + + + + + + + + + + implementation-statement-uuid + + + + + + + + + + + + + + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -26506,37 +30025,37 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26546,8 +30065,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -26560,15 +30079,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26577,25 +30096,33 @@ + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -26628,15 +30155,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -26646,35 +30173,35 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -26682,8 +30209,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -26707,15 +30234,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26725,15 +30252,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -26743,8 +30270,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -26759,14 +30286,14 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -26778,10 +30305,10 @@ + mode="cast-prose" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -26789,43 +30316,43 @@ + name="ns" + select="/*/@namespace"/> + match="group" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="group[@in-json='BY_KEY']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../@json-key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="group[@in-json='SINGLETON_OR_ARRAY'][count(*)=1]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="group/assembly | group/field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -26843,10 +30370,10 @@ + priority="3" + match="group/field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -26855,33 +30382,33 @@ + match="/assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../value/@key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="flag" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> + priority="2" + match="field[exists(@json-key-flag)]/value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -26916,12 +30443,12 @@ + match="value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> @@ -26934,46 +30461,46 @@ + match="*" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-line']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-multiline']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + name="conditional-lf" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()[empty(ancestor::pre)]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -26982,18 +30509,18 @@ + mode="md" + match="p" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="h1 | h2 | h3 | h4 | h5 | h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -27001,40 +30528,40 @@ # + mode="mark" + match="h1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"># ## + mode="mark" + match="h2" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">## ### + mode="mark" + match="h3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">### #### + mode="mark" + match="h4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">#### ##### + mode="mark" + match="h5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">##### ###### + mode="mark" + match="h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">###### + mode="md" + match="table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="tr" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -27048,19 +30575,19 @@ + mode="md" + match="th | td" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> | | + mode="md" + priority="1" + match="pre" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ``` @@ -27069,24 +30596,24 @@ ``` + mode="md" + priority="1" + match="ul | ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="ul//ul | ol//ol | ol//ul | ul//ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -27096,9 +30623,9 @@ + mode="md" + match="ol/li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -27108,49 +30635,49 @@ + mode="md" + match="code | span[contains(@class, 'code')]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ` ` + mode="md" + match="em | i" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> * * + mode="md" + match="strong | b" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ** ** + mode="md" + match="q" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> " " + mode="md" + match="insert" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> {{ insert: }} + mode="md" + match="a" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> [ ] @@ -27159,9 +30686,9 @@ ) + mode="md" + match="img" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ![ ] diff --git a/json/convert/oscal_component_xml-to-json-converter.xsl b/json/convert/oscal_component_xml-to-json-converter.xsl index 746d6f6c9e..a92c7154ba 100644 --- a/json/convert/oscal_component_xml-to-json-converter.xsl +++ b/json/convert/oscal_component_xml-to-json-converter.xsl @@ -1,11 +1,11 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + version="3.0" + exclude-result-prefixes="#all" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + select="$file ! document(.,$source-xml)"> { $err:description } @@ -60,7 +60,7 @@ + select="xml-to-json($new-json-xml, $write-options)"> { $err:description } @@ -76,16 +76,16 @@ - + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="component-definition" + gi="component-definition"> component-definition @@ -119,7 +119,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -180,11 +180,18 @@ + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -192,67 +199,28 @@ + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - + + + + @@ -275,21 +243,14 @@ - + - + + - - - - - - - - - + @@ -304,65 +265,8 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + @@ -372,16 +276,16 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="import-component-definition" + gi="import-component-definition"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -428,7 +332,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -457,7 +361,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -473,7 +377,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -482,7 +386,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -497,7 +401,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -535,7 +439,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -543,7 +447,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -559,54 +463,54 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks + group-by="true()"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -616,471 +520,543 @@ + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + key="value" + gi="value"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + + + + + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + as-type="string" + name="resource-fragment" + key="resource-fragment" + gi="resource-fragment"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> - + - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="location-type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="type" + key="type" + gi="type"> - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="string" + name="type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + + + + + + + + + + + + + + + + as-type="uri" + name="system" + key="system" + gi="system"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="defined-component-type" + key="type" + gi="type"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="nonNegativeInteger" + name="start" + key="start" + gi="start"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="nonNegativeInteger" + name="end" + key="end" + gi="end"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="transport" + key="transport" + gi="transport"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="source" + key="source" + gi="source"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="param-id" + key="param-id" + gi="param-id"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + key="statement-id" + gi="statement-id"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + priority="3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="filename" + key="filename" + gi="filename"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1090,15 +1066,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1108,15 +1084,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1126,15 +1102,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1144,15 +1120,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1162,8 +1138,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1189,14 +1165,14 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -1204,15 +1180,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1222,15 +1198,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1240,15 +1216,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1258,15 +1234,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1276,15 +1252,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1294,15 +1270,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1312,13 +1288,13 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -1326,15 +1302,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1343,16 +1319,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1362,15 +1364,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1380,37 +1382,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1419,16 +1421,62 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1438,8 +1486,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1460,29 +1508,29 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -1492,15 +1540,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -1510,15 +1558,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -1528,15 +1576,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -1546,27 +1594,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -1574,29 +1622,30 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1605,16 +1654,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -1624,15 +1741,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1642,13 +1759,13 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="external-id" + gi="external-id"> @@ -1656,15 +1773,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1674,27 +1791,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -1702,8 +1819,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1721,29 +1838,29 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -1753,15 +1870,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -1771,15 +1888,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -1789,15 +1906,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -1807,29 +1924,65 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + text + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + + + + + + + + + text @@ -1839,15 +1992,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1857,37 +2010,37 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -1897,15 +2050,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1915,15 +2068,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1933,15 +2086,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1951,8 +2104,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1989,37 +2142,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2029,22 +2182,22 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2089,37 +2242,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2129,29 +2282,29 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2161,8 +2314,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2193,37 +2346,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2233,15 +2386,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2251,37 +2404,37 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2291,30 +2444,30 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2351,37 +2504,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2391,22 +2544,22 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2451,37 +2604,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2491,29 +2644,29 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2523,8 +2676,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2555,37 +2708,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2595,15 +2748,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2613,8 +2766,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2647,15 +2800,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2665,35 +2818,35 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -2701,8 +2854,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2726,15 +2879,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2744,15 +2897,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2762,8 +2915,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2778,14 +2931,14 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -2797,10 +2950,10 @@ + mode="cast-prose" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -2808,43 +2961,43 @@ + name="ns" + select="/*/@namespace"/> + match="group" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="group[@in-json='BY_KEY']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../@json-key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="group[@in-json='SINGLETON_OR_ARRAY'][count(*)=1]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="group/assembly | group/field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -2862,10 +3015,10 @@ + priority="3" + match="group/field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -2874,33 +3027,33 @@ + match="/assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../value/@key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="flag" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> + priority="2" + match="field[exists(@json-key-flag)]/value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -2935,12 +3088,12 @@ + match="value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> @@ -2953,46 +3106,46 @@ + match="*" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-line']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-multiline']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + name="conditional-lf" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()[empty(ancestor::pre)]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3001,18 +3154,18 @@ + mode="md" + match="p" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="h1 | h2 | h3 | h4 | h5 | h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3020,40 +3173,40 @@ # + mode="mark" + match="h1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"># ## + mode="mark" + match="h2" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">## ### + mode="mark" + match="h3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">### #### + mode="mark" + match="h4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">#### ##### + mode="mark" + match="h5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">##### ###### + mode="mark" + match="h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">###### + mode="md" + match="table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="tr" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3067,19 +3220,19 @@ + mode="md" + match="th | td" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> | | + mode="md" + priority="1" + match="pre" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ``` @@ -3088,24 +3241,24 @@ ``` + mode="md" + priority="1" + match="ul | ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="ul//ul | ol//ol | ol//ul | ul//ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3115,9 +3268,9 @@ + mode="md" + match="ol/li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3127,49 +3280,49 @@ + mode="md" + match="code | span[contains(@class, 'code')]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ` ` + mode="md" + match="em | i" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> * * + mode="md" + match="strong | b" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ** ** + mode="md" + match="q" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> " " + mode="md" + match="insert" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> {{ insert: }} + mode="md" + match="a" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> [ ] @@ -3178,9 +3331,9 @@ ) + mode="md" + match="img" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ![ ] diff --git a/json/convert/oscal_mapping_xml-to-json-converter.xsl b/json/convert/oscal_mapping_xml-to-json-converter.xsl new file mode 100644 index 0000000000..75fad7d7d6 --- /dev/null +++ b/json/convert/oscal_mapping_xml-to-json-converter.xsl @@ -0,0 +1,2526 @@ + + + + + + + + json + no + + + + + + + + + + + + + + + { $err:description } + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $err:description } + + + + + + + + + + + + + + + + + + + + + + mapping-collection + + + http://csrc.nist.gov/ns/oscal/1.0 + + + + + + + + + + + + + + + + + + metadata + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mapping + + + + + + + + + + + + + + + + + + source-resource + + + + + + + + + + + + + + + + + + + + + + + + + target-resource + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + back-matter + + + + + + + + + + + + + + + remarks + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + published + + + + + + + + + + + last-modified + + + + + + + + + + + version + + + + + + + + + + + oscal-version + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + revisions + + + + + + + + + title + + + + + + + + + + + published + + + + + + + + + + + last-modified + + + + + + + + + + + version + + + + + + + + + + + oscal-version + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + short-name + + + + + + + + + + + description + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + address + + + + + + + + + + + + + + + + + + + + + + + + + + + + city + + + + + + + + + + + state + + + + + + + + + + + postal-code + + + + + + + + + + + country + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + name + + + + + + + + + + + short-name + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + city + + + + + + + + + + + state + + + + + + + + + + + postal-code + + + + + + + + + + + country + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + relationship + + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + description + + + + + + + + + + + + + + + + + + + + + + citation + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + base64 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + # + ## + ### + #### + ##### + ###### + + + + + + + + + + + | + + --- | + + + + + + | + + + | + + + + ``` + + + + ``` + + + + + + + + + + + + + + + * + + + + + + + + + 1. + + + + + ` + + ` + + + * + + * + + + ** + + ** + + + " + + " + + + {{ insert: + + }} + + + [ + + ] + ( + + ) + + + ![ + + ] + ( + + + "{.}" + + ) + + diff --git a/json/convert/oscal_poam_xml-to-json-converter.xsl b/json/convert/oscal_poam_xml-to-json-converter.xsl index ee07a12bb5..855d0ed99d 100644 --- a/json/convert/oscal_poam_xml-to-json-converter.xsl +++ b/json/convert/oscal_poam_xml-to-json-converter.xsl @@ -1,11 +1,11 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + version="3.0" + exclude-result-prefixes="#all" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + select="$file ! document(.,$source-xml)"> { $err:description } @@ -60,7 +60,7 @@ + select="xml-to-json($new-json-xml, $write-options)"> { $err:description } @@ -76,16 +76,16 @@ - + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="plan-of-action-and-milestones" + gi="plan-of-action-and-milestones"> plan-of-action-and-milestones @@ -111,6 +111,13 @@ + + + + + + + @@ -122,7 +129,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -183,11 +190,18 @@ + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -195,67 +209,28 @@ + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - + + + + @@ -278,21 +253,14 @@ - + - + + - - - - - - - - - + @@ -307,65 +275,8 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + @@ -375,7 +286,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -386,11 +297,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="local-definitions" + gi="local-definitions"> local-definitions @@ -408,11 +319,12 @@ + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -453,7 +365,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -482,7 +394,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -498,7 +410,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -507,7 +419,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -543,8 +455,33 @@ + + + + + assessment-assets + + + + + + + + + + + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -605,7 +542,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -628,7 +565,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -651,7 +588,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -688,7 +625,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -726,19 +663,19 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="include-all" + key="include-all" + gi="include-all"> include-all + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -761,7 +698,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -784,7 +721,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -853,7 +790,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -881,7 +818,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -942,15 +879,105 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + target + + + + + + + + + + + + + + + + + + + + + + + + + + + + + implementation-status + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -977,6 +1004,13 @@ + + + + + + + @@ -995,7 +1029,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1011,60 +1045,60 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks + group-by="true()"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="system-id" + key="system-id" + gi="system-id"> system-id @@ -1075,14 +1109,14 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="risk-status" + key="status" + gi="status" + in-json="SCALAR"> status @@ -1092,7 +1126,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1103,14 +1137,14 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="risk-status" + key="status-change" + gi="status-change" + in-json="SCALAR"> status-change @@ -1120,7 +1154,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1130,863 +1164,1055 @@ + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + key="value" + gi="value"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + as-type="token" + name="group" + key="group" + gi="group"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + as-type="string" + name="resource-fragment" + key="resource-fragment" + gi="resource-fragment"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> - + - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="location-type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="type" + key="type" + gi="type"> - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="string" + name="type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + + + + + + + + + + + + + + + + as-type="uri" + name="system" + key="system" + gi="system"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="identifier-type" + key="identifier-type" + gi="identifier-type"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="system-component-type" + key="type" + gi="type"> - + + as-type="token" + name="state" + key="state" + gi="state"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="nonNegativeInteger" + name="start" + key="start" + gi="start"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="nonNegativeInteger" + name="end" + key="end" + gi="end"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="transport" + key="transport" + gi="transport"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + + + + + + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="type" + key="type" + gi="type"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="actor-uuid" + key="actor-uuid" + gi="actor-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="task-uuid" + key="task-uuid" + gi="task-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="type" + key="type" + gi="type"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="subject-uuid" + key="subject-uuid" + gi="subject-uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="subject-type" + key="type" + gi="type"> - + + as-type="uuid" + name="subject-placeholder-uuid" + key="subject-placeholder-uuid" + gi="subject-placeholder-uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="subject-uuid" + key="subject-uuid" + gi="subject-uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="subject-type" + key="type" + gi="type"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="system" + key="system" + gi="system"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="system" + key="system" + gi="system"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + key="value" + gi="value"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="implementation-uuid" + key="implementation-uuid" + gi="implementation-uuid"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="lifecycle" + key="lifecycle" + gi="lifecycle"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="type" + key="type" + gi="type"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="date" + key="date" + gi="date"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="positiveInteger" + name="period" + key="period" + gi="period"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="unit" + key="unit" + gi="unit"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="task-uuid" + key="task-uuid" + gi="task-uuid"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="activity-uuid" + key="activity-uuid" + gi="activity-uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="party-uuid" + key="party-uuid" + gi="party-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="response-uuid" + key="response-uuid" + gi="response-uuid"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="observation-uuid" + key="observation-uuid" + gi="observation-uuid"> - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="string" + name="type" + key="type" + gi="type"> - + + as-type="token" + name="target-id" + key="target-id" + gi="target-id"> - + + as-type="token" + name="state" + key="state" + gi="state"> - + + as-type="token" + name="reason" + key="reason" + gi="reason"> - + + as-type="token" + name="state" + key="state" + gi="state"> - + + as-type="uuid" + name="observation-uuid" + key="observation-uuid" + gi="observation-uuid"> - + + as-type="uuid" + name="risk-uuid" + key="risk-uuid" + gi="risk-uuid"> - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - - - - - title - - - - - + + + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + + + + + + + + + published @@ -1996,15 +2222,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -2014,15 +2240,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -2032,15 +2258,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -2050,8 +2276,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2077,14 +2303,14 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -2092,15 +2318,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2110,15 +2336,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -2128,15 +2354,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -2146,15 +2372,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -2164,15 +2390,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -2182,15 +2408,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2200,13 +2426,13 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -2214,15 +2440,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2231,16 +2457,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2250,15 +2502,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -2268,37 +2520,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2307,16 +2559,62 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2326,8 +2624,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2348,29 +2646,29 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -2380,15 +2678,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -2398,15 +2696,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -2416,15 +2714,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -2434,27 +2732,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -2462,29 +2760,30 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2493,16 +2792,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -2512,15 +2879,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -2530,13 +2897,13 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="external-id" + gi="external-id"> @@ -2544,15 +2911,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2562,27 +2929,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -2590,8 +2957,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2609,29 +2976,29 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -2641,15 +3008,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -2659,15 +3026,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -2677,15 +3044,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -2695,29 +3062,65 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + text + + + + + + + + + + + text + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2727,15 +3130,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2745,37 +3148,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -2785,15 +3188,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2803,8 +3206,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2815,15 +3218,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2833,15 +3236,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2851,37 +3254,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2891,15 +3294,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2909,8 +3312,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2939,15 +3342,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2957,15 +3360,272 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + text + + + + + + + + + + + title + + + + + + + + + + + description + + + + + + + + + + + + + purpose + + + + + + + + + + + text + + + + + + + + + + + status + + + + + + + + + + text + + + + + + + + + + + title + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2975,15 +3635,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2993,37 +3653,37 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3033,43 +3693,43 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="method" + gi="method" + in-json="SCALAR"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="type" + gi="type" + in-json="SCALAR"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3079,15 +3739,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3097,15 +3757,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3115,37 +3775,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3155,15 +3815,15 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3173,15 +3833,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3191,12 +3851,12 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -3211,37 +3871,37 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3251,15 +3911,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3269,15 +3929,15 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3287,8 +3947,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3312,15 +3972,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3330,15 +3990,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3348,8 +4008,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3372,37 +4032,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3412,15 +4072,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="collected" + key="collected" + gi="collected" + in-json="SCALAR"> collected @@ -3430,15 +4090,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="expires" + key="expires" + gi="expires" + in-json="SCALAR"> expires @@ -3448,15 +4108,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3466,59 +4126,59 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="statement" + key="statement" + gi="statement" + in-json="SCALAR"> statement + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3528,15 +4188,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3546,15 +4206,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3564,15 +4224,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3582,37 +4242,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3622,15 +4282,15 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3640,15 +4300,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3658,12 +4318,12 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -3678,37 +4338,37 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3718,15 +4378,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3736,15 +4396,15 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3754,15 +4414,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3772,15 +4432,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3790,15 +4450,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3808,15 +4468,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3826,37 +4486,37 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3866,15 +4526,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3884,15 +4544,15 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3902,12 +4562,12 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -3922,37 +4582,37 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3962,15 +4622,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3980,15 +4640,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3998,8 +4658,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4023,15 +4683,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4041,8 +4701,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4072,37 +4732,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4112,8 +4772,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4137,15 +4797,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4155,15 +4815,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4173,15 +4833,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="deadline" + key="deadline" + gi="deadline" + in-json="SCALAR"> deadline @@ -4191,8 +4851,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4238,15 +4898,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4256,37 +4916,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4296,15 +4956,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4314,15 +4974,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4332,15 +4992,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4350,37 +5010,37 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4390,15 +5050,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4408,15 +5068,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4426,12 +5086,12 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -4446,37 +5106,37 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4486,15 +5146,15 @@ + priority="19" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4504,15 +5164,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4522,8 +5182,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4554,8 +5214,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4579,15 +5239,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4597,15 +5257,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4615,15 +5275,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4633,37 +5293,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4673,15 +5333,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4691,37 +5351,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4731,8 +5391,8 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4744,8 +5404,8 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4755,13 +5415,13 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="within-date-range" + key="within-date-range" + gi="within-date-range"> within-date-range @@ -4770,13 +5430,13 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="at-frequency" + key="at-frequency" + gi="at-frequency"> at-frequency @@ -4785,8 +5445,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4794,8 +5454,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4831,15 +5491,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4849,15 +5509,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4867,37 +5527,37 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4907,15 +5567,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4925,15 +5585,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4943,37 +5603,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4983,15 +5643,15 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5001,15 +5661,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5019,15 +5679,15 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5037,8 +5697,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5054,8 +5714,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5096,15 +5756,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5114,37 +5774,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> start @@ -5154,15 +5814,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end" + in-json="SCALAR"> end @@ -5172,15 +5832,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5190,8 +5850,8 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5220,15 +5880,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5238,15 +5898,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5256,15 +5916,15 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5274,37 +5934,37 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5314,15 +5974,15 @@ + priority="19" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5332,15 +5992,15 @@ + priority="18" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5350,12 +6010,12 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -5370,37 +6030,37 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5410,15 +6070,15 @@ + priority="20" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5428,15 +6088,15 @@ + priority="19" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5446,23 +6106,412 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + + + + + title + + + + + + + + + + + description + + + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + description + + + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + identified-subject + + + + + + + + + + + + + + + + description + + + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + text + + + + + + + + + + + title + + + + + + + + + + + description + + + + + + + + + + + + + text + + + + + + + + + + + status + + + + + + + + + + + implementation-statement-uuid + + + + + + + + + + + + + + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5472,37 +6521,37 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5512,8 +6561,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5526,15 +6575,15 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5543,25 +6592,33 @@ + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5594,15 +6651,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5612,35 +6669,35 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -5648,8 +6705,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5673,15 +6730,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5691,15 +6748,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5709,8 +6766,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5725,14 +6782,14 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -5744,10 +6801,10 @@ + mode="cast-prose" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5755,43 +6812,43 @@ + name="ns" + select="/*/@namespace"/> + match="group" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="group[@in-json='BY_KEY']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../@json-key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="group[@in-json='SINGLETON_OR_ARRAY'][count(*)=1]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="group/assembly | group/field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5809,10 +6866,10 @@ + priority="3" + match="group/field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5821,33 +6878,33 @@ + match="/assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../value/@key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="flag" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> + priority="2" + match="field[exists(@json-key-flag)]/value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5882,12 +6939,12 @@ + match="value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> @@ -5900,46 +6957,46 @@ + match="*" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-line']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-multiline']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + name="conditional-lf" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()[empty(ancestor::pre)]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5948,18 +7005,18 @@ + mode="md" + match="p" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="h1 | h2 | h3 | h4 | h5 | h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5967,40 +7024,40 @@ # + mode="mark" + match="h1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"># ## + mode="mark" + match="h2" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">## ### + mode="mark" + match="h3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">### #### + mode="mark" + match="h4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">#### ##### + mode="mark" + match="h5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">##### ###### + mode="mark" + match="h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">###### + mode="md" + match="table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="tr" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -6014,19 +7071,19 @@ + mode="md" + match="th | td" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> | | + mode="md" + priority="1" + match="pre" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ``` @@ -6035,24 +7092,24 @@ ``` + mode="md" + priority="1" + match="ul | ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="ul//ul | ol//ol | ol//ul | ul//ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -6062,9 +7119,9 @@ + mode="md" + match="ol/li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -6074,49 +7131,49 @@ + mode="md" + match="code | span[contains(@class, 'code')]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ` ` + mode="md" + match="em | i" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> * * + mode="md" + match="strong | b" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ** ** + mode="md" + match="q" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> " " + mode="md" + match="insert" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> {{ insert: }} + mode="md" + match="a" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> [ ] @@ -6125,9 +7182,9 @@ ) + mode="md" + match="img" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ![ ] diff --git a/json/convert/oscal_profile_xml-to-json-converter.xsl b/json/convert/oscal_profile_xml-to-json-converter.xsl index 49faa0d217..2c1b8ee4cc 100644 --- a/json/convert/oscal_profile_xml-to-json-converter.xsl +++ b/json/convert/oscal_profile_xml-to-json-converter.xsl @@ -1,11 +1,11 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + version="3.0" + exclude-result-prefixes="#all" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + select="$file ! document(.,$source-xml)"> { $err:description } @@ -60,7 +60,7 @@ + select="xml-to-json($new-json-xml, $write-options)"> { $err:description } @@ -76,12 +76,12 @@ - + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -105,7 +105,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -166,11 +166,18 @@ + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -178,67 +185,28 @@ + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - + + + + @@ -261,21 +229,14 @@ - + - + + - - - - - - - - - + @@ -290,65 +251,8 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + @@ -358,7 +262,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -380,19 +284,26 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + name="include-all" + key="include-all" + gi="include-all"> include-all + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -405,7 +316,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -456,7 +367,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -504,7 +415,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -518,21 +429,21 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + group-by="true()"> + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose"> + as-type="markup-multiline" + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE"> @@ -540,7 +451,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -557,7 +468,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -573,17 +484,17 @@ + group-by="true()"> + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose"> + as-type="markup-multiline" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE"> @@ -605,7 +516,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -627,7 +538,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -649,76 +560,8 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -734,67 +577,80 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks + group-by="true()"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="parameter-value" + gi="value" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -804,536 +660,613 @@ + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + key="value" + gi="value"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + as-type="token" + name="group" + key="group" + gi="group"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> - + + as-type="string" + name="resource-fragment" + key="resource-fragment" + gi="resource-fragment"> - + + + + + + - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="location-type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="type" + key="type" + gi="type"> - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="string" + name="type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + + + + + + + + + + + as-type="token" + name="type" + key="type" + gi="type"> + + + + + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="with-child-controls" + key="with-child-controls" + gi="with-child-controls"> - + + as-type="string" + name="pattern" + key="pattern" + gi="pattern"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="method" + key="method" + gi="method"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="depends-on" + key="depends-on" + deprecated="1.0.1" + gi="depends-on"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="how-many" + key="how-many" + gi="how-many"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="order" + key="order" + gi="order"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="param-id" + key="param-id" + gi="param-id"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="depends-on" + key="depends-on" + deprecated="1.0.1" + gi="depends-on"> - + + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> - + + as-type="token" + name="by-name" + key="by-name" + gi="by-name"> - + + as-type="token" + name="by-class" + key="by-class" + gi="by-class"> - + + as-type="token" + name="by-id" + key="by-id" + gi="by-id"> - + + as-type="token" + name="by-item-name" + key="by-item-name" + gi="by-item-name"> - + + as-type="token" + name="by-ns" + key="by-ns" + gi="by-ns"> - + + as-type="token" + name="position" + key="position" + default="ending" + gi="position"> - + + as-type="token" + name="by-id" + key="by-id" + gi="by-id"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + priority="3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="filename" + key="filename" + gi="filename"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1343,15 +1276,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1361,15 +1294,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1379,15 +1312,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1397,15 +1330,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1415,8 +1348,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1442,14 +1375,14 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -1457,15 +1390,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1475,15 +1408,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1493,15 +1426,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1511,15 +1444,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1529,15 +1462,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1547,15 +1480,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1565,13 +1498,13 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -1579,15 +1512,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1596,16 +1529,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1615,15 +1574,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1633,37 +1592,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1672,16 +1631,62 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1691,8 +1696,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1713,29 +1718,29 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -1745,15 +1750,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -1763,15 +1768,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -1781,15 +1786,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -1799,27 +1804,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -1827,29 +1832,30 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1858,16 +1864,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -1877,15 +1951,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1895,13 +1969,13 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="external-id" + gi="external-id"> @@ -1909,15 +1983,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1927,27 +2001,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -1955,8 +2029,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1974,29 +2048,29 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -2006,15 +2080,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -2024,15 +2098,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -2042,15 +2116,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -2060,29 +2134,65 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + text + + + + + + + + + + + text + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2092,8 +2202,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2113,31 +2223,9 @@ - - - - - - - - - - - - - - + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2157,31 +2245,9 @@ - - - - - - - - - - - - - - + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2191,8 +2257,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2201,15 +2267,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="boolean" + name="as-is" + key="as-is" + gi="as-is" + in-json="SCALAR"> as-is @@ -2219,8 +2285,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2243,15 +2309,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2261,15 +2327,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2279,15 +2345,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -2297,52 +2363,52 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage + group-by="true()"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2350,15 +2416,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -2368,29 +2434,29 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2400,15 +2466,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2418,15 +2484,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2436,8 +2502,8 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2457,31 +2523,9 @@ - - - - - - - - - - - - - - + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2501,31 +2545,9 @@ - - - - - - - - - - - - - - + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2545,31 +2567,9 @@ - - - - - - - - - - - - - - + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2589,31 +2589,9 @@ - - - - - - - - - - - - - - + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2660,15 +2638,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2678,15 +2656,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -2696,52 +2674,52 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2749,15 +2727,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -2767,29 +2745,101 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2799,15 +2849,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2817,15 +2867,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -2835,52 +2885,52 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage + group-by="true()"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2888,15 +2938,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -2906,29 +2956,29 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2938,15 +2988,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2956,15 +3006,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2974,8 +3024,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3008,15 +3058,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3026,35 +3076,35 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -3062,8 +3112,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3087,15 +3137,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3105,15 +3155,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3123,8 +3173,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3139,14 +3189,14 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -3158,10 +3208,10 @@ + mode="cast-prose" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3169,43 +3219,43 @@ + name="ns" + select="/*/@namespace"/> + match="group" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="group[@in-json='BY_KEY']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../@json-key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="group[@in-json='SINGLETON_OR_ARRAY'][count(*)=1]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="group/assembly | group/field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3223,10 +3273,10 @@ + priority="3" + match="group/field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3235,33 +3285,33 @@ + match="/assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../value/@key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="flag" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> + priority="2" + match="field[exists(@json-key-flag)]/value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3296,12 +3346,12 @@ + match="value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> @@ -3314,46 +3364,46 @@ + match="*" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-line']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-multiline']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + name="conditional-lf" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()[empty(ancestor::pre)]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3362,18 +3412,18 @@ + mode="md" + match="p" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="h1 | h2 | h3 | h4 | h5 | h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3381,40 +3431,40 @@ # + mode="mark" + match="h1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"># ## + mode="mark" + match="h2" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">## ### + mode="mark" + match="h3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">### #### + mode="mark" + match="h4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">#### ##### + mode="mark" + match="h5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">##### ###### + mode="mark" + match="h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">###### + mode="md" + match="table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="tr" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3428,19 +3478,19 @@ + mode="md" + match="th | td" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> | | + mode="md" + priority="1" + match="pre" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ``` @@ -3449,24 +3499,24 @@ ``` + mode="md" + priority="1" + match="ul | ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="ul//ul | ol//ol | ol//ul | ul//ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3476,9 +3526,9 @@ + mode="md" + match="ol/li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3488,49 +3538,49 @@ + mode="md" + match="code | span[contains(@class, 'code')]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ` ` + mode="md" + match="em | i" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> * * + mode="md" + match="strong | b" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ** ** + mode="md" + match="q" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> " " + mode="md" + match="insert" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> {{ insert: }} + mode="md" + match="a" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> [ ] @@ -3539,9 +3589,9 @@ ) + mode="md" + match="img" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ![ ] diff --git a/json/convert/oscal_ssp_xml-to-json-converter.xsl b/json/convert/oscal_ssp_xml-to-json-converter.xsl index 4292af08c2..2a0a17ecb8 100644 --- a/json/convert/oscal_ssp_xml-to-json-converter.xsl +++ b/json/convert/oscal_ssp_xml-to-json-converter.xsl @@ -1,11 +1,11 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + version="3.0" + exclude-result-prefixes="#all" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + select="$file ! document(.,$source-xml)"> { $err:description } @@ -60,7 +60,7 @@ + select="xml-to-json($new-json-xml, $write-options)"> { $err:description } @@ -76,16 +76,16 @@ - + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="system-security-plan" + gi="system-security-plan"> system-security-plan @@ -102,7 +102,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -163,11 +163,18 @@ + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -175,67 +182,28 @@ + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - + + + + @@ -258,21 +226,14 @@ - + - + + - - - - - - - - - + @@ -287,65 +248,8 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + @@ -355,7 +259,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -366,11 +270,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="system-characteristics" + gi="system-characteristics"> system-characteristics @@ -417,11 +321,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="system-information" + gi="system-information"> system-information @@ -448,12 +352,92 @@ + + + + + confidentiality-impact + + + + + + + + + + + + + + + + + + + + + + + + + integrity-impact + + + + + + + + + + + + + + + + + + + + + + + + + availability-impact + + + + + + + + + + + + + + + + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="security-impact-level" + gi="security-impact-level"> security-impact-level @@ -463,11 +447,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="authorization-boundary" + gi="authorization-boundary"> authorization-boundary @@ -497,7 +481,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -521,11 +505,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="network-architecture" + gi="network-architecture"> network-architecture @@ -555,7 +539,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -587,11 +571,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="system-implementation" + gi="system-implementation"> system-implementation @@ -641,7 +625,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -680,7 +664,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -695,7 +679,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -736,7 +720,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -765,7 +749,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -781,7 +765,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -790,7 +774,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -827,7 +811,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -842,7 +826,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -896,11 +880,11 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="implementation-status" + gi="implementation-status"> implementation-status @@ -909,7 +893,7 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -925,59 +909,59 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks + group-by="true()"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="system-id" + gi="system-id"> @@ -985,33 +969,33 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + gi="role-id" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="function-performed" + gi="function-performed" + in-json="SCALAR"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1021,634 +1005,705 @@ + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + key="value" + gi="value"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="class" + key="class" + gi="class"> - + + as-type="token" + name="group" + key="group" + gi="group"> - + + as-type="uri-reference" + name="href" + key="href" + gi="href"> + + + + + + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + as-type="string" + name="resource-fragment" + key="resource-fragment" + gi="resource-fragment"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> - + - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="location-type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="type" + key="type" + gi="type"> - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="string" + name="type" + key="type" + gi="type"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + + + + + + + + + + + + + as-type="token" + name="type" + key="type" + gi="type"> + + + + + + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="identifier-type" + key="identifier-type" + gi="identifier-type"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="system" + key="system" + gi="system"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="system-component-type" + key="type" + gi="type"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="state" + key="state" + gi="state"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="nonNegativeInteger" + name="start" + key="start" + gi="start"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="nonNegativeInteger" + name="end" + key="end" + gi="end"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="transport" + key="transport" + gi="transport"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="param-id" + key="param-id" + gi="param-id"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="statement-id" + key="statement-id" + gi="statement-id"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="state" + key="state" + gi="state"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="provided-uuid" + key="provided-uuid" + gi="provided-uuid"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="provided-uuid" + key="provided-uuid" + gi="provided-uuid"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="responsibility-uuid" + key="responsibility-uuid" + gi="responsibility-uuid"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + priority="3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="token" + name="filename" + key="filename" + gi="filename"> + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1658,15 +1713,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1676,15 +1731,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1694,15 +1749,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1712,15 +1767,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1730,8 +1785,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1757,14 +1812,14 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -1772,15 +1827,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1790,15 +1845,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1808,15 +1863,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1826,15 +1881,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1844,15 +1899,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1862,15 +1917,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1880,13 +1935,13 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -1894,15 +1949,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1911,16 +1966,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1930,15 +2011,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1948,37 +2029,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1987,16 +2068,62 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2006,8 +2133,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2028,29 +2155,29 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -2060,15 +2187,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -2078,15 +2205,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -2096,15 +2223,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -2114,27 +2241,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -2142,29 +2269,30 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2173,16 +2301,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -2192,15 +2388,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -2210,13 +2406,13 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="external-id" + gi="external-id"> @@ -2224,15 +2420,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2242,27 +2438,27 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="telephone-number" + gi="telephone-number"> @@ -2270,8 +2466,8 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2289,29 +2485,29 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -2321,15 +2517,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -2339,15 +2535,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -2357,15 +2553,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -2375,29 +2571,65 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + + + + text + + + + + + + + + + + text + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2407,15 +2639,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="system-name" + key="system-name" + gi="system-name" + in-json="SCALAR"> system-name @@ -2425,15 +2657,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="system-name-short" + key="system-name-short" + gi="system-name-short" + in-json="SCALAR"> system-name-short @@ -2443,37 +2675,37 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2483,15 +2715,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="date" + name="date-authorized" + key="date-authorized" + gi="date-authorized" + in-json="SCALAR"> date-authorized @@ -2501,15 +2733,15 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="security-sensitivity-level" + key="security-sensitivity-level" + gi="security-sensitivity-level" + in-json="SCALAR"> security-sensitivity-level @@ -2519,15 +2751,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2537,8 +2769,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2571,15 +2803,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2589,30 +2821,30 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2626,29 +2858,29 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="information-type-id" + gi="information-type-id" + in-json="SCALAR"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2657,45 +2889,16 @@ - - - - - confidentiality-impact - - - - - - - - - - - - - - - - - - - - + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2705,15 +2908,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="base" + key="base" + gi="base" + in-json="SCALAR"> base @@ -2723,15 +2926,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="selected" + key="selected" + gi="selected" + in-json="SCALAR"> selected @@ -2741,66 +2944,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="adjustment-justification" + key="adjustment-justification" + gi="adjustment-justification" + in-json="SCALAR"> adjustment-justification + group-by="true()"> - - - - - integrity-impact - - - - - - - - - - - - - - - - - - - - + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2810,15 +2984,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="base" + key="base" + gi="base" + in-json="SCALAR"> base @@ -2828,15 +3002,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="selected" + key="selected" + gi="selected" + in-json="SCALAR"> selected @@ -2846,66 +3020,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="adjustment-justification" + key="adjustment-justification" + gi="adjustment-justification" + in-json="SCALAR"> adjustment-justification + group-by="true()"> - - - - - availability-impact - - - - - - - - - - - - - - - - - - - - + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2915,15 +3060,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="base" + key="base" + gi="base" + in-json="SCALAR"> base @@ -2933,15 +3078,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="selected" + key="selected" + gi="selected" + in-json="SCALAR"> selected @@ -2951,37 +3096,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="adjustment-justification" + key="adjustment-justification" + gi="adjustment-justification" + in-json="SCALAR"> adjustment-justification + group-by="true()"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="security-objective-confidentiality" + key="security-objective-confidentiality" + gi="security-objective-confidentiality" + in-json="SCALAR"> security-objective-confidentiality @@ -2991,15 +3136,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="security-objective-integrity" + key="security-objective-integrity" + gi="security-objective-integrity" + in-json="SCALAR"> security-objective-integrity @@ -3009,15 +3154,15 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="security-objective-availability" + key="security-objective-availability" + gi="security-objective-availability" + in-json="SCALAR"> security-objective-availability @@ -3027,8 +3172,8 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3039,37 +3184,37 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3079,37 +3224,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3119,15 +3264,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="caption" + key="caption" + gi="caption" + in-json="SCALAR"> caption @@ -3137,37 +3282,37 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3177,37 +3322,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3217,15 +3362,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="caption" + key="caption" + gi="caption" + in-json="SCALAR"> caption @@ -3235,37 +3380,37 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3275,37 +3420,37 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3315,15 +3460,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="caption" + key="caption" + gi="caption" + in-json="SCALAR"> caption @@ -3333,15 +3478,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3351,15 +3496,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3369,8 +3514,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3395,15 +3540,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3413,15 +3558,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3431,15 +3576,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="uuid" + name="party-uuid" + key="party-uuid" + gi="party-uuid" + in-json="SCALAR"> party-uuid @@ -3449,15 +3594,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="date" + name="date-authorized" + key="date-authorized" + gi="date-authorized" + in-json="SCALAR"> date-authorized @@ -3467,15 +3612,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3485,15 +3630,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -3503,37 +3648,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3543,15 +3688,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3561,37 +3706,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3601,37 +3746,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -3641,15 +3786,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3659,8 +3804,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3671,15 +3816,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3689,15 +3834,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3707,37 +3852,37 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3747,15 +3892,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3765,8 +3910,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3795,15 +3940,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3813,15 +3958,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3831,12 +3976,12 @@ + priority="3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + key="control-implementation" + gi="control-implementation"> control-implementation @@ -3858,44 +4003,44 @@ + priority="4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3946,15 +4091,15 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3964,29 +4109,29 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3996,8 +4141,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4034,15 +4179,15 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4052,15 +4197,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4070,37 +4215,37 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4110,22 +4255,22 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4164,37 +4309,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4204,8 +4349,8 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4235,37 +4380,37 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4275,15 +4420,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4293,8 +4438,8 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4325,37 +4470,37 @@ + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4365,15 +4510,15 @@ + priority="17" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4383,8 +4528,8 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4414,37 +4559,37 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4454,15 +4599,15 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4472,8 +4617,8 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4504,37 +4649,37 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4544,15 +4689,15 @@ + priority="16" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4562,15 +4707,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4580,37 +4725,37 @@ + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4620,22 +4765,22 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + priority="8" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4674,37 +4819,37 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4714,8 +4859,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4745,37 +4890,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4785,15 +4930,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4803,8 +4948,8 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4835,37 +4980,37 @@ + priority="11" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="13" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4875,15 +5020,15 @@ + priority="15" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4893,8 +5038,8 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -4924,37 +5069,37 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4964,15 +5109,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4982,8 +5127,8 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5014,37 +5159,37 @@ + priority="10" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5054,15 +5199,15 @@ + priority="14" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5072,15 +5217,15 @@ + priority="12" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5090,8 +5235,8 @@ + priority="5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5124,15 +5269,15 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5142,35 +5287,35 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description + group-by="true()"> + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="string" + name="document-id" + gi="document-id"> @@ -5178,8 +5323,8 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5203,15 +5348,15 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5221,15 +5366,15 @@ + priority="9" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5239,8 +5384,8 @@ + priority="7" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -5255,14 +5400,14 @@ + priority="6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -5274,10 +5419,10 @@ + mode="cast-prose" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5285,43 +5430,43 @@ + name="ns" + select="/*/@namespace"/> + match="group" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="group[@in-json='BY_KEY']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../@json-key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="group[@in-json='SINGLETON_OR_ARRAY'][count(*)=1]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="group/assembly | group/field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5339,10 +5484,10 @@ + priority="3" + match="group/field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5351,33 +5496,33 @@ + match="/assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="assembly" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="field[@in-json='SCALAR']" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="flag[@key=../value/@key-flag]" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"/> + match="flag" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> + priority="2" + match="field[exists(@json-key-flag)]/value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5412,12 +5557,12 @@ + match="value" + mode="write-json" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + namespace="http://www.w3.org/2005/xpath-functions"> @@ -5430,46 +5575,46 @@ + match="*" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-line']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + match="value[@as-type='markup-multiline']" + mode="cast-data" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + name="conditional-lf" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()[empty(ancestor::pre)]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="text()" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5478,18 +5623,18 @@ + mode="md" + match="p" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="h1 | h2 | h3 | h4 | h5 | h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5497,40 +5642,40 @@ # + mode="mark" + match="h1" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"># ## + mode="mark" + match="h2" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">## ### + mode="mark" + match="h3" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">### #### + mode="mark" + match="h4" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">#### ##### + mode="mark" + match="h5" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">##### ###### + mode="mark" + match="h6" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel">###### + mode="md" + match="table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="tr" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5544,19 +5689,19 @@ + mode="md" + match="th | td" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> | | + mode="md" + priority="1" + match="pre" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ``` @@ -5565,24 +5710,24 @@ ``` + mode="md" + priority="1" + match="ul | ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="ul//ul | ol//ol | ol//ul | ul//ol" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + mode="md" + match="li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5592,9 +5737,9 @@ + mode="md" + match="ol/li" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5604,49 +5749,49 @@ + mode="md" + match="code | span[contains(@class, 'code')]" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ` ` + mode="md" + match="em | i" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> * * + mode="md" + match="strong | b" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ** ** + mode="md" + match="q" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> " " + mode="md" + match="insert" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> {{ insert: }} + mode="md" + match="a" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> [ ] @@ -5655,9 +5800,9 @@ ) + mode="md" + match="img" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> ![ ] diff --git a/json/schema/oscal_assessment-plan_schema.json b/json/schema/oscal_assessment-plan_schema.json index 9c0d31abd9..22d1e150b8 100644 --- a/json/schema/oscal_assessment-plan_schema.json +++ b/json/schema/oscal_assessment-plan_schema.json @@ -1,2898 +1,3014 @@ - { "$schema" : "http://json-schema.org/draft-07/schema#", - "$id" : "http://csrc.nist.gov/ns/oscal/1.0.6/oscal-ap-schema.json", - "$comment" : "OSCAL Assessment Plan Model: JSON Schema", + { "$schema" : "http://json-schema.org/draft-07/schema#", + "$id" : "http://csrc.nist.gov/ns/oscal/1.0.6/oscal-ap-schema.json", + "$comment" : "OSCAL Assessment Plan Model: JSON Schema", + "type" : "object", + "definitions" : + { "json-schema-directive" : + { "title" : "Schema Directive", + "description" : "A JSON Schema directive to bind a specific schema to its document instance.", + "$id" : "#json-schema-directive", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "oscal-ap-oscal-ap:assessment-plan" : + { "title" : "Security Assessment Plan (SAP)", + "description" : "An assessment plan, such as those provided by a FedRAMP assessor.", + "$id" : "#assembly_oscal-ap_assessment-plan", "type" : "object", - "definitions" : - { "json-schema-directive" : - { "title" : "Schema Directive", - "description" : "A JSON Schema directive to bind a specific schema to its document instance.", - "$id" : "#json-schema-directive", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "oscal-ap-oscal-ap:assessment-plan" : - { "title" : "Security Assessment Plan (SAP)", - "description" : "An assessment plan, such as those provided by a FedRAMP assessor.", - "$id" : "#assembly_oscal-ap_assessment-plan", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Plan Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "metadata" : - { "$ref" : "#assembly_oscal-metadata_metadata" }, - "import-ssp" : - { "$ref" : "#assembly_oscal-assessment-common_import-ssp" }, - "local-definitions" : - { "title" : "Local Definitions", - "description" : "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", - "type" : "object", - "properties" : - { "components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, - "inventory-items" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, - "users" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-user" } }, - "objectives-and-methods" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_local-objective" } }, - "activities" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_activity" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false }, - "terms-and-conditions" : - { "title" : "Assessment Plan Terms and Conditions", - "description" : "Used to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition.", - "type" : "object", - "properties" : - { "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } } }, - "additionalProperties" : false }, - "reviewed-controls" : - { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, - "assessment-subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, - "assessment-assets" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-assets" }, - "tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_task" } }, - "back-matter" : - { "$ref" : "#assembly_oscal-metadata_back-matter" } }, - "required" : - [ "uuid", - "metadata", - "import-ssp", - "reviewed-controls" ], - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", - "$id" : "#assembly_oscal-metadata_metadata", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "revisions" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, - "locations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, - "parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "title", - "last-modified", - "version", - "oscal-version" ], - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:revision" : + "properties" : + { "uuid" : + { "title" : "Assessment Plan Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "import-ssp" : + { "$ref" : "#assembly_oscal-assessment-common_import-ssp" }, + "local-definitions" : + { "title" : "Local Definitions", + "description" : "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", + "type" : "object", + "properties" : + { "components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, + "inventory-items" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, + "users" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-user" } }, + "objectives-and-methods" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_local-objective" } }, + "activities" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_activity" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false }, + "terms-and-conditions" : + { "title" : "Assessment Plan Terms and Conditions", + "description" : "Used to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition.", + "type" : "object", + "properties" : + { "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } } }, + "additionalProperties" : false }, + "reviewed-controls" : + { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, + "assessment-subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, + "assessment-assets" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-assets" }, + "tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_task" } }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata", + "import-ssp", + "reviewed-controls" ], + "additionalProperties" : false }, + "oscal-ap-oscal-metadata:metadata" : + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", + "$id" : "#assembly_oscal-metadata_metadata", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "revisions" : + { "type" : "array", + "minItems" : 1, + "items" : { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:location" : - { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_location-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-ap-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://orcid.org/" ] } ] }, - "id" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_party-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-ap-oscal-metadata:role" : + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "roles" : + { "type" : "array", + "minItems" : 1, + "items" : { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:role-id" : - { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$id" : "#field_oscal-metadata_role-id", - "$ref" : "#/definitions/TokenDatatype" }, - "oscal-ap-oscal-metadata:back-matter" : - { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", - "$id" : "#assembly_oscal-metadata_back-matter", - "type" : "object", - "properties" : - { "resources" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", - "type" : "string" }, - "description" : - { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "citation" : - { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", - "type" : "object", - "properties" : - { "text" : - { "title" : "Citation Text", - "description" : "A line of citation text.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "text" ], - "additionalProperties" : false }, - "rlinks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "hashes" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_hash" } } }, - "required" : - [ "href" ], - "additionalProperties" : false } }, - "base64" : - { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", - "type" : "object", - "properties" : - { "filename" : - { "title" : "File Name", - "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "value" : - { "$ref" : "#/definitions/Base64Datatype" } }, - "required" : - [ "value" ], - "additionalProperties" : false }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:property" : - { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", - "$id" : "#assembly_oscal-metadata_property", - "type" : "object", - "properties" : - { "name" : - { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "marking" ] } ] }, - "uuid" : - { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "ns" : - { "title" : "Property Namespace", - "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "value" : - { "title" : "Property Value", - "description" : "Indicates the value of the attribute, characteristic, or quality.", - "$ref" : "#/definitions/StringDatatype" }, - "class" : - { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "name", - "value" ], - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:link" : - { "title" : "Link", - "description" : "A reference to a local or remote resource", - "$id" : "#assembly_oscal-metadata_link", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URL reference to a resource.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "reference" ] } ] }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "text" : - { "title" : "Link Text", - "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", - "type" : "string" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:responsible-party" : - { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-party", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$ref" : "#/definitions/TokenDatatype" }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id", - "party-uuids" ], - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:responsible-role" : - { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-role", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id" ], - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:hash" : - { "title" : "Hash", - "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", - "$id" : "#field_oscal-metadata_hash", - "type" : "object", - "properties" : - { "algorithm" : - { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "SHA-224", - "SHA-256", - "SHA-384", - "SHA-512", - "SHA3-224", - "SHA3-256", - "SHA3-384", - "SHA3-512" ] } ] }, - "value" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "value", - "algorithm" ], - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:remarks" : - { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", - "$id" : "#field_oscal-metadata_remarks", - "type" : "string" }, - "oscal-ap-oscal-metadata:published" : - { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_published", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-ap-oscal-metadata:last-modified" : - { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_last-modified", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-ap-oscal-metadata:version" : - { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", - "$id" : "#field_oscal-metadata_version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ap-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", - "$id" : "#field_oscal-metadata_oscal-version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ap-oscal-metadata:email-address" : - { "title" : "Email Address", - "description" : "An email address as defined by RFC 5322 Section 3.4.1.", - "$id" : "#field_oscal-metadata_email-address", - "$ref" : "#/definitions/EmailAddressDatatype" }, - "oscal-ap-oscal-metadata:telephone-number" : - { "title" : "Telephone Number", - "description" : "Contact number by telephone.", - "$id" : "#field_oscal-metadata_telephone-number", - "type" : "object", - "properties" : - { "type" : - { "title" : "type flag", - "description" : "Indicates the type of phone number.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "home", - "office", - "mobile" ] } ] }, - "number" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "number" ], - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:address" : - { "title" : "Address", - "description" : "A postal address for the location.", - "$id" : "#assembly_oscal-metadata_address", - "type" : "object", - "properties" : - { "type" : - { "title" : "Address Type", - "description" : "Indicates the type of address.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "home", - "work" ] } ] }, - "addr-lines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_addr-line" } }, - "city" : - { "title" : "City", - "description" : "City, town or geographical region for the mailing address.", - "$ref" : "#/definitions/StringDatatype" }, - "state" : - { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "postal-code" : - { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "country" : - { "title" : "Country Code", - "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "$ref" : "#/definitions/StringDatatype" } }, - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:addr-line" : - { "title" : "Address line", - "description" : "A single line of an address.", - "$id" : "#field_oscal-metadata_addr-line", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ap-oscal-metadata:document-id" : - { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", - "$id" : "#field_oscal-metadata_document-id", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "Document Identification Scheme", - "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://www.doi.org/" ] } ] }, - "identifier" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "identifier" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:import-ssp" : - { "title" : "Import System Security Plan", - "description" : "Used by the assessment plan and POA&M to import information about the system.", - "$id" : "#assembly_oscal-assessment-common_import-ssp", - "type" : "object", - "properties" : - { "href" : - { "title" : "System Security Plan Reference", - "description" : "A resolvable URL reference to the system security plan for the system being assessed.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:local-objective" : - { "title" : "Assessment-Specific Control Objective", - "description" : "A local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.", - "$id" : "#assembly_oscal-assessment-common_local-objective", - "type" : "object", - "properties" : - { "control-id" : - { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "$ref" : "#/definitions/TokenDatatype" }, - "description" : - { "title" : "Objective Description", - "description" : "A human-readable description of this control objective.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "control-id", - "parts" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:assessment-method" : - { "title" : "Assessment Method", - "description" : "A local definition of a control objective. Uses catalog syntax for control objective and assessment activities.", - "$id" : "#assembly_oscal-assessment-common_assessment-method", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Method Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Assessment Method Description", - "description" : "A human-readable description of this assessment method.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "part" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-part" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "part" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:activity" : - { "title" : "Activity", - "description" : "Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.", - "$id" : "#assembly_oscal-assessment-common_activity", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Activity Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Included Activity Title", - "description" : "The title for this included activity.", - "type" : "string" }, - "description" : - { "title" : "Included Activity Description", - "description" : "A human-readable description of this included activity.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "steps" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Step", - "description" : "Identifies an individual step in a series of steps related to an activity, such as an assessment test or examination procedure.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Step Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Step Title", - "description" : "The title for this step.", - "type" : "string" }, - "description" : - { "title" : "Step Description", - "description" : "A human-readable description of this step.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "reviewed-controls" : - { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "related-controls" : - { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:task" : - { "title" : "Task", - "description" : "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.", - "$id" : "#assembly_oscal-assessment-common_task", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Task Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Task Type", - "description" : "The type of task.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "milestone", - "action" ] } ] }, - "title" : - { "title" : "Task Title", - "description" : "The title for this task.", - "type" : "string" }, - "description" : - { "title" : "Task Description", - "description" : "A human-readable description of this task.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "timing" : - { "title" : "Event Timing", - "description" : "The timing under which the task is intended to occur.", - "type" : "object", - "properties" : - { "on-date" : - { "title" : "On Date Condition", - "description" : "The task is intended to occur on the specified date.", - "type" : "object", - "properties" : - { "date" : - { "title" : "On Date Condition", - "description" : "The task must occur on the specified date.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, - "required" : - [ "date" ], - "additionalProperties" : false }, - "within-date-range" : - { "title" : "On Date Range Condition", - "description" : "The task is intended to occur within the specified date range.", - "type" : "object", - "properties" : - { "start" : - { "title" : "Start Date Condition", - "description" : "The task must occur on or after the specified date.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "end" : - { "title" : "End Date Condition", - "description" : "The task must occur on or before the specified date.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, - "required" : - [ "start", - "end" ], - "additionalProperties" : false }, - "at-frequency" : - { "title" : "Frequency Condition", - "description" : "The task is intended to occur at the specified frequency.", - "type" : "object", - "properties" : - { "period" : - { "title" : "Period", - "description" : "The task must occur after the specified period has elapsed.", - "$ref" : "#/definitions/PositiveIntegerDatatype" }, - "unit" : - { "title" : "Time Unit", - "description" : "The unit of time for the period.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "seconds", - "minutes", - "hours", - "days", - "months", - "years" ] } ] } }, - "required" : - [ "period", - "unit" ], - "additionalProperties" : false } }, - "additionalProperties" : false }, - "dependencies" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Task Dependency", - "description" : "Used to indicate that a task is dependent on another task.", - "type" : "object", - "properties" : - { "task-uuid" : - { "title" : "Task Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique task.", - "$ref" : "#/definitions/UUIDDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "task-uuid" ], - "additionalProperties" : false } }, - "tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_task" } }, - "associated-activities" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Associated Activity", - "description" : "Identifies an individual activity to be performed as part of a task.", - "type" : "object", - "properties" : - { "activity-uuid" : - { "title" : "Activity Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to an activity defined in the list of activities.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "activity-uuid", - "subjects" ], - "additionalProperties" : false } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type", - "title" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:reviewed-controls" : - { "title" : "Reviewed Controls and Control Objectives", - "description" : "Identifies the controls being assessed and their control objectives.", - "$id" : "#assembly_oscal-assessment-common_reviewed-controls", - "type" : "object", - "properties" : - { "description" : - { "title" : "Control Objective Description", - "description" : "A human-readable description of control objectives.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "control-selections" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Assessed Controls", - "description" : "Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.", - "type" : "object", - "properties" : - { "description" : - { "title" : "Assessed Controls Description", - "description" : "A human-readable description of in-scope controls specified for assessment.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, - "exclude-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false } }, - "control-objective-selections" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Referenced Control Objectives", - "description" : "Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the assessed objectives, and reflects any changes from the plan.", - "type" : "object", - "properties" : - { "description" : - { "title" : "Control Objectives Description", - "description" : "A human-readable description of this collection of control objectives.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-objectives" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, - "exclude-objectives" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "control-selections" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:select-control-by-id" : - { "title" : "Select Control", - "description" : "Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.", - "$id" : "#assembly_oscal-assessment-common_select-control-by-id", - "type" : "object", - "properties" : - { "control-id" : - { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "$ref" : "#/definitions/TokenDatatype" }, - "statement-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Include Specific Statements", - "description" : "Used to constrain the selection to only specificity identified statements.", - "$ref" : "#/definitions/TokenDatatype" } } }, - "required" : - [ "control-id" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:select-objective-by-id" : - { "title" : "Select Objective", - "description" : "Used to select a control objective for inclusion/exclusion based on the control objective's identifier.", - "$id" : "#assembly_oscal-assessment-common_select-objective-by-id", - "type" : "object", - "properties" : - { "objective-id" : - { "title" : "Objective ID", - "description" : "Points to an assessment objective.", - "$ref" : "#/definitions/TokenDatatype" } }, - "required" : - [ "objective-id" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:assessment-subject-placeholder" : - { "title" : "Assessment Subject Placeholder", - "description" : "Used when the assessment subjects will be determined as part of one or more other assessment activities. These assessment subjects will be recorded in the assessment results in the assessment log.", - "$id" : "#assembly_oscal-assessment-common_assessment-subject-placeholder", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Subject Placeholder Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Assessment Subject Placeholder Description", - "description" : "A human-readable description of intent of this assessment subject placeholder.", - "type" : "string" }, - "sources" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Assessment Subject Source", - "description" : "Assessment subjects will be identified while conducting the referenced activity-instance.", - "type" : "object", - "properties" : - { "task-uuid" : - { "title" : "Task Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "task-uuid" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "sources" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:assessment-subject" : - { "title" : "Subject of Assessment", - "description" : "Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope.", - "$id" : "#assembly_oscal-assessment-common_assessment-subject", - "type" : "object", - "properties" : - { "type" : - { "title" : "Subject Type", - "description" : "Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "component", - "inventory-item", - "location", - "party", - "user" ] } ] }, - "description" : - { "title" : "Include Subjects Description", - "description" : "A human-readable description of the collection of subjects being included in this assessment.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, - "exclude-subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "type" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:select-subject-by-id" : - { "title" : "Select Assessment Subject", - "description" : "Identifies a set of assessment subjects to include/exclude by UUID.", - "$id" : "#assembly_oscal-assessment-common_select-subject-by-id", - "type" : "object", - "properties" : - { "subject-uuid" : - { "title" : "Subject Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Subject Universally Unique Identifier Reference Type", - "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "component", - "inventory-item", - "location", - "party", - "user", - "resource" ] } ] }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "subject-uuid", - "type" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:subject-reference" : - { "title" : "Identifies the Subject", - "description" : "A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.", - "$id" : "#assembly_oscal-assessment-common_subject-reference", - "type" : "object", - "properties" : - { "subject-uuid" : - { "title" : "Subject Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Subject Universally Unique Identifier Reference Type", - "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "component", - "inventory-item", - "location", - "party", - "user", - "resource" ] } ] }, - "title" : - { "title" : "Subject Reference Title", - "description" : "The title or name for the referenced subject.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "subject-uuid", - "type" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:assessment-assets" : - { "title" : "Assessment Assets", - "description" : "Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.", - "$id" : "#assembly_oscal-assessment-common_assessment-assets", - "type" : "object", - "properties" : - { "components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, - "assessment-platforms" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Assessment Platform", - "description" : "Used to represent the toolset used to perform aspects of the assessment.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Platform Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Assessment Platform Title", - "description" : "The title or name for the assessment platform.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "uses-components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Uses Component", - "description" : "The set of components that are used by the assessment platform.", - "type" : "object", - "properties" : - { "component-uuid" : - { "title" : "Component Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "component-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false } } }, - "required" : - [ "assessment-platforms" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:finding-target" : - { "title" : "Objective Status", - "description" : "Captures an assessor's conclusions regarding the degree to which an objective is satisfied.", - "$id" : "#assembly_oscal-assessment-common_finding-target", - "type" : "object", - "properties" : - { "type" : - { "title" : "Finding Target Type", - "description" : "Identifies the type of the target.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "statement-id", - "objective-id" ] } ] }, - "target-id" : - { "title" : "Finding Target Identifier Reference", - "description" : "A machine-oriented identifier reference for a specific target qualified by the type.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Objective Status Title", - "description" : "The title for this objective status.", - "type" : "string" }, - "description" : - { "title" : "Objective Status Description", - "description" : "A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "status" : - { "title" : "Objective Status", - "description" : "A determination of if the objective is satisfied or not within a given system.", - "type" : "object", - "properties" : - { "state" : - { "title" : "Objective Status State", - "description" : "An indication as to whether the objective is satisfied or not.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "satisfied", - "not-satisfied" ] } ] }, - "reason" : - { "title" : "Objective Status Reason", - "description" : "The reason the objective was given it's status.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "pass", - "fail", - "other" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "implementation-status" : - { "$ref" : "#assembly_oscal-implementation-common_implementation-status" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "type", - "target-id", - "status" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:observation" : - { "title" : "Observation", - "description" : "Describes an individual observation.", - "$id" : "#assembly_oscal-assessment-common_observation", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Observation Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Observation Title", - "description" : "The title for this observation.", - "type" : "string" }, - "description" : - { "title" : "Observation Description", - "description" : "A human-readable description of this assessment observation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "methods" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Observation Method", - "description" : "Identifies how the observation was made.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "EXAMINE", - "INTERVIEW", - "TEST", - "UNKNOWN" ] } ] } }, - "types" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Observation Type", - "description" : "Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "ssp-statement-issue", - "control-objective", - "mitigation", - "finding", - "historic" ] } ] } }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, - "relevant-evidence" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Relevant Evidence", - "description" : "Links this observation to relevant evidence.", - "type" : "object", - "properties" : - { "href" : - { "title" : "Relevant Evidence Reference", - "description" : "A resolvable URL reference to relevant evidence.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "description" : - { "title" : "Relevant Evidence Description", - "description" : "A human-readable description of this evidence.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "description" ], - "additionalProperties" : false } }, - "collected" : - { "title" : "Collected Field", - "description" : "Date/time stamp identifying when the finding information was collected.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "expires" : - { "title" : "Expires Field", - "description" : "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description", - "methods", - "collected" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:origin" : - { "title" : "Origin", - "description" : "Identifies the source of the finding, such as a tool, interviewed person, or activity.", - "$id" : "#assembly_oscal-assessment-common_origin", - "type" : "object", - "properties" : - { "actors" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin-actor" } }, - "related-tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_related-task" } } }, - "required" : - [ "actors" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:origin-actor" : - { "title" : "Originating Actor", - "description" : "The actor that produces an observation, a finding, or a risk. One or more actor type can be used to specify a person that is using a tool.", - "$id" : "#assembly_oscal-assessment-common_origin-actor", - "type" : "object", - "properties" : - { "type" : - { "title" : "Actor Type", - "description" : "The kind of actor.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "tool", - "assessment-platform", - "party" ] } ] }, - "actor-uuid" : - { "title" : "Actor Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to the tool or person based on the associated type.", - "$ref" : "#/definitions/UUIDDatatype" }, - "role-id" : - { "title" : "Actor Role", - "description" : "For a party, this can optionally be used to specify the role the actor was performing.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "type", - "actor-uuid" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:related-task" : - { "title" : "Task Reference", - "description" : "Identifies an individual task for which the containing object is a consequence of.", - "$id" : "#assembly_oscal-assessment-common_related-task", - "type" : "object", - "properties" : - { "task-uuid" : - { "title" : "Task Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique task.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, - "identified-subject" : - { "title" : "Identified Subject", - "description" : "Used to detail assessment subjects that were identfied by this task.", - "type" : "object", - "properties" : - { "subject-placeholder-uuid" : - { "title" : "Assessment Subject Placeholder Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task.", - "$ref" : "#/definitions/UUIDDatatype" }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } } }, - "required" : - [ "subject-placeholder-uuid", - "subjects" ], - "additionalProperties" : false }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "task-uuid" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:threat-id" : - { "title" : "Threat ID", - "description" : "A pointer, by ID, to an externally-defined threat.", - "$id" : "#field_oscal-assessment-common_threat-id", - "type" : "object", - "properties" : - { "system" : - { "title" : "Threat Type Identification System", - "description" : "Specifies the source of the threat information.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://fedramp.gov", - "http://fedramp.gov/ns/oscal" ] } ] }, - "href" : - { "title" : "Threat Information Resource Reference", - "description" : "An optional location for the threat data, from which this ID originates.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "id" : - { "$ref" : "#/definitions/URIDatatype" } }, - "required" : - [ "id", - "system" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:risk" : - { "title" : "Identified Risk", - "description" : "An identified risk.", - "$id" : "#assembly_oscal-assessment-common_risk", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Risk Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Risk Title", - "description" : "The title for this risk.", - "type" : "string" }, - "description" : - { "title" : "Risk Description", - "description" : "A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.", - "type" : "string" }, - "statement" : - { "title" : "Risk Statement", - "description" : "An summary of impact for how the risk affects the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "status" : - { "$ref" : "#field_oscal-assessment-common_risk-status" }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin" } }, - "threat-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-assessment-common_threat-id" } }, - "characterizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_characterization" } }, - "mitigating-factors" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Mitigating Factor", - "description" : "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Mitigating Factor Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "implementation-uuid" : - { "title" : "Implementation UUID", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Mitigating Factor Description", - "description" : "A human-readable description of this mitigating factor.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "deadline" : - { "title" : "Risk Resolution Deadline", - "description" : "The date/time by which the risk must be resolved.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "remediations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_response" } }, - "risk-log" : - { "title" : "Risk Log", - "description" : "A log of all risk-related tasks taken.", - "type" : "object", - "properties" : - { "entries" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Risk Log Entry", - "description" : "Identifies an individual risk response that occurred as part of managing an identified risk.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Risk Log Entry Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Title", - "description" : "The title for this risk log entry.", - "type" : "string" }, - "description" : - { "title" : "Risk Task Description", - "description" : "A human-readable description of what was done regarding the risk.", - "type" : "string" }, - "start" : - { "title" : "Start", - "description" : "Identifies the start date and time of the event.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "end" : - { "title" : "End", - "description" : "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "logged-by" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_logged-by" } }, - "status-change" : - { "$ref" : "#field_oscal-assessment-common_risk-status" }, - "related-responses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Risk Response Reference", - "description" : "Identifies an individual risk response that this log entry is for.", - "type" : "object", - "properties" : - { "response-uuid" : - { "title" : "Response Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique risk response.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "related-tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_related-task" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "response-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "start" ], - "additionalProperties" : false } } }, - "required" : - [ "entries" ], - "additionalProperties" : false }, - "related-observations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Related Observation", - "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", - "type" : "object", - "properties" : - { "observation-uuid" : - { "title" : "Observation Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "observation-uuid" ], - "additionalProperties" : false } } }, - "required" : - [ "uuid", - "title", - "description", - "statement", - "status" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:logged-by" : - { "title" : "Logged By", - "description" : "Used to indicate who created a log entry in what role.", - "$id" : "#assembly_oscal-assessment-common_logged-by", - "type" : "object", - "properties" : - { "party-uuid" : - { "title" : "Party UUID Reference", - "description" : "A machine-oriented identifier reference to the party who is making the log entry.", - "$ref" : "#/definitions/UUIDDatatype" }, - "role-id" : - { "title" : "Actor Role", - "description" : "A point to the role-id of the role in which the party is making the log entry.", - "$ref" : "#/definitions/TokenDatatype" } }, - "required" : - [ "party-uuid" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:risk-status" : - { "title" : "Risk Status", - "description" : "Describes the status of the associated risk.", - "$id" : "#field_oscal-assessment-common_risk-status", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "open", - "investigating", - "remediating", - "deviation-requested", - "deviation-approved", - "closed" ] } ] }, - "oscal-ap-oscal-assessment-common:characterization" : - { "title" : "Characterization", - "description" : "A collection of descriptive data about the containing object from a specific origin.", - "$id" : "#assembly_oscal-assessment-common_characterization", - "type" : "object", - "properties" : - { "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "origin" : - { "$ref" : "#assembly_oscal-assessment-common_origin" }, - "facets" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Facet", - "description" : "An individual characteristic that is part of a larger set produced by the same actor.", - "type" : "object", - "properties" : - { "name" : - { "title" : "Facet Name", - "description" : "The name of the risk metric within the specified system.", - "$ref" : "#/definitions/TokenDatatype" }, - "system" : - { "title" : "Naming System", - "description" : "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://fedramp.gov", - "http://fedramp.gov/ns/oscal", - "http://csrc.nist.gov/ns/oscal", - "http://csrc.nist.gov/ns/oscal/unknown", - "http://cve.mitre.org", - "http://www.first.org/cvss/v2.0", - "http://www.first.org/cvss/v3.0", - "http://www.first.org/cvss/v3.1" ] } ] }, - "value" : - { "title" : "Facet Value", - "description" : "Indicates the value of the facet.", - "$ref" : "#/definitions/StringDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "name", - "system", - "value" ], - "additionalProperties" : false } } }, - "required" : - [ "origin", - "facets" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:response" : - { "title" : "Risk Response", - "description" : "Describes either recommended or an actual plan for addressing the risk.", - "$id" : "#assembly_oscal-assessment-common_response", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Remediation Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "lifecycle" : - { "title" : "Remediation Intent", - "description" : "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "recommendation", - "planned", - "completed" ] } ] }, - "title" : - { "title" : "Response Title", - "description" : "The title for this response activity.", - "type" : "string" }, - "description" : - { "title" : "Response Description", - "description" : "A human-readable description of this response plan.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin" } }, - "required-assets" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Required Asset", - "description" : "Identifies an asset required to achieve remediation.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Required Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, - "title" : - { "title" : "Title for Required Asset", - "description" : "The title for this required asset.", - "type" : "string" }, - "description" : - { "title" : "Description of Required Asset", - "description" : "A human-readable description of this required asset.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_task" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "lifecycle", - "title", - "description" ], - "additionalProperties" : false }, - "oscal-ap-oscal-assessment-common:assessment-part" : - { "title" : "Assessment Part", - "description" : "A partition of an assessment plan or results or a child of another part.", - "$id" : "#assembly_oscal-assessment-common_assessment-part", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Part Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "name" : - { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "asset", - "method", - "objective" ] } ] }, - "ns" : - { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "class" : - { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "prose" : - { "title" : "Part Text", - "description" : "Permits multiple paragraphs, lists, tables etc.", - "type" : "string" }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-ap-oscal-catalog-common:part" : - { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", - "type" : "object", - "properties" : - { "id" : - { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "name" : - { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", - "$ref" : "#/definitions/TokenDatatype" }, - "ns" : - { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "class" : - { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "prose" : - { "title" : "Part Text", - "description" : "Permits multiple paragraphs, lists, tables etc.", - "type" : "string" }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-ap-oscal-catalog-common:parameter" : - { "title" : "Parameter", - "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", - "type" : "object", - "properties" : - { "id" : - { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", - "$ref" : "#/definitions/TokenDatatype" }, - "depends-on" : - { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "label" : - { "title" : "Parameter Label", - "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", - "type" : "string" }, - "usage" : - { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", - "type" : "string" }, - "constraints" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, - "guidelines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, - "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id" ], - "additionalProperties" : false }, - "oscal-ap-oscal-catalog-common:parameter-constraint" : - { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", - "type" : "object", - "properties" : - { "description" : - { "title" : "Constraint Description", - "description" : "A textual summary of the constraint to be applied.", - "type" : "string" }, - "tests" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Constraint Test", - "description" : "A test expression which is expected to be evaluated by a tool.", - "type" : "object", - "properties" : - { "expression" : - { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", - "$ref" : "#/definitions/StringDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "expression" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-ap-oscal-catalog-common:parameter-guideline" : - { "title" : "Guideline", - "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", - "type" : "object", - "properties" : - { "prose" : - { "title" : "Guideline Text", - "description" : "Prose permits multiple paragraphs, lists, tables etc.", - "type" : "string" } }, - "required" : - [ "prose" ], - "additionalProperties" : false }, - "oscal-ap-oscal-catalog-common:parameter-value" : - { "title" : "Parameter Value", - "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ap-oscal-catalog-common:parameter-selection" : - { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", - "type" : "object", - "properties" : - { "how-many" : - { "title" : "Parameter Cardinality", - "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "one", - "one-or-more" ] } ] }, - "choice" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Choice", - "description" : "A value selection among several such options.", - "type" : "string" } } }, - "additionalProperties" : false }, - "oscal-ap-oscal-catalog-common:include-all" : - { "title" : "Include All", - "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", - "type" : "object", - "additionalProperties" : false }, - "oscal-ap-oscal-implementation-common:system-component" : - { "title" : "Component", - "description" : "A defined component that can be part of an implemented system.", - "$id" : "#assembly_oscal-implementation-common_system-component", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Component Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Component Type", - "description" : "A category describing the purpose of the component.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "this-system", - "system", - "interconnection", - "software", - "hardware", - "service", - "policy", - "physical", - "process-procedure", - "plan", - "guidance", - "standard", - "validation", - "network" ] } ] }, - "title" : - { "title" : "Component Title", - "description" : "A human readable name for the system component.", - "type" : "string" }, - "description" : - { "title" : "Component Description", - "description" : "A description of the component, including information about its function.", - "type" : "string" }, - "purpose" : - { "title" : "Purpose", - "description" : "A summary of the technological or business purpose of the component.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "status" : - { "title" : "Status", - "description" : "Describes the operational status of the system component.", - "type" : "object", - "properties" : - { "state" : - { "title" : "State", - "description" : "The operational status.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "under-development", - "operational", - "disposition", - "other" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "responsible-roles" : + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, + "locations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location", + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, + "parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "actions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_action" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "title", + "last-modified", + "version", + "oscal-version" ], + "additionalProperties" : false }, + "oscal-ap-oscal-metadata:location-uuid" : + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", + "$id" : "#field_oscal-metadata_location-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-ap-oscal-metadata:party-uuid" : + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", + "$id" : "#field_oscal-metadata_party-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-ap-oscal-metadata:role-id" : + { "title" : "Role Identifier Reference", + "description" : "Reference to a role by UUID.", + "$id" : "#field_oscal-metadata_role-id", + "$ref" : "#/definitions/TokenDatatype" }, + "oscal-ap-oscal-metadata:back-matter" : + { "title" : "Back matter", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", + "$id" : "#assembly_oscal-metadata_back-matter", + "type" : "object", + "properties" : + { "resources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Resource Universally Unique Identifier", + "description" : "A unique identifier for a resource.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Resource Title", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", + "type" : "string" }, + "description" : + { "title" : "Resource Description", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "citation" : + { "title" : "Citation", + "description" : "An optional citation consisting of end note text using structured markup.", + "type" : "object", + "properties" : + { "text" : + { "title" : "Citation Text", + "description" : "A line of citation text.", + "type" : "string" }, + "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "protocols" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type", - "title", - "description", - "status" ], - "additionalProperties" : false }, - "oscal-ap-oscal-implementation-common:protocol" : - { "title" : "Service Protocol Information", - "description" : "Information about the protocol used to provide a service.", - "$id" : "#assembly_oscal-implementation-common_protocol", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "text" ], + "additionalProperties" : false }, + "rlinks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource link", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL pointing to the referenced resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "hashes" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_hash" } } }, + "required" : + [ "href" ], + "additionalProperties" : false } }, + "base64" : + { "title" : "Base64", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", + "type" : "object", + "properties" : + { "filename" : + { "title" : "File Name", + "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", + "$ref" : "#/definitions/TokenDatatype" }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "value" : + { "$ref" : "#/definitions/Base64Datatype" } }, + "required" : + [ "value" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-ap-oscal-metadata:property" : + { "title" : "Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", + "$id" : "#assembly_oscal-metadata_property", + "type" : "object", + "properties" : + { "name" : + { "title" : "Property Name", + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "$ref" : "#/definitions/TokenDatatype" }, + "uuid" : + { "title" : "Property Universally Unique Identifier", + "description" : "A unique identifier for a property.", + "$ref" : "#/definitions/UUIDDatatype" }, + "ns" : + { "title" : "Property Namespace", + "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "value" : + { "title" : "Property Value", + "description" : "Indicates the value of the attribute, characteristic, or quality.", + "$ref" : "#/definitions/StringDatatype" }, + "class" : + { "title" : "Property Class", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", + "$ref" : "#/definitions/TokenDatatype" }, + "group" : + { "title" : "Property Group", + "description" : "An identifier for relating distinct sets of properties.", + "$ref" : "#/definitions/TokenDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "name", + "value" ], + "additionalProperties" : false }, + "oscal-ap-oscal-metadata:link" : + { "title" : "Link", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", + "$id" : "#assembly_oscal-metadata_link", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL reference to a resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "rel" : + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "resource-fragment" : + { "title" : "Resource Fragment", + "description" : "In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded.", + "$ref" : "#/definitions/StringDatatype" }, + "text" : + { "title" : "Link Text", + "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", + "type" : "string" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-ap-oscal-metadata:responsible-party" : + { "title" : "Responsible Party", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", + "$id" : "#assembly_oscal-metadata_responsible-party", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role", + "description" : "A reference to a role performed by a party.", + "$ref" : "#/definitions/TokenDatatype" }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id", + "party-uuids" ], + "additionalProperties" : false }, + "oscal-ap-oscal-metadata:action" : + { "title" : "Action", + "description" : "An action applied by a role within a given party to the content.", + "$id" : "#assembly_oscal-metadata_action", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Action Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "date" : + { "title" : "Action Occurrence Date", + "description" : "The date and time when the action occurred.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "type" : + { "title" : "Action Type", + "description" : "The type of action documented by the assembly, such as an approval.", + "$ref" : "#/definitions/TokenDatatype" }, + "system" : + { "title" : "Action Type System", + "description" : "Specifies the action type system used.", + "$ref" : "#/definitions/URIDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "system" ], + "additionalProperties" : false }, + "oscal-ap-oscal-metadata:responsible-role" : + { "title" : "Responsible Role", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", + "$id" : "#assembly_oscal-metadata_responsible-role", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role ID", + "description" : "A human-oriented identifier reference to a role performed.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id" ], + "additionalProperties" : false }, + "oscal-ap-oscal-metadata:hash" : + { "title" : "Hash", + "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", + "$id" : "#field_oscal-metadata_hash", + "type" : "object", + "properties" : + { "algorithm" : + { "title" : "Hash algorithm", + "description" : "The digest method by which a hash is derived.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, + "value" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "value", + "algorithm" ], + "additionalProperties" : false }, + "oscal-ap-oscal-metadata:remarks" : + { "title" : "Remarks", + "description" : "Additional commentary about the containing object.", + "$id" : "#field_oscal-metadata_remarks", + "type" : "string" }, + "oscal-ap-oscal-metadata:published" : + { "title" : "Publication Timestamp", + "description" : "The date and time the document was last made available.", + "$id" : "#field_oscal-metadata_published", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-ap-oscal-metadata:last-modified" : + { "title" : "Last Modified Timestamp", + "description" : "The date and time the document was last stored for later retrieval.", + "$id" : "#field_oscal-metadata_last-modified", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-ap-oscal-metadata:version" : + { "title" : "Document Version", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", + "$id" : "#field_oscal-metadata_version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ap-oscal-metadata:oscal-version" : + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", + "$id" : "#field_oscal-metadata_oscal-version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ap-oscal-metadata:email-address" : + { "title" : "Email Address", + "description" : "An email address as defined by RFC 5322 Section 3.4.1.", + "$id" : "#field_oscal-metadata_email-address", + "$ref" : "#/definitions/EmailAddressDatatype" }, + "oscal-ap-oscal-metadata:telephone-number" : + { "title" : "Telephone Number", + "description" : "A telephone service number as defined by ITU-T E.164.", + "$id" : "#field_oscal-metadata_telephone-number", + "type" : "object", + "properties" : + { "type" : + { "title" : "type flag", + "description" : "Indicates the type of phone number.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, + "number" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "number" ], + "additionalProperties" : false }, + "oscal-ap-oscal-metadata:address" : + { "title" : "Address", + "description" : "A postal address for the location.", + "$id" : "#assembly_oscal-metadata_address", + "type" : "object", + "properties" : + { "type" : + { "title" : "Address Type", + "description" : "Indicates the type of address.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, + "addr-lines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_addr-line" } }, + "city" : + { "title" : "City", + "description" : "City, town or geographical region for the mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "state" : + { "title" : "State", + "description" : "State, province or analogous geographical region for a mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "postal-code" : + { "title" : "Postal Code", + "description" : "Postal or ZIP code for mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "country" : + { "title" : "Country Code", + "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", + "$ref" : "#/definitions/StringDatatype" } }, + "additionalProperties" : false }, + "oscal-ap-oscal-metadata:addr-line" : + { "title" : "Address line", + "description" : "A single line of an address.", + "$id" : "#field_oscal-metadata_addr-line", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ap-oscal-metadata:document-id" : + { "title" : "Document Identifier", + "description" : "A document identifier qualified by an identifier scheme.", + "$id" : "#field_oscal-metadata_document-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "Document Identification Scheme", + "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, + "identifier" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "identifier" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:import-ssp" : + { "title" : "Import System Security Plan", + "description" : "Used by the assessment plan and POA&M to import information about the system.", + "$id" : "#assembly_oscal-assessment-common_import-ssp", + "type" : "object", + "properties" : + { "href" : + { "title" : "System Security Plan Reference", + "description" : "A resolvable URL reference to the system security plan for the system being assessed.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:local-objective" : + { "title" : "Assessment-Specific Control Objective", + "description" : "A local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.", + "$id" : "#assembly_oscal-assessment-common_local-objective", + "type" : "object", + "properties" : + { "control-id" : + { "title" : "Control Identifier Reference", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "$ref" : "#/definitions/TokenDatatype" }, + "description" : + { "title" : "Objective Description", + "description" : "A human-readable description of this control objective.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "control-id", + "parts" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:assessment-method" : + { "title" : "Assessment Method", + "description" : "A local definition of a control objective. Uses catalog syntax for control objective and assessment activities.", + "$id" : "#assembly_oscal-assessment-common_assessment-method", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Method Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Assessment Method Description", + "description" : "A human-readable description of this assessment method.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "part" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-part" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "part" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:activity" : + { "title" : "Activity", + "description" : "Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.", + "$id" : "#assembly_oscal-assessment-common_activity", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Activity Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Included Activity Title", + "description" : "The title for this included activity.", + "type" : "string" }, + "description" : + { "title" : "Included Activity Description", + "description" : "A human-readable description of this included activity.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "steps" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Step", + "description" : "Identifies an individual step in a series of steps related to an activity, such as an assessment test or examination procedure.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Step Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Step Title", + "description" : "The title for this step.", + "type" : "string" }, + "description" : + { "title" : "Step Description", + "description" : "A human-readable description of this step.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "reviewed-controls" : + { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "related-controls" : + { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:task" : + { "title" : "Task", + "description" : "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.", + "$id" : "#assembly_oscal-assessment-common_task", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Task Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Task Type", + "description" : "The type of task.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "milestone", + "action" ] } ] }, + "title" : + { "title" : "Task Title", + "description" : "The title for this task.", + "type" : "string" }, + "description" : + { "title" : "Task Description", + "description" : "A human-readable description of this task.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "timing" : + { "title" : "Event Timing", + "description" : "The timing under which the task is intended to occur.", + "type" : "object", + "properties" : + { "on-date" : + { "title" : "On Date Condition", + "description" : "The task is intended to occur on the specified date.", "type" : "object", "properties" : - { "uuid" : - { "title" : "Service Protocol Information Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "name" : - { "title" : "Protocol Name", - "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "title" : - { "title" : "Protocol Title", - "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", - "type" : "string" }, - "port-ranges" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_port-range" } } }, + { "date" : + { "title" : "On Date Condition", + "description" : "The task must occur on the specified date.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : - [ "name" ], + [ "date" ], "additionalProperties" : false }, - "oscal-ap-oscal-implementation-common:port-range" : - { "title" : "Port Range", - "description" : "Where applicable this is the IPv4 port range on which the service operates.", - "$id" : "#assembly_oscal-implementation-common_port-range", + "within-date-range" : + { "title" : "On Date Range Condition", + "description" : "The task is intended to occur within the specified date range.", "type" : "object", "properties" : { "start" : - { "title" : "Start", - "description" : "Indicates the starting port number in a port range", - "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, - "end" : - { "title" : "End", - "description" : "Indicates the ending port number in a port range", - "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, - "transport" : - { "title" : "Transport", - "description" : "Indicates the transport type.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "TCP", - "UDP" ] } ] } }, - "additionalProperties" : false }, - "oscal-ap-oscal-implementation-common:implementation-status" : - { "title" : "Implementation Status", - "description" : "Indicates the degree to which the a given control is implemented.", - "$id" : "#assembly_oscal-implementation-common_implementation-status", - "type" : "object", - "properties" : - { "state" : - { "title" : "Implementation State", - "description" : "Identifies the implementation status of the control or control objective.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "implemented", - "partial", - "planned", - "alternative", - "not-applicable" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, + { "title" : "Start Date Condition", + "description" : "The task must occur on or after the specified date.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "end" : + { "title" : "End Date Condition", + "description" : "The task must occur on or before the specified date.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : - [ "state" ], + [ "start", + "end" ], "additionalProperties" : false }, - "oscal-ap-oscal-implementation-common:system-user" : - { "title" : "System User", - "description" : "A type of user that interacts with the system based on an associated role.", - "$id" : "#assembly_oscal-implementation-common_system-user", + "at-frequency" : + { "title" : "Frequency Condition", + "description" : "The task is intended to occur at the specified frequency.", "type" : "object", "properties" : - { "uuid" : - { "title" : "User Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + { "period" : + { "title" : "Period", + "description" : "The task must occur after the specified period has elapsed.", + "$ref" : "#/definitions/PositiveIntegerDatatype" }, + "unit" : + { "title" : "Time Unit", + "description" : "The unit of time for the period.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "seconds", + "minutes", + "hours", + "days", + "months", + "years" ] } ] } }, + "required" : + [ "period", + "unit" ], + "additionalProperties" : false } }, + "additionalProperties" : false }, + "dependencies" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Task Dependency", + "description" : "Used to indicate that a task is dependent on another task.", + "type" : "object", + "properties" : + { "task-uuid" : + { "title" : "Task Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique task.", + "$ref" : "#/definitions/UUIDDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "task-uuid" ], + "additionalProperties" : false } }, + "tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_task" } }, + "associated-activities" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Associated Activity", + "description" : "Identifies an individual activity to be performed as part of a task.", + "type" : "object", + "properties" : + { "activity-uuid" : + { "title" : "Activity Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to an activity defined in the list of activities.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "activity-uuid", + "subjects" ], + "additionalProperties" : false } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "title" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:reviewed-controls" : + { "title" : "Reviewed Controls and Control Objectives", + "description" : "Identifies the controls being assessed and their control objectives.", + "$id" : "#assembly_oscal-assessment-common_reviewed-controls", + "type" : "object", + "properties" : + { "description" : + { "title" : "Control Objective Description", + "description" : "A human-readable description of control objectives.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "control-selections" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Assessed Controls", + "description" : "Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.", + "type" : "object", + "properties" : + { "description" : + { "title" : "Assessed Controls Description", + "description" : "A human-readable description of in-scope controls specified for assessment.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, + "exclude-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false } }, + "control-objective-selections" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Referenced Control Objectives", + "description" : "Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the assessed objectives, and reflects any changes from the plan.", + "type" : "object", + "properties" : + { "description" : + { "title" : "Control Objectives Description", + "description" : "A human-readable description of this collection of control objectives.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-objectives" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, + "exclude-objectives" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "control-selections" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:select-control-by-id" : + { "title" : "Select Control", + "description" : "Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.", + "$id" : "#assembly_oscal-assessment-common_select-control-by-id", + "type" : "object", + "properties" : + { "control-id" : + { "title" : "Control Identifier Reference", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "$ref" : "#/definitions/TokenDatatype" }, + "statement-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Include Specific Statements", + "description" : "Used to constrain the selection to only specificity identified statements.", + "$ref" : "#/definitions/TokenDatatype" } } }, + "required" : + [ "control-id" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:select-objective-by-id" : + { "title" : "Select Objective", + "description" : "Used to select a control objective for inclusion/exclusion based on the control objective's identifier.", + "$id" : "#assembly_oscal-assessment-common_select-objective-by-id", + "type" : "object", + "properties" : + { "objective-id" : + { "title" : "Objective ID", + "description" : "Points to an assessment objective.", + "$ref" : "#/definitions/TokenDatatype" } }, + "required" : + [ "objective-id" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:assessment-subject-placeholder" : + { "title" : "Assessment Subject Placeholder", + "description" : "Used when the assessment subjects will be determined as part of one or more other assessment activities. These assessment subjects will be recorded in the assessment results in the assessment log.", + "$id" : "#assembly_oscal-assessment-common_assessment-subject-placeholder", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Subject Placeholder Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Assessment Subject Placeholder Description", + "description" : "A human-readable description of intent of this assessment subject placeholder.", + "type" : "string" }, + "sources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Assessment Subject Source", + "description" : "Assessment subjects will be identified while conducting the referenced activity-instance.", + "type" : "object", + "properties" : + { "task-uuid" : + { "title" : "Task Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "task-uuid" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "sources" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:assessment-subject" : + { "title" : "Subject of Assessment", + "description" : "Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope.", + "$id" : "#assembly_oscal-assessment-common_assessment-subject", + "type" : "object", + "properties" : + { "type" : + { "title" : "Subject Type", + "description" : "Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user" ] } ] }, + "description" : + { "title" : "Include Subjects Description", + "description" : "A human-readable description of the collection of subjects being included in this assessment.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, + "exclude-subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "type" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:select-subject-by-id" : + { "title" : "Select Assessment Subject", + "description" : "Identifies a set of assessment subjects to include/exclude by UUID.", + "$id" : "#assembly_oscal-assessment-common_select-subject-by-id", + "type" : "object", + "properties" : + { "subject-uuid" : + { "title" : "Subject Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Subject Universally Unique Identifier Reference Type", + "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "subject-uuid", + "type" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:subject-reference" : + { "title" : "Identifies the Subject", + "description" : "A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.", + "$id" : "#assembly_oscal-assessment-common_subject-reference", + "type" : "object", + "properties" : + { "subject-uuid" : + { "title" : "Subject Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Subject Universally Unique Identifier Reference Type", + "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, + "title" : + { "title" : "Subject Reference Title", + "description" : "The title or name for the referenced subject.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "subject-uuid", + "type" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:assessment-assets" : + { "title" : "Assessment Assets", + "description" : "Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.", + "$id" : "#assembly_oscal-assessment-common_assessment-assets", + "type" : "object", + "properties" : + { "components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, + "assessment-platforms" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Assessment Platform", + "description" : "Used to represent the toolset used to perform aspects of the assessment.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Platform Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Assessment Platform Title", + "description" : "The title or name for the assessment platform.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "uses-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Uses Component", + "description" : "The set of components that are used by the assessment platform.", + "type" : "object", + "properties" : + { "component-uuid" : + { "title" : "Component Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "User Title", - "description" : "A name given to the user, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "User Short Name", - "description" : "A short common name, abbreviation, or acronym for the user.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "User Description", - "description" : "A summary of the user's purpose within the system.", - "type" : "string" }, - "props" : - { "type" : "array", + "props" : + { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", + "links" : + { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, - "role-ids" : - { "type" : "array", + "responsible-parties" : + { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#field_oscal-metadata_role-id" } }, - "authorized-privileges" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_authorized-privilege" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false }, - "oscal-ap-oscal-implementation-common:authorized-privilege" : - { "title" : "Privilege", - "description" : "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", - "$id" : "#assembly_oscal-implementation-common_authorized-privilege", - "type" : "object", - "properties" : - { "title" : - { "title" : "Privilege Title", - "description" : "A human readable name for the privilege.", - "type" : "string" }, - "description" : - { "title" : "Privilege Description", - "description" : "A summary of the privilege's purpose within the system.", - "type" : "string" }, - "functions-performed" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-implementation-common_function-performed" } } }, - "required" : - [ "title", - "functions-performed" ], - "additionalProperties" : false }, - "oscal-ap-oscal-implementation-common:function-performed" : - { "title" : "Functions Performed", - "description" : "Describes a function performed for a given authorized privilege by this user class.", - "$id" : "#field_oscal-implementation-common_function-performed", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ap-oscal-implementation-common:inventory-item" : - { "title" : "Inventory Item", - "description" : "A single managed inventory item within the system.", - "$id" : "#assembly_oscal-implementation-common_inventory-item", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Inventory Item Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "component-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "required" : + [ "assessment-platforms" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:finding-target" : + { "title" : "Objective Status", + "description" : "Captures an assessor's conclusions regarding the degree to which an objective is satisfied.", + "$id" : "#assembly_oscal-assessment-common_finding-target", + "type" : "object", + "properties" : + { "type" : + { "title" : "Finding Target Type", + "description" : "Identifies the type of the target.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "statement-id", + "objective-id" ] } ] }, + "target-id" : + { "title" : "Finding Target Identifier Reference", + "description" : "A machine-oriented identifier reference for a specific target qualified by the type.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Objective Status Title", + "description" : "The title for this objective status.", + "type" : "string" }, + "description" : + { "title" : "Objective Status Description", + "description" : "A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "status" : + { "title" : "Objective Status", + "description" : "A determination of if the objective is satisfied or not within a given system.", + "type" : "object", + "properties" : + { "state" : + { "title" : "Objective Status State", + "description" : "An indication as to whether the objective is satisfied or not.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "satisfied", + "not-satisfied" ] } ] }, + "reason" : + { "title" : "Objective Status Reason", + "description" : "The reason the objective was given it's status.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "pass", + "fail", + "other" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "implementation-status" : + { "$ref" : "#assembly_oscal-implementation-common_implementation-status" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "type", + "target-id", + "status" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:finding" : + { "title" : "Finding", + "description" : "Describes an individual finding.", + "$id" : "#assembly_oscal-assessment-common_finding", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Finding Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Finding Title", + "description" : "The title for this finding.", + "type" : "string" }, + "description" : + { "title" : "Finding Description", + "description" : "A human-readable description of this finding.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "target" : + { "$ref" : "#assembly_oscal-assessment-common_finding-target" }, + "implementation-statement-uuid" : + { "title" : "Implementation Statement UUID", + "description" : "A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related.", + "$ref" : "#/definitions/UUIDDatatype" }, + "related-observations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Related Observation", + "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", + "type" : "object", + "properties" : + { "observation-uuid" : + { "title" : "Observation Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "observation-uuid" ], + "additionalProperties" : false } }, + "related-risks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Associated Risk", + "description" : "Relates the finding to a set of referenced risks that were used to determine the finding.", + "type" : "object", + "properties" : + { "risk-uuid" : + { "title" : "Risk Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a risk defined in the list of risks.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "risk-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "title", + "description", + "target" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:observation" : + { "title" : "Observation", + "description" : "Describes an individual observation.", + "$id" : "#assembly_oscal-assessment-common_observation", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Observation Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Observation Title", + "description" : "The title for this observation.", + "type" : "string" }, + "description" : + { "title" : "Observation Description", + "description" : "A human-readable description of this assessment observation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "methods" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Observation Method", + "description" : "Identifies how the observation was made.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "EXAMINE", + "INTERVIEW", + "TEST", + "UNKNOWN" ] } ] } }, + "types" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Observation Type", + "description" : "Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "ssp-statement-issue", + "control-objective", + "mitigation", + "finding", + "historic" ] } ] } }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, + "relevant-evidence" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Relevant Evidence", + "description" : "Links this observation to relevant evidence.", + "type" : "object", + "properties" : + { "href" : + { "title" : "Relevant Evidence Reference", + "description" : "A resolvable URL reference to relevant evidence.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "description" : + { "title" : "Relevant Evidence Description", + "description" : "A human-readable description of this evidence.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "description" ], + "additionalProperties" : false } }, + "collected" : + { "title" : "Collected Field", + "description" : "Date/time stamp identifying when the finding information was collected.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "expires" : + { "title" : "Expires Field", + "description" : "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description", + "methods", + "collected" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:origin" : + { "title" : "Origin", + "description" : "Identifies the source of the finding, such as a tool, interviewed person, or activity.", + "$id" : "#assembly_oscal-assessment-common_origin", + "type" : "object", + "properties" : + { "actors" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin-actor" } }, + "related-tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_related-task" } } }, + "required" : + [ "actors" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:origin-actor" : + { "title" : "Originating Actor", + "description" : "The actor that produces an observation, a finding, or a risk. One or more actor type can be used to specify a person that is using a tool.", + "$id" : "#assembly_oscal-assessment-common_origin-actor", + "type" : "object", + "properties" : + { "type" : + { "title" : "Actor Type", + "description" : "The kind of actor.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "tool", + "assessment-platform", + "party" ] } ] }, + "actor-uuid" : + { "title" : "Actor Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to the tool or person based on the associated type.", + "$ref" : "#/definitions/UUIDDatatype" }, + "role-id" : + { "title" : "Actor Role", + "description" : "For a party, this can optionally be used to specify the role the actor was performing.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "type", + "actor-uuid" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:related-task" : + { "title" : "Task Reference", + "description" : "Identifies an individual task for which the containing object is a consequence of.", + "$id" : "#assembly_oscal-assessment-common_related-task", + "type" : "object", + "properties" : + { "task-uuid" : + { "title" : "Task Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique task.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, + "identified-subject" : + { "title" : "Identified Subject", + "description" : "Used to detail assessment subjects that were identfied by this task.", + "type" : "object", + "properties" : + { "subject-placeholder-uuid" : + { "title" : "Assessment Subject Placeholder Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task.", + "$ref" : "#/definitions/UUIDDatatype" }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } } }, + "required" : + [ "subject-placeholder-uuid", + "subjects" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "task-uuid" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:threat-id" : + { "title" : "Threat ID", + "description" : "A pointer, by ID, to an externally-defined threat.", + "$id" : "#field_oscal-assessment-common_threat-id", + "type" : "object", + "properties" : + { "system" : + { "title" : "Threat Type Identification System", + "description" : "Specifies the source of the threat information.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal" ] } ] }, + "href" : + { "title" : "Threat Information Resource Reference", + "description" : "An optional location for the threat data, from which this ID originates.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "id" : + { "$ref" : "#/definitions/URIDatatype" } }, + "required" : + [ "id", + "system" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:risk" : + { "title" : "Identified Risk", + "description" : "An identified risk.", + "$id" : "#assembly_oscal-assessment-common_risk", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Risk Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Risk Title", + "description" : "The title for this risk.", + "type" : "string" }, + "description" : + { "title" : "Risk Description", + "description" : "A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.", + "type" : "string" }, + "statement" : + { "title" : "Risk Statement", + "description" : "An summary of impact for how the risk affects the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "status" : + { "$ref" : "#field_oscal-assessment-common_risk-status" }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "threat-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-assessment-common_threat-id" } }, + "characterizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_characterization" } }, + "mitigating-factors" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Mitigating Factor", + "description" : "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Mitigating Factor Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "implementation-uuid" : + { "title" : "Implementation UUID", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Mitigating Factor Description", + "description" : "A human-readable description of this mitigating factor.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "deadline" : + { "title" : "Risk Resolution Deadline", + "description" : "The date/time by which the risk must be resolved.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "remediations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_response" } }, + "risk-log" : + { "title" : "Risk Log", + "description" : "A log of all risk-related tasks taken.", + "type" : "object", + "properties" : + { "entries" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Risk Log Entry", + "description" : "Identifies an individual risk response that occurred as part of managing an identified risk.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Risk Log Entry Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Title", + "description" : "The title for this risk log entry.", + "type" : "string" }, "description" : - { "title" : "Inventory Item Description", - "description" : "A summary of the inventory item stating its purpose within the system.", - "type" : "string" }, + { "title" : "Risk Task Description", + "description" : "A human-readable description of what was done regarding the risk.", + "type" : "string" }, + "start" : + { "title" : "Start", + "description" : "Identifies the start date and time of the event.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "end" : + { "title" : "End", + "description" : "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "implemented-components" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "logged-by" : { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Implemented Component", - "description" : "The set of components that are implemented in a given system inventory item.", - "type" : "object", - "properties" : - { "component-uuid" : - { "title" : "Component Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "component-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false }, - "oscal-ap-oscal-implementation-common:set-parameter" : - { "title" : "Set Parameter Value", - "description" : "Identifies the parameter that will be set by the enclosed value.", - "$id" : "#assembly_oscal-implementation-common_set-parameter", - "type" : "object", - "properties" : - { "param-id" : - { "title" : "Parameter ID", - "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", - "$ref" : "#/definitions/TokenDatatype" }, - "values" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_logged-by" } }, + "status-change" : + { "$ref" : "#field_oscal-assessment-common_risk-status" }, + "related-responses" : { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Parameter Value", - "description" : "A parameter value or set of values.", - "$ref" : "#/definitions/StringDatatype" } }, + "minItems" : 1, + "items" : + { "title" : "Risk Response Reference", + "description" : "Identifies an individual risk response that this log entry is for.", + "type" : "object", + "properties" : + { "response-uuid" : + { "title" : "Response Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique risk response.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "related-tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_related-task" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "response-uuid" ], + "additionalProperties" : false } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "param-id", - "values" ], - "additionalProperties" : false }, - "oscal-ap-oscal-implementation-common:system-id" : - { "title" : "System Identification", - "description" : "A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.", - "$id" : "#field_oscal-implementation-common_system-id", - "type" : "object", - "properties" : - { "identifier-type" : - { "title" : "Identification System Type", - "description" : "Identifies the identification system from which the provided identifier was assigned.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "https://fedramp.gov", - "http://fedramp.gov/ns/oscal", - "https://ietf.org/rfc/rfc4122", - "http://ietf.org/rfc/rfc4122" ] } ] }, - "id" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "id" ], - "additionalProperties" : false }, - "Base64Datatype" : - { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", - "type" : "string", - "pattern" : "^[0-9A-Za-z+/]+={0,2}$", - "contentEncoding" : "base64" }, - "DateTimeWithTimezoneDatatype" : - { "description" : "A string representing a point in time with a required timezone.", - "type" : "string", - "format" : "date-time", - "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, - "EmailAddressDatatype" : - { "description" : "An email address string formatted according to RFC 6531.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" } ] }, - "IntegerDatatype" : - { "description" : "A whole number value.", - "type" : "integer" }, - "NonNegativeIntegerDatatype" : - { "description" : "An integer value that is equal to or greater than 0.", - "allOf" : - [ - { "$ref" : "#/definitions/IntegerDatatype" }, + "required" : + [ "uuid", + "start" ], + "additionalProperties" : false } } }, + "required" : + [ "entries" ], + "additionalProperties" : false }, + "related-observations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Related Observation", + "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", + "type" : "object", + "properties" : + { "observation-uuid" : + { "title" : "Observation Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "observation-uuid" ], + "additionalProperties" : false } } }, + "required" : + [ "uuid", + "title", + "description", + "statement", + "status" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:logged-by" : + { "title" : "Logged By", + "description" : "Used to indicate who created a log entry in what role.", + "$id" : "#assembly_oscal-assessment-common_logged-by", + "type" : "object", + "properties" : + { "party-uuid" : + { "title" : "Party UUID Reference", + "description" : "A machine-oriented identifier reference to the party who is making the log entry.", + "$ref" : "#/definitions/UUIDDatatype" }, + "role-id" : + { "title" : "Actor Role", + "description" : "A point to the role-id of the role in which the party is making the log entry.", + "$ref" : "#/definitions/TokenDatatype" } }, + "required" : + [ "party-uuid" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:risk-status" : + { "title" : "Risk Status", + "description" : "Describes the status of the associated risk.", + "$id" : "#field_oscal-assessment-common_risk-status", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "open", + "investigating", + "remediating", + "deviation-requested", + "deviation-approved", + "closed" ] } ] }, + "oscal-ap-oscal-assessment-common:characterization" : + { "title" : "Characterization", + "description" : "A collection of descriptive data about the containing object from a specific origin.", + "$id" : "#assembly_oscal-assessment-common_characterization", + "type" : "object", + "properties" : + { "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "origin" : + { "$ref" : "#assembly_oscal-assessment-common_origin" }, + "facets" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Facet", + "description" : "An individual characteristic that is part of a larger set produced by the same actor.", + "type" : "object", + "properties" : + { "name" : + { "title" : "Facet Name", + "description" : "The name of the risk metric within the specified system.", + "$ref" : "#/definitions/TokenDatatype" }, + "system" : + { "title" : "Naming System", + "description" : "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, - { "type" : "number", - "minimum" : 0 } ] }, - "PositiveIntegerDatatype" : - { "description" : "An integer value that is greater than 0.", + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal/unknown", + "http://cve.mitre.org", + "http://www.first.org/cvss/v2.0", + "http://www.first.org/cvss/v3.0", + "http://www.first.org/cvss/v3.1" ] } ] }, + "value" : + { "title" : "Facet Value", + "description" : "Indicates the value of the facet.", + "$ref" : "#/definitions/StringDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "name", + "system", + "value" ], + "additionalProperties" : false } } }, + "required" : + [ "origin", + "facets" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:response" : + { "title" : "Risk Response", + "description" : "Describes either recommended or an actual plan for addressing the risk.", + "$id" : "#assembly_oscal-assessment-common_response", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Remediation Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "lifecycle" : + { "title" : "Remediation Intent", + "description" : "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "recommendation", + "planned", + "completed" ] } ] }, + "title" : + { "title" : "Response Title", + "description" : "The title for this response activity.", + "type" : "string" }, + "description" : + { "title" : "Response Description", + "description" : "A human-readable description of this response plan.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "required-assets" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Required Asset", + "description" : "Identifies an asset required to achieve remediation.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Required Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, + "title" : + { "title" : "Title for Required Asset", + "description" : "The title for this required asset.", + "type" : "string" }, + "description" : + { "title" : "Description of Required Asset", + "description" : "A human-readable description of this required asset.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_task" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "lifecycle", + "title", + "description" ], + "additionalProperties" : false }, + "oscal-ap-oscal-assessment-common:assessment-part" : + { "title" : "Assessment Part", + "description" : "A partition of an assessment plan or results or a child of another part.", + "$id" : "#assembly_oscal-assessment-common_assessment-part", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Part Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "asset", + "method", + "objective" ] } ] }, + "ns" : + { "title" : "Part Namespace", + "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "class" : + { "title" : "Part Class", + "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Part Title", + "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-ap-oscal-control-common:part" : + { "title" : "Part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", + "type" : "object", + "properties" : + { "id" : + { "title" : "Part Identifier", + "description" : "A unique identifier for the part.", + "$ref" : "#/definitions/TokenDatatype" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", + "$ref" : "#/definitions/TokenDatatype" }, + "ns" : + { "title" : "Part Namespace", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "class" : + { "title" : "Part Class", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Part Title", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-ap-oscal-control-common:parameter" : + { "title" : "Parameter", + "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", + "$id" : "#assembly_oscal-control-common_parameter", + "type" : "object", + "properties" : + { "id" : + { "title" : "Parameter Identifier", + "description" : "A unique identifier for the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Parameter Class", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "depends-on" : + { "title" : "Depends on", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "label" : + { "title" : "Parameter Label", + "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", + "type" : "string" }, + "usage" : + { "title" : "Parameter Usage Description", + "description" : "Describes the purpose and use of a parameter.", + "type" : "string" }, + "constraints" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, + "guidelines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-control-common_parameter-value" } }, + "select" : + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id" ], + "additionalProperties" : false }, + "oscal-ap-oscal-control-common:parameter-constraint" : + { "title" : "Constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", + "type" : "object", + "properties" : + { "description" : + { "title" : "Constraint Description", + "description" : "A textual summary of the constraint to be applied.", + "type" : "string" }, + "tests" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Constraint Test", + "description" : "A test expression which is expected to be evaluated by a tool.", + "type" : "object", + "properties" : + { "expression" : + { "title" : "Constraint test", + "description" : "A formal (executable) expression of a constraint.", + "$ref" : "#/definitions/StringDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "expression" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-ap-oscal-control-common:parameter-guideline" : + { "title" : "Guideline", + "description" : "A prose statement that provides a recommendation for the use of a parameter.", + "$id" : "#assembly_oscal-control-common_parameter-guideline", + "type" : "object", + "properties" : + { "prose" : + { "title" : "Guideline Text", + "description" : "Prose permits multiple paragraphs, lists, tables etc.", + "type" : "string" } }, + "required" : + [ "prose" ], + "additionalProperties" : false }, + "oscal-ap-oscal-control-common:parameter-value" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$id" : "#field_oscal-control-common_parameter-value", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ap-oscal-control-common:parameter-selection" : + { "title" : "Selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", + "type" : "object", + "properties" : + { "how-many" : + { "title" : "Parameter Cardinality", + "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, + "choice" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Choice", + "description" : "A value selection among several such options.", + "type" : "string" } } }, + "additionalProperties" : false }, + "oscal-ap-oscal-control-common:include-all" : + { "title" : "Include All", + "description" : "Include all controls from the imported catalog or profile resources.", + "$id" : "#assembly_oscal-control-common_include-all", + "type" : "object", + "additionalProperties" : false }, + "oscal-ap-oscal-implementation-common:system-component" : + { "title" : "Component", + "description" : "A defined component that can be part of an implemented system.", + "$id" : "#assembly_oscal-implementation-common_system-component", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Component Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Component Type", + "description" : "A category describing the purpose of the component.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "this-system", + "system", + "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation", + "network" ] } ] }, + "title" : + { "title" : "Component Title", + "description" : "A human readable name for the system component.", + "type" : "string" }, + "description" : + { "title" : "Component Description", + "description" : "A description of the component, including information about its function.", + "type" : "string" }, + "purpose" : + { "title" : "Purpose", + "description" : "A summary of the technological or business purpose of the component.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "status" : + { "title" : "Status", + "description" : "Describes the operational status of the system component.", + "type" : "object", + "properties" : + { "state" : + { "title" : "State", + "description" : "The operational status.", "allOf" : [ - { "$ref" : "#/definitions/IntegerDatatype" }, - - { "type" : "number", - "minimum" : 1 } ] }, - "StringDatatype" : - { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, - "TokenDatatype" : - { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, - "URIDatatype" : - { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, - "URIReferenceDatatype" : - { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", - "type" : "string", - "format" : "uri-reference" }, - "UUIDDatatype" : - { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "under-development", + "operational", + "disposition", + "other" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "protocols" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "title", + "description", + "status" ], + "additionalProperties" : false }, + "oscal-ap-oscal-implementation-common:protocol" : + { "title" : "Service Protocol Information", + "description" : "Information about the protocol used to provide a service.", + "$id" : "#assembly_oscal-implementation-common_protocol", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Service Protocol Information Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "name" : + { "title" : "Protocol Name", + "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", + "$ref" : "#/definitions/StringDatatype" }, + "title" : + { "title" : "Protocol Title", + "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", + "type" : "string" }, + "port-ranges" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_port-range" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-ap-oscal-implementation-common:port-range" : + { "title" : "Port Range", + "description" : "Where applicable this is the IPv4 port range on which the service operates.", + "$id" : "#assembly_oscal-implementation-common_port-range", + "type" : "object", + "properties" : + { "start" : + { "title" : "Start", + "description" : "Indicates the starting port number in a port range", + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, + "end" : + { "title" : "End", + "description" : "Indicates the ending port number in a port range", + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, + "transport" : + { "title" : "Transport", + "description" : "Indicates the transport type.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "TCP", + "UDP" ] } ] } }, + "additionalProperties" : false }, + "oscal-ap-oscal-implementation-common:implementation-status" : + { "title" : "Implementation Status", + "description" : "Indicates the degree to which the a given control is implemented.", + "$id" : "#assembly_oscal-implementation-common_implementation-status", + "type" : "object", + "properties" : + { "state" : + { "title" : "Implementation State", + "description" : "Identifies the implementation status of the control or control objective.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "implemented", + "partial", + "planned", + "alternative", + "not-applicable" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "oscal-ap-oscal-implementation-common:system-user" : + { "title" : "System User", + "description" : "A type of user that interacts with the system based on an associated role.", + "$id" : "#assembly_oscal-implementation-common_system-user", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "User Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "User Title", + "description" : "A name given to the user, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "User Short Name", + "description" : "A short common name, abbreviation, or acronym for the user.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "User Description", + "description" : "A summary of the user's purpose within the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "role-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_role-id" } }, + "authorized-privileges" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_authorized-privilege" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false }, + "oscal-ap-oscal-implementation-common:authorized-privilege" : + { "title" : "Privilege", + "description" : "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", + "$id" : "#assembly_oscal-implementation-common_authorized-privilege", + "type" : "object", + "properties" : + { "title" : + { "title" : "Privilege Title", + "description" : "A human readable name for the privilege.", + "type" : "string" }, + "description" : + { "title" : "Privilege Description", + "description" : "A summary of the privilege's purpose within the system.", + "type" : "string" }, + "functions-performed" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-implementation-common_function-performed" } } }, + "required" : + [ "title", + "functions-performed" ], + "additionalProperties" : false }, + "oscal-ap-oscal-implementation-common:function-performed" : + { "title" : "Functions Performed", + "description" : "Describes a function performed for a given authorized privilege by this user class.", + "$id" : "#field_oscal-implementation-common_function-performed", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ap-oscal-implementation-common:inventory-item" : + { "title" : "Inventory Item", + "description" : "A single managed inventory item within the system.", + "$id" : "#assembly_oscal-implementation-common_inventory-item", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Inventory Item Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Inventory Item Description", + "description" : "A summary of the inventory item stating its purpose within the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "implemented-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Implemented Component", + "description" : "The set of components that are implemented in a given system inventory item.", + "type" : "object", + "properties" : + { "component-uuid" : + { "title" : "Component Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "component-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false }, + "oscal-ap-oscal-implementation-common:set-parameter" : + { "title" : "Set Parameter Value", + "description" : "Identifies the parameter that will be set by the enclosed value.", + "$id" : "#assembly_oscal-implementation-common_set-parameter", + "type" : "object", + "properties" : + { "param-id" : + { "title" : "Parameter ID", + "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", + "$ref" : "#/definitions/TokenDatatype" }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$ref" : "#/definitions/StringDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "param-id", + "values" ], + "additionalProperties" : false }, + "oscal-ap-oscal-implementation-common:system-id" : + { "title" : "System Identification", + "description" : "A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.", + "$id" : "#field_oscal-implementation-common_system-id", + "type" : "object", "properties" : - { "$schema" : - { "$ref" : "#json-schema-directive" }, - "assessment-plan" : - { "$ref" : "#assembly_oscal-ap_assessment-plan" } }, + { "identifier-type" : + { "title" : "Identification System Type", + "description" : "Identifies the identification system from which the provided identifier was assigned.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "https://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "https://ietf.org/rfc/rfc4122", + "http://ietf.org/rfc/rfc4122" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, "required" : - [ "assessment-plan" ], - "additionalProperties" : false } \ No newline at end of file + [ "id" ], + "additionalProperties" : false }, + "Base64Datatype" : + { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", + "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "DateTimeWithTimezoneDatatype" : + { "description" : "A string representing a point in time with a required timezone.", + "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "description" : "An email address string formatted according to RFC 6531.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "IntegerDatatype" : + { "description" : "A whole number value.", + "type" : "integer" }, + "NonNegativeIntegerDatatype" : + { "description" : "An integer value that is equal to or greater than 0.", + "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 0 } ] }, + "PositiveIntegerDatatype" : + { "description" : "An integer value that is greater than 0.", + "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 1 } ] }, + "StringDatatype" : + { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", + "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", + "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", + "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", + "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "assessment-plan" : + { "$ref" : "#assembly_oscal-ap_assessment-plan" } }, + "required" : + [ "assessment-plan" ], + "additionalProperties" : false } \ No newline at end of file diff --git a/json/schema/oscal_assessment-results_schema.json b/json/schema/oscal_assessment-results_schema.json index 0656af5bcf..b91fa81f87 100644 --- a/json/schema/oscal_assessment-results_schema.json +++ b/json/schema/oscal_assessment-results_schema.json @@ -1,3128 +1,3167 @@ - { "$schema" : "http://json-schema.org/draft-07/schema#", - "$id" : "http://csrc.nist.gov/ns/oscal/1.0.6/oscal-ar-schema.json", - "$comment" : "OSCAL Assessment Results Model: JSON Schema", + { "$schema" : "http://json-schema.org/draft-07/schema#", + "$id" : "http://csrc.nist.gov/ns/oscal/1.0.6/oscal-ar-schema.json", + "$comment" : "OSCAL Assessment Results Model: JSON Schema", + "type" : "object", + "definitions" : + { "json-schema-directive" : + { "title" : "Schema Directive", + "description" : "A JSON Schema directive to bind a specific schema to its document instance.", + "$id" : "#json-schema-directive", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "oscal-ar-oscal-ar:assessment-results" : + { "title" : "Security Assessment Results (SAR)", + "description" : "Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.", + "$id" : "#assembly_oscal-ar_assessment-results", "type" : "object", - "definitions" : - { "json-schema-directive" : - { "title" : "Schema Directive", - "description" : "A JSON Schema directive to bind a specific schema to its document instance.", - "$id" : "#json-schema-directive", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "oscal-ar-oscal-ar:assessment-results" : - { "title" : "Security Assessment Results (SAR)", - "description" : "Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.", - "$id" : "#assembly_oscal-ar_assessment-results", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Results Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "metadata" : - { "$ref" : "#assembly_oscal-metadata_metadata" }, - "import-ap" : - { "$ref" : "#assembly_oscal-ar_import-ap" }, - "local-definitions" : - { "title" : "Local Definitions", - "description" : "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", - "type" : "object", - "properties" : - { "objectives-and-methods" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_local-objective" } }, - "activities" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_activity" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false }, - "results" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ar_result" } }, - "back-matter" : - { "$ref" : "#assembly_oscal-metadata_back-matter" } }, - "required" : - [ "uuid", - "metadata", - "import-ap", - "results" ], - "additionalProperties" : false }, - "oscal-ar-oscal-ar:result" : - { "title" : "Assessment Result", - "description" : "Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.", - "$id" : "#assembly_oscal-ar_result", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Results Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, + "properties" : + { "uuid" : + { "title" : "Assessment Results Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "import-ap" : + { "$ref" : "#assembly_oscal-ar_import-ap" }, + "local-definitions" : + { "title" : "Local Definitions", + "description" : "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", + "type" : "object", + "properties" : + { "objectives-and-methods" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_local-objective" } }, + "activities" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_activity" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false }, + "results" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ar_result" } }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata", + "import-ap", + "results" ], + "additionalProperties" : false }, + "oscal-ar-oscal-ar:result" : + { "title" : "Assessment Result", + "description" : "Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.", + "$id" : "#assembly_oscal-ar_result", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Results Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Results Title", + "description" : "The title for this set of results.", + "type" : "string" }, + "description" : + { "title" : "Results Description", + "description" : "A human-readable description of this set of test results.", + "type" : "string" }, + "start" : + { "title" : "start field", + "description" : "Date/time stamp identifying the start of the evidence collection reflected in these results.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "end" : + { "title" : "end field", + "description" : "Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "local-definitions" : + { "title" : "Local Definitions", + "description" : "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", + "type" : "object", + "properties" : + { "components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, + "inventory-items" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, + "users" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-user" } }, + "assessment-assets" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-assets" }, + "tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_task" } } }, + "additionalProperties" : false }, + "reviewed-controls" : + { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, + "attestations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Attestation Statements", + "description" : "A set of textual statements, typically written by the assessor.", + "type" : "object", + "properties" : + { "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } } }, + "required" : + [ "parts" ], + "additionalProperties" : false } }, + "assessment-log" : + { "title" : "Assessment Log", + "description" : "A log of all assessment-related actions taken.", + "type" : "object", + "properties" : + { "entries" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Assessment Log Entry", + "description" : "Identifies the result of an action and/or task that occurred as part of executing an assessment plan or an assessment event that occurred in producing the assessment results.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Log Entry Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, "title" : - { "title" : "Results Title", - "description" : "The title for this set of results.", - "type" : "string" }, + { "title" : "Action Title", + "description" : "The title for this event.", + "type" : "string" }, "description" : - { "title" : "Results Description", - "description" : "A human-readable description of this set of test results.", - "type" : "string" }, + { "title" : "Action Description", + "description" : "A human-readable description of this event.", + "type" : "string" }, "start" : - { "title" : "start field", - "description" : "Date/time stamp identifying the start of the evidence collection reflected in these results.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + { "title" : "Start", + "description" : "Identifies the start date and time of an event.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "end" : - { "title" : "end field", - "description" : "Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + { "title" : "End", + "description" : "Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "local-definitions" : - { "title" : "Local Definitions", - "description" : "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", - "type" : "object", - "properties" : - { "components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, - "inventory-items" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, - "users" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-user" } }, - "assessment-assets" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-assets" }, - "tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_task" } } }, - "additionalProperties" : false }, - "reviewed-controls" : - { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, - "attestations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Attestation Statements", - "description" : "A set of textual statements, typically written by the assessor.", - "type" : "object", - "properties" : - { "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } } }, - "required" : - [ "parts" ], - "additionalProperties" : false } }, - "assessment-log" : - { "title" : "Assessment Log", - "description" : "A log of all assessment-related actions taken.", - "type" : "object", - "properties" : - { "entries" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Assessment Log Entry", - "description" : "Identifies the result of an action and/or task that occurred as part of executing an assessment plan or an assessment event that occurred in producing the assessment results.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Log Entry Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Action Title", - "description" : "The title for this event.", - "type" : "string" }, - "description" : - { "title" : "Action Description", - "description" : "A human-readable description of this event.", - "type" : "string" }, - "start" : - { "title" : "Start", - "description" : "Identifies the start date and time of an event.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "end" : - { "title" : "End", - "description" : "Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "logged-by" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_logged-by" } }, - "related-tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_related-task" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "start" ], - "additionalProperties" : false } } }, - "required" : - [ "entries" ], - "additionalProperties" : false }, - "observations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_observation" } }, - "risks" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "logged-by" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_risk" } }, - "findings" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_logged-by" } }, + "related-tasks" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ar_finding" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_related-task" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "title", - "description", - "start", - "reviewed-controls" ], - "additionalProperties" : false }, - "oscal-ar-oscal-ar:finding" : - { "title" : "Finding", - "description" : "Describes an individual finding.", - "$id" : "#assembly_oscal-ar_finding", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Finding Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Finding Title", - "description" : "The title for this finding.", - "type" : "string" }, - "description" : - { "title" : "Finding Description", - "description" : "A human-readable description of this finding.", - "type" : "string" }, + "required" : + [ "uuid", + "start" ], + "additionalProperties" : false } } }, + "required" : + [ "entries" ], + "additionalProperties" : false }, + "observations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_observation" } }, + "risks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_risk" } }, + "findings" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_finding" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "title", + "description", + "start", + "reviewed-controls" ], + "additionalProperties" : false }, + "oscal-ar-oscal-ar:import-ap" : + { "title" : "Import Assessment Plan", + "description" : "Used by assessment-results to import information about the original plan for assessing the system.", + "$id" : "#assembly_oscal-ar_import-ap", + "type" : "object", + "properties" : + { "href" : + { "title" : "Assessment Plan Reference", + "description" : "A resolvable URL reference to the assessment plan governing the assessment activities.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-ar-oscal-metadata:metadata" : + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", + "$id" : "#assembly_oscal-metadata_metadata", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "revisions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, + "locations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location", + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, + "parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "actions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_action" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "title", + "last-modified", + "version", + "oscal-version" ], + "additionalProperties" : false }, + "oscal-ar-oscal-metadata:location-uuid" : + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", + "$id" : "#field_oscal-metadata_location-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-ar-oscal-metadata:party-uuid" : + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", + "$id" : "#field_oscal-metadata_party-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-ar-oscal-metadata:role-id" : + { "title" : "Role Identifier Reference", + "description" : "Reference to a role by UUID.", + "$id" : "#field_oscal-metadata_role-id", + "$ref" : "#/definitions/TokenDatatype" }, + "oscal-ar-oscal-metadata:back-matter" : + { "title" : "Back matter", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", + "$id" : "#assembly_oscal-metadata_back-matter", + "type" : "object", + "properties" : + { "resources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Resource Universally Unique Identifier", + "description" : "A unique identifier for a resource.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Resource Title", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", + "type" : "string" }, + "description" : + { "title" : "Resource Description", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "citation" : + { "title" : "Citation", + "description" : "An optional citation consisting of end note text using structured markup.", + "type" : "object", + "properties" : + { "text" : + { "title" : "Citation Text", + "description" : "A line of citation text.", + "type" : "string" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin" } }, - "target" : - { "$ref" : "#assembly_oscal-assessment-common_finding-target" }, - "implementation-statement-uuid" : - { "title" : "Implementation Statement UUID", - "description" : "A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related.", - "$ref" : "#/definitions/UUIDDatatype" }, - "related-observations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Related Observation", - "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", - "type" : "object", - "properties" : - { "observation-uuid" : - { "title" : "Observation Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "observation-uuid" ], - "additionalProperties" : false } }, - "related-risks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Associated Risk", - "description" : "Relates the finding to a set of referenced risks that were used to determine the finding.", - "type" : "object", - "properties" : - { "risk-uuid" : - { "title" : "Risk Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a risk defined in the list of risks.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "risk-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "text" ], + "additionalProperties" : false }, + "rlinks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource link", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL pointing to the referenced resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "hashes" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_hash" } } }, + "required" : + [ "href" ], + "additionalProperties" : false } }, + "base64" : + { "title" : "Base64", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", + "type" : "object", + "properties" : + { "filename" : + { "title" : "File Name", + "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", + "$ref" : "#/definitions/TokenDatatype" }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "value" : + { "$ref" : "#/definitions/Base64Datatype" } }, + "required" : + [ "value" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-ar-oscal-metadata:property" : + { "title" : "Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", + "$id" : "#assembly_oscal-metadata_property", + "type" : "object", + "properties" : + { "name" : + { "title" : "Property Name", + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "$ref" : "#/definitions/TokenDatatype" }, + "uuid" : + { "title" : "Property Universally Unique Identifier", + "description" : "A unique identifier for a property.", + "$ref" : "#/definitions/UUIDDatatype" }, + "ns" : + { "title" : "Property Namespace", + "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "value" : + { "title" : "Property Value", + "description" : "Indicates the value of the attribute, characteristic, or quality.", + "$ref" : "#/definitions/StringDatatype" }, + "class" : + { "title" : "Property Class", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", + "$ref" : "#/definitions/TokenDatatype" }, + "group" : + { "title" : "Property Group", + "description" : "An identifier for relating distinct sets of properties.", + "$ref" : "#/definitions/TokenDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "name", + "value" ], + "additionalProperties" : false }, + "oscal-ar-oscal-metadata:link" : + { "title" : "Link", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", + "$id" : "#assembly_oscal-metadata_link", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL reference to a resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "rel" : + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "resource-fragment" : + { "title" : "Resource Fragment", + "description" : "In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded.", + "$ref" : "#/definitions/StringDatatype" }, + "text" : + { "title" : "Link Text", + "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", + "type" : "string" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-ar-oscal-metadata:responsible-party" : + { "title" : "Responsible Party", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", + "$id" : "#assembly_oscal-metadata_responsible-party", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role", + "description" : "A reference to a role performed by a party.", + "$ref" : "#/definitions/TokenDatatype" }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id", + "party-uuids" ], + "additionalProperties" : false }, + "oscal-ar-oscal-metadata:action" : + { "title" : "Action", + "description" : "An action applied by a role within a given party to the content.", + "$id" : "#assembly_oscal-metadata_action", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Action Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "date" : + { "title" : "Action Occurrence Date", + "description" : "The date and time when the action occurred.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "type" : + { "title" : "Action Type", + "description" : "The type of action documented by the assembly, such as an approval.", + "$ref" : "#/definitions/TokenDatatype" }, + "system" : + { "title" : "Action Type System", + "description" : "Specifies the action type system used.", + "$ref" : "#/definitions/URIDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "system" ], + "additionalProperties" : false }, + "oscal-ar-oscal-metadata:responsible-role" : + { "title" : "Responsible Role", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", + "$id" : "#assembly_oscal-metadata_responsible-role", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role ID", + "description" : "A human-oriented identifier reference to a role performed.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id" ], + "additionalProperties" : false }, + "oscal-ar-oscal-metadata:hash" : + { "title" : "Hash", + "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", + "$id" : "#field_oscal-metadata_hash", + "type" : "object", + "properties" : + { "algorithm" : + { "title" : "Hash algorithm", + "description" : "The digest method by which a hash is derived.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, + "value" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "value", + "algorithm" ], + "additionalProperties" : false }, + "oscal-ar-oscal-metadata:remarks" : + { "title" : "Remarks", + "description" : "Additional commentary about the containing object.", + "$id" : "#field_oscal-metadata_remarks", + "type" : "string" }, + "oscal-ar-oscal-metadata:published" : + { "title" : "Publication Timestamp", + "description" : "The date and time the document was last made available.", + "$id" : "#field_oscal-metadata_published", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-ar-oscal-metadata:last-modified" : + { "title" : "Last Modified Timestamp", + "description" : "The date and time the document was last stored for later retrieval.", + "$id" : "#field_oscal-metadata_last-modified", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-ar-oscal-metadata:version" : + { "title" : "Document Version", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", + "$id" : "#field_oscal-metadata_version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ar-oscal-metadata:oscal-version" : + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", + "$id" : "#field_oscal-metadata_oscal-version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ar-oscal-metadata:email-address" : + { "title" : "Email Address", + "description" : "An email address as defined by RFC 5322 Section 3.4.1.", + "$id" : "#field_oscal-metadata_email-address", + "$ref" : "#/definitions/EmailAddressDatatype" }, + "oscal-ar-oscal-metadata:telephone-number" : + { "title" : "Telephone Number", + "description" : "A telephone service number as defined by ITU-T E.164.", + "$id" : "#field_oscal-metadata_telephone-number", + "type" : "object", + "properties" : + { "type" : + { "title" : "type flag", + "description" : "Indicates the type of phone number.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, + "number" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "number" ], + "additionalProperties" : false }, + "oscal-ar-oscal-metadata:address" : + { "title" : "Address", + "description" : "A postal address for the location.", + "$id" : "#assembly_oscal-metadata_address", + "type" : "object", + "properties" : + { "type" : + { "title" : "Address Type", + "description" : "Indicates the type of address.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, + "addr-lines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_addr-line" } }, + "city" : + { "title" : "City", + "description" : "City, town or geographical region for the mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "state" : + { "title" : "State", + "description" : "State, province or analogous geographical region for a mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "postal-code" : + { "title" : "Postal Code", + "description" : "Postal or ZIP code for mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "country" : + { "title" : "Country Code", + "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", + "$ref" : "#/definitions/StringDatatype" } }, + "additionalProperties" : false }, + "oscal-ar-oscal-metadata:addr-line" : + { "title" : "Address line", + "description" : "A single line of an address.", + "$id" : "#field_oscal-metadata_addr-line", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ar-oscal-metadata:document-id" : + { "title" : "Document Identifier", + "description" : "A document identifier qualified by an identifier scheme.", + "$id" : "#field_oscal-metadata_document-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "Document Identification Scheme", + "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, + "identifier" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "identifier" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:import-ssp" : + { "title" : "Import System Security Plan", + "description" : "Used by the assessment plan and POA&M to import information about the system.", + "$id" : "#assembly_oscal-assessment-common_import-ssp", + "type" : "object", + "properties" : + { "href" : + { "title" : "System Security Plan Reference", + "description" : "A resolvable URL reference to the system security plan for the system being assessed.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:local-objective" : + { "title" : "Assessment-Specific Control Objective", + "description" : "A local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.", + "$id" : "#assembly_oscal-assessment-common_local-objective", + "type" : "object", + "properties" : + { "control-id" : + { "title" : "Control Identifier Reference", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "$ref" : "#/definitions/TokenDatatype" }, + "description" : + { "title" : "Objective Description", + "description" : "A human-readable description of this control objective.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "control-id", + "parts" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:assessment-method" : + { "title" : "Assessment Method", + "description" : "A local definition of a control objective. Uses catalog syntax for control objective and assessment activities.", + "$id" : "#assembly_oscal-assessment-common_assessment-method", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Method Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Assessment Method Description", + "description" : "A human-readable description of this assessment method.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "part" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-part" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "part" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:activity" : + { "title" : "Activity", + "description" : "Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.", + "$id" : "#assembly_oscal-assessment-common_activity", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Activity Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Included Activity Title", + "description" : "The title for this included activity.", + "type" : "string" }, + "description" : + { "title" : "Included Activity Description", + "description" : "A human-readable description of this included activity.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "steps" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Step", + "description" : "Identifies an individual step in a series of steps related to an activity, such as an assessment test or examination procedure.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Step Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Step Title", + "description" : "The title for this step.", + "type" : "string" }, + "description" : + { "title" : "Step Description", + "description" : "A human-readable description of this step.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "reviewed-controls" : + { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "related-controls" : + { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:task" : + { "title" : "Task", + "description" : "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.", + "$id" : "#assembly_oscal-assessment-common_task", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Task Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Task Type", + "description" : "The type of task.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "milestone", + "action" ] } ] }, + "title" : + { "title" : "Task Title", + "description" : "The title for this task.", + "type" : "string" }, + "description" : + { "title" : "Task Description", + "description" : "A human-readable description of this task.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "timing" : + { "title" : "Event Timing", + "description" : "The timing under which the task is intended to occur.", + "type" : "object", + "properties" : + { "on-date" : + { "title" : "On Date Condition", + "description" : "The task is intended to occur on the specified date.", + "type" : "object", + "properties" : + { "date" : + { "title" : "On Date Condition", + "description" : "The task must occur on the specified date.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : - [ "uuid", - "title", - "description", - "target" ], + [ "date" ], "additionalProperties" : false }, - "oscal-ar-oscal-ar:import-ap" : - { "title" : "Import Assessment Plan", - "description" : "Used by assessment-results to import information about the original plan for assessing the system.", - "$id" : "#assembly_oscal-ar_import-ap", + "within-date-range" : + { "title" : "On Date Range Condition", + "description" : "The task is intended to occur within the specified date range.", "type" : "object", "properties" : - { "href" : - { "title" : "Assessment Plan Reference", - "description" : "A resolvable URL reference to the assessment plan governing the assessment activities.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, + { "start" : + { "title" : "Start Date Condition", + "description" : "The task must occur on or after the specified date.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "end" : + { "title" : "End Date Condition", + "description" : "The task must occur on or before the specified date.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : - [ "href" ], + [ "start", + "end" ], "additionalProperties" : false }, - "oscal-ar-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", - "$id" : "#assembly_oscal-metadata_metadata", + "at-frequency" : + { "title" : "Frequency Condition", + "description" : "The task is intended to occur at the specified frequency.", "type" : "object", "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "revisions" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "props" : - { "type" : "array", + { "period" : + { "title" : "Period", + "description" : "The task must occur after the specified period has elapsed.", + "$ref" : "#/definitions/PositiveIntegerDatatype" }, + "unit" : + { "title" : "Time Unit", + "description" : "The unit of time for the period.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "seconds", + "minutes", + "hours", + "days", + "months", + "years" ] } ] } }, + "required" : + [ "period", + "unit" ], + "additionalProperties" : false } }, + "additionalProperties" : false }, + "dependencies" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Task Dependency", + "description" : "Used to indicate that a task is dependent on another task.", + "type" : "object", + "properties" : + { "task-uuid" : + { "title" : "Task Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique task.", + "$ref" : "#/definitions/UUIDDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "task-uuid" ], + "additionalProperties" : false } }, + "tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_task" } }, + "associated-activities" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Associated Activity", + "description" : "Identifies an individual activity to be performed as part of a task.", + "type" : "object", + "properties" : + { "activity-uuid" : + { "title" : "Activity Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to an activity defined in the list of activities.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "activity-uuid", + "subjects" ], + "additionalProperties" : false } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "title" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:reviewed-controls" : + { "title" : "Reviewed Controls and Control Objectives", + "description" : "Identifies the controls being assessed and their control objectives.", + "$id" : "#assembly_oscal-assessment-common_reviewed-controls", + "type" : "object", + "properties" : + { "description" : + { "title" : "Control Objective Description", + "description" : "A human-readable description of control objectives.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "control-selections" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Assessed Controls", + "description" : "Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.", + "type" : "object", + "properties" : + { "description" : + { "title" : "Assessed Controls Description", + "description" : "A human-readable description of in-scope controls specified for assessment.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, + "exclude-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false } }, + "control-objective-selections" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Referenced Control Objectives", + "description" : "Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the assessed objectives, and reflects any changes from the plan.", + "type" : "object", + "properties" : + { "description" : + { "title" : "Control Objectives Description", + "description" : "A human-readable description of this collection of control objectives.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-objectives" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, + "exclude-objectives" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "control-selections" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:select-control-by-id" : + { "title" : "Select Control", + "description" : "Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.", + "$id" : "#assembly_oscal-assessment-common_select-control-by-id", + "type" : "object", + "properties" : + { "control-id" : + { "title" : "Control Identifier Reference", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "$ref" : "#/definitions/TokenDatatype" }, + "statement-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Include Specific Statements", + "description" : "Used to constrain the selection to only specificity identified statements.", + "$ref" : "#/definitions/TokenDatatype" } } }, + "required" : + [ "control-id" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:select-objective-by-id" : + { "title" : "Select Objective", + "description" : "Used to select a control objective for inclusion/exclusion based on the control objective's identifier.", + "$id" : "#assembly_oscal-assessment-common_select-objective-by-id", + "type" : "object", + "properties" : + { "objective-id" : + { "title" : "Objective ID", + "description" : "Points to an assessment objective.", + "$ref" : "#/definitions/TokenDatatype" } }, + "required" : + [ "objective-id" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:assessment-subject-placeholder" : + { "title" : "Assessment Subject Placeholder", + "description" : "Used when the assessment subjects will be determined as part of one or more other assessment activities. These assessment subjects will be recorded in the assessment results in the assessment log.", + "$id" : "#assembly_oscal-assessment-common_assessment-subject-placeholder", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Subject Placeholder Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Assessment Subject Placeholder Description", + "description" : "A human-readable description of intent of this assessment subject placeholder.", + "type" : "string" }, + "sources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Assessment Subject Source", + "description" : "Assessment subjects will be identified while conducting the referenced activity-instance.", + "type" : "object", + "properties" : + { "task-uuid" : + { "title" : "Task Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "task-uuid" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "sources" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:assessment-subject" : + { "title" : "Subject of Assessment", + "description" : "Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope.", + "$id" : "#assembly_oscal-assessment-common_assessment-subject", + "type" : "object", + "properties" : + { "type" : + { "title" : "Subject Type", + "description" : "Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user" ] } ] }, + "description" : + { "title" : "Include Subjects Description", + "description" : "A human-readable description of the collection of subjects being included in this assessment.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, + "exclude-subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "type" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:select-subject-by-id" : + { "title" : "Select Assessment Subject", + "description" : "Identifies a set of assessment subjects to include/exclude by UUID.", + "$id" : "#assembly_oscal-assessment-common_select-subject-by-id", + "type" : "object", + "properties" : + { "subject-uuid" : + { "title" : "Subject Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Subject Universally Unique Identifier Reference Type", + "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "subject-uuid", + "type" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:subject-reference" : + { "title" : "Identifies the Subject", + "description" : "A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.", + "$id" : "#assembly_oscal-assessment-common_subject-reference", + "type" : "object", + "properties" : + { "subject-uuid" : + { "title" : "Subject Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Subject Universally Unique Identifier Reference Type", + "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, + "title" : + { "title" : "Subject Reference Title", + "description" : "The title or name for the referenced subject.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "subject-uuid", + "type" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:assessment-assets" : + { "title" : "Assessment Assets", + "description" : "Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.", + "$id" : "#assembly_oscal-assessment-common_assessment-assets", + "type" : "object", + "properties" : + { "components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, + "assessment-platforms" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Assessment Platform", + "description" : "Used to represent the toolset used to perform aspects of the assessment.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Platform Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Assessment Platform Title", + "description" : "The title or name for the assessment platform.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "uses-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Uses Component", + "description" : "The set of components that are used by the assessment platform.", + "type" : "object", + "properties" : + { "component-uuid" : + { "title" : "Component Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", + "links" : + { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, - "roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, - "locations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, - "parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, - "responsible-parties" : - { "type" : "array", + "responsible-parties" : + { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "title", - "last-modified", - "version", - "oscal-version" ], - "additionalProperties" : false }, - "oscal-ar-oscal-metadata:revision" : - { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "component-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "required" : + [ "assessment-platforms" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:finding-target" : + { "title" : "Objective Status", + "description" : "Captures an assessor's conclusions regarding the degree to which an objective is satisfied.", + "$id" : "#assembly_oscal-assessment-common_finding-target", + "type" : "object", + "properties" : + { "type" : + { "title" : "Finding Target Type", + "description" : "Identifies the type of the target.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "statement-id", + "objective-id" ] } ] }, + "target-id" : + { "title" : "Finding Target Identifier Reference", + "description" : "A machine-oriented identifier reference for a specific target qualified by the type.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Objective Status Title", + "description" : "The title for this objective status.", + "type" : "string" }, + "description" : + { "title" : "Objective Status Description", + "description" : "A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "status" : + { "title" : "Objective Status", + "description" : "A determination of if the objective is satisfied or not within a given system.", + "type" : "object", + "properties" : + { "state" : + { "title" : "Objective Status State", + "description" : "An indication as to whether the objective is satisfied or not.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "satisfied", + "not-satisfied" ] } ] }, + "reason" : + { "title" : "Objective Status Reason", + "description" : "The reason the objective was given it's status.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "pass", + "fail", + "other" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "implementation-status" : + { "$ref" : "#assembly_oscal-implementation-common_implementation-status" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "type", + "target-id", + "status" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:finding" : + { "title" : "Finding", + "description" : "Describes an individual finding.", + "$id" : "#assembly_oscal-assessment-common_finding", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Finding Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Finding Title", + "description" : "The title for this finding.", + "type" : "string" }, + "description" : + { "title" : "Finding Description", + "description" : "A human-readable description of this finding.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "target" : + { "$ref" : "#assembly_oscal-assessment-common_finding-target" }, + "implementation-statement-uuid" : + { "title" : "Implementation Statement UUID", + "description" : "A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related.", + "$ref" : "#/definitions/UUIDDatatype" }, + "related-observations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Related Observation", + "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", + "type" : "object", + "properties" : + { "observation-uuid" : + { "title" : "Observation Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "observation-uuid" ], + "additionalProperties" : false } }, + "related-risks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Associated Risk", + "description" : "Relates the finding to a set of referenced risks that were used to determine the finding.", + "type" : "object", + "properties" : + { "risk-uuid" : + { "title" : "Risk Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a risk defined in the list of risks.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "risk-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "title", + "description", + "target" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:observation" : + { "title" : "Observation", + "description" : "Describes an individual observation.", + "$id" : "#assembly_oscal-assessment-common_observation", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Observation Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Observation Title", + "description" : "The title for this observation.", + "type" : "string" }, + "description" : + { "title" : "Observation Description", + "description" : "A human-readable description of this assessment observation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "methods" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Observation Method", + "description" : "Identifies how the observation was made.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "EXAMINE", + "INTERVIEW", + "TEST", + "UNKNOWN" ] } ] } }, + "types" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Observation Type", + "description" : "Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "ssp-statement-issue", + "control-objective", + "mitigation", + "finding", + "historic" ] } ] } }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, + "relevant-evidence" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Relevant Evidence", + "description" : "Links this observation to relevant evidence.", + "type" : "object", + "properties" : + { "href" : + { "title" : "Relevant Evidence Reference", + "description" : "A resolvable URL reference to relevant evidence.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "description" : + { "title" : "Relevant Evidence Description", + "description" : "A human-readable description of this evidence.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "description" ], + "additionalProperties" : false } }, + "collected" : + { "title" : "Collected Field", + "description" : "Date/time stamp identifying when the finding information was collected.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "expires" : + { "title" : "Expires Field", + "description" : "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description", + "methods", + "collected" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:origin" : + { "title" : "Origin", + "description" : "Identifies the source of the finding, such as a tool, interviewed person, or activity.", + "$id" : "#assembly_oscal-assessment-common_origin", + "type" : "object", + "properties" : + { "actors" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin-actor" } }, + "related-tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_related-task" } } }, + "required" : + [ "actors" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:origin-actor" : + { "title" : "Originating Actor", + "description" : "The actor that produces an observation, a finding, or a risk. One or more actor type can be used to specify a person that is using a tool.", + "$id" : "#assembly_oscal-assessment-common_origin-actor", + "type" : "object", + "properties" : + { "type" : + { "title" : "Actor Type", + "description" : "The kind of actor.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "tool", + "assessment-platform", + "party" ] } ] }, + "actor-uuid" : + { "title" : "Actor Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to the tool or person based on the associated type.", + "$ref" : "#/definitions/UUIDDatatype" }, + "role-id" : + { "title" : "Actor Role", + "description" : "For a party, this can optionally be used to specify the role the actor was performing.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "type", + "actor-uuid" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:related-task" : + { "title" : "Task Reference", + "description" : "Identifies an individual task for which the containing object is a consequence of.", + "$id" : "#assembly_oscal-assessment-common_related-task", + "type" : "object", + "properties" : + { "task-uuid" : + { "title" : "Task Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique task.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, + "identified-subject" : + { "title" : "Identified Subject", + "description" : "Used to detail assessment subjects that were identfied by this task.", + "type" : "object", + "properties" : + { "subject-placeholder-uuid" : + { "title" : "Assessment Subject Placeholder Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task.", + "$ref" : "#/definitions/UUIDDatatype" }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } } }, + "required" : + [ "subject-placeholder-uuid", + "subjects" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "task-uuid" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:threat-id" : + { "title" : "Threat ID", + "description" : "A pointer, by ID, to an externally-defined threat.", + "$id" : "#field_oscal-assessment-common_threat-id", + "type" : "object", + "properties" : + { "system" : + { "title" : "Threat Type Identification System", + "description" : "Specifies the source of the threat information.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal" ] } ] }, + "href" : + { "title" : "Threat Information Resource Reference", + "description" : "An optional location for the threat data, from which this ID originates.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "id" : + { "$ref" : "#/definitions/URIDatatype" } }, + "required" : + [ "id", + "system" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:risk" : + { "title" : "Identified Risk", + "description" : "An identified risk.", + "$id" : "#assembly_oscal-assessment-common_risk", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Risk Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Risk Title", + "description" : "The title for this risk.", + "type" : "string" }, + "description" : + { "title" : "Risk Description", + "description" : "A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.", + "type" : "string" }, + "statement" : + { "title" : "Risk Statement", + "description" : "An summary of impact for how the risk affects the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "status" : + { "$ref" : "#field_oscal-assessment-common_risk-status" }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "threat-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-assessment-common_threat-id" } }, + "characterizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_characterization" } }, + "mitigating-factors" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Mitigating Factor", + "description" : "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Mitigating Factor Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "implementation-uuid" : + { "title" : "Implementation UUID", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Mitigating Factor Description", + "description" : "A human-readable description of this mitigating factor.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "deadline" : + { "title" : "Risk Resolution Deadline", + "description" : "The date/time by which the risk must be resolved.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "remediations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_response" } }, + "risk-log" : + { "title" : "Risk Log", + "description" : "A log of all risk-related tasks taken.", + "type" : "object", + "properties" : + { "entries" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Risk Log Entry", + "description" : "Identifies an individual risk response that occurred as part of managing an identified risk.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Risk Log Entry Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Title", + "description" : "The title for this risk log entry.", + "type" : "string" }, + "description" : + { "title" : "Risk Task Description", + "description" : "A human-readable description of what was done regarding the risk.", + "type" : "string" }, + "start" : + { "title" : "Start", + "description" : "Identifies the start date and time of the event.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "end" : + { "title" : "End", + "description" : "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-ar-oscal-metadata:location" : - { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "logged-by" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_logged-by" } }, + "status-change" : + { "$ref" : "#field_oscal-assessment-common_risk-status" }, + "related-responses" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, - "oscal-ar-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_location-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-ar-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://orcid.org/" ] } ] }, - "id" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, - "oscal-ar-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_party-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-ar-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, - "oscal-ar-oscal-metadata:role-id" : - { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$id" : "#field_oscal-metadata_role-id", - "$ref" : "#/definitions/TokenDatatype" }, - "oscal-ar-oscal-metadata:back-matter" : - { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", - "$id" : "#assembly_oscal-metadata_back-matter", - "type" : "object", - "properties" : - { "resources" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", - "type" : "string" }, - "description" : - { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "citation" : - { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", - "type" : "object", - "properties" : - { "text" : - { "title" : "Citation Text", - "description" : "A line of citation text.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "text" ], - "additionalProperties" : false }, - "rlinks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "hashes" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_hash" } } }, - "required" : - [ "href" ], - "additionalProperties" : false } }, - "base64" : - { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", - "type" : "object", - "properties" : - { "filename" : - { "title" : "File Name", - "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "value" : - { "$ref" : "#/definitions/Base64Datatype" } }, - "required" : - [ "value" ], - "additionalProperties" : false }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-ar-oscal-metadata:property" : - { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", - "$id" : "#assembly_oscal-metadata_property", - "type" : "object", - "properties" : - { "name" : - { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "marking" ] } ] }, - "uuid" : - { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "ns" : - { "title" : "Property Namespace", - "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "value" : - { "title" : "Property Value", - "description" : "Indicates the value of the attribute, characteristic, or quality.", - "$ref" : "#/definitions/StringDatatype" }, - "class" : - { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "name", - "value" ], - "additionalProperties" : false }, - "oscal-ar-oscal-metadata:link" : - { "title" : "Link", - "description" : "A reference to a local or remote resource", - "$id" : "#assembly_oscal-metadata_link", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URL reference to a resource.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "reference" ] } ] }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "text" : - { "title" : "Link Text", - "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", - "type" : "string" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-ar-oscal-metadata:responsible-party" : - { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-party", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$ref" : "#/definitions/TokenDatatype" }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id", - "party-uuids" ], - "additionalProperties" : false }, - "oscal-ar-oscal-metadata:responsible-role" : - { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-role", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id" ], - "additionalProperties" : false }, - "oscal-ar-oscal-metadata:hash" : - { "title" : "Hash", - "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", - "$id" : "#field_oscal-metadata_hash", - "type" : "object", - "properties" : - { "algorithm" : - { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "SHA-224", - "SHA-256", - "SHA-384", - "SHA-512", - "SHA3-224", - "SHA3-256", - "SHA3-384", - "SHA3-512" ] } ] }, - "value" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "value", - "algorithm" ], - "additionalProperties" : false }, - "oscal-ar-oscal-metadata:remarks" : - { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", - "$id" : "#field_oscal-metadata_remarks", - "type" : "string" }, - "oscal-ar-oscal-metadata:published" : - { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_published", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-ar-oscal-metadata:last-modified" : - { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_last-modified", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-ar-oscal-metadata:version" : - { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", - "$id" : "#field_oscal-metadata_version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ar-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", - "$id" : "#field_oscal-metadata_oscal-version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ar-oscal-metadata:email-address" : - { "title" : "Email Address", - "description" : "An email address as defined by RFC 5322 Section 3.4.1.", - "$id" : "#field_oscal-metadata_email-address", - "$ref" : "#/definitions/EmailAddressDatatype" }, - "oscal-ar-oscal-metadata:telephone-number" : - { "title" : "Telephone Number", - "description" : "Contact number by telephone.", - "$id" : "#field_oscal-metadata_telephone-number", - "type" : "object", - "properties" : - { "type" : - { "title" : "type flag", - "description" : "Indicates the type of phone number.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "home", - "office", - "mobile" ] } ] }, - "number" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "number" ], - "additionalProperties" : false }, - "oscal-ar-oscal-metadata:address" : - { "title" : "Address", - "description" : "A postal address for the location.", - "$id" : "#assembly_oscal-metadata_address", - "type" : "object", - "properties" : - { "type" : - { "title" : "Address Type", - "description" : "Indicates the type of address.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "home", - "work" ] } ] }, - "addr-lines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_addr-line" } }, - "city" : - { "title" : "City", - "description" : "City, town or geographical region for the mailing address.", - "$ref" : "#/definitions/StringDatatype" }, - "state" : - { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "postal-code" : - { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "country" : - { "title" : "Country Code", - "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "$ref" : "#/definitions/StringDatatype" } }, - "additionalProperties" : false }, - "oscal-ar-oscal-metadata:addr-line" : - { "title" : "Address line", - "description" : "A single line of an address.", - "$id" : "#field_oscal-metadata_addr-line", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ar-oscal-metadata:document-id" : - { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", - "$id" : "#field_oscal-metadata_document-id", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "Document Identification Scheme", - "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://www.doi.org/" ] } ] }, - "identifier" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "identifier" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:import-ssp" : - { "title" : "Import System Security Plan", - "description" : "Used by the assessment plan and POA&M to import information about the system.", - "$id" : "#assembly_oscal-assessment-common_import-ssp", - "type" : "object", - "properties" : - { "href" : - { "title" : "System Security Plan Reference", - "description" : "A resolvable URL reference to the system security plan for the system being assessed.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:local-objective" : - { "title" : "Assessment-Specific Control Objective", - "description" : "A local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.", - "$id" : "#assembly_oscal-assessment-common_local-objective", - "type" : "object", - "properties" : - { "control-id" : - { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "$ref" : "#/definitions/TokenDatatype" }, - "description" : - { "title" : "Objective Description", - "description" : "A human-readable description of this control objective.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "control-id", - "parts" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:assessment-method" : - { "title" : "Assessment Method", - "description" : "A local definition of a control objective. Uses catalog syntax for control objective and assessment activities.", - "$id" : "#assembly_oscal-assessment-common_assessment-method", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Method Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Assessment Method Description", - "description" : "A human-readable description of this assessment method.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "part" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-part" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "part" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:activity" : - { "title" : "Activity", - "description" : "Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.", - "$id" : "#assembly_oscal-assessment-common_activity", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Activity Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Included Activity Title", - "description" : "The title for this included activity.", - "type" : "string" }, - "description" : - { "title" : "Included Activity Description", - "description" : "A human-readable description of this included activity.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "steps" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Step", - "description" : "Identifies an individual step in a series of steps related to an activity, such as an assessment test or examination procedure.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Step Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Step Title", - "description" : "The title for this step.", - "type" : "string" }, - "description" : - { "title" : "Step Description", - "description" : "A human-readable description of this step.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "reviewed-controls" : - { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "related-controls" : - { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:task" : - { "title" : "Task", - "description" : "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.", - "$id" : "#assembly_oscal-assessment-common_task", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Task Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Task Type", - "description" : "The type of task.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "milestone", - "action" ] } ] }, - "title" : - { "title" : "Task Title", - "description" : "The title for this task.", - "type" : "string" }, - "description" : - { "title" : "Task Description", - "description" : "A human-readable description of this task.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "timing" : - { "title" : "Event Timing", - "description" : "The timing under which the task is intended to occur.", - "type" : "object", - "properties" : - { "on-date" : - { "title" : "On Date Condition", - "description" : "The task is intended to occur on the specified date.", - "type" : "object", - "properties" : - { "date" : - { "title" : "On Date Condition", - "description" : "The task must occur on the specified date.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, - "required" : - [ "date" ], - "additionalProperties" : false }, - "within-date-range" : - { "title" : "On Date Range Condition", - "description" : "The task is intended to occur within the specified date range.", - "type" : "object", - "properties" : - { "start" : - { "title" : "Start Date Condition", - "description" : "The task must occur on or after the specified date.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "end" : - { "title" : "End Date Condition", - "description" : "The task must occur on or before the specified date.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, - "required" : - [ "start", - "end" ], - "additionalProperties" : false }, - "at-frequency" : - { "title" : "Frequency Condition", - "description" : "The task is intended to occur at the specified frequency.", - "type" : "object", - "properties" : - { "period" : - { "title" : "Period", - "description" : "The task must occur after the specified period has elapsed.", - "$ref" : "#/definitions/PositiveIntegerDatatype" }, - "unit" : - { "title" : "Time Unit", - "description" : "The unit of time for the period.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "seconds", - "minutes", - "hours", - "days", - "months", - "years" ] } ] } }, - "required" : - [ "period", - "unit" ], - "additionalProperties" : false } }, - "additionalProperties" : false }, - "dependencies" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Task Dependency", - "description" : "Used to indicate that a task is dependent on another task.", - "type" : "object", - "properties" : - { "task-uuid" : - { "title" : "Task Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique task.", - "$ref" : "#/definitions/UUIDDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "task-uuid" ], - "additionalProperties" : false } }, - "tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_task" } }, - "associated-activities" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Associated Activity", - "description" : "Identifies an individual activity to be performed as part of a task.", - "type" : "object", - "properties" : - { "activity-uuid" : - { "title" : "Activity Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to an activity defined in the list of activities.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "activity-uuid", - "subjects" ], - "additionalProperties" : false } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type", - "title" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:reviewed-controls" : - { "title" : "Reviewed Controls and Control Objectives", - "description" : "Identifies the controls being assessed and their control objectives.", - "$id" : "#assembly_oscal-assessment-common_reviewed-controls", - "type" : "object", - "properties" : - { "description" : - { "title" : "Control Objective Description", - "description" : "A human-readable description of control objectives.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "control-selections" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Assessed Controls", - "description" : "Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.", - "type" : "object", - "properties" : - { "description" : - { "title" : "Assessed Controls Description", - "description" : "A human-readable description of in-scope controls specified for assessment.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, - "exclude-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false } }, - "control-objective-selections" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Referenced Control Objectives", - "description" : "Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the assessed objectives, and reflects any changes from the plan.", - "type" : "object", - "properties" : - { "description" : - { "title" : "Control Objectives Description", - "description" : "A human-readable description of this collection of control objectives.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-objectives" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, - "exclude-objectives" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "control-selections" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:select-control-by-id" : - { "title" : "Select Control", - "description" : "Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.", - "$id" : "#assembly_oscal-assessment-common_select-control-by-id", - "type" : "object", - "properties" : - { "control-id" : - { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "$ref" : "#/definitions/TokenDatatype" }, - "statement-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Include Specific Statements", - "description" : "Used to constrain the selection to only specificity identified statements.", - "$ref" : "#/definitions/TokenDatatype" } } }, - "required" : - [ "control-id" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:select-objective-by-id" : - { "title" : "Select Objective", - "description" : "Used to select a control objective for inclusion/exclusion based on the control objective's identifier.", - "$id" : "#assembly_oscal-assessment-common_select-objective-by-id", - "type" : "object", - "properties" : - { "objective-id" : - { "title" : "Objective ID", - "description" : "Points to an assessment objective.", - "$ref" : "#/definitions/TokenDatatype" } }, - "required" : - [ "objective-id" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:assessment-subject-placeholder" : - { "title" : "Assessment Subject Placeholder", - "description" : "Used when the assessment subjects will be determined as part of one or more other assessment activities. These assessment subjects will be recorded in the assessment results in the assessment log.", - "$id" : "#assembly_oscal-assessment-common_assessment-subject-placeholder", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Subject Placeholder Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Assessment Subject Placeholder Description", - "description" : "A human-readable description of intent of this assessment subject placeholder.", - "type" : "string" }, - "sources" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Assessment Subject Source", - "description" : "Assessment subjects will be identified while conducting the referenced activity-instance.", - "type" : "object", - "properties" : - { "task-uuid" : - { "title" : "Task Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "task-uuid" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "sources" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:assessment-subject" : - { "title" : "Subject of Assessment", - "description" : "Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope.", - "$id" : "#assembly_oscal-assessment-common_assessment-subject", - "type" : "object", - "properties" : - { "type" : - { "title" : "Subject Type", - "description" : "Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "component", - "inventory-item", - "location", - "party", - "user" ] } ] }, - "description" : - { "title" : "Include Subjects Description", - "description" : "A human-readable description of the collection of subjects being included in this assessment.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, - "exclude-subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "type" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:select-subject-by-id" : - { "title" : "Select Assessment Subject", - "description" : "Identifies a set of assessment subjects to include/exclude by UUID.", - "$id" : "#assembly_oscal-assessment-common_select-subject-by-id", - "type" : "object", - "properties" : - { "subject-uuid" : - { "title" : "Subject Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Subject Universally Unique Identifier Reference Type", - "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "component", - "inventory-item", - "location", - "party", - "user", - "resource" ] } ] }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "subject-uuid", - "type" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:subject-reference" : - { "title" : "Identifies the Subject", - "description" : "A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.", - "$id" : "#assembly_oscal-assessment-common_subject-reference", - "type" : "object", - "properties" : - { "subject-uuid" : - { "title" : "Subject Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Subject Universally Unique Identifier Reference Type", - "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "component", - "inventory-item", - "location", - "party", - "user", - "resource" ] } ] }, - "title" : - { "title" : "Subject Reference Title", - "description" : "The title or name for the referenced subject.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "subject-uuid", - "type" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:assessment-assets" : - { "title" : "Assessment Assets", - "description" : "Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.", - "$id" : "#assembly_oscal-assessment-common_assessment-assets", - "type" : "object", - "properties" : - { "components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, - "assessment-platforms" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Assessment Platform", - "description" : "Used to represent the toolset used to perform aspects of the assessment.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Platform Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Assessment Platform Title", - "description" : "The title or name for the assessment platform.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "uses-components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Uses Component", - "description" : "The set of components that are used by the assessment platform.", - "type" : "object", - "properties" : - { "component-uuid" : - { "title" : "Component Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "component-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false } } }, - "required" : - [ "assessment-platforms" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:finding-target" : - { "title" : "Objective Status", - "description" : "Captures an assessor's conclusions regarding the degree to which an objective is satisfied.", - "$id" : "#assembly_oscal-assessment-common_finding-target", - "type" : "object", - "properties" : - { "type" : - { "title" : "Finding Target Type", - "description" : "Identifies the type of the target.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "statement-id", - "objective-id" ] } ] }, - "target-id" : - { "title" : "Finding Target Identifier Reference", - "description" : "A machine-oriented identifier reference for a specific target qualified by the type.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Objective Status Title", - "description" : "The title for this objective status.", - "type" : "string" }, - "description" : - { "title" : "Objective Status Description", - "description" : "A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "status" : - { "title" : "Objective Status", - "description" : "A determination of if the objective is satisfied or not within a given system.", - "type" : "object", - "properties" : - { "state" : - { "title" : "Objective Status State", - "description" : "An indication as to whether the objective is satisfied or not.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "satisfied", - "not-satisfied" ] } ] }, - "reason" : - { "title" : "Objective Status Reason", - "description" : "The reason the objective was given it's status.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "pass", - "fail", - "other" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "implementation-status" : - { "$ref" : "#assembly_oscal-implementation-common_implementation-status" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "type", - "target-id", - "status" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:observation" : - { "title" : "Observation", - "description" : "Describes an individual observation.", - "$id" : "#assembly_oscal-assessment-common_observation", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Observation Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Observation Title", - "description" : "The title for this observation.", - "type" : "string" }, - "description" : - { "title" : "Observation Description", - "description" : "A human-readable description of this assessment observation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "methods" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Observation Method", - "description" : "Identifies how the observation was made.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "EXAMINE", - "INTERVIEW", - "TEST", - "UNKNOWN" ] } ] } }, - "types" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Observation Type", - "description" : "Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "ssp-statement-issue", - "control-objective", - "mitigation", - "finding", - "historic" ] } ] } }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, - "relevant-evidence" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Relevant Evidence", - "description" : "Links this observation to relevant evidence.", - "type" : "object", - "properties" : - { "href" : - { "title" : "Relevant Evidence Reference", - "description" : "A resolvable URL reference to relevant evidence.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "description" : - { "title" : "Relevant Evidence Description", - "description" : "A human-readable description of this evidence.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "description" ], - "additionalProperties" : false } }, - "collected" : - { "title" : "Collected Field", - "description" : "Date/time stamp identifying when the finding information was collected.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "expires" : - { "title" : "Expires Field", - "description" : "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description", - "methods", - "collected" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:origin" : - { "title" : "Origin", - "description" : "Identifies the source of the finding, such as a tool, interviewed person, or activity.", - "$id" : "#assembly_oscal-assessment-common_origin", - "type" : "object", - "properties" : - { "actors" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin-actor" } }, - "related-tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_related-task" } } }, - "required" : - [ "actors" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:origin-actor" : - { "title" : "Originating Actor", - "description" : "The actor that produces an observation, a finding, or a risk. One or more actor type can be used to specify a person that is using a tool.", - "$id" : "#assembly_oscal-assessment-common_origin-actor", - "type" : "object", - "properties" : - { "type" : - { "title" : "Actor Type", - "description" : "The kind of actor.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "tool", - "assessment-platform", - "party" ] } ] }, - "actor-uuid" : - { "title" : "Actor Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to the tool or person based on the associated type.", - "$ref" : "#/definitions/UUIDDatatype" }, - "role-id" : - { "title" : "Actor Role", - "description" : "For a party, this can optionally be used to specify the role the actor was performing.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "type", - "actor-uuid" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:related-task" : - { "title" : "Task Reference", - "description" : "Identifies an individual task for which the containing object is a consequence of.", - "$id" : "#assembly_oscal-assessment-common_related-task", - "type" : "object", - "properties" : - { "task-uuid" : - { "title" : "Task Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique task.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, - "identified-subject" : - { "title" : "Identified Subject", - "description" : "Used to detail assessment subjects that were identfied by this task.", - "type" : "object", - "properties" : - { "subject-placeholder-uuid" : - { "title" : "Assessment Subject Placeholder Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task.", - "$ref" : "#/definitions/UUIDDatatype" }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } } }, - "required" : - [ "subject-placeholder-uuid", - "subjects" ], - "additionalProperties" : false }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "task-uuid" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:threat-id" : - { "title" : "Threat ID", - "description" : "A pointer, by ID, to an externally-defined threat.", - "$id" : "#field_oscal-assessment-common_threat-id", - "type" : "object", - "properties" : - { "system" : - { "title" : "Threat Type Identification System", - "description" : "Specifies the source of the threat information.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://fedramp.gov", - "http://fedramp.gov/ns/oscal" ] } ] }, - "href" : - { "title" : "Threat Information Resource Reference", - "description" : "An optional location for the threat data, from which this ID originates.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "id" : - { "$ref" : "#/definitions/URIDatatype" } }, - "required" : - [ "id", - "system" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:risk" : - { "title" : "Identified Risk", - "description" : "An identified risk.", - "$id" : "#assembly_oscal-assessment-common_risk", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Risk Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Risk Title", - "description" : "The title for this risk.", - "type" : "string" }, - "description" : - { "title" : "Risk Description", - "description" : "A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.", - "type" : "string" }, - "statement" : - { "title" : "Risk Statement", - "description" : "An summary of impact for how the risk affects the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "status" : - { "$ref" : "#field_oscal-assessment-common_risk-status" }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin" } }, - "threat-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-assessment-common_threat-id" } }, - "characterizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_characterization" } }, - "mitigating-factors" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Mitigating Factor", - "description" : "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Mitigating Factor Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "implementation-uuid" : - { "title" : "Implementation UUID", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Mitigating Factor Description", - "description" : "A human-readable description of this mitigating factor.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "deadline" : - { "title" : "Risk Resolution Deadline", - "description" : "The date/time by which the risk must be resolved.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "remediations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_response" } }, - "risk-log" : - { "title" : "Risk Log", - "description" : "A log of all risk-related tasks taken.", - "type" : "object", - "properties" : - { "entries" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Risk Log Entry", - "description" : "Identifies an individual risk response that occurred as part of managing an identified risk.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Risk Log Entry Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Title", - "description" : "The title for this risk log entry.", - "type" : "string" }, - "description" : - { "title" : "Risk Task Description", - "description" : "A human-readable description of what was done regarding the risk.", - "type" : "string" }, - "start" : - { "title" : "Start", - "description" : "Identifies the start date and time of the event.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "end" : - { "title" : "End", - "description" : "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "logged-by" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_logged-by" } }, - "status-change" : - { "$ref" : "#field_oscal-assessment-common_risk-status" }, - "related-responses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Risk Response Reference", - "description" : "Identifies an individual risk response that this log entry is for.", - "type" : "object", - "properties" : - { "response-uuid" : - { "title" : "Response Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique risk response.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "related-tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_related-task" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "response-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "start" ], - "additionalProperties" : false } } }, - "required" : - [ "entries" ], - "additionalProperties" : false }, - "related-observations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Related Observation", - "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", - "type" : "object", - "properties" : - { "observation-uuid" : - { "title" : "Observation Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "observation-uuid" ], - "additionalProperties" : false } } }, - "required" : - [ "uuid", - "title", - "description", - "statement", - "status" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:logged-by" : - { "title" : "Logged By", - "description" : "Used to indicate who created a log entry in what role.", - "$id" : "#assembly_oscal-assessment-common_logged-by", - "type" : "object", - "properties" : - { "party-uuid" : - { "title" : "Party UUID Reference", - "description" : "A machine-oriented identifier reference to the party who is making the log entry.", - "$ref" : "#/definitions/UUIDDatatype" }, - "role-id" : - { "title" : "Actor Role", - "description" : "A point to the role-id of the role in which the party is making the log entry.", - "$ref" : "#/definitions/TokenDatatype" } }, - "required" : - [ "party-uuid" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:risk-status" : - { "title" : "Risk Status", - "description" : "Describes the status of the associated risk.", - "$id" : "#field_oscal-assessment-common_risk-status", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "open", - "investigating", - "remediating", - "deviation-requested", - "deviation-approved", - "closed" ] } ] }, - "oscal-ar-oscal-assessment-common:characterization" : - { "title" : "Characterization", - "description" : "A collection of descriptive data about the containing object from a specific origin.", - "$id" : "#assembly_oscal-assessment-common_characterization", - "type" : "object", - "properties" : - { "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "origin" : - { "$ref" : "#assembly_oscal-assessment-common_origin" }, - "facets" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Facet", - "description" : "An individual characteristic that is part of a larger set produced by the same actor.", - "type" : "object", - "properties" : - { "name" : - { "title" : "Facet Name", - "description" : "The name of the risk metric within the specified system.", - "$ref" : "#/definitions/TokenDatatype" }, - "system" : - { "title" : "Naming System", - "description" : "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://fedramp.gov", - "http://fedramp.gov/ns/oscal", - "http://csrc.nist.gov/ns/oscal", - "http://csrc.nist.gov/ns/oscal/unknown", - "http://cve.mitre.org", - "http://www.first.org/cvss/v2.0", - "http://www.first.org/cvss/v3.0", - "http://www.first.org/cvss/v3.1" ] } ] }, - "value" : - { "title" : "Facet Value", - "description" : "Indicates the value of the facet.", - "$ref" : "#/definitions/StringDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "name", - "system", - "value" ], - "additionalProperties" : false } } }, - "required" : - [ "origin", - "facets" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:response" : - { "title" : "Risk Response", - "description" : "Describes either recommended or an actual plan for addressing the risk.", - "$id" : "#assembly_oscal-assessment-common_response", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Remediation Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "lifecycle" : - { "title" : "Remediation Intent", - "description" : "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "recommendation", - "planned", - "completed" ] } ] }, - "title" : - { "title" : "Response Title", - "description" : "The title for this response activity.", - "type" : "string" }, - "description" : - { "title" : "Response Description", - "description" : "A human-readable description of this response plan.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin" } }, - "required-assets" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Required Asset", - "description" : "Identifies an asset required to achieve remediation.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Required Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, - "title" : - { "title" : "Title for Required Asset", - "description" : "The title for this required asset.", - "type" : "string" }, - "description" : - { "title" : "Description of Required Asset", - "description" : "A human-readable description of this required asset.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_task" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "lifecycle", - "title", - "description" ], - "additionalProperties" : false }, - "oscal-ar-oscal-assessment-common:assessment-part" : - { "title" : "Assessment Part", - "description" : "A partition of an assessment plan or results or a child of another part.", - "$id" : "#assembly_oscal-assessment-common_assessment-part", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Part Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "name" : - { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "asset", - "method", - "objective" ] } ] }, - "ns" : - { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "class" : - { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "prose" : - { "title" : "Part Text", - "description" : "Permits multiple paragraphs, lists, tables etc.", - "type" : "string" }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-ar-oscal-catalog-common:part" : - { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", - "type" : "object", - "properties" : - { "id" : - { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "name" : - { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", - "$ref" : "#/definitions/TokenDatatype" }, - "ns" : - { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "class" : - { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "prose" : - { "title" : "Part Text", - "description" : "Permits multiple paragraphs, lists, tables etc.", - "type" : "string" }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-ar-oscal-catalog-common:parameter" : - { "title" : "Parameter", - "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", - "type" : "object", - "properties" : - { "id" : - { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", - "$ref" : "#/definitions/TokenDatatype" }, - "depends-on" : - { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "label" : - { "title" : "Parameter Label", - "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", - "type" : "string" }, - "usage" : - { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", - "type" : "string" }, - "constraints" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, - "guidelines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, - "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id" ], - "additionalProperties" : false }, - "oscal-ar-oscal-catalog-common:parameter-constraint" : - { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", - "type" : "object", - "properties" : - { "description" : - { "title" : "Constraint Description", - "description" : "A textual summary of the constraint to be applied.", - "type" : "string" }, - "tests" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Constraint Test", - "description" : "A test expression which is expected to be evaluated by a tool.", - "type" : "object", - "properties" : - { "expression" : - { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", - "$ref" : "#/definitions/StringDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "expression" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-ar-oscal-catalog-common:parameter-guideline" : - { "title" : "Guideline", - "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", - "type" : "object", - "properties" : - { "prose" : - { "title" : "Guideline Text", - "description" : "Prose permits multiple paragraphs, lists, tables etc.", - "type" : "string" } }, - "required" : - [ "prose" ], - "additionalProperties" : false }, - "oscal-ar-oscal-catalog-common:parameter-value" : - { "title" : "Parameter Value", - "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ar-oscal-catalog-common:parameter-selection" : - { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", - "type" : "object", - "properties" : - { "how-many" : - { "title" : "Parameter Cardinality", - "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "one", - "one-or-more" ] } ] }, - "choice" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Choice", - "description" : "A value selection among several such options.", - "type" : "string" } } }, - "additionalProperties" : false }, - "oscal-ar-oscal-catalog-common:include-all" : - { "title" : "Include All", - "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", - "type" : "object", - "additionalProperties" : false }, - "oscal-ar-oscal-implementation-common:system-component" : - { "title" : "Component", - "description" : "A defined component that can be part of an implemented system.", - "$id" : "#assembly_oscal-implementation-common_system-component", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Component Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Component Type", - "description" : "A category describing the purpose of the component.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "this-system", - "system", - "interconnection", - "software", - "hardware", - "service", - "policy", - "physical", - "process-procedure", - "plan", - "guidance", - "standard", - "validation", - "network" ] } ] }, - "title" : - { "title" : "Component Title", - "description" : "A human readable name for the system component.", - "type" : "string" }, - "description" : - { "title" : "Component Description", - "description" : "A description of the component, including information about its function.", - "type" : "string" }, - "purpose" : - { "title" : "Purpose", - "description" : "A summary of the technological or business purpose of the component.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "status" : - { "title" : "Status", - "description" : "Describes the operational status of the system component.", + "minItems" : 1, + "items" : + { "title" : "Risk Response Reference", + "description" : "Identifies an individual risk response that this log entry is for.", "type" : "object", "properties" : - { "state" : - { "title" : "State", - "description" : "The operational status.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "under-development", - "operational", - "disposition", - "other" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, + { "response-uuid" : + { "title" : "Response Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique risk response.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "related-tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_related-task" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : - [ "state" ], - "additionalProperties" : false }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "protocols" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type", - "title", - "description", - "status" ], - "additionalProperties" : false }, - "oscal-ar-oscal-implementation-common:protocol" : - { "title" : "Service Protocol Information", - "description" : "Information about the protocol used to provide a service.", - "$id" : "#assembly_oscal-implementation-common_protocol", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Service Protocol Information Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "name" : - { "title" : "Protocol Name", - "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "title" : - { "title" : "Protocol Title", - "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", - "type" : "string" }, - "port-ranges" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_port-range" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-ar-oscal-implementation-common:port-range" : - { "title" : "Port Range", - "description" : "Where applicable this is the IPv4 port range on which the service operates.", - "$id" : "#assembly_oscal-implementation-common_port-range", - "type" : "object", - "properties" : - { "start" : - { "title" : "Start", - "description" : "Indicates the starting port number in a port range", - "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, - "end" : - { "title" : "End", - "description" : "Indicates the ending port number in a port range", - "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, - "transport" : - { "title" : "Transport", - "description" : "Indicates the transport type.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "TCP", - "UDP" ] } ] } }, - "additionalProperties" : false }, - "oscal-ar-oscal-implementation-common:implementation-status" : - { "title" : "Implementation Status", - "description" : "Indicates the degree to which the a given control is implemented.", - "$id" : "#assembly_oscal-implementation-common_implementation-status", - "type" : "object", - "properties" : - { "state" : - { "title" : "Implementation State", - "description" : "Identifies the implementation status of the control or control objective.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "implemented", - "partial", - "planned", - "alternative", - "not-applicable" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "oscal-ar-oscal-implementation-common:system-user" : - { "title" : "System User", - "description" : "A type of user that interacts with the system based on an associated role.", - "$id" : "#assembly_oscal-implementation-common_system-user", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "User Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "User Title", - "description" : "A name given to the user, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "User Short Name", - "description" : "A short common name, abbreviation, or acronym for the user.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "User Description", - "description" : "A summary of the user's purpose within the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "role-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_role-id" } }, - "authorized-privileges" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_authorized-privilege" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false }, - "oscal-ar-oscal-implementation-common:authorized-privilege" : - { "title" : "Privilege", - "description" : "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", - "$id" : "#assembly_oscal-implementation-common_authorized-privilege", - "type" : "object", - "properties" : - { "title" : - { "title" : "Privilege Title", - "description" : "A human readable name for the privilege.", - "type" : "string" }, - "description" : - { "title" : "Privilege Description", - "description" : "A summary of the privilege's purpose within the system.", - "type" : "string" }, - "functions-performed" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-implementation-common_function-performed" } } }, - "required" : - [ "title", - "functions-performed" ], - "additionalProperties" : false }, - "oscal-ar-oscal-implementation-common:function-performed" : - { "title" : "Functions Performed", - "description" : "Describes a function performed for a given authorized privilege by this user class.", - "$id" : "#field_oscal-implementation-common_function-performed", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ar-oscal-implementation-common:inventory-item" : - { "title" : "Inventory Item", - "description" : "A single managed inventory item within the system.", - "$id" : "#assembly_oscal-implementation-common_inventory-item", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Inventory Item Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Inventory Item Description", - "description" : "A summary of the inventory item stating its purpose within the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "implemented-components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Implemented Component", - "description" : "The set of components that are implemented in a given system inventory item.", - "type" : "object", - "properties" : - { "component-uuid" : - { "title" : "Component Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "component-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false }, - "oscal-ar-oscal-implementation-common:set-parameter" : - { "title" : "Set Parameter Value", - "description" : "Identifies the parameter that will be set by the enclosed value.", - "$id" : "#assembly_oscal-implementation-common_set-parameter", - "type" : "object", - "properties" : - { "param-id" : - { "title" : "Parameter ID", - "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", - "$ref" : "#/definitions/TokenDatatype" }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Parameter Value", - "description" : "A parameter value or set of values.", - "$ref" : "#/definitions/StringDatatype" } }, + [ "response-uuid" ], + "additionalProperties" : false } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "param-id", - "values" ], - "additionalProperties" : false }, - "oscal-ar-oscal-implementation-common:system-id" : - { "title" : "System Identification", - "description" : "A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.", - "$id" : "#field_oscal-implementation-common_system-id", - "type" : "object", - "properties" : - { "identifier-type" : - { "title" : "Identification System Type", - "description" : "Identifies the identification system from which the provided identifier was assigned.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "https://fedramp.gov", - "http://fedramp.gov/ns/oscal", - "https://ietf.org/rfc/rfc4122", - "http://ietf.org/rfc/rfc4122" ] } ] }, - "id" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "id" ], - "additionalProperties" : false }, - "Base64Datatype" : - { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", - "type" : "string", - "pattern" : "^[0-9A-Za-z+/]+={0,2}$", - "contentEncoding" : "base64" }, - "DateTimeWithTimezoneDatatype" : - { "description" : "A string representing a point in time with a required timezone.", - "type" : "string", - "format" : "date-time", - "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, - "EmailAddressDatatype" : - { "description" : "An email address string formatted according to RFC 6531.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" } ] }, - "IntegerDatatype" : - { "description" : "A whole number value.", - "type" : "integer" }, - "NonNegativeIntegerDatatype" : - { "description" : "An integer value that is equal to or greater than 0.", - "allOf" : - [ - { "$ref" : "#/definitions/IntegerDatatype" }, + "required" : + [ "uuid", + "start" ], + "additionalProperties" : false } } }, + "required" : + [ "entries" ], + "additionalProperties" : false }, + "related-observations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Related Observation", + "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", + "type" : "object", + "properties" : + { "observation-uuid" : + { "title" : "Observation Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "observation-uuid" ], + "additionalProperties" : false } } }, + "required" : + [ "uuid", + "title", + "description", + "statement", + "status" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:logged-by" : + { "title" : "Logged By", + "description" : "Used to indicate who created a log entry in what role.", + "$id" : "#assembly_oscal-assessment-common_logged-by", + "type" : "object", + "properties" : + { "party-uuid" : + { "title" : "Party UUID Reference", + "description" : "A machine-oriented identifier reference to the party who is making the log entry.", + "$ref" : "#/definitions/UUIDDatatype" }, + "role-id" : + { "title" : "Actor Role", + "description" : "A point to the role-id of the role in which the party is making the log entry.", + "$ref" : "#/definitions/TokenDatatype" } }, + "required" : + [ "party-uuid" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:risk-status" : + { "title" : "Risk Status", + "description" : "Describes the status of the associated risk.", + "$id" : "#field_oscal-assessment-common_risk-status", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "open", + "investigating", + "remediating", + "deviation-requested", + "deviation-approved", + "closed" ] } ] }, + "oscal-ar-oscal-assessment-common:characterization" : + { "title" : "Characterization", + "description" : "A collection of descriptive data about the containing object from a specific origin.", + "$id" : "#assembly_oscal-assessment-common_characterization", + "type" : "object", + "properties" : + { "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "origin" : + { "$ref" : "#assembly_oscal-assessment-common_origin" }, + "facets" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Facet", + "description" : "An individual characteristic that is part of a larger set produced by the same actor.", + "type" : "object", + "properties" : + { "name" : + { "title" : "Facet Name", + "description" : "The name of the risk metric within the specified system.", + "$ref" : "#/definitions/TokenDatatype" }, + "system" : + { "title" : "Naming System", + "description" : "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, - { "type" : "number", - "minimum" : 0 } ] }, - "PositiveIntegerDatatype" : - { "description" : "An integer value that is greater than 0.", + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal/unknown", + "http://cve.mitre.org", + "http://www.first.org/cvss/v2.0", + "http://www.first.org/cvss/v3.0", + "http://www.first.org/cvss/v3.1" ] } ] }, + "value" : + { "title" : "Facet Value", + "description" : "Indicates the value of the facet.", + "$ref" : "#/definitions/StringDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "name", + "system", + "value" ], + "additionalProperties" : false } } }, + "required" : + [ "origin", + "facets" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:response" : + { "title" : "Risk Response", + "description" : "Describes either recommended or an actual plan for addressing the risk.", + "$id" : "#assembly_oscal-assessment-common_response", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Remediation Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "lifecycle" : + { "title" : "Remediation Intent", + "description" : "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "recommendation", + "planned", + "completed" ] } ] }, + "title" : + { "title" : "Response Title", + "description" : "The title for this response activity.", + "type" : "string" }, + "description" : + { "title" : "Response Description", + "description" : "A human-readable description of this response plan.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "required-assets" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Required Asset", + "description" : "Identifies an asset required to achieve remediation.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Required Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, + "title" : + { "title" : "Title for Required Asset", + "description" : "The title for this required asset.", + "type" : "string" }, + "description" : + { "title" : "Description of Required Asset", + "description" : "A human-readable description of this required asset.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_task" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "lifecycle", + "title", + "description" ], + "additionalProperties" : false }, + "oscal-ar-oscal-assessment-common:assessment-part" : + { "title" : "Assessment Part", + "description" : "A partition of an assessment plan or results or a child of another part.", + "$id" : "#assembly_oscal-assessment-common_assessment-part", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Part Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "asset", + "method", + "objective" ] } ] }, + "ns" : + { "title" : "Part Namespace", + "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "class" : + { "title" : "Part Class", + "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Part Title", + "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-ar-oscal-control-common:part" : + { "title" : "Part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", + "type" : "object", + "properties" : + { "id" : + { "title" : "Part Identifier", + "description" : "A unique identifier for the part.", + "$ref" : "#/definitions/TokenDatatype" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", + "$ref" : "#/definitions/TokenDatatype" }, + "ns" : + { "title" : "Part Namespace", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "class" : + { "title" : "Part Class", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Part Title", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-ar-oscal-control-common:parameter" : + { "title" : "Parameter", + "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", + "$id" : "#assembly_oscal-control-common_parameter", + "type" : "object", + "properties" : + { "id" : + { "title" : "Parameter Identifier", + "description" : "A unique identifier for the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Parameter Class", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "depends-on" : + { "title" : "Depends on", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "label" : + { "title" : "Parameter Label", + "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", + "type" : "string" }, + "usage" : + { "title" : "Parameter Usage Description", + "description" : "Describes the purpose and use of a parameter.", + "type" : "string" }, + "constraints" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, + "guidelines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-control-common_parameter-value" } }, + "select" : + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id" ], + "additionalProperties" : false }, + "oscal-ar-oscal-control-common:parameter-constraint" : + { "title" : "Constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", + "type" : "object", + "properties" : + { "description" : + { "title" : "Constraint Description", + "description" : "A textual summary of the constraint to be applied.", + "type" : "string" }, + "tests" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Constraint Test", + "description" : "A test expression which is expected to be evaluated by a tool.", + "type" : "object", + "properties" : + { "expression" : + { "title" : "Constraint test", + "description" : "A formal (executable) expression of a constraint.", + "$ref" : "#/definitions/StringDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "expression" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-ar-oscal-control-common:parameter-guideline" : + { "title" : "Guideline", + "description" : "A prose statement that provides a recommendation for the use of a parameter.", + "$id" : "#assembly_oscal-control-common_parameter-guideline", + "type" : "object", + "properties" : + { "prose" : + { "title" : "Guideline Text", + "description" : "Prose permits multiple paragraphs, lists, tables etc.", + "type" : "string" } }, + "required" : + [ "prose" ], + "additionalProperties" : false }, + "oscal-ar-oscal-control-common:parameter-value" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$id" : "#field_oscal-control-common_parameter-value", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ar-oscal-control-common:parameter-selection" : + { "title" : "Selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", + "type" : "object", + "properties" : + { "how-many" : + { "title" : "Parameter Cardinality", + "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, + "choice" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Choice", + "description" : "A value selection among several such options.", + "type" : "string" } } }, + "additionalProperties" : false }, + "oscal-ar-oscal-control-common:include-all" : + { "title" : "Include All", + "description" : "Include all controls from the imported catalog or profile resources.", + "$id" : "#assembly_oscal-control-common_include-all", + "type" : "object", + "additionalProperties" : false }, + "oscal-ar-oscal-implementation-common:system-component" : + { "title" : "Component", + "description" : "A defined component that can be part of an implemented system.", + "$id" : "#assembly_oscal-implementation-common_system-component", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Component Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Component Type", + "description" : "A category describing the purpose of the component.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "this-system", + "system", + "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation", + "network" ] } ] }, + "title" : + { "title" : "Component Title", + "description" : "A human readable name for the system component.", + "type" : "string" }, + "description" : + { "title" : "Component Description", + "description" : "A description of the component, including information about its function.", + "type" : "string" }, + "purpose" : + { "title" : "Purpose", + "description" : "A summary of the technological or business purpose of the component.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "status" : + { "title" : "Status", + "description" : "Describes the operational status of the system component.", + "type" : "object", + "properties" : + { "state" : + { "title" : "State", + "description" : "The operational status.", "allOf" : [ - { "$ref" : "#/definitions/IntegerDatatype" }, - - { "type" : "number", - "minimum" : 1 } ] }, - "StringDatatype" : - { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, - "TokenDatatype" : - { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, - "URIDatatype" : - { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, - "URIReferenceDatatype" : - { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", - "type" : "string", - "format" : "uri-reference" }, - "UUIDDatatype" : - { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "under-development", + "operational", + "disposition", + "other" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "protocols" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "title", + "description", + "status" ], + "additionalProperties" : false }, + "oscal-ar-oscal-implementation-common:protocol" : + { "title" : "Service Protocol Information", + "description" : "Information about the protocol used to provide a service.", + "$id" : "#assembly_oscal-implementation-common_protocol", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Service Protocol Information Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "name" : + { "title" : "Protocol Name", + "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", + "$ref" : "#/definitions/StringDatatype" }, + "title" : + { "title" : "Protocol Title", + "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", + "type" : "string" }, + "port-ranges" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_port-range" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-ar-oscal-implementation-common:port-range" : + { "title" : "Port Range", + "description" : "Where applicable this is the IPv4 port range on which the service operates.", + "$id" : "#assembly_oscal-implementation-common_port-range", + "type" : "object", + "properties" : + { "start" : + { "title" : "Start", + "description" : "Indicates the starting port number in a port range", + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, + "end" : + { "title" : "End", + "description" : "Indicates the ending port number in a port range", + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, + "transport" : + { "title" : "Transport", + "description" : "Indicates the transport type.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "TCP", + "UDP" ] } ] } }, + "additionalProperties" : false }, + "oscal-ar-oscal-implementation-common:implementation-status" : + { "title" : "Implementation Status", + "description" : "Indicates the degree to which the a given control is implemented.", + "$id" : "#assembly_oscal-implementation-common_implementation-status", + "type" : "object", + "properties" : + { "state" : + { "title" : "Implementation State", + "description" : "Identifies the implementation status of the control or control objective.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "implemented", + "partial", + "planned", + "alternative", + "not-applicable" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "oscal-ar-oscal-implementation-common:system-user" : + { "title" : "System User", + "description" : "A type of user that interacts with the system based on an associated role.", + "$id" : "#assembly_oscal-implementation-common_system-user", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "User Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "User Title", + "description" : "A name given to the user, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "User Short Name", + "description" : "A short common name, abbreviation, or acronym for the user.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "User Description", + "description" : "A summary of the user's purpose within the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "role-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_role-id" } }, + "authorized-privileges" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_authorized-privilege" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false }, + "oscal-ar-oscal-implementation-common:authorized-privilege" : + { "title" : "Privilege", + "description" : "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", + "$id" : "#assembly_oscal-implementation-common_authorized-privilege", + "type" : "object", + "properties" : + { "title" : + { "title" : "Privilege Title", + "description" : "A human readable name for the privilege.", + "type" : "string" }, + "description" : + { "title" : "Privilege Description", + "description" : "A summary of the privilege's purpose within the system.", + "type" : "string" }, + "functions-performed" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-implementation-common_function-performed" } } }, + "required" : + [ "title", + "functions-performed" ], + "additionalProperties" : false }, + "oscal-ar-oscal-implementation-common:function-performed" : + { "title" : "Functions Performed", + "description" : "Describes a function performed for a given authorized privilege by this user class.", + "$id" : "#field_oscal-implementation-common_function-performed", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ar-oscal-implementation-common:inventory-item" : + { "title" : "Inventory Item", + "description" : "A single managed inventory item within the system.", + "$id" : "#assembly_oscal-implementation-common_inventory-item", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Inventory Item Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Inventory Item Description", + "description" : "A summary of the inventory item stating its purpose within the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "implemented-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Implemented Component", + "description" : "The set of components that are implemented in a given system inventory item.", + "type" : "object", + "properties" : + { "component-uuid" : + { "title" : "Component Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "component-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false }, + "oscal-ar-oscal-implementation-common:set-parameter" : + { "title" : "Set Parameter Value", + "description" : "Identifies the parameter that will be set by the enclosed value.", + "$id" : "#assembly_oscal-implementation-common_set-parameter", + "type" : "object", + "properties" : + { "param-id" : + { "title" : "Parameter ID", + "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", + "$ref" : "#/definitions/TokenDatatype" }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$ref" : "#/definitions/StringDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "param-id", + "values" ], + "additionalProperties" : false }, + "oscal-ar-oscal-implementation-common:system-id" : + { "title" : "System Identification", + "description" : "A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.", + "$id" : "#field_oscal-implementation-common_system-id", + "type" : "object", "properties" : - { "$schema" : - { "$ref" : "#json-schema-directive" }, - "assessment-results" : - { "$ref" : "#assembly_oscal-ar_assessment-results" } }, + { "identifier-type" : + { "title" : "Identification System Type", + "description" : "Identifies the identification system from which the provided identifier was assigned.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "https://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "https://ietf.org/rfc/rfc4122", + "http://ietf.org/rfc/rfc4122" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, "required" : - [ "assessment-results" ], - "additionalProperties" : false } \ No newline at end of file + [ "id" ], + "additionalProperties" : false }, + "Base64Datatype" : + { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", + "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "DateTimeWithTimezoneDatatype" : + { "description" : "A string representing a point in time with a required timezone.", + "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "description" : "An email address string formatted according to RFC 6531.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "IntegerDatatype" : + { "description" : "A whole number value.", + "type" : "integer" }, + "NonNegativeIntegerDatatype" : + { "description" : "An integer value that is equal to or greater than 0.", + "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 0 } ] }, + "PositiveIntegerDatatype" : + { "description" : "An integer value that is greater than 0.", + "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 1 } ] }, + "StringDatatype" : + { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", + "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", + "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", + "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", + "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "assessment-results" : + { "$ref" : "#assembly_oscal-ar_assessment-results" } }, + "required" : + [ "assessment-results" ], + "additionalProperties" : false } \ No newline at end of file diff --git a/json/schema/oscal_catalog_schema.json b/json/schema/oscal_catalog_schema.json index d145139aed..601864f221 100644 --- a/json/schema/oscal_catalog_schema.json +++ b/json/schema/oscal_catalog_schema.json @@ -1,1044 +1,1227 @@ - { "$schema" : "http://json-schema.org/draft-07/schema#", - "$id" : "http://csrc.nist.gov/ns/oscal/1.0.6/oscal-catalog-schema.json", - "$comment" : "OSCAL Control Catalog Model: JSON Schema", + { "$schema" : "http://json-schema.org/draft-07/schema#", + "$id" : "http://csrc.nist.gov/ns/oscal/1.0.6/oscal-catalog-schema.json", + "$comment" : "OSCAL Control Catalog Model: JSON Schema", + "type" : "object", + "definitions" : + { "json-schema-directive" : + { "title" : "Schema Directive", + "description" : "A JSON Schema directive to bind a specific schema to its document instance.", + "$id" : "#json-schema-directive", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "oscal-catalog-oscal-catalog:catalog" : + { "title" : "Catalog", + "description" : "A structured, organized collection of control information.", + "$id" : "#assembly_oscal-catalog_catalog", "type" : "object", - "definitions" : - { "json-schema-directive" : - { "title" : "Schema Directive", - "description" : "A JSON Schema directive to bind a specific schema to its document instance.", - "$id" : "#json-schema-directive", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "oscal-catalog-oscal-catalog:catalog" : - { "title" : "Catalog", - "description" : "A collection of controls.", - "$id" : "#assembly_oscal-catalog_catalog", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Catalog Universally Unique Identifier", - "description" : "A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised.", - "$ref" : "#/definitions/UUIDDatatype" }, - "metadata" : - { "$ref" : "#assembly_oscal-metadata_metadata" }, - "params" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, - "controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog_control" } }, - "groups" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog_group" } }, - "back-matter" : - { "$ref" : "#assembly_oscal-metadata_back-matter" } }, - "required" : - [ "uuid", - "metadata" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-catalog:group" : - { "title" : "Control Group", - "description" : "A group of controls, or of groups of controls.", - "$id" : "#assembly_oscal-catalog_group", - "type" : "object", - "properties" : - { "id" : - { "title" : "Group Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Group Class", - "description" : "A textual label that provides a sub-type or characterization of the group.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Group Title", - "description" : "A name given to the group, which may be used by a tool for display and navigation.", - "type" : "string" }, - "params" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "groups" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog_group" } }, - "controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog_control" } } }, - "required" : - [ "title" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-catalog:control" : - { "title" : "Control", - "description" : "A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance.", - "$id" : "#assembly_oscal-catalog_control", - "type" : "object", - "properties" : - { "id" : - { "title" : "Control Identifier", - "description" : "A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Control Class", - "description" : "A textual label that provides a sub-type or characterization of the control.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Control Title", - "description" : "A name given to the control, which may be used by a tool for display and navigation.", - "type" : "string" }, - "params" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog_control" } } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-catalog-common:part" : - { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", - "type" : "object", - "properties" : - { "id" : - { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "name" : - { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", - "$ref" : "#/definitions/TokenDatatype" }, - "ns" : - { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "class" : - { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "prose" : - { "title" : "Part Text", - "description" : "Permits multiple paragraphs, lists, tables etc.", - "type" : "string" }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-catalog-common:parameter" : - { "title" : "Parameter", - "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", - "type" : "object", - "properties" : - { "id" : - { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", - "$ref" : "#/definitions/TokenDatatype" }, - "depends-on" : - { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "label" : - { "title" : "Parameter Label", - "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", - "type" : "string" }, - "usage" : - { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", - "type" : "string" }, - "constraints" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, - "guidelines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, - "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-catalog-common:parameter-constraint" : - { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", - "type" : "object", - "properties" : - { "description" : - { "title" : "Constraint Description", - "description" : "A textual summary of the constraint to be applied.", - "type" : "string" }, - "tests" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Constraint Test", - "description" : "A test expression which is expected to be evaluated by a tool.", - "type" : "object", - "properties" : - { "expression" : - { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", - "$ref" : "#/definitions/StringDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "expression" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-catalog-oscal-catalog-common:parameter-guideline" : - { "title" : "Guideline", - "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", - "type" : "object", - "properties" : - { "prose" : - { "title" : "Guideline Text", - "description" : "Prose permits multiple paragraphs, lists, tables etc.", - "type" : "string" } }, - "required" : - [ "prose" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-catalog-common:parameter-value" : - { "title" : "Parameter Value", - "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-catalog-oscal-catalog-common:parameter-selection" : - { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", - "type" : "object", - "properties" : - { "how-many" : - { "title" : "Parameter Cardinality", - "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "one", - "one-or-more" ] } ] }, - "choice" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Choice", - "description" : "A value selection among several such options.", - "type" : "string" } } }, - "additionalProperties" : false }, - "oscal-catalog-oscal-catalog-common:include-all" : - { "title" : "Include All", - "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", - "type" : "object", - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", - "$id" : "#assembly_oscal-metadata_metadata", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "revisions" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, - "locations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, - "parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "title", - "last-modified", - "version", - "oscal-version" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:revision" : + "properties" : + { "uuid" : + { "title" : "Catalog Universally Unique Identifier", + "description" : "Provides a globally unique means to identify a given catalog instance.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter" } }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-catalog_control" } }, + "groups" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-catalog_group" } }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-catalog:group" : + { "title" : "Control Group", + "description" : "A group of controls, or of groups of controls.", + "$id" : "#assembly_oscal-catalog_group", + "type" : "object", + "properties" : + { "id" : + { "title" : "Group Identifier", + "description" : "Identifies the group for the purpose of cross-linking within the defining instance or from other instances that reference the catalog.", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Group Class", + "description" : "A textual label that provides a sub-type or characterization of the group.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Group Title", + "description" : "A name given to the group, which may be used by a tool for display and navigation.", + "type" : "string" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "groups" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-catalog_group" } }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-catalog_control" } } }, + "required" : + [ "title" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-catalog:control" : + { "title" : "Control", + "description" : "A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information.", + "$id" : "#assembly_oscal-catalog_control", + "type" : "object", + "properties" : + { "id" : + { "title" : "Control Identifier", + "description" : "Identifies a control such that it can be referenced in the defining catalog and other OSCAL instances (e.g., profiles).", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Control Class", + "description" : "A textual label that provides a sub-type or characterization of the control.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Control Title", + "description" : "A name given to the control, which may be used by a tool for display and navigation.", + "type" : "string" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "mapping" : + { "title" : "Mapping", + "description" : "A mapping between the containing control and another resource.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Mapping Identifier", + "description" : "The unique identifier for the mapping.", + "$ref" : "#/definitions/UUIDDatatype" }, + "target-resource" : + { "$ref" : "#assembly_oscal-mapping-common_mapping-resource-reference" }, + "maps" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-mapping-common_map" } } }, + "required" : + [ "uuid", + "target-resource", + "maps" ], + "additionalProperties" : false }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-catalog_control" } } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-control-common:part" : + { "title" : "Part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", + "type" : "object", + "properties" : + { "id" : + { "title" : "Part Identifier", + "description" : "A unique identifier for the part.", + "$ref" : "#/definitions/TokenDatatype" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", + "$ref" : "#/definitions/TokenDatatype" }, + "ns" : + { "title" : "Part Namespace", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "class" : + { "title" : "Part Class", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Part Title", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-control-common:parameter" : + { "title" : "Parameter", + "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", + "$id" : "#assembly_oscal-control-common_parameter", + "type" : "object", + "properties" : + { "id" : + { "title" : "Parameter Identifier", + "description" : "A unique identifier for the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Parameter Class", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "depends-on" : + { "title" : "Depends on", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "label" : + { "title" : "Parameter Label", + "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", + "type" : "string" }, + "usage" : + { "title" : "Parameter Usage Description", + "description" : "Describes the purpose and use of a parameter.", + "type" : "string" }, + "constraints" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, + "guidelines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-control-common_parameter-value" } }, + "select" : + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-control-common:parameter-constraint" : + { "title" : "Constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", + "type" : "object", + "properties" : + { "description" : + { "title" : "Constraint Description", + "description" : "A textual summary of the constraint to be applied.", + "type" : "string" }, + "tests" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Constraint Test", + "description" : "A test expression which is expected to be evaluated by a tool.", + "type" : "object", + "properties" : + { "expression" : + { "title" : "Constraint test", + "description" : "A formal (executable) expression of a constraint.", + "$ref" : "#/definitions/StringDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "expression" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-catalog-oscal-control-common:parameter-guideline" : + { "title" : "Guideline", + "description" : "A prose statement that provides a recommendation for the use of a parameter.", + "$id" : "#assembly_oscal-control-common_parameter-guideline", + "type" : "object", + "properties" : + { "prose" : + { "title" : "Guideline Text", + "description" : "Prose permits multiple paragraphs, lists, tables etc.", + "type" : "string" } }, + "required" : + [ "prose" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-control-common:parameter-value" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$id" : "#field_oscal-control-common_parameter-value", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-catalog-oscal-control-common:parameter-selection" : + { "title" : "Selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", + "type" : "object", + "properties" : + { "how-many" : + { "title" : "Parameter Cardinality", + "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, + "choice" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Choice", + "description" : "A value selection among several such options.", + "type" : "string" } } }, + "additionalProperties" : false }, + "oscal-catalog-oscal-control-common:include-all" : + { "title" : "Include All", + "description" : "Include all controls from the imported catalog or profile resources.", + "$id" : "#assembly_oscal-control-common_include-all", + "type" : "object", + "additionalProperties" : false }, + "oscal-catalog-oscal-metadata:metadata" : + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", + "$id" : "#assembly_oscal-metadata_metadata", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "revisions" : + { "type" : "array", + "minItems" : 1, + "items" : { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:location" : + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, + "locations" : + { "type" : "array", + "minItems" : 1, + "items" : { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_location-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-catalog-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, + "parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "anyOf" : [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://orcid.org/" ] } ] }, - "id" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "actions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_action" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "title", + "last-modified", + "version", + "oscal-version" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-metadata:location-uuid" : + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", + "$id" : "#field_oscal-metadata_location-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-catalog-oscal-metadata:party-uuid" : + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", + "$id" : "#field_oscal-metadata_party-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-catalog-oscal-metadata:role-id" : + { "title" : "Role Identifier Reference", + "description" : "Reference to a role by UUID.", + "$id" : "#field_oscal-metadata_role-id", + "$ref" : "#/definitions/TokenDatatype" }, + "oscal-catalog-oscal-metadata:back-matter" : + { "title" : "Back matter", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", + "$id" : "#assembly_oscal-metadata_back-matter", + "type" : "object", + "properties" : + { "resources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Resource Universally Unique Identifier", + "description" : "A unique identifier for a resource.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Resource Title", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", + "type" : "string" }, + "description" : + { "title" : "Resource Description", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "citation" : + { "title" : "Citation", + "description" : "An optional citation consisting of end note text using structured markup.", + "type" : "object", + "properties" : + { "text" : + { "title" : "Citation Text", + "description" : "A line of citation text.", + "type" : "string" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_party-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-catalog-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "text" ], + "additionalProperties" : false }, + "rlinks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource link", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL pointing to the referenced resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", + "hashes" : + { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:role-id" : - { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$id" : "#field_oscal-metadata_role-id", - "$ref" : "#/definitions/TokenDatatype" }, - "oscal-catalog-oscal-metadata:back-matter" : - { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", - "$id" : "#assembly_oscal-metadata_back-matter", - "type" : "object", - "properties" : - { "resources" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", - "type" : "string" }, - "description" : - { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "citation" : - { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", - "type" : "object", - "properties" : - { "text" : - { "title" : "Citation Text", - "description" : "A line of citation text.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "text" ], - "additionalProperties" : false }, - "rlinks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "hashes" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_hash" } } }, - "required" : - [ "href" ], - "additionalProperties" : false } }, - "base64" : - { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", - "type" : "object", - "properties" : - { "filename" : - { "title" : "File Name", - "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "value" : - { "$ref" : "#/definitions/Base64Datatype" } }, - "required" : - [ "value" ], - "additionalProperties" : false }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:property" : - { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", - "$id" : "#assembly_oscal-metadata_property", - "type" : "object", - "properties" : - { "name" : - { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "marking" ] } ] }, - "uuid" : - { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "ns" : - { "title" : "Property Namespace", - "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "value" : - { "title" : "Property Value", - "description" : "Indicates the value of the attribute, characteristic, or quality.", - "$ref" : "#/definitions/StringDatatype" }, - "class" : - { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "name", - "value" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:link" : - { "title" : "Link", - "description" : "A reference to a local or remote resource", - "$id" : "#assembly_oscal-metadata_link", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URL reference to a resource.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "reference" ] } ] }, + { "$ref" : "#field_oscal-metadata_hash" } } }, + "required" : + [ "href" ], + "additionalProperties" : false } }, + "base64" : + { "title" : "Base64", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", + "type" : "object", + "properties" : + { "filename" : + { "title" : "File Name", + "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", + "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "text" : - { "title" : "Link Text", - "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", - "type" : "string" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:responsible-party" : - { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-party", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$ref" : "#/definitions/TokenDatatype" }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id", - "party-uuids" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:responsible-role" : - { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-role", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:hash" : - { "title" : "Hash", - "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", - "$id" : "#field_oscal-metadata_hash", - "type" : "object", - "properties" : - { "algorithm" : - { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "SHA-224", - "SHA-256", - "SHA-384", - "SHA-512", - "SHA3-224", - "SHA3-256", - "SHA3-384", - "SHA3-512" ] } ] }, + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, "value" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "value", - "algorithm" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:remarks" : - { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", - "$id" : "#field_oscal-metadata_remarks", - "type" : "string" }, - "oscal-catalog-oscal-metadata:published" : - { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_published", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-catalog-oscal-metadata:last-modified" : - { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_last-modified", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-catalog-oscal-metadata:version" : - { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", - "$id" : "#field_oscal-metadata_version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-catalog-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", - "$id" : "#field_oscal-metadata_oscal-version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-catalog-oscal-metadata:email-address" : - { "title" : "Email Address", - "description" : "An email address as defined by RFC 5322 Section 3.4.1.", - "$id" : "#field_oscal-metadata_email-address", - "$ref" : "#/definitions/EmailAddressDatatype" }, - "oscal-catalog-oscal-metadata:telephone-number" : - { "title" : "Telephone Number", - "description" : "Contact number by telephone.", - "$id" : "#field_oscal-metadata_telephone-number", - "type" : "object", - "properties" : - { "type" : - { "title" : "type flag", - "description" : "Indicates the type of phone number.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "home", - "office", - "mobile" ] } ] }, - "number" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "number" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:address" : - { "title" : "Address", - "description" : "A postal address for the location.", - "$id" : "#assembly_oscal-metadata_address", - "type" : "object", - "properties" : - { "type" : - { "title" : "Address Type", - "description" : "Indicates the type of address.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "home", - "work" ] } ] }, - "addr-lines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_addr-line" } }, - "city" : - { "title" : "City", - "description" : "City, town or geographical region for the mailing address.", - "$ref" : "#/definitions/StringDatatype" }, - "state" : - { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "postal-code" : - { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "country" : - { "title" : "Country Code", - "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "$ref" : "#/definitions/StringDatatype" } }, - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:addr-line" : - { "title" : "Address line", - "description" : "A single line of an address.", - "$id" : "#field_oscal-metadata_addr-line", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-catalog-oscal-metadata:document-id" : - { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", - "$id" : "#field_oscal-metadata_document-id", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "Document Identification Scheme", - "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://www.doi.org/" ] } ] }, - "identifier" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "identifier" ], - "additionalProperties" : false }, - "Base64Datatype" : - { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", - "type" : "string", - "pattern" : "^[0-9A-Za-z+/]+={0,2}$", - "contentEncoding" : "base64" }, - "DateTimeWithTimezoneDatatype" : - { "description" : "A string representing a point in time with a required timezone.", - "type" : "string", - "format" : "date-time", - "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, - "EmailAddressDatatype" : - { "description" : "An email address string formatted according to RFC 6531.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" } ] }, - "StringDatatype" : - { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, - "TokenDatatype" : - { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, - "URIDatatype" : - { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, - "URIReferenceDatatype" : - { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", - "type" : "string", - "format" : "uri-reference" }, - "UUIDDatatype" : - { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + { "$ref" : "#/definitions/Base64Datatype" } }, + "required" : + [ "value" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-catalog-oscal-metadata:property" : + { "title" : "Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", + "$id" : "#assembly_oscal-metadata_property", + "type" : "object", + "properties" : + { "name" : + { "title" : "Property Name", + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "$ref" : "#/definitions/TokenDatatype" }, + "uuid" : + { "title" : "Property Universally Unique Identifier", + "description" : "A unique identifier for a property.", + "$ref" : "#/definitions/UUIDDatatype" }, + "ns" : + { "title" : "Property Namespace", + "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "value" : + { "title" : "Property Value", + "description" : "Indicates the value of the attribute, characteristic, or quality.", + "$ref" : "#/definitions/StringDatatype" }, + "class" : + { "title" : "Property Class", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", + "$ref" : "#/definitions/TokenDatatype" }, + "group" : + { "title" : "Property Group", + "description" : "An identifier for relating distinct sets of properties.", + "$ref" : "#/definitions/TokenDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "name", + "value" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-metadata:link" : + { "title" : "Link", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", + "$id" : "#assembly_oscal-metadata_link", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL reference to a resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "rel" : + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "resource-fragment" : + { "title" : "Resource Fragment", + "description" : "In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded.", + "$ref" : "#/definitions/StringDatatype" }, + "text" : + { "title" : "Link Text", + "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", + "type" : "string" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-metadata:responsible-party" : + { "title" : "Responsible Party", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", + "$id" : "#assembly_oscal-metadata_responsible-party", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role", + "description" : "A reference to a role performed by a party.", + "$ref" : "#/definitions/TokenDatatype" }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id", + "party-uuids" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-metadata:action" : + { "title" : "Action", + "description" : "An action applied by a role within a given party to the content.", + "$id" : "#assembly_oscal-metadata_action", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Action Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "date" : + { "title" : "Action Occurrence Date", + "description" : "The date and time when the action occurred.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "type" : + { "title" : "Action Type", + "description" : "The type of action documented by the assembly, such as an approval.", + "$ref" : "#/definitions/TokenDatatype" }, + "system" : + { "title" : "Action Type System", + "description" : "Specifies the action type system used.", + "$ref" : "#/definitions/URIDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "system" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-metadata:responsible-role" : + { "title" : "Responsible Role", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", + "$id" : "#assembly_oscal-metadata_responsible-role", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role ID", + "description" : "A human-oriented identifier reference to a role performed.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-metadata:hash" : + { "title" : "Hash", + "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", + "$id" : "#field_oscal-metadata_hash", + "type" : "object", + "properties" : + { "algorithm" : + { "title" : "Hash algorithm", + "description" : "The digest method by which a hash is derived.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, + "value" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "value", + "algorithm" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-metadata:remarks" : + { "title" : "Remarks", + "description" : "Additional commentary about the containing object.", + "$id" : "#field_oscal-metadata_remarks", + "type" : "string" }, + "oscal-catalog-oscal-metadata:published" : + { "title" : "Publication Timestamp", + "description" : "The date and time the document was last made available.", + "$id" : "#field_oscal-metadata_published", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-catalog-oscal-metadata:last-modified" : + { "title" : "Last Modified Timestamp", + "description" : "The date and time the document was last stored for later retrieval.", + "$id" : "#field_oscal-metadata_last-modified", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-catalog-oscal-metadata:version" : + { "title" : "Document Version", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", + "$id" : "#field_oscal-metadata_version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-catalog-oscal-metadata:oscal-version" : + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", + "$id" : "#field_oscal-metadata_oscal-version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-catalog-oscal-metadata:email-address" : + { "title" : "Email Address", + "description" : "An email address as defined by RFC 5322 Section 3.4.1.", + "$id" : "#field_oscal-metadata_email-address", + "$ref" : "#/definitions/EmailAddressDatatype" }, + "oscal-catalog-oscal-metadata:telephone-number" : + { "title" : "Telephone Number", + "description" : "A telephone service number as defined by ITU-T E.164.", + "$id" : "#field_oscal-metadata_telephone-number", + "type" : "object", + "properties" : + { "type" : + { "title" : "type flag", + "description" : "Indicates the type of phone number.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, + "number" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "number" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-metadata:address" : + { "title" : "Address", + "description" : "A postal address for the location.", + "$id" : "#assembly_oscal-metadata_address", + "type" : "object", + "properties" : + { "type" : + { "title" : "Address Type", + "description" : "Indicates the type of address.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, + "addr-lines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_addr-line" } }, + "city" : + { "title" : "City", + "description" : "City, town or geographical region for the mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "state" : + { "title" : "State", + "description" : "State, province or analogous geographical region for a mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "postal-code" : + { "title" : "Postal Code", + "description" : "Postal or ZIP code for mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "country" : + { "title" : "Country Code", + "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", + "$ref" : "#/definitions/StringDatatype" } }, + "additionalProperties" : false }, + "oscal-catalog-oscal-metadata:addr-line" : + { "title" : "Address line", + "description" : "A single line of an address.", + "$id" : "#field_oscal-metadata_addr-line", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-catalog-oscal-metadata:document-id" : + { "title" : "Document Identifier", + "description" : "A document identifier qualified by an identifier scheme.", + "$id" : "#field_oscal-metadata_document-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "Document Identification Scheme", + "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, + "identifier" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "identifier" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-mapping-common:map" : + { "title" : "Mapping Entry", + "description" : "A relationship-based mapping between a source and target set consisting of members (i.e., controls, control statements) from the respective source and target.", + "$id" : "#assembly_oscal-mapping-common_map", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Mapping Entry Identifier", + "description" : "The unique identifier for the mapping entry.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "relationship" : + { "title" : "Mapping Entry Relationship", + "description" : "The relationship type for the mapping entry, which describes the relationship between the effective requirements of the specified source and target sets.", + "type" : "object", + "properties" : + { "ns" : + { "title" : "Relationship Value Namespace", + "description" : "A namespace qualifying the relationship's value. This allows different organizations to associate distinct semantics for relationships with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "type" : + { "$ref" : "#/definitions/TokenDatatype" } }, + "required" : + [ "type" ], + "additionalProperties" : false }, + "sources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-mapping-common_mapping-item" } }, + "targets" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-mapping-common_mapping-item" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "relationship", + "sources", + "targets" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-mapping-common:mapping-item" : + { "title" : "Mapping Entry Item (source or target)", + "description" : "Identifies a specific edge within a source or target that is the subject of a mapping.", + "$id" : "#assembly_oscal-mapping-common_mapping-item", + "type" : "object", + "properties" : + { "type" : + { "title" : "Subject Type", + "description" : "The semantic type of the subject.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "control", + "statement" ] } ] }, + "id-ref" : + { "title" : "Subject Identifier Reference", + "description" : "A reference to an identified subject that is of the specified type.", + "$ref" : "#/definitions/StringDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "type", + "id-ref" ], + "additionalProperties" : false }, + "oscal-catalog-oscal-mapping-common:mapping-resource-reference" : + { "title" : "Mapped Resource Reference", + "description" : "A reference to a resource that is either the source or target of a mapping.", + "$id" : "#assembly_oscal-mapping-common_mapping-resource-reference", + "type" : "object", "properties" : - { "$schema" : - { "$ref" : "#json-schema-directive" }, - "catalog" : - { "$ref" : "#assembly_oscal-catalog_catalog" } }, + { "type" : + { "title" : "Resource Type", + "description" : "The semantic type of the resource.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "catalog" ] } ] }, + "href" : + { "title" : "Catalog or Profile Reference", + "description" : "A resolvable URL reference to the base catalog or profile that this profile is tailoring.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : - [ "catalog" ], - "additionalProperties" : false } \ No newline at end of file + [ "type", + "href" ], + "additionalProperties" : false }, + "Base64Datatype" : + { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", + "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "DateTimeWithTimezoneDatatype" : + { "description" : "A string representing a point in time with a required timezone.", + "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "description" : "An email address string formatted according to RFC 6531.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "StringDatatype" : + { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", + "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", + "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", + "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", + "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "catalog" : + { "$ref" : "#assembly_oscal-catalog_catalog" } }, + "required" : + [ "catalog" ], + "additionalProperties" : false } \ No newline at end of file diff --git a/json/schema/oscal_complete_schema.json b/json/schema/oscal_complete_schema.json index baa8ac509b..aa9d0f10b6 100644 --- a/json/schema/oscal_complete_schema.json +++ b/json/schema/oscal_complete_schema.json @@ -1,5121 +1,5351 @@ - { "$schema" : "http://json-schema.org/draft-07/schema#", - "$id" : "http://csrc.nist.gov/ns/oscal/1.0/1.0.6/oscal-complete-schema.json", - "$comment" : "OSCAL Unified Model of Models: JSON Schema", + { "$schema" : "http://json-schema.org/draft-07/schema#", + "$id" : "http://csrc.nist.gov/ns/oscal/1.0/1.0.6/oscal-complete-schema.json", + "$comment" : "OSCAL Unified Model of Models: JSON Schema", + "type" : "object", + "definitions" : + { "json-schema-directive" : + { "title" : "Schema Directive", + "description" : "A JSON Schema directive to bind a specific schema to its document instance.", + "$id" : "#json-schema-directive", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "oscal-complete-oscal-catalog:catalog" : + { "title" : "Catalog", + "description" : "A structured, organized collection of control information.", + "$id" : "#assembly_oscal-catalog_catalog", "type" : "object", - "definitions" : - { "json-schema-directive" : - { "title" : "Schema Directive", - "description" : "A JSON Schema directive to bind a specific schema to its document instance.", - "$id" : "#json-schema-directive", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "oscal-complete-oscal-catalog:catalog" : - { "title" : "Catalog", - "description" : "A collection of controls.", - "$id" : "#assembly_oscal-catalog_catalog", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Catalog Universally Unique Identifier", - "description" : "A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised.", - "$ref" : "#/definitions/UUIDDatatype" }, - "metadata" : - { "$ref" : "#assembly_oscal-metadata_metadata" }, - "params" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, - "controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog_control" } }, - "groups" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog_group" } }, - "back-matter" : - { "$ref" : "#assembly_oscal-metadata_back-matter" } }, - "required" : - [ "uuid", - "metadata" ], - "additionalProperties" : false }, - "oscal-complete-oscal-catalog:group" : - { "title" : "Control Group", - "description" : "A group of controls, or of groups of controls.", - "$id" : "#assembly_oscal-catalog_group", - "type" : "object", - "properties" : - { "id" : - { "title" : "Group Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Group Class", - "description" : "A textual label that provides a sub-type or characterization of the group.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Group Title", - "description" : "A name given to the group, which may be used by a tool for display and navigation.", - "type" : "string" }, - "params" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "groups" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog_group" } }, - "controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog_control" } } }, - "required" : - [ "title" ], - "additionalProperties" : false }, - "oscal-complete-oscal-catalog:control" : - { "title" : "Control", - "description" : "A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance.", - "$id" : "#assembly_oscal-catalog_control", - "type" : "object", - "properties" : - { "id" : - { "title" : "Control Identifier", - "description" : "A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Control Class", - "description" : "A textual label that provides a sub-type or characterization of the control.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Control Title", - "description" : "A name given to the control, which may be used by a tool for display and navigation.", - "type" : "string" }, - "params" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog_control" } } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, - "oscal-complete-oscal-catalog-common:part" : - { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", - "type" : "object", - "properties" : - { "id" : - { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "name" : - { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", - "$ref" : "#/definitions/TokenDatatype" }, - "ns" : - { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "class" : - { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", - "type" : "string" }, + "properties" : + { "uuid" : + { "title" : "Catalog Universally Unique Identifier", + "description" : "Provides a globally unique means to identify a given catalog instance.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter" } }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-catalog_control" } }, + "groups" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-catalog_group" } }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata" ], + "additionalProperties" : false }, + "oscal-complete-oscal-catalog:group" : + { "title" : "Control Group", + "description" : "A group of controls, or of groups of controls.", + "$id" : "#assembly_oscal-catalog_group", + "type" : "object", + "properties" : + { "id" : + { "title" : "Group Identifier", + "description" : "Identifies the group for the purpose of cross-linking within the defining instance or from other instances that reference the catalog.", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Group Class", + "description" : "A textual label that provides a sub-type or characterization of the group.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Group Title", + "description" : "A name given to the group, which may be used by a tool for display and navigation.", + "type" : "string" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "groups" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-catalog_group" } }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-catalog_control" } } }, + "required" : + [ "title" ], + "additionalProperties" : false }, + "oscal-complete-oscal-catalog:control" : + { "title" : "Control", + "description" : "A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information.", + "$id" : "#assembly_oscal-catalog_control", + "type" : "object", + "properties" : + { "id" : + { "title" : "Control Identifier", + "description" : "Identifies a control such that it can be referenced in the defining catalog and other OSCAL instances (e.g., profiles).", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Control Class", + "description" : "A textual label that provides a sub-type or characterization of the control.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Control Title", + "description" : "A name given to the control, which may be used by a tool for display and navigation.", + "type" : "string" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "mapping" : + { "title" : "Mapping", + "description" : "A mapping between the containing control and another resource.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Mapping Identifier", + "description" : "The unique identifier for the mapping.", + "$ref" : "#/definitions/UUIDDatatype" }, + "target-resource" : + { "$ref" : "#assembly_oscal-mapping-common_mapping-resource-reference" }, + "maps" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-mapping-common_map" } } }, + "required" : + [ "uuid", + "target-resource", + "maps" ], + "additionalProperties" : false }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-catalog_control" } } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false }, + "oscal-complete-oscal-control-common:part" : + { "title" : "Part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", + "type" : "object", + "properties" : + { "id" : + { "title" : "Part Identifier", + "description" : "A unique identifier for the part.", + "$ref" : "#/definitions/TokenDatatype" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", + "$ref" : "#/definitions/TokenDatatype" }, + "ns" : + { "title" : "Part Namespace", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "class" : + { "title" : "Part Class", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Part Title", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-complete-oscal-control-common:parameter" : + { "title" : "Parameter", + "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", + "$id" : "#assembly_oscal-control-common_parameter", + "type" : "object", + "properties" : + { "id" : + { "title" : "Parameter Identifier", + "description" : "A unique identifier for the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Parameter Class", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "depends-on" : + { "title" : "Depends on", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "label" : + { "title" : "Parameter Label", + "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", + "type" : "string" }, + "usage" : + { "title" : "Parameter Usage Description", + "description" : "Describes the purpose and use of a parameter.", + "type" : "string" }, + "constraints" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, + "guidelines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-control-common_parameter-value" } }, + "select" : + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id" ], + "additionalProperties" : false }, + "oscal-complete-oscal-control-common:parameter-constraint" : + { "title" : "Constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", + "type" : "object", + "properties" : + { "description" : + { "title" : "Constraint Description", + "description" : "A textual summary of the constraint to be applied.", + "type" : "string" }, + "tests" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Constraint Test", + "description" : "A test expression which is expected to be evaluated by a tool.", + "type" : "object", + "properties" : + { "expression" : + { "title" : "Constraint test", + "description" : "A formal (executable) expression of a constraint.", + "$ref" : "#/definitions/StringDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "expression" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-complete-oscal-control-common:parameter-guideline" : + { "title" : "Guideline", + "description" : "A prose statement that provides a recommendation for the use of a parameter.", + "$id" : "#assembly_oscal-control-common_parameter-guideline", + "type" : "object", + "properties" : + { "prose" : + { "title" : "Guideline Text", + "description" : "Prose permits multiple paragraphs, lists, tables etc.", + "type" : "string" } }, + "required" : + [ "prose" ], + "additionalProperties" : false }, + "oscal-complete-oscal-control-common:parameter-value" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$id" : "#field_oscal-control-common_parameter-value", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-complete-oscal-control-common:parameter-selection" : + { "title" : "Selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", + "type" : "object", + "properties" : + { "how-many" : + { "title" : "Parameter Cardinality", + "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, + "choice" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Choice", + "description" : "A value selection among several such options.", + "type" : "string" } } }, + "additionalProperties" : false }, + "oscal-complete-oscal-control-common:include-all" : + { "title" : "Include All", + "description" : "Include all controls from the imported catalog or profile resources.", + "$id" : "#assembly_oscal-control-common_include-all", + "type" : "object", + "additionalProperties" : false }, + "oscal-complete-oscal-metadata:metadata" : + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", + "$id" : "#assembly_oscal-metadata_metadata", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "revisions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, + "locations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location", + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, + "parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "actions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_action" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "title", + "last-modified", + "version", + "oscal-version" ], + "additionalProperties" : false }, + "oscal-complete-oscal-metadata:location-uuid" : + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", + "$id" : "#field_oscal-metadata_location-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-complete-oscal-metadata:party-uuid" : + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", + "$id" : "#field_oscal-metadata_party-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-complete-oscal-metadata:role-id" : + { "title" : "Role Identifier Reference", + "description" : "Reference to a role by UUID.", + "$id" : "#field_oscal-metadata_role-id", + "$ref" : "#/definitions/TokenDatatype" }, + "oscal-complete-oscal-metadata:back-matter" : + { "title" : "Back matter", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", + "$id" : "#assembly_oscal-metadata_back-matter", + "type" : "object", + "properties" : + { "resources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Resource Universally Unique Identifier", + "description" : "A unique identifier for a resource.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Resource Title", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", + "type" : "string" }, + "description" : + { "title" : "Resource Description", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "citation" : + { "title" : "Citation", + "description" : "An optional citation consisting of end note text using structured markup.", + "type" : "object", + "properties" : + { "text" : + { "title" : "Citation Text", + "description" : "A line of citation text.", + "type" : "string" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "prose" : - { "title" : "Part Text", - "description" : "Permits multiple paragraphs, lists, tables etc.", - "type" : "string" }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-complete-oscal-catalog-common:parameter" : - { "title" : "Parameter", - "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", - "type" : "object", - "properties" : - { "id" : - { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "text" ], + "additionalProperties" : false }, + "rlinks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource link", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL pointing to the referenced resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "hashes" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_hash" } } }, + "required" : + [ "href" ], + "additionalProperties" : false } }, + "base64" : + { "title" : "Base64", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", + "type" : "object", + "properties" : + { "filename" : + { "title" : "File Name", + "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", + "$ref" : "#/definitions/TokenDatatype" }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "value" : + { "$ref" : "#/definitions/Base64Datatype" } }, + "required" : + [ "value" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-complete-oscal-metadata:property" : + { "title" : "Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", + "$id" : "#assembly_oscal-metadata_property", + "type" : "object", + "properties" : + { "name" : + { "title" : "Property Name", + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "$ref" : "#/definitions/TokenDatatype" }, + "uuid" : + { "title" : "Property Universally Unique Identifier", + "description" : "A unique identifier for a property.", + "$ref" : "#/definitions/UUIDDatatype" }, + "ns" : + { "title" : "Property Namespace", + "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "value" : + { "title" : "Property Value", + "description" : "Indicates the value of the attribute, characteristic, or quality.", + "$ref" : "#/definitions/StringDatatype" }, + "class" : + { "title" : "Property Class", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", + "$ref" : "#/definitions/TokenDatatype" }, + "group" : + { "title" : "Property Group", + "description" : "An identifier for relating distinct sets of properties.", + "$ref" : "#/definitions/TokenDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "name", + "value" ], + "additionalProperties" : false }, + "oscal-complete-oscal-metadata:link" : + { "title" : "Link", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", + "$id" : "#assembly_oscal-metadata_link", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL reference to a resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "rel" : + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "resource-fragment" : + { "title" : "Resource Fragment", + "description" : "In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded.", + "$ref" : "#/definitions/StringDatatype" }, + "text" : + { "title" : "Link Text", + "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", + "type" : "string" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-complete-oscal-metadata:responsible-party" : + { "title" : "Responsible Party", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", + "$id" : "#assembly_oscal-metadata_responsible-party", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role", + "description" : "A reference to a role performed by a party.", + "$ref" : "#/definitions/TokenDatatype" }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id", + "party-uuids" ], + "additionalProperties" : false }, + "oscal-complete-oscal-metadata:action" : + { "title" : "Action", + "description" : "An action applied by a role within a given party to the content.", + "$id" : "#assembly_oscal-metadata_action", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Action Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "date" : + { "title" : "Action Occurrence Date", + "description" : "The date and time when the action occurred.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "type" : + { "title" : "Action Type", + "description" : "The type of action documented by the assembly, such as an approval.", + "$ref" : "#/definitions/TokenDatatype" }, + "system" : + { "title" : "Action Type System", + "description" : "Specifies the action type system used.", + "$ref" : "#/definitions/URIDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "system" ], + "additionalProperties" : false }, + "oscal-complete-oscal-metadata:responsible-role" : + { "title" : "Responsible Role", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", + "$id" : "#assembly_oscal-metadata_responsible-role", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role ID", + "description" : "A human-oriented identifier reference to a role performed.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id" ], + "additionalProperties" : false }, + "oscal-complete-oscal-metadata:hash" : + { "title" : "Hash", + "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", + "$id" : "#field_oscal-metadata_hash", + "type" : "object", + "properties" : + { "algorithm" : + { "title" : "Hash algorithm", + "description" : "The digest method by which a hash is derived.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, + "value" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "value", + "algorithm" ], + "additionalProperties" : false }, + "oscal-complete-oscal-metadata:remarks" : + { "title" : "Remarks", + "description" : "Additional commentary about the containing object.", + "$id" : "#field_oscal-metadata_remarks", + "type" : "string" }, + "oscal-complete-oscal-metadata:published" : + { "title" : "Publication Timestamp", + "description" : "The date and time the document was last made available.", + "$id" : "#field_oscal-metadata_published", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-complete-oscal-metadata:last-modified" : + { "title" : "Last Modified Timestamp", + "description" : "The date and time the document was last stored for later retrieval.", + "$id" : "#field_oscal-metadata_last-modified", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-complete-oscal-metadata:version" : + { "title" : "Document Version", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", + "$id" : "#field_oscal-metadata_version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-complete-oscal-metadata:oscal-version" : + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", + "$id" : "#field_oscal-metadata_oscal-version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-complete-oscal-metadata:email-address" : + { "title" : "Email Address", + "description" : "An email address as defined by RFC 5322 Section 3.4.1.", + "$id" : "#field_oscal-metadata_email-address", + "$ref" : "#/definitions/EmailAddressDatatype" }, + "oscal-complete-oscal-metadata:telephone-number" : + { "title" : "Telephone Number", + "description" : "A telephone service number as defined by ITU-T E.164.", + "$id" : "#field_oscal-metadata_telephone-number", + "type" : "object", + "properties" : + { "type" : + { "title" : "type flag", + "description" : "Indicates the type of phone number.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, + "number" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "number" ], + "additionalProperties" : false }, + "oscal-complete-oscal-metadata:address" : + { "title" : "Address", + "description" : "A postal address for the location.", + "$id" : "#assembly_oscal-metadata_address", + "type" : "object", + "properties" : + { "type" : + { "title" : "Address Type", + "description" : "Indicates the type of address.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, + "addr-lines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_addr-line" } }, + "city" : + { "title" : "City", + "description" : "City, town or geographical region for the mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "state" : + { "title" : "State", + "description" : "State, province or analogous geographical region for a mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "postal-code" : + { "title" : "Postal Code", + "description" : "Postal or ZIP code for mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "country" : + { "title" : "Country Code", + "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", + "$ref" : "#/definitions/StringDatatype" } }, + "additionalProperties" : false }, + "oscal-complete-oscal-metadata:addr-line" : + { "title" : "Address line", + "description" : "A single line of an address.", + "$id" : "#field_oscal-metadata_addr-line", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-complete-oscal-metadata:document-id" : + { "title" : "Document Identifier", + "description" : "A document identifier qualified by an identifier scheme.", + "$id" : "#field_oscal-metadata_document-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "Document Identification Scheme", + "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, + "identifier" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "identifier" ], + "additionalProperties" : false }, + "oscal-complete-oscal-mapping-common:map" : + { "title" : "Mapping Entry", + "description" : "A relationship-based mapping between a source and target set consisting of members (i.e., controls, control statements) from the respective source and target.", + "$id" : "#assembly_oscal-mapping-common_map", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Mapping Entry Identifier", + "description" : "The unique identifier for the mapping entry.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "relationship" : + { "title" : "Mapping Entry Relationship", + "description" : "The relationship type for the mapping entry, which describes the relationship between the effective requirements of the specified source and target sets.", + "type" : "object", + "properties" : + { "ns" : + { "title" : "Relationship Value Namespace", + "description" : "A namespace qualifying the relationship's value. This allows different organizations to associate distinct semantics for relationships with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "type" : + { "$ref" : "#/definitions/TokenDatatype" } }, + "required" : + [ "type" ], + "additionalProperties" : false }, + "sources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-mapping-common_mapping-item" } }, + "targets" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-mapping-common_mapping-item" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "relationship", + "sources", + "targets" ], + "additionalProperties" : false }, + "oscal-complete-oscal-mapping-common:mapping-item" : + { "title" : "Mapping Entry Item (source or target)", + "description" : "Identifies a specific edge within a source or target that is the subject of a mapping.", + "$id" : "#assembly_oscal-mapping-common_mapping-item", + "type" : "object", + "properties" : + { "type" : + { "title" : "Subject Type", + "description" : "The semantic type of the subject.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "control", + "statement" ] } ] }, + "id-ref" : + { "title" : "Subject Identifier Reference", + "description" : "A reference to an identified subject that is of the specified type.", + "$ref" : "#/definitions/StringDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "type", + "id-ref" ], + "additionalProperties" : false }, + "oscal-complete-oscal-mapping-common:mapping-resource-reference" : + { "title" : "Mapped Resource Reference", + "description" : "A reference to a resource that is either the source or target of a mapping.", + "$id" : "#assembly_oscal-mapping-common_mapping-resource-reference", + "type" : "object", + "properties" : + { "type" : + { "title" : "Resource Type", + "description" : "The semantic type of the resource.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "catalog" ] } ] }, + "href" : + { "title" : "Catalog or Profile Reference", + "description" : "A resolvable URL reference to the base catalog or profile that this profile is tailoring.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "type", + "href" ], + "additionalProperties" : false }, + "oscal-complete-oscal-mapping:mapping-collection" : + { "title" : "Mapping Collection", + "description" : "A collection of relationship-based control and/or control statement mappings.", + "$id" : "#assembly_oscal-mapping_mapping-collection", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Mapping Collection Universally Unique Identifier", + "description" : "A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "mappings" : + { "anyOf" : + [ + { "$ref" : "#assembly_oscal-mapping_mapping" }, + + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-mapping_mapping" } } ] }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata", + "mappings" ], + "additionalProperties" : false }, + "oscal-complete-oscal-mapping:mapping" : + { "title" : "Control Mapping", + "description" : "A mapping between two target resources.", + "$id" : "#assembly_oscal-mapping_mapping", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Mapping Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mapping definition elsewhere in this or other OSCAL instances. The locally defined UUID of the mapping can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same mapping across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "source-resource" : + { "$ref" : "#assembly_oscal-mapping-common_mapping-resource-reference" }, + "target-resource" : + { "$ref" : "#assembly_oscal-mapping-common_mapping-resource-reference" }, + "maps" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-mapping-common_map" } } }, + "required" : + [ "uuid", + "source-resource", + "target-resource", + "maps" ], + "additionalProperties" : false }, + "oscal-complete-oscal-profile:profile" : + { "title" : "Profile", + "description" : "Each OSCAL profile is defined by a profile element.", + "$id" : "#assembly_oscal-profile_profile", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Profile Universally Unique Identifier", + "description" : "Provides a globally unique means to identify a given profile instance.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "imports" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_import" } }, + "merge" : + { "$ref" : "#assembly_oscal-profile_merge" }, + "modify" : + { "$ref" : "#assembly_oscal-profile_modify" }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata", + "imports" ], + "additionalProperties" : false }, + "oscal-complete-oscal-profile:import" : + { "title" : "Import Resource", + "description" : "Designates a referenced source catalog or profile that provides a source of control information for use in creating a new overlay or baseline.", + "$id" : "#assembly_oscal-profile_import", + "type" : "object", + "properties" : + { "href" : + { "title" : "Catalog or Profile Reference", + "description" : "A resolvable URL reference to the base catalog or profile that this profile is tailoring.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_select-control-by-id" } }, + "exclude-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_select-control-by-id" } } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-complete-oscal-profile:merge" : + { "title" : "Merge Controls", + "description" : "Provides structuring directives that instruct how controls are organized after profile resolution.", + "$id" : "#assembly_oscal-profile_merge", + "type" : "object", + "properties" : + { "combine" : + { "title" : "Combination Rule", + "description" : "A Combine element defines how to resolve duplicate instances of the same control (e.g., controls with the same ID).", + "type" : "object", + "properties" : + { "method" : + { "title" : "Combination Method", + "description" : "Declare how clashing controls should be handled.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "use-first", + "merge", + "keep" ] } ] } }, + "additionalProperties" : false }, + "flat" : + { "title" : "Flat Without Grouping", + "description" : "Directs that controls appear without any grouping structure.", + "type" : "object", + "additionalProperties" : false }, + "as-is" : + { "title" : "Group As-Is", + "description" : "Indicates that the controls selected should retain their original grouping as defined in the import source.", + "$ref" : "#/definitions/BooleanDatatype" }, + "custom" : + { "title" : "Custom Grouping", + "description" : "Provides an alternate grouping structure that selected controls will be placed in.", + "type" : "object", + "properties" : + { "groups" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_group" } }, + "insert-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_insert-controls" } } }, + "additionalProperties" : false } }, + "additionalProperties" : false }, + "oscal-complete-oscal-profile:group" : + { "title" : "Control Group", + "description" : "A group of (selected) controls or of groups of controls.", + "$id" : "#assembly_oscal-profile_group", + "type" : "object", + "properties" : + { "id" : + { "title" : "Group Identifier", + "description" : "Identifies the group.", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Group Class", + "description" : "A textual label that provides a sub-type or characterization of the group.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Group Title", + "description" : "A name to be given to the group for use in display.", + "type" : "string" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "groups" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_group" } }, + "insert-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_insert-controls" } } }, + "required" : + [ "title" ], + "additionalProperties" : false }, + "oscal-complete-oscal-profile:modify" : + { "title" : "Modify Controls", + "description" : "Set parameters or amend controls in resolution.", + "$id" : "#assembly_oscal-profile_modify", + "type" : "object", + "properties" : + { "set-parameters" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Parameter Setting", + "description" : "A parameter setting, to be propagated to points of insertion.", + "type" : "object", + "properties" : + { "param-id" : + { "title" : "Parameter ID", + "description" : "An identifier for the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Parameter Class", + "description" : "A textual label that provides a characterization of the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "depends-on" : + { "title" : "Depends On", + "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "label" : + { "title" : "Parameter Label", + "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", + "type" : "string" }, + "usage" : + { "title" : "Parameter Usage Description", + "description" : "Describes the purpose and use of a parameter.", + "type" : "string" }, + "constraints" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, + "guidelines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-control-common_parameter-value" } }, + "select" : + { "$ref" : "#assembly_oscal-control-common_parameter-selection" } }, + "required" : + [ "param-id" ], + "additionalProperties" : false } }, + "alters" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Alteration", + "description" : "Specifies changes to be made to an included control when a profile is resolved.", + "type" : "object", + "properties" : + { "control-id" : + { "title" : "Control Identifier Reference", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "$ref" : "#/definitions/TokenDatatype" }, + "removes" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Removal", + "description" : "Specifies objects to be removed from a control based on specific aspects of the object that must all match.", + "type" : "object", + "properties" : + { "by-name" : + { "title" : "Reference by (assigned) name", + "description" : "Identify items remove by matching their assigned name.", "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", + "by-class" : + { "title" : "Reference by class", + "description" : "Identify items to remove by matching their class.", "$ref" : "#/definitions/TokenDatatype" }, - "depends-on" : - { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", + "by-id" : + { "title" : "Reference by ID", + "description" : "Identify items to remove indicated by their id.", "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "label" : - { "title" : "Parameter Label", - "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", - "type" : "string" }, - "usage" : - { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", - "type" : "string" }, - "constraints" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, - "guidelines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, - "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id" ], - "additionalProperties" : false }, - "oscal-complete-oscal-catalog-common:parameter-constraint" : - { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", - "type" : "object", - "properties" : - { "description" : - { "title" : "Constraint Description", - "description" : "A textual summary of the constraint to be applied.", - "type" : "string" }, - "tests" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Constraint Test", - "description" : "A test expression which is expected to be evaluated by a tool.", - "type" : "object", - "properties" : - { "expression" : - { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", - "$ref" : "#/definitions/StringDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "expression" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-complete-oscal-catalog-common:parameter-guideline" : - { "title" : "Guideline", - "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", - "type" : "object", - "properties" : - { "prose" : - { "title" : "Guideline Text", - "description" : "Prose permits multiple paragraphs, lists, tables etc.", - "type" : "string" } }, - "required" : - [ "prose" ], - "additionalProperties" : false }, - "oscal-complete-oscal-catalog-common:parameter-value" : - { "title" : "Parameter Value", - "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-complete-oscal-catalog-common:parameter-selection" : - { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", - "type" : "object", - "properties" : - { "how-many" : - { "title" : "Parameter Cardinality", - "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", + "by-item-name" : + { "title" : "Item Name Reference", + "description" : "Identify items to remove by the name of the item's information object name, e.g. title or prop.", "allOf" : [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "one", - "one-or-more" ] } ] }, - "choice" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Choice", - "description" : "A value selection among several such options.", - "type" : "string" } } }, - "additionalProperties" : false }, - "oscal-complete-oscal-catalog-common:include-all" : - { "title" : "Include All", - "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", - "type" : "object", - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", - "$id" : "#assembly_oscal-metadata_metadata", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "revisions" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, - "locations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, - "parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "title", - "last-modified", - "version", - "oscal-version" ], - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:revision" : - { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:location" : - { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_location-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-complete-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://orcid.org/" ] } ] }, - "id" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_party-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-complete-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:role-id" : - { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$id" : "#field_oscal-metadata_role-id", - "$ref" : "#/definitions/TokenDatatype" }, - "oscal-complete-oscal-metadata:back-matter" : - { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", - "$id" : "#assembly_oscal-metadata_back-matter", - "type" : "object", - "properties" : - { "resources" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", - "type" : "string" }, - "description" : - { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "citation" : - { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", - "type" : "object", - "properties" : - { "text" : - { "title" : "Citation Text", - "description" : "A line of citation text.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "text" ], - "additionalProperties" : false }, - "rlinks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "hashes" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_hash" } } }, - "required" : - [ "href" ], - "additionalProperties" : false } }, - "base64" : - { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", - "type" : "object", - "properties" : - { "filename" : - { "title" : "File Name", - "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "value" : - { "$ref" : "#/definitions/Base64Datatype" } }, - "required" : - [ "value" ], - "additionalProperties" : false }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:property" : - { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", - "$id" : "#assembly_oscal-metadata_property", - "type" : "object", - "properties" : - { "name" : - { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "marking" ] } ] }, - "uuid" : - { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "ns" : - { "title" : "Property Namespace", - "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "value" : - { "title" : "Property Value", - "description" : "Indicates the value of the attribute, characteristic, or quality.", - "$ref" : "#/definitions/StringDatatype" }, - "class" : - { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "name", - "value" ], - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:link" : - { "title" : "Link", - "description" : "A reference to a local or remote resource", - "$id" : "#assembly_oscal-metadata_link", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URL reference to a resource.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "reference" ] } ] }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "text" : - { "title" : "Link Text", - "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", - "type" : "string" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:responsible-party" : - { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-party", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$ref" : "#/definitions/TokenDatatype" }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id", - "party-uuids" ], - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:responsible-role" : - { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-role", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id" ], - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:hash" : - { "title" : "Hash", - "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", - "$id" : "#field_oscal-metadata_hash", - "type" : "object", - "properties" : - { "algorithm" : - { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "SHA-224", - "SHA-256", - "SHA-384", - "SHA-512", - "SHA3-224", - "SHA3-256", - "SHA3-384", - "SHA3-512" ] } ] }, - "value" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "value", - "algorithm" ], - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:remarks" : - { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", - "$id" : "#field_oscal-metadata_remarks", - "type" : "string" }, - "oscal-complete-oscal-metadata:published" : - { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_published", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-complete-oscal-metadata:last-modified" : - { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_last-modified", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-complete-oscal-metadata:version" : - { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", - "$id" : "#field_oscal-metadata_version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-complete-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", - "$id" : "#field_oscal-metadata_oscal-version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-complete-oscal-metadata:email-address" : - { "title" : "Email Address", - "description" : "An email address as defined by RFC 5322 Section 3.4.1.", - "$id" : "#field_oscal-metadata_email-address", - "$ref" : "#/definitions/EmailAddressDatatype" }, - "oscal-complete-oscal-metadata:telephone-number" : - { "title" : "Telephone Number", - "description" : "Contact number by telephone.", - "$id" : "#field_oscal-metadata_telephone-number", - "type" : "object", - "properties" : - { "type" : - { "title" : "type flag", - "description" : "Indicates the type of phone number.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "home", - "office", - "mobile" ] } ] }, - "number" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "number" ], - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:address" : - { "title" : "Address", - "description" : "A postal address for the location.", - "$id" : "#assembly_oscal-metadata_address", - "type" : "object", - "properties" : - { "type" : - { "title" : "Address Type", - "description" : "Indicates the type of address.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "home", - "work" ] } ] }, - "addr-lines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_addr-line" } }, - "city" : - { "title" : "City", - "description" : "City, town or geographical region for the mailing address.", - "$ref" : "#/definitions/StringDatatype" }, - "state" : - { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "postal-code" : - { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "country" : - { "title" : "Country Code", - "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "$ref" : "#/definitions/StringDatatype" } }, - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:addr-line" : - { "title" : "Address line", - "description" : "A single line of an address.", - "$id" : "#field_oscal-metadata_addr-line", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-complete-oscal-metadata:document-id" : - { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", - "$id" : "#field_oscal-metadata_document-id", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "Document Identification Scheme", - "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://www.doi.org/" ] } ] }, - "identifier" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "identifier" ], - "additionalProperties" : false }, - "oscal-complete-oscal-profile:profile" : - { "title" : "Profile", - "description" : "Each OSCAL profile is defined by a Profile element", - "$id" : "#assembly_oscal-profile_profile", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Profile Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "metadata" : - { "$ref" : "#assembly_oscal-metadata_metadata" }, - "imports" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_import" } }, - "merge" : - { "$ref" : "#assembly_oscal-profile_merge" }, - "modify" : - { "$ref" : "#assembly_oscal-profile_modify" }, - "back-matter" : - { "$ref" : "#assembly_oscal-metadata_back-matter" } }, - "required" : - [ "uuid", - "metadata", - "imports" ], - "additionalProperties" : false }, - "oscal-complete-oscal-profile:import" : - { "title" : "Import resource", - "description" : "The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives.", - "$id" : "#assembly_oscal-profile_import", - "type" : "object", - "properties" : - { "href" : - { "title" : "Catalog or Profile Reference", - "description" : "A resolvable URL reference to the base catalog or profile that this profile is tailoring.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_select-control-by-id" } }, - "exclude-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_select-control-by-id" } } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-complete-oscal-profile:merge" : - { "title" : "Merge controls", - "description" : "A Merge element provides structuring directives that drive how controls are organized after resolution.", - "$id" : "#assembly_oscal-profile_merge", - "type" : "object", - "properties" : - { "combine" : - { "title" : "Combination rule", - "description" : "A Combine element defines how to combine multiple (competing) versions of the same control.", - "type" : "object", - "properties" : - { "method" : - { "title" : "Combination method", - "description" : "How clashing controls should be handled", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "use-first", - "merge", - "keep" ] } ] } }, - "additionalProperties" : false }, - "flat" : - { "title" : "Flat", - "description" : "Use the flat structuring method.", - "type" : "object", - "additionalProperties" : false }, - "as-is" : - { "title" : "As-Is Structuring Directive", - "description" : "An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes.", - "$ref" : "#/definitions/BooleanDatatype" }, - "custom" : - { "title" : "Custom grouping", - "description" : "A Custom element frames a structure for embedding represented controls in resolution.", - "type" : "object", - "properties" : - { "groups" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_group" } }, - "insert-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_insert-controls" } } }, - "additionalProperties" : false } }, - "additionalProperties" : false }, - "oscal-complete-oscal-profile:group" : - { "title" : "Control group", - "description" : "A group of (selected) controls or of groups of controls", - "$id" : "#assembly_oscal-profile_group", - "type" : "object", - "properties" : - { "id" : - { "title" : "Group Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Group Class", - "description" : "A textual label that provides a sub-type or characterization of the group.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Group Title", - "description" : "A name given to the group, which may be used by a tool for display and navigation.", - "type" : "string" }, - "params" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "groups" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_group" } }, - "insert-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_insert-controls" } } }, - "required" : - [ "title" ], - "additionalProperties" : false }, - "oscal-complete-oscal-profile:modify" : - { "title" : "Modify controls", - "description" : "Set parameters or amend controls in resolution", - "$id" : "#assembly_oscal-profile_modify", - "type" : "object", - "properties" : - { "set-parameters" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Parameter Setting", - "description" : "A parameter setting, to be propagated to points of insertion", - "type" : "object", - "properties" : - { "param-id" : - { "title" : "Parameter ID", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", - "$ref" : "#/definitions/TokenDatatype" }, - "depends-on" : - { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "label" : - { "title" : "Parameter Label", - "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", - "type" : "string" }, - "usage" : - { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", - "type" : "string" }, - "constraints" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, - "guidelines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, - "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" } }, - "required" : - [ "param-id" ], - "additionalProperties" : false } }, - "alters" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_alter" } } }, - "additionalProperties" : false }, - "oscal-complete-oscal-profile:insert-controls" : - { "title" : "Select controls", - "description" : "Specifies which controls to use in the containing context.", - "$id" : "#assembly_oscal-profile_insert-controls", - "type" : "object", - "properties" : - { "order" : - { "title" : "Order", - "description" : "A designation of how a selection of controls in a profile is to be ordered.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "keep", - "ascending", - "descending" ] } ] }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_select-control-by-id" } }, - "exclude-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_select-control-by-id" } } }, - "additionalProperties" : false }, - "oscal-complete-oscal-profile:select-control-by-id" : - { "title" : "Call", - "description" : "Call a control by its ID", - "$id" : "#assembly_oscal-profile_select-control-by-id", - "type" : "object", - "properties" : - { "with-child-controls" : - { "title" : "Include contained controls with control", - "description" : "When a control is included, whether its child (dependent) controls are also included.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "yes", - "no" ] } ] }, - "with-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Match Controls by Identifier", - "description" : "", - "$ref" : "#/definitions/TokenDatatype" } }, - "matching" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Match Controls by Pattern", - "description" : "Select controls by (regular expression) match on ID", - "type" : "object", - "properties" : - { "pattern" : - { "title" : "Pattern", - "description" : "A glob expression matching the IDs of one or more controls to be selected.", - "$ref" : "#/definitions/StringDatatype" } }, - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-complete-oscal-profile:alter" : - { "title" : "Alteration", - "description" : "An Alter element specifies changes to be made to an included control when a profile is resolved.", - "$id" : "#assembly_oscal-profile_alter", - "type" : "object", - "properties" : - { "control-id" : - { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "$ref" : "#/definitions/TokenDatatype" }, - "removes" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_remove" } }, - "adds" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_add" } } }, - "required" : - [ "control-id" ], - "additionalProperties" : false }, - "oscal-complete-oscal-profile:remove" : - { "title" : "Removal", - "description" : "Specifies objects to be removed from a control based on specific aspects of the object that must all match.", - "$id" : "#assembly_oscal-profile_remove", - "type" : "object", - "properties" : - { "by-name" : - { "title" : "Reference by (assigned) name", - "description" : "Identify items to remove by matching their assigned name", - "$ref" : "#/definitions/TokenDatatype" }, - "by-class" : - { "title" : "Reference by class", - "description" : "Identify items to remove by matching their class.", - "$ref" : "#/definitions/TokenDatatype" }, - "by-id" : - { "title" : "Reference by ID", - "description" : "Identify items to remove indicated by their id.", - "$ref" : "#/definitions/TokenDatatype" }, - "by-item-name" : - { "title" : "Item Name Reference", - "description" : "Identify items to remove by the name of the item's information element name, e.g. title or prop", - "$ref" : "#/definitions/TokenDatatype" }, - "by-ns" : - { "title" : "Item Namespace Reference", - "description" : "Identify items to remove by the item's ns, which is the namespace associated with a part, or prop.", - "$ref" : "#/definitions/TokenDatatype" } }, - "additionalProperties" : false }, - "oscal-complete-oscal-profile:add" : - { "title" : "Addition", - "description" : "Specifies contents to be added into controls, in resolution", - "$id" : "#assembly_oscal-profile_add", - "type" : "object", - "properties" : - { "position" : - { "title" : "Position", - "description" : "Where to add the new content with respect to the targeted element (beside it or inside it)", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "before", - "after", - "starting", - "ending" ] } ] }, - "by-id" : - { "title" : "Reference by ID", - "description" : "Target location of the addition.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Title Change", - "description" : "A name given to the control, which may be used by a tool for display and navigation.", - "type" : "string" }, - "params" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } } }, - "additionalProperties" : false }, - "oscal-complete-oscal-component-definition:component-definition" : - { "title" : "Component Definition", - "description" : "A collection of component descriptions, which may optionally be grouped by capability.", - "$id" : "#assembly_oscal-component-definition_component-definition", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Component Definition Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "metadata" : - { "$ref" : "#assembly_oscal-metadata_metadata" }, - "import-component-definitions" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_import-component-definition" } }, - "components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_defined-component" } }, - "capabilities" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_capability" } }, - "back-matter" : - { "$ref" : "#assembly_oscal-metadata_back-matter" } }, - "required" : - [ "uuid", - "metadata" ], - "additionalProperties" : false }, - "oscal-complete-oscal-component-definition:import-component-definition" : - { "title" : "Import Component Definition", - "description" : "Loads a component definition from another resource.", - "$id" : "#assembly_oscal-component-definition_import-component-definition", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hyperlink Reference", - "description" : "A link to a resource that defines a set of components and/or capabilities to import into this collection.", - "$ref" : "#/definitions/URIReferenceDatatype" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-complete-oscal-component-definition:defined-component" : - { "title" : "Component", - "description" : "A defined component that can be part of an implemented system.", - "$id" : "#assembly_oscal-component-definition_defined-component", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Component Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Component Type", - "description" : "A category describing the purpose of the component.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "interconnection", - "software", - "hardware", - "service", - "policy", - "physical", - "process-procedure", - "plan", - "guidance", - "standard", - "validation" ] } ] }, - "title" : - { "title" : "Component Title", - "description" : "A human readable name for the component.", - "type" : "string" }, - "description" : - { "title" : "Component Description", - "description" : "A description of the component, including information about its function.", - "type" : "string" }, - "purpose" : - { "title" : "Purpose", - "description" : "A summary of the technological or business purpose of the component.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "protocols" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, - "control-implementations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_control-implementation" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type", - "title", - "description" ], - "additionalProperties" : false }, - "oscal-complete-oscal-component-definition:capability" : - { "title" : "Capability", - "description" : "A grouping of other components and/or capabilities.", - "$id" : "#assembly_oscal-component-definition_capability", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Capability Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "name" : - { "title" : "Capability Name", - "description" : "The capability's human-readable name.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Capability Description", - "description" : "A summary of the capability.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "incorporates-components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_incorporates-component" } }, - "control-implementations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_control-implementation" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "name", - "description" ], - "additionalProperties" : false }, - "oscal-complete-oscal-component-definition:incorporates-component" : - { "title" : "Incorporates Component", - "description" : "TBD", - "$id" : "#assembly_oscal-component-definition_incorporates-component", - "type" : "object", - "properties" : - { "component-uuid" : - { "title" : "Component Reference", - "description" : "A machine-oriented identifier reference to a component.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Component Description", - "description" : "A description of the component, including information about its function.", - "type" : "string" } }, - "required" : - [ "component-uuid", - "description" ], - "additionalProperties" : false }, - "oscal-complete-oscal-component-definition:control-implementation" : - { "title" : "Control Implementation Set", - "description" : "Defines how the component or capability supports a set of controls.", - "$id" : "#assembly_oscal-component-definition_control-implementation", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Control Implementation Set Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "source" : - { "title" : "Source Resource Reference", - "description" : "A reference to an OSCAL catalog or profile providing the referenced control or subcontrol definition.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "description" : - { "title" : "Control Implementation Description", - "description" : "A description of how the specified set of controls are implemented for the containing component or capability.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "set-parameters" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, - "implemented-requirements" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_implemented-requirement" } } }, - "required" : - [ "uuid", - "source", - "description", - "implemented-requirements" ], - "additionalProperties" : false }, - "oscal-complete-oscal-component-definition:implemented-requirement" : - { "title" : "Control Implementation", - "description" : "Describes how the containing component or capability implements an individual control.", - "$id" : "#assembly_oscal-component-definition_implemented-requirement", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Control Implementation Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "control-id" : - { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "$ref" : "#/definitions/TokenDatatype" }, - "description" : - { "title" : "Control Implementation Description", - "description" : "A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "set-parameters" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "statements" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_statement" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "control-id", - "description" ], - "additionalProperties" : false }, - "oscal-complete-oscal-component-definition:statement" : - { "title" : "Control Statement Implementation", - "description" : "Identifies which statements within a control are addressed.", - "$id" : "#assembly_oscal-component-definition_statement", - "type" : "object", - "properties" : - { "statement-id" : - { "title" : "Control Statement Reference", - "description" : "A human-oriented identifier reference to a control statement.", - "$ref" : "#/definitions/TokenDatatype" }, - "uuid" : - { "title" : "Control Statement Reference Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Statement Implementation Description", - "description" : "A summary of how the containing control statement is implemented by the component or capability.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "statement-id", - "uuid", - "description" ], - "additionalProperties" : false }, - "oscal-complete-oscal-implementation-common:system-component" : - { "title" : "Component", - "description" : "A defined component that can be part of an implemented system.", - "$id" : "#assembly_oscal-implementation-common_system-component", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Component Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Component Type", - "description" : "A category describing the purpose of the component.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "this-system", - "system", - "interconnection", - "software", - "hardware", - "service", - "policy", - "physical", - "process-procedure", - "plan", - "guidance", - "standard", - "validation", - "network" ] } ] }, - "title" : - { "title" : "Component Title", - "description" : "A human readable name for the system component.", - "type" : "string" }, - "description" : - { "title" : "Component Description", - "description" : "A description of the component, including information about its function.", - "type" : "string" }, - "purpose" : - { "title" : "Purpose", - "description" : "A summary of the technological or business purpose of the component.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "status" : - { "title" : "Status", - "description" : "Describes the operational status of the system component.", - "type" : "object", - "properties" : - { "state" : - { "title" : "State", - "description" : "The operational status.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "under-development", - "operational", - "disposition", - "other" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "protocols" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type", - "title", - "description", - "status" ], - "additionalProperties" : false }, - "oscal-complete-oscal-implementation-common:protocol" : - { "title" : "Service Protocol Information", - "description" : "Information about the protocol used to provide a service.", - "$id" : "#assembly_oscal-implementation-common_protocol", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Service Protocol Information Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "name" : - { "title" : "Protocol Name", - "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "title" : - { "title" : "Protocol Title", - "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", - "type" : "string" }, - "port-ranges" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_port-range" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-complete-oscal-implementation-common:port-range" : - { "title" : "Port Range", - "description" : "Where applicable this is the IPv4 port range on which the service operates.", - "$id" : "#assembly_oscal-implementation-common_port-range", - "type" : "object", - "properties" : - { "start" : - { "title" : "Start", - "description" : "Indicates the starting port number in a port range", - "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, - "end" : - { "title" : "End", - "description" : "Indicates the ending port number in a port range", - "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, - "transport" : - { "title" : "Transport", - "description" : "Indicates the transport type.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "TCP", - "UDP" ] } ] } }, - "additionalProperties" : false }, - "oscal-complete-oscal-implementation-common:implementation-status" : - { "title" : "Implementation Status", - "description" : "Indicates the degree to which the a given control is implemented.", - "$id" : "#assembly_oscal-implementation-common_implementation-status", - "type" : "object", - "properties" : - { "state" : - { "title" : "Implementation State", - "description" : "Identifies the implementation status of the control or control objective.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "implemented", - "partial", - "planned", - "alternative", - "not-applicable" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "oscal-complete-oscal-implementation-common:system-user" : - { "title" : "System User", - "description" : "A type of user that interacts with the system based on an associated role.", - "$id" : "#assembly_oscal-implementation-common_system-user", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "User Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "User Title", - "description" : "A name given to the user, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "User Short Name", - "description" : "A short common name, abbreviation, or acronym for the user.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "User Description", - "description" : "A summary of the user's purpose within the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "role-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_role-id" } }, - "authorized-privileges" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_authorized-privilege" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false }, - "oscal-complete-oscal-implementation-common:authorized-privilege" : - { "title" : "Privilege", - "description" : "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", - "$id" : "#assembly_oscal-implementation-common_authorized-privilege", - "type" : "object", - "properties" : - { "title" : - { "title" : "Privilege Title", - "description" : "A human readable name for the privilege.", - "type" : "string" }, - "description" : - { "title" : "Privilege Description", - "description" : "A summary of the privilege's purpose within the system.", - "type" : "string" }, - "functions-performed" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-implementation-common_function-performed" } } }, - "required" : - [ "title", - "functions-performed" ], - "additionalProperties" : false }, - "oscal-complete-oscal-implementation-common:function-performed" : - { "title" : "Functions Performed", - "description" : "Describes a function performed for a given authorized privilege by this user class.", - "$id" : "#field_oscal-implementation-common_function-performed", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-complete-oscal-implementation-common:inventory-item" : - { "title" : "Inventory Item", - "description" : "A single managed inventory item within the system.", - "$id" : "#assembly_oscal-implementation-common_inventory-item", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Inventory Item Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Inventory Item Description", - "description" : "A summary of the inventory item stating its purpose within the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "implemented-components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Implemented Component", - "description" : "The set of components that are implemented in a given system inventory item.", - "type" : "object", - "properties" : - { "component-uuid" : - { "title" : "Component Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "component-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false }, - "oscal-complete-oscal-implementation-common:set-parameter" : - { "title" : "Set Parameter Value", - "description" : "Identifies the parameter that will be set by the enclosed value.", - "$id" : "#assembly_oscal-implementation-common_set-parameter", - "type" : "object", - "properties" : - { "param-id" : - { "title" : "Parameter ID", - "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", - "$ref" : "#/definitions/TokenDatatype" }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Parameter Value", - "description" : "A parameter value or set of values.", - "$ref" : "#/definitions/StringDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "param-id", - "values" ], - "additionalProperties" : false }, - "oscal-complete-oscal-implementation-common:system-id" : - { "title" : "System Identification", - "description" : "A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.", - "$id" : "#field_oscal-implementation-common_system-id", - "type" : "object", - "properties" : - { "identifier-type" : - { "title" : "Identification System Type", - "description" : "Identifies the identification system from which the provided identifier was assigned.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "https://fedramp.gov", - "http://fedramp.gov/ns/oscal", - "https://ietf.org/rfc/rfc4122", - "http://ietf.org/rfc/rfc4122" ] } ] }, - "id" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "id" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:system-security-plan" : - { "title" : "System Security Plan (SSP)", - "description" : "A system security plan, such as those described in NIST SP 800-18", - "$id" : "#assembly_oscal-ssp_system-security-plan", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "System Security Plan Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "metadata" : - { "$ref" : "#assembly_oscal-metadata_metadata" }, - "import-profile" : - { "$ref" : "#assembly_oscal-ssp_import-profile" }, - "system-characteristics" : - { "$ref" : "#assembly_oscal-ssp_system-characteristics" }, - "system-implementation" : - { "$ref" : "#assembly_oscal-ssp_system-implementation" }, - "control-implementation" : - { "$ref" : "#assembly_oscal-ssp_control-implementation" }, - "back-matter" : - { "$ref" : "#assembly_oscal-metadata_back-matter" } }, - "required" : - [ "uuid", - "metadata", - "import-profile", - "system-characteristics", - "system-implementation", - "control-implementation" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:import-profile" : - { "title" : "Import Profile", - "description" : "Used to import the OSCAL profile representing the system's control baseline.", - "$id" : "#assembly_oscal-ssp_import-profile", - "type" : "object", - "properties" : - { "href" : - { "title" : "Profile Reference", - "description" : "A resolvable URL reference to the profile or catalog to use as the system's control baseline.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:system-characteristics" : - { "title" : "System Characteristics", - "description" : "Contains the characteristics of the system, such as its name, purpose, and security impact level.", - "$id" : "#assembly_oscal-ssp_system-characteristics", - "type" : "object", - "properties" : - { "system-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-implementation-common_system-id" } }, - "system-name" : - { "title" : "System Name - Full", - "description" : "The full name of the system.", - "$ref" : "#/definitions/StringDatatype" }, - "system-name-short" : - { "title" : "System Name - Short", - "description" : "A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "System Description", - "description" : "A summary of the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "date-authorized" : - { "$ref" : "#field_oscal-ssp_date-authorized" }, - "security-sensitivity-level" : - { "title" : "Security Sensitivity Level", - "description" : "The overall information system sensitivity categorization, such as defined by FIPS-199.", - "$ref" : "#/definitions/StringDatatype" }, - "system-information" : - { "$ref" : "#assembly_oscal-ssp_system-information" }, - "security-impact-level" : - { "$ref" : "#assembly_oscal-ssp_security-impact-level" }, - "status" : - { "$ref" : "#assembly_oscal-ssp_status" }, - "authorization-boundary" : - { "$ref" : "#assembly_oscal-ssp_authorization-boundary" }, - "network-architecture" : - { "$ref" : "#assembly_oscal-ssp_network-architecture" }, - "data-flow" : - { "$ref" : "#assembly_oscal-ssp_data-flow" }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "system-ids", - "system-name", - "description", - "security-sensitivity-level", - "system-information", - "security-impact-level", - "status", - "authorization-boundary" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:system-information" : - { "title" : "System Information", - "description" : "Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.", - "$id" : "#assembly_oscal-ssp_system-information", - "type" : "object", - "properties" : - { "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "information-types" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Information Type", - "description" : "Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Information Type Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "title field", - "description" : "A human readable name for the information type. This title should be meaningful within the context of the system.", - "type" : "string" }, - "description" : - { "title" : "Information Type Description", - "description" : "A summary of how this information type is used within the system.", - "type" : "string" }, - "categorizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Information Type Categorization", - "description" : "A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60.", - "type" : "object", - "properties" : - { "system" : - { "title" : "Information Type Identification System", - "description" : "Specifies the information type identification system used.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://doi.org/10.6028/NIST.SP.800-60v2r1" ] } ] }, - "information-type-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Information Type Systematized Identifier", - "description" : "A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/StringDatatype" } } }, - "required" : - [ "system" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "confidentiality-impact" : - { "title" : "Confidentiality Impact Level", - "description" : "The expected level of impact resulting from the unauthorized disclosure of the described information.", - "type" : "object", - "properties" : - { "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "base" : - { "$ref" : "#field_oscal-ssp_base" }, - "selected" : - { "$ref" : "#field_oscal-ssp_selected" }, - "adjustment-justification" : - { "$ref" : "#field_oscal-ssp_adjustment-justification" } }, - "required" : - [ "base" ], - "additionalProperties" : false }, - "integrity-impact" : - { "title" : "Integrity Impact Level", - "description" : "The expected level of impact resulting from the unauthorized modification of the described information.", - "type" : "object", - "properties" : - { "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "base" : - { "$ref" : "#field_oscal-ssp_base" }, - "selected" : - { "$ref" : "#field_oscal-ssp_selected" }, - "adjustment-justification" : - { "$ref" : "#field_oscal-ssp_adjustment-justification" } }, - "required" : - [ "base" ], - "additionalProperties" : false }, - "availability-impact" : - { "title" : "Availability Impact Level", - "description" : "The expected level of impact resulting from the disruption of access to or use of the described information or the information system.", - "type" : "object", - "properties" : - { "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "base" : - { "$ref" : "#field_oscal-ssp_base" }, - "selected" : - { "$ref" : "#field_oscal-ssp_selected" }, - "adjustment-justification" : - { "$ref" : "#field_oscal-ssp_adjustment-justification" } }, - "required" : - [ "base" ], - "additionalProperties" : false } }, - "required" : - [ "title", - "description", - "confidentiality-impact", - "integrity-impact", - "availability-impact" ], - "additionalProperties" : false } } }, - "required" : - [ "information-types" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:base" : - { "title" : "Base Level (Confidentiality, Integrity, or Availability)", - "description" : "The prescribed base (Confidentiality, Integrity, or Availability) security impact level.", - "$id" : "#field_oscal-ssp_base", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-complete-oscal-ssp:selected" : - { "title" : "Selected Level (Confidentiality, Integrity, or Availability)", - "description" : "The selected (Confidentiality, Integrity, or Availability) security impact level.", - "$id" : "#field_oscal-ssp_selected", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-complete-oscal-ssp:adjustment-justification" : - { "title" : "Adjustment Justification", - "description" : "If the selected security level is different from the base security level, this contains the justification for the change.", - "$id" : "#field_oscal-ssp_adjustment-justification", - "type" : "string" }, - "oscal-complete-oscal-ssp:security-impact-level" : - { "title" : "Security Impact Level", - "description" : "The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.", - "$id" : "#assembly_oscal-ssp_security-impact-level", - "type" : "object", - "properties" : - { "security-objective-confidentiality" : - { "title" : "Security Objective: Confidentiality", - "description" : "A target-level of confidentiality for the system, based on the sensitivity of information within the system.", - "$ref" : "#/definitions/StringDatatype" }, - "security-objective-integrity" : - { "title" : "Security Objective: Integrity", - "description" : "A target-level of integrity for the system, based on the sensitivity of information within the system.", - "$ref" : "#/definitions/StringDatatype" }, - "security-objective-availability" : - { "title" : "Security Objective: Availability", - "description" : "A target-level of availability for the system, based on the sensitivity of information within the system.", - "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "security-objective-confidentiality", - "security-objective-integrity", - "security-objective-availability" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:status" : - { "title" : "Status", - "description" : "Describes the operational status of the system.", - "$id" : "#assembly_oscal-ssp_status", - "type" : "object", - "properties" : - { "state" : - { "title" : "State", - "description" : "The current operating status.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "operational", - "under-development", - "under-major-modification", - "disposition", - "other" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:date-authorized" : - { "title" : "System Authorization Date", - "description" : "The date the system received its authorization.", - "$id" : "#field_oscal-ssp_date-authorized", - "$ref" : "#/definitions/DateDatatype" }, - "oscal-complete-oscal-ssp:authorization-boundary" : - { "title" : "Authorization Boundary", - "description" : "A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.", - "$id" : "#assembly_oscal-ssp_authorization-boundary", - "type" : "object", - "properties" : - { "description" : - { "title" : "Authorization Boundary Description", - "description" : "A summary of the system's authorization boundary.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "diagrams" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ssp_diagram" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "description" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:diagram" : - { "title" : "Diagram", - "description" : "A graphic that provides a visual representation the system, or some aspect of it.", - "$id" : "#assembly_oscal-ssp_diagram", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Diagram ID", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Diagram Description", - "description" : "A summary of the diagram.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "caption" : - { "title" : "Caption", - "description" : "A brief caption to annotate the diagram.", - "type" : "string" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:network-architecture" : - { "title" : "Network Architecture", - "description" : "A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.", - "$id" : "#assembly_oscal-ssp_network-architecture", - "type" : "object", - "properties" : - { "description" : - { "title" : "Network Architecture Description", - "description" : "A summary of the system's network architecture.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "diagrams" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ssp_diagram" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "description" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:data-flow" : - { "title" : "Data Flow", - "description" : "A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.", - "$id" : "#assembly_oscal-ssp_data-flow", - "type" : "object", - "properties" : - { "description" : - { "title" : "Data Flow Description", - "description" : "A summary of the system's data flow.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "diagrams" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ssp_diagram" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "description" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:system-implementation" : - { "title" : "System Implementation", - "description" : "Provides information as to how the system is implemented.", - "$id" : "#assembly_oscal-ssp_system-implementation", - "type" : "object", - "properties" : - { "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "leveraged-authorizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Leveraged Authorization", - "description" : "A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Leveraged Authorization Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "title field", - "description" : "A human readable name for the leveraged authorization in the context of the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "party-uuid" : - { "title" : "party-uuid field", - "description" : "A machine-oriented identifier reference to the party that manages the leveraged system.", - "$ref" : "#/definitions/UUIDDatatype" }, - "date-authorized" : - { "$ref" : "#field_oscal-ssp_date-authorized" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "title", - "party-uuid", - "date-authorized" ], - "additionalProperties" : false } }, - "users" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-user" } }, - "components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, - "inventory-items" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "users", - "components" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:control-implementation" : - { "title" : "Control Implementation", - "description" : "Describes how the system satisfies a set of controls.", - "$id" : "#assembly_oscal-ssp_control-implementation", - "type" : "object", - "properties" : - { "description" : - { "title" : "Control Implementation Description", - "description" : "A statement describing important things to know about how this set of control satisfaction documentation is approached.", - "type" : "string" }, - "set-parameters" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, - "implemented-requirements" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ssp_implemented-requirement" } } }, - "required" : - [ "description", - "implemented-requirements" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:implemented-requirement" : - { "title" : "Control-based Requirement", - "description" : "Describes how the system satisfies the requirements of an individual control.", - "$id" : "#assembly_oscal-ssp_implemented-requirement", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Control Requirement Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "control-id" : - { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "set-parameters" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "statements" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ssp_statement" } }, - "by-components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ssp_by-component" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "control-id" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:statement" : - { "title" : "Specific Control Statement", - "description" : "Identifies which statements within a control are addressed.", - "$id" : "#assembly_oscal-ssp_statement", - "type" : "object", - "properties" : - { "statement-id" : - { "title" : "Control Statement Reference", - "description" : "A human-oriented identifier reference to a control statement.", - "$ref" : "#/definitions/TokenDatatype" }, - "uuid" : - { "title" : "Control Statement Reference Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "by-components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ssp_by-component" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "statement-id", - "uuid" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ssp:by-component" : - { "title" : "Component Control Implementation", - "description" : "Defines how the referenced component implements a set of controls.", - "$id" : "#assembly_oscal-ssp_by-component", - "type" : "object", - "properties" : - { "component-uuid" : - { "title" : "Component Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to the component that is implemeting a given control.", - "$ref" : "#/definitions/UUIDDatatype" }, - "uuid" : - { "title" : "By-Component Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Control Implementation Description", - "description" : "An implementation statement that describes how a control or a control statement is implemented within the referenced system component.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "set-parameters" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, - "implementation-status" : - { "$ref" : "#assembly_oscal-implementation-common_implementation-status" }, - "export" : - { "title" : "Export", - "description" : "Identifies content intended for external consumption, such as with leveraged organizations.", - "type" : "object", - "properties" : - { "description" : - { "title" : "Control Implementation Export Description", - "description" : "An implementation statement that describes the aspects of the control or control statement implementation that can be available to another system leveraging this system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "provided" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Provided Control Implementation", - "description" : "Describes a capability which may be inherited by a leveraging system.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Provided Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Provided Control Implementation Description", - "description" : "An implementation statement that describes the aspects of the control or control statement implementation that can be provided to another system leveraging this system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "responsibilities" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Control Implementation Responsibility", - "description" : "Describes a control implementation responsibility imposed on a leveraging system.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Responsibility Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "provided-uuid" : - { "title" : "Provided UUID", - "description" : "A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Control Implementation Responsibility Description", - "description" : "An implementation statement that describes the aspects of the control or control statement implementation that a leveraging system must implement to satisfy the control provided by a leveraged system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false }, - "inherited" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Inherited Control Implementation", - "description" : "Describes a control implementation inherited by a leveraging system.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Inherited Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "provided-uuid" : - { "title" : "Provided UUID", - "description" : "A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Inherited Control Implementation Description", - "description" : "An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is inheriting from a leveraged system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "satisfied" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Satisfied Control Implementation Responsibility", - "description" : "Describes how this system satisfies a responsibility imposed by a leveraged system.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Satisfied Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "responsibility-uuid" : - { "title" : "Responsibility UUID", - "description" : "A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Satisfied Control Implementation Responsibility Description", - "description" : "An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is implementing based on a requirement from a leveraged system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "component-uuid", - "uuid", - "description" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ap:assessment-plan" : - { "title" : "Security Assessment Plan (SAP)", - "description" : "An assessment plan, such as those provided by a FedRAMP assessor.", - "$id" : "#assembly_oscal-ap_assessment-plan", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Plan Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "metadata" : - { "$ref" : "#assembly_oscal-metadata_metadata" }, - "import-ssp" : - { "$ref" : "#assembly_oscal-assessment-common_import-ssp" }, - "local-definitions" : - { "title" : "Local Definitions", - "description" : "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", - "type" : "object", - "properties" : - { "components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, - "inventory-items" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, - "users" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-user" } }, - "objectives-and-methods" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_local-objective" } }, - "activities" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_activity" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false }, - "terms-and-conditions" : - { "title" : "Assessment Plan Terms and Conditions", - "description" : "Used to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition.", - "type" : "object", - "properties" : - { "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } } }, - "additionalProperties" : false }, - "reviewed-controls" : - { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, - "assessment-subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, - "assessment-assets" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-assets" }, - "tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_task" } }, - "back-matter" : - { "$ref" : "#assembly_oscal-metadata_back-matter" } }, - "required" : - [ "uuid", - "metadata", - "import-ssp", - "reviewed-controls" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:import-ssp" : - { "title" : "Import System Security Plan", - "description" : "Used by the assessment plan and POA&M to import information about the system.", - "$id" : "#assembly_oscal-assessment-common_import-ssp", - "type" : "object", - "properties" : - { "href" : - { "title" : "System Security Plan Reference", - "description" : "A resolvable URL reference to the system security plan for the system being assessed.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:local-objective" : - { "title" : "Assessment-Specific Control Objective", - "description" : "A local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.", - "$id" : "#assembly_oscal-assessment-common_local-objective", - "type" : "object", - "properties" : - { "control-id" : - { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "$ref" : "#/definitions/TokenDatatype" }, - "description" : - { "title" : "Objective Description", - "description" : "A human-readable description of this control objective.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "control-id", - "parts" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:assessment-method" : - { "title" : "Assessment Method", - "description" : "A local definition of a control objective. Uses catalog syntax for control objective and assessment activities.", - "$id" : "#assembly_oscal-assessment-common_assessment-method", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Method Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Assessment Method Description", - "description" : "A human-readable description of this assessment method.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "part" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-part" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "part" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:activity" : - { "title" : "Activity", - "description" : "Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.", - "$id" : "#assembly_oscal-assessment-common_activity", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Activity Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Included Activity Title", - "description" : "The title for this included activity.", - "type" : "string" }, - "description" : - { "title" : "Included Activity Description", - "description" : "A human-readable description of this included activity.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "steps" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Step", - "description" : "Identifies an individual step in a series of steps related to an activity, such as an assessment test or examination procedure.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Step Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Step Title", - "description" : "The title for this step.", - "type" : "string" }, - "description" : - { "title" : "Step Description", - "description" : "A human-readable description of this step.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "reviewed-controls" : - { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "related-controls" : - { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:task" : - { "title" : "Task", - "description" : "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.", - "$id" : "#assembly_oscal-assessment-common_task", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Task Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Task Type", - "description" : "The type of task.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "milestone", - "action" ] } ] }, - "title" : - { "title" : "Task Title", - "description" : "The title for this task.", - "type" : "string" }, - "description" : - { "title" : "Task Description", - "description" : "A human-readable description of this task.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "timing" : - { "title" : "Event Timing", - "description" : "The timing under which the task is intended to occur.", - "type" : "object", - "properties" : - { "on-date" : - { "title" : "On Date Condition", - "description" : "The task is intended to occur on the specified date.", - "type" : "object", - "properties" : - { "date" : - { "title" : "On Date Condition", - "description" : "The task must occur on the specified date.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, - "required" : - [ "date" ], - "additionalProperties" : false }, - "within-date-range" : - { "title" : "On Date Range Condition", - "description" : "The task is intended to occur within the specified date range.", - "type" : "object", - "properties" : - { "start" : - { "title" : "Start Date Condition", - "description" : "The task must occur on or after the specified date.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "end" : - { "title" : "End Date Condition", - "description" : "The task must occur on or before the specified date.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, - "required" : - [ "start", - "end" ], - "additionalProperties" : false }, - "at-frequency" : - { "title" : "Frequency Condition", - "description" : "The task is intended to occur at the specified frequency.", - "type" : "object", - "properties" : - { "period" : - { "title" : "Period", - "description" : "The task must occur after the specified period has elapsed.", - "$ref" : "#/definitions/PositiveIntegerDatatype" }, - "unit" : - { "title" : "Time Unit", - "description" : "The unit of time for the period.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "seconds", - "minutes", - "hours", - "days", - "months", - "years" ] } ] } }, - "required" : - [ "period", - "unit" ], - "additionalProperties" : false } }, - "additionalProperties" : false }, - "dependencies" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Task Dependency", - "description" : "Used to indicate that a task is dependent on another task.", - "type" : "object", - "properties" : - { "task-uuid" : - { "title" : "Task Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique task.", - "$ref" : "#/definitions/UUIDDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "task-uuid" ], - "additionalProperties" : false } }, - "tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_task" } }, - "associated-activities" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Associated Activity", - "description" : "Identifies an individual activity to be performed as part of a task.", - "type" : "object", - "properties" : - { "activity-uuid" : - { "title" : "Activity Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to an activity defined in the list of activities.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "activity-uuid", - "subjects" ], - "additionalProperties" : false } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type", - "title" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:reviewed-controls" : - { "title" : "Reviewed Controls and Control Objectives", - "description" : "Identifies the controls being assessed and their control objectives.", - "$id" : "#assembly_oscal-assessment-common_reviewed-controls", - "type" : "object", - "properties" : - { "description" : - { "title" : "Control Objective Description", - "description" : "A human-readable description of control objectives.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "control-selections" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Assessed Controls", - "description" : "Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.", - "type" : "object", - "properties" : - { "description" : - { "title" : "Assessed Controls Description", - "description" : "A human-readable description of in-scope controls specified for assessment.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, - "exclude-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false } }, - "control-objective-selections" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Referenced Control Objectives", - "description" : "Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the assessed objectives, and reflects any changes from the plan.", - "type" : "object", - "properties" : - { "description" : - { "title" : "Control Objectives Description", - "description" : "A human-readable description of this collection of control objectives.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-objectives" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, - "exclude-objectives" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "control-selections" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:select-control-by-id" : - { "title" : "Select Control", - "description" : "Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.", - "$id" : "#assembly_oscal-assessment-common_select-control-by-id", - "type" : "object", - "properties" : - { "control-id" : - { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "$ref" : "#/definitions/TokenDatatype" }, - "statement-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Include Specific Statements", - "description" : "Used to constrain the selection to only specificity identified statements.", - "$ref" : "#/definitions/TokenDatatype" } } }, - "required" : - [ "control-id" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:select-objective-by-id" : - { "title" : "Select Objective", - "description" : "Used to select a control objective for inclusion/exclusion based on the control objective's identifier.", - "$id" : "#assembly_oscal-assessment-common_select-objective-by-id", - "type" : "object", - "properties" : - { "objective-id" : - { "title" : "Objective ID", - "description" : "Points to an assessment objective.", - "$ref" : "#/definitions/TokenDatatype" } }, - "required" : - [ "objective-id" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:assessment-subject-placeholder" : - { "title" : "Assessment Subject Placeholder", - "description" : "Used when the assessment subjects will be determined as part of one or more other assessment activities. These assessment subjects will be recorded in the assessment results in the assessment log.", - "$id" : "#assembly_oscal-assessment-common_assessment-subject-placeholder", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Subject Placeholder Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Assessment Subject Placeholder Description", - "description" : "A human-readable description of intent of this assessment subject placeholder.", - "type" : "string" }, - "sources" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Assessment Subject Source", - "description" : "Assessment subjects will be identified while conducting the referenced activity-instance.", - "type" : "object", - "properties" : - { "task-uuid" : - { "title" : "Task Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "task-uuid" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "sources" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:assessment-subject" : - { "title" : "Subject of Assessment", - "description" : "Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope.", - "$id" : "#assembly_oscal-assessment-common_assessment-subject", - "type" : "object", - "properties" : - { "type" : - { "title" : "Subject Type", - "description" : "Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "component", - "inventory-item", - "location", - "party", - "user" ] } ] }, - "description" : - { "title" : "Include Subjects Description", - "description" : "A human-readable description of the collection of subjects being included in this assessment.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, - "exclude-subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "type" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:select-subject-by-id" : - { "title" : "Select Assessment Subject", - "description" : "Identifies a set of assessment subjects to include/exclude by UUID.", - "$id" : "#assembly_oscal-assessment-common_select-subject-by-id", - "type" : "object", - "properties" : - { "subject-uuid" : - { "title" : "Subject Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Subject Universally Unique Identifier Reference Type", - "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "component", - "inventory-item", - "location", - "party", - "user", - "resource" ] } ] }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "subject-uuid", - "type" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:subject-reference" : - { "title" : "Identifies the Subject", - "description" : "A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.", - "$id" : "#assembly_oscal-assessment-common_subject-reference", - "type" : "object", - "properties" : - { "subject-uuid" : - { "title" : "Subject Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Subject Universally Unique Identifier Reference Type", - "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "component", - "inventory-item", - "location", - "party", - "user", - "resource" ] } ] }, - "title" : - { "title" : "Subject Reference Title", - "description" : "The title or name for the referenced subject.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "subject-uuid", - "type" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:assessment-assets" : - { "title" : "Assessment Assets", - "description" : "Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.", - "$id" : "#assembly_oscal-assessment-common_assessment-assets", - "type" : "object", - "properties" : - { "components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, - "assessment-platforms" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Assessment Platform", - "description" : "Used to represent the toolset used to perform aspects of the assessment.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Platform Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Assessment Platform Title", - "description" : "The title or name for the assessment platform.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "uses-components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Uses Component", - "description" : "The set of components that are used by the assessment platform.", - "type" : "object", - "properties" : - { "component-uuid" : - { "title" : "Component Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "component-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false } } }, - "required" : - [ "assessment-platforms" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:finding-target" : - { "title" : "Objective Status", - "description" : "Captures an assessor's conclusions regarding the degree to which an objective is satisfied.", - "$id" : "#assembly_oscal-assessment-common_finding-target", - "type" : "object", - "properties" : - { "type" : - { "title" : "Finding Target Type", - "description" : "Identifies the type of the target.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "statement-id", - "objective-id" ] } ] }, - "target-id" : - { "title" : "Finding Target Identifier Reference", - "description" : "A machine-oriented identifier reference for a specific target qualified by the type.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Objective Status Title", - "description" : "The title for this objective status.", - "type" : "string" }, - "description" : - { "title" : "Objective Status Description", - "description" : "A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "status" : - { "title" : "Objective Status", - "description" : "A determination of if the objective is satisfied or not within a given system.", - "type" : "object", - "properties" : - { "state" : - { "title" : "Objective Status State", - "description" : "An indication as to whether the objective is satisfied or not.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "satisfied", - "not-satisfied" ] } ] }, - "reason" : - { "title" : "Objective Status Reason", - "description" : "The reason the objective was given it's status.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "pass", - "fail", - "other" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "implementation-status" : - { "$ref" : "#assembly_oscal-implementation-common_implementation-status" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "type", - "target-id", - "status" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:observation" : - { "title" : "Observation", - "description" : "Describes an individual observation.", - "$id" : "#assembly_oscal-assessment-common_observation", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Observation Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Observation Title", - "description" : "The title for this observation.", - "type" : "string" }, - "description" : - { "title" : "Observation Description", - "description" : "A human-readable description of this assessment observation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "methods" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Observation Method", - "description" : "Identifies how the observation was made.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "EXAMINE", - "INTERVIEW", - "TEST", - "UNKNOWN" ] } ] } }, - "types" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Observation Type", - "description" : "Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "ssp-statement-issue", - "control-objective", - "mitigation", - "finding", - "historic" ] } ] } }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, - "relevant-evidence" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Relevant Evidence", - "description" : "Links this observation to relevant evidence.", - "type" : "object", - "properties" : - { "href" : - { "title" : "Relevant Evidence Reference", - "description" : "A resolvable URL reference to relevant evidence.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "description" : - { "title" : "Relevant Evidence Description", - "description" : "A human-readable description of this evidence.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "description" ], - "additionalProperties" : false } }, - "collected" : - { "title" : "Collected Field", - "description" : "Date/time stamp identifying when the finding information was collected.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "expires" : - { "title" : "Expires Field", - "description" : "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description", - "methods", - "collected" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:origin" : - { "title" : "Origin", - "description" : "Identifies the source of the finding, such as a tool, interviewed person, or activity.", - "$id" : "#assembly_oscal-assessment-common_origin", - "type" : "object", - "properties" : - { "actors" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin-actor" } }, - "related-tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_related-task" } } }, - "required" : - [ "actors" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:origin-actor" : - { "title" : "Originating Actor", - "description" : "The actor that produces an observation, a finding, or a risk. One or more actor type can be used to specify a person that is using a tool.", - "$id" : "#assembly_oscal-assessment-common_origin-actor", - "type" : "object", - "properties" : - { "type" : - { "title" : "Actor Type", - "description" : "The kind of actor.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "tool", - "assessment-platform", - "party" ] } ] }, - "actor-uuid" : - { "title" : "Actor Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to the tool or person based on the associated type.", - "$ref" : "#/definitions/UUIDDatatype" }, - "role-id" : - { "title" : "Actor Role", - "description" : "For a party, this can optionally be used to specify the role the actor was performing.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "type", - "actor-uuid" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:related-task" : - { "title" : "Task Reference", - "description" : "Identifies an individual task for which the containing object is a consequence of.", - "$id" : "#assembly_oscal-assessment-common_related-task", - "type" : "object", - "properties" : - { "task-uuid" : - { "title" : "Task Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique task.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, - "identified-subject" : - { "title" : "Identified Subject", - "description" : "Used to detail assessment subjects that were identfied by this task.", - "type" : "object", - "properties" : - { "subject-placeholder-uuid" : - { "title" : "Assessment Subject Placeholder Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task.", - "$ref" : "#/definitions/UUIDDatatype" }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } } }, - "required" : - [ "subject-placeholder-uuid", - "subjects" ], - "additionalProperties" : false }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "task-uuid" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:threat-id" : - { "title" : "Threat ID", - "description" : "A pointer, by ID, to an externally-defined threat.", - "$id" : "#field_oscal-assessment-common_threat-id", - "type" : "object", - "properties" : - { "system" : - { "title" : "Threat Type Identification System", - "description" : "Specifies the source of the threat information.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://fedramp.gov", - "http://fedramp.gov/ns/oscal" ] } ] }, - "href" : - { "title" : "Threat Information Resource Reference", - "description" : "An optional location for the threat data, from which this ID originates.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "id" : - { "$ref" : "#/definitions/URIDatatype" } }, - "required" : - [ "id", - "system" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:risk" : - { "title" : "Identified Risk", - "description" : "An identified risk.", - "$id" : "#assembly_oscal-assessment-common_risk", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Risk Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Risk Title", - "description" : "The title for this risk.", - "type" : "string" }, - "description" : - { "title" : "Risk Description", - "description" : "A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.", - "type" : "string" }, - "statement" : - { "title" : "Risk Statement", - "description" : "An summary of impact for how the risk affects the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "status" : - { "$ref" : "#field_oscal-assessment-common_risk-status" }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin" } }, - "threat-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-assessment-common_threat-id" } }, - "characterizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_characterization" } }, - "mitigating-factors" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Mitigating Factor", - "description" : "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Mitigating Factor Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "implementation-uuid" : - { "title" : "Implementation UUID", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Mitigating Factor Description", - "description" : "A human-readable description of this mitigating factor.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "deadline" : - { "title" : "Risk Resolution Deadline", - "description" : "The date/time by which the risk must be resolved.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "remediations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_response" } }, - "risk-log" : - { "title" : "Risk Log", - "description" : "A log of all risk-related tasks taken.", - "type" : "object", - "properties" : - { "entries" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Risk Log Entry", - "description" : "Identifies an individual risk response that occurred as part of managing an identified risk.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Risk Log Entry Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Title", - "description" : "The title for this risk log entry.", - "type" : "string" }, - "description" : - { "title" : "Risk Task Description", - "description" : "A human-readable description of what was done regarding the risk.", - "type" : "string" }, - "start" : - { "title" : "Start", - "description" : "Identifies the start date and time of the event.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "end" : - { "title" : "End", - "description" : "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "logged-by" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_logged-by" } }, - "status-change" : - { "$ref" : "#field_oscal-assessment-common_risk-status" }, - "related-responses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Risk Response Reference", - "description" : "Identifies an individual risk response that this log entry is for.", - "type" : "object", - "properties" : - { "response-uuid" : - { "title" : "Response Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique risk response.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "related-tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_related-task" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "response-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "start" ], - "additionalProperties" : false } } }, - "required" : - [ "entries" ], - "additionalProperties" : false }, - "related-observations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Related Observation", - "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", - "type" : "object", - "properties" : - { "observation-uuid" : - { "title" : "Observation Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "observation-uuid" ], - "additionalProperties" : false } } }, - "required" : - [ "uuid", - "title", - "description", - "statement", - "status" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:logged-by" : - { "title" : "Logged By", - "description" : "Used to indicate who created a log entry in what role.", - "$id" : "#assembly_oscal-assessment-common_logged-by", - "type" : "object", - "properties" : - { "party-uuid" : - { "title" : "Party UUID Reference", - "description" : "A machine-oriented identifier reference to the party who is making the log entry.", - "$ref" : "#/definitions/UUIDDatatype" }, - "role-id" : - { "title" : "Actor Role", - "description" : "A point to the role-id of the role in which the party is making the log entry.", - "$ref" : "#/definitions/TokenDatatype" } }, - "required" : - [ "party-uuid" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:risk-status" : - { "title" : "Risk Status", - "description" : "Describes the status of the associated risk.", - "$id" : "#field_oscal-assessment-common_risk-status", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "open", - "investigating", - "remediating", - "deviation-requested", - "deviation-approved", - "closed" ] } ] }, - "oscal-complete-oscal-assessment-common:characterization" : - { "title" : "Characterization", - "description" : "A collection of descriptive data about the containing object from a specific origin.", - "$id" : "#assembly_oscal-assessment-common_characterization", - "type" : "object", - "properties" : - { "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "origin" : - { "$ref" : "#assembly_oscal-assessment-common_origin" }, - "facets" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Facet", - "description" : "An individual characteristic that is part of a larger set produced by the same actor.", - "type" : "object", - "properties" : - { "name" : - { "title" : "Facet Name", - "description" : "The name of the risk metric within the specified system.", - "$ref" : "#/definitions/TokenDatatype" }, - "system" : - { "title" : "Naming System", - "description" : "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://fedramp.gov", - "http://fedramp.gov/ns/oscal", - "http://csrc.nist.gov/ns/oscal", - "http://csrc.nist.gov/ns/oscal/unknown", - "http://cve.mitre.org", - "http://www.first.org/cvss/v2.0", - "http://www.first.org/cvss/v3.0", - "http://www.first.org/cvss/v3.1" ] } ] }, - "value" : - { "title" : "Facet Value", - "description" : "Indicates the value of the facet.", - "$ref" : "#/definitions/StringDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "name", - "system", - "value" ], - "additionalProperties" : false } } }, - "required" : - [ "origin", - "facets" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:response" : - { "title" : "Risk Response", - "description" : "Describes either recommended or an actual plan for addressing the risk.", - "$id" : "#assembly_oscal-assessment-common_response", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Remediation Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "lifecycle" : - { "title" : "Remediation Intent", - "description" : "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "recommendation", - "planned", - "completed" ] } ] }, - "title" : - { "title" : "Response Title", - "description" : "The title for this response activity.", - "type" : "string" }, - "description" : - { "title" : "Response Description", - "description" : "A human-readable description of this response plan.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin" } }, - "required-assets" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Required Asset", - "description" : "Identifies an asset required to achieve remediation.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Required Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, - "title" : - { "title" : "Title for Required Asset", - "description" : "The title for this required asset.", - "type" : "string" }, - "description" : - { "title" : "Description of Required Asset", - "description" : "A human-readable description of this required asset.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_task" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "lifecycle", - "title", - "description" ], - "additionalProperties" : false }, - "oscal-complete-oscal-assessment-common:assessment-part" : - { "title" : "Assessment Part", - "description" : "A partition of an assessment plan or results or a child of another part.", - "$id" : "#assembly_oscal-assessment-common_assessment-part", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Part Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "name" : - { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", - "anyOf" : + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "param", + "prop", + "link", + "part", + "mapping", + "map" ] } ] }, + "by-ns" : + { "title" : "Item Namespace Reference", + "description" : "Identify items to remove by the item's ns, which is the namespace associated with a part, or prop.", + "$ref" : "#/definitions/TokenDatatype" } }, + "additionalProperties" : false } }, + "adds" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Addition", + "description" : "Specifies contents to be added into controls, in resolution.", + "type" : "object", + "properties" : + { "position" : + { "title" : "Position", + "description" : "Where to add the new content with respect to the targeted element (beside it or inside it).", + "allOf" : [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "asset", - "method", - "objective" ] } ] }, - "ns" : - { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "class" : - { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "before", + "after", + "starting", + "ending" ] } ] }, + "by-id" : + { "title" : "Reference by ID", + "description" : "Target location of the addition.", "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "prose" : - { "title" : "Part Text", - "description" : "Permits multiple paragraphs, lists, tables etc.", + "title" : + { "title" : "Title Change", + "description" : "A name given to the control, which may be used by a tool for display and navigation.", "type" : "string" }, - "parts" : - { "type" : "array", + "params" : + { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } }, - "links" : - { "type" : "array", + { "$ref" : "#assembly_oscal-control-common_parameter" } }, + "props" : + { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ar:assessment-results" : - { "title" : "Security Assessment Results (SAR)", - "description" : "Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.", - "$id" : "#assembly_oscal-ar_assessment-results", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Results Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "metadata" : - { "$ref" : "#assembly_oscal-metadata_metadata" }, - "import-ap" : - { "$ref" : "#assembly_oscal-ar_import-ap" }, - "local-definitions" : - { "title" : "Local Definitions", - "description" : "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", - "type" : "object", - "properties" : - { "objectives-and-methods" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_local-objective" } }, - "activities" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_activity" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false }, - "results" : - { "type" : "array", + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-ar_result" } }, - "back-matter" : - { "$ref" : "#assembly_oscal-metadata_back-matter" } }, - "required" : - [ "uuid", - "metadata", - "import-ap", - "results" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ar:result" : - { "title" : "Assessment Result", - "description" : "Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.", - "$id" : "#assembly_oscal-ar_result", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Results Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Results Title", - "description" : "The title for this set of results.", - "type" : "string" }, + { "$ref" : "#assembly_oscal-metadata_link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } } }, + "additionalProperties" : false } } }, + "required" : + [ "control-id" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-complete-oscal-profile:insert-controls" : + { "title" : "Insert Controls", + "description" : "Specifies which controls to use in the containing context.", + "$id" : "#assembly_oscal-profile_insert-controls", + "type" : "object", + "properties" : + { "order" : + { "title" : "Order", + "description" : "A designation of how a selection of controls in a profile is to be ordered.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "keep", + "ascending", + "descending" ] } ] }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_select-control-by-id" } }, + "exclude-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_select-control-by-id" } } }, + "additionalProperties" : false }, + "oscal-complete-oscal-profile:select-control-by-id" : + { "title" : "Select Control", + "description" : "Select a control or controls from an imported control set.", + "$id" : "#assembly_oscal-profile_select-control-by-id", + "type" : "object", + "properties" : + { "with-child-controls" : + { "title" : "Include Contained Controls with Control", + "description" : "When a control is included, whether its child (dependent) controls are also included.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "yes", + "no" ] } ] }, + "with-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-profile_with-id" } }, + "matching" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_matching" } } }, + "additionalProperties" : false }, + "oscal-complete-oscal-profile:with-id" : + { "title" : "Match Controls by Identifier", + "description" : "Selecting a control by its ID given as a literal.", + "$id" : "#field_oscal-profile_with-id", + "$ref" : "#/definitions/TokenDatatype" }, + "oscal-complete-oscal-profile:matching" : + { "title" : "Match Controls by Pattern", + "description" : "Selecting a set of controls by matching their IDs with a wildcard pattern.", + "$id" : "#assembly_oscal-profile_matching", + "type" : "object", + "properties" : + { "pattern" : + { "title" : "Pattern", + "description" : "A glob expression matching the IDs of one or more controls to be selected.", + "$ref" : "#/definitions/StringDatatype" } }, + "additionalProperties" : false }, + "oscal-complete-oscal-component-definition:component-definition" : + { "title" : "Component Definition", + "description" : "A collection of component descriptions, which may optionally be grouped by capability.", + "$id" : "#assembly_oscal-component-definition_component-definition", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Component Definition Universally Unique Identifier", + "description" : "Provides a globally unique means to identify a given component definition instance.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "import-component-definitions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_import-component-definition" } }, + "components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_defined-component" } }, + "capabilities" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_capability" } }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata" ], + "additionalProperties" : false }, + "oscal-complete-oscal-component-definition:import-component-definition" : + { "title" : "Import Component Definition", + "description" : "Loads a component definition from another resource.", + "$id" : "#assembly_oscal-component-definition_import-component-definition", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hyperlink Reference", + "description" : "A link to a resource that defines a set of components and/or capabilities to import into this collection.", + "$ref" : "#/definitions/URIReferenceDatatype" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-complete-oscal-component-definition:defined-component" : + { "title" : "Component", + "description" : "A defined component that can be part of an implemented system.", + "$id" : "#assembly_oscal-component-definition_defined-component", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Component Identifier", + "description" : "Provides a globally unique means to identify a given component.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Component Type", + "description" : "A category describing the purpose of the component.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation" ] } ] }, + "title" : + { "title" : "Component Title", + "description" : "A human readable name for the component.", + "type" : "string" }, + "description" : + { "title" : "Component Description", + "description" : "A description of the component, including information about its function.", + "type" : "string" }, + "purpose" : + { "title" : "Purpose", + "description" : "A summary of the technological or business purpose of the component.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "protocols" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, + "control-implementations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_control-implementation" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "title", + "description" ], + "additionalProperties" : false }, + "oscal-complete-oscal-component-definition:capability" : + { "title" : "Capability", + "description" : "A grouping of other components and/or capabilities.", + "$id" : "#assembly_oscal-component-definition_capability", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Capability Identifier", + "description" : "Provides a globally unique means to identify a given capability.", + "$ref" : "#/definitions/UUIDDatatype" }, + "name" : + { "title" : "Capability Name", + "description" : "The capability's human-readable name.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Capability Description", + "description" : "A summary of the capability.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "incorporates-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_incorporates-component" } }, + "control-implementations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_control-implementation" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "name", + "description" ], + "additionalProperties" : false }, + "oscal-complete-oscal-component-definition:incorporates-component" : + { "title" : "Incorporates Component", + "description" : "The collection of components comprising this capability.", + "$id" : "#assembly_oscal-component-definition_incorporates-component", + "type" : "object", + "properties" : + { "component-uuid" : + { "title" : "Component Reference", + "description" : "A machine-oriented identifier reference to a component.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Component Description", + "description" : "A description of the component, including information about its function.", + "type" : "string" } }, + "required" : + [ "component-uuid", + "description" ], + "additionalProperties" : false }, + "oscal-complete-oscal-component-definition:control-implementation" : + { "title" : "Control Implementation Set", + "description" : "Defines how the component or capability supports a set of controls.", + "$id" : "#assembly_oscal-component-definition_control-implementation", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Control Implementation Set Identifier", + "description" : "Provides a means to identify a set of control implementations that are supported by a given component or capability.", + "$ref" : "#/definitions/UUIDDatatype" }, + "source" : + { "title" : "Source Resource Reference", + "description" : "A reference to an OSCAL catalog or profile providing the referenced control or subcontrol definition.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "description" : + { "title" : "Control Implementation Description", + "description" : "A description of how the specified set of controls are implemented for the containing component or capability.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "set-parameters" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, + "implemented-requirements" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_implemented-requirement" } } }, + "required" : + [ "uuid", + "source", + "description", + "implemented-requirements" ], + "additionalProperties" : false }, + "oscal-complete-oscal-component-definition:implemented-requirement" : + { "title" : "Control Implementation", + "description" : "Describes how the containing component or capability implements an individual control.", + "$id" : "#assembly_oscal-component-definition_implemented-requirement", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Control Implementation Identifier", + "description" : "Provides a globally unique means to identify a given control implementation by a component.", + "$ref" : "#/definitions/UUIDDatatype" }, + "control-id" : + { "title" : "Control Identifier Reference", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "$ref" : "#/definitions/TokenDatatype" }, + "description" : + { "title" : "Control Implementation Description", + "description" : "A suggestion from the supplier (e.g., component vendor or author) for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "set-parameters" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "statements" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_statement" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "control-id", + "description" ], + "additionalProperties" : false }, + "oscal-complete-oscal-component-definition:statement" : + { "title" : "Control Statement Implementation", + "description" : "Identifies which statements within a control are addressed.", + "$id" : "#assembly_oscal-component-definition_statement", + "type" : "object", + "properties" : + { "statement-id" : + { "title" : "Control Statement Reference", + "description" : "A human-oriented identifier reference to a control statement.", + "$ref" : "#/definitions/TokenDatatype" }, + "uuid" : + { "title" : "Control Statement Reference Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Statement Implementation Description", + "description" : "A summary of how the containing control statement is implemented by the component or capability.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "statement-id", + "uuid", + "description" ], + "additionalProperties" : false }, + "oscal-complete-oscal-implementation-common:system-component" : + { "title" : "Component", + "description" : "A defined component that can be part of an implemented system.", + "$id" : "#assembly_oscal-implementation-common_system-component", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Component Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Component Type", + "description" : "A category describing the purpose of the component.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "this-system", + "system", + "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation", + "network" ] } ] }, + "title" : + { "title" : "Component Title", + "description" : "A human readable name for the system component.", + "type" : "string" }, + "description" : + { "title" : "Component Description", + "description" : "A description of the component, including information about its function.", + "type" : "string" }, + "purpose" : + { "title" : "Purpose", + "description" : "A summary of the technological or business purpose of the component.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "status" : + { "title" : "Status", + "description" : "Describes the operational status of the system component.", + "type" : "object", + "properties" : + { "state" : + { "title" : "State", + "description" : "The operational status.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "under-development", + "operational", + "disposition", + "other" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "protocols" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "title", + "description", + "status" ], + "additionalProperties" : false }, + "oscal-complete-oscal-implementation-common:protocol" : + { "title" : "Service Protocol Information", + "description" : "Information about the protocol used to provide a service.", + "$id" : "#assembly_oscal-implementation-common_protocol", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Service Protocol Information Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "name" : + { "title" : "Protocol Name", + "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", + "$ref" : "#/definitions/StringDatatype" }, + "title" : + { "title" : "Protocol Title", + "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", + "type" : "string" }, + "port-ranges" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_port-range" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-complete-oscal-implementation-common:port-range" : + { "title" : "Port Range", + "description" : "Where applicable this is the IPv4 port range on which the service operates.", + "$id" : "#assembly_oscal-implementation-common_port-range", + "type" : "object", + "properties" : + { "start" : + { "title" : "Start", + "description" : "Indicates the starting port number in a port range", + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, + "end" : + { "title" : "End", + "description" : "Indicates the ending port number in a port range", + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, + "transport" : + { "title" : "Transport", + "description" : "Indicates the transport type.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "TCP", + "UDP" ] } ] } }, + "additionalProperties" : false }, + "oscal-complete-oscal-implementation-common:implementation-status" : + { "title" : "Implementation Status", + "description" : "Indicates the degree to which the a given control is implemented.", + "$id" : "#assembly_oscal-implementation-common_implementation-status", + "type" : "object", + "properties" : + { "state" : + { "title" : "Implementation State", + "description" : "Identifies the implementation status of the control or control objective.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "implemented", + "partial", + "planned", + "alternative", + "not-applicable" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "oscal-complete-oscal-implementation-common:system-user" : + { "title" : "System User", + "description" : "A type of user that interacts with the system based on an associated role.", + "$id" : "#assembly_oscal-implementation-common_system-user", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "User Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "User Title", + "description" : "A name given to the user, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "User Short Name", + "description" : "A short common name, abbreviation, or acronym for the user.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "User Description", + "description" : "A summary of the user's purpose within the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "role-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_role-id" } }, + "authorized-privileges" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_authorized-privilege" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false }, + "oscal-complete-oscal-implementation-common:authorized-privilege" : + { "title" : "Privilege", + "description" : "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", + "$id" : "#assembly_oscal-implementation-common_authorized-privilege", + "type" : "object", + "properties" : + { "title" : + { "title" : "Privilege Title", + "description" : "A human readable name for the privilege.", + "type" : "string" }, + "description" : + { "title" : "Privilege Description", + "description" : "A summary of the privilege's purpose within the system.", + "type" : "string" }, + "functions-performed" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-implementation-common_function-performed" } } }, + "required" : + [ "title", + "functions-performed" ], + "additionalProperties" : false }, + "oscal-complete-oscal-implementation-common:function-performed" : + { "title" : "Functions Performed", + "description" : "Describes a function performed for a given authorized privilege by this user class.", + "$id" : "#field_oscal-implementation-common_function-performed", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-complete-oscal-implementation-common:inventory-item" : + { "title" : "Inventory Item", + "description" : "A single managed inventory item within the system.", + "$id" : "#assembly_oscal-implementation-common_inventory-item", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Inventory Item Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Inventory Item Description", + "description" : "A summary of the inventory item stating its purpose within the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "implemented-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Implemented Component", + "description" : "The set of components that are implemented in a given system inventory item.", + "type" : "object", + "properties" : + { "component-uuid" : + { "title" : "Component Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "component-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false }, + "oscal-complete-oscal-implementation-common:set-parameter" : + { "title" : "Set Parameter Value", + "description" : "Identifies the parameter that will be set by the enclosed value.", + "$id" : "#assembly_oscal-implementation-common_set-parameter", + "type" : "object", + "properties" : + { "param-id" : + { "title" : "Parameter ID", + "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", + "$ref" : "#/definitions/TokenDatatype" }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$ref" : "#/definitions/StringDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "param-id", + "values" ], + "additionalProperties" : false }, + "oscal-complete-oscal-implementation-common:system-id" : + { "title" : "System Identification", + "description" : "A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.", + "$id" : "#field_oscal-implementation-common_system-id", + "type" : "object", + "properties" : + { "identifier-type" : + { "title" : "Identification System Type", + "description" : "Identifies the identification system from which the provided identifier was assigned.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "https://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "https://ietf.org/rfc/rfc4122", + "http://ietf.org/rfc/rfc4122" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "id" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:system-security-plan" : + { "title" : "System Security Plan (SSP)", + "description" : "A system security plan, such as those described in NIST SP 800-18.", + "$id" : "#assembly_oscal-ssp_system-security-plan", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "System Security Plan Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "import-profile" : + { "$ref" : "#assembly_oscal-ssp_import-profile" }, + "system-characteristics" : + { "$ref" : "#assembly_oscal-ssp_system-characteristics" }, + "system-implementation" : + { "$ref" : "#assembly_oscal-ssp_system-implementation" }, + "control-implementation" : + { "$ref" : "#assembly_oscal-ssp_control-implementation" }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata", + "import-profile", + "system-characteristics", + "system-implementation", + "control-implementation" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:import-profile" : + { "title" : "Import Profile", + "description" : "Used to import the OSCAL profile representing the system's control baseline.", + "$id" : "#assembly_oscal-ssp_import-profile", + "type" : "object", + "properties" : + { "href" : + { "title" : "Profile Reference", + "description" : "A resolvable URL reference to the profile or catalog to use as the system's control baseline.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:system-characteristics" : + { "title" : "System Characteristics", + "description" : "Contains the characteristics of the system, such as its name, purpose, and security impact level.", + "$id" : "#assembly_oscal-ssp_system-characteristics", + "type" : "object", + "properties" : + { "system-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-implementation-common_system-id" } }, + "system-name" : + { "title" : "System Name - Full", + "description" : "The full name of the system.", + "$ref" : "#/definitions/StringDatatype" }, + "system-name-short" : + { "title" : "System Name - Short", + "description" : "A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "System Description", + "description" : "A summary of the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "date-authorized" : + { "$ref" : "#field_oscal-ssp_date-authorized" }, + "security-sensitivity-level" : + { "title" : "Security Sensitivity Level", + "description" : "The overall information system sensitivity categorization, such as defined by FIPS-199.", + "$ref" : "#/definitions/StringDatatype" }, + "system-information" : + { "$ref" : "#assembly_oscal-ssp_system-information" }, + "security-impact-level" : + { "$ref" : "#assembly_oscal-ssp_security-impact-level" }, + "status" : + { "$ref" : "#assembly_oscal-ssp_status" }, + "authorization-boundary" : + { "$ref" : "#assembly_oscal-ssp_authorization-boundary" }, + "network-architecture" : + { "$ref" : "#assembly_oscal-ssp_network-architecture" }, + "data-flow" : + { "$ref" : "#assembly_oscal-ssp_data-flow" }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "system-ids", + "system-name", + "description", + "security-sensitivity-level", + "system-information", + "security-impact-level", + "status", + "authorization-boundary" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:system-information" : + { "title" : "System Information", + "description" : "Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.", + "$id" : "#assembly_oscal-ssp_system-information", + "type" : "object", + "properties" : + { "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "information-types" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Information Type", + "description" : "Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Information Type Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "title field", + "description" : "A human readable name for the information type. This title should be meaningful within the context of the system.", + "type" : "string" }, + "description" : + { "title" : "Information Type Description", + "description" : "A summary of how this information type is used within the system.", + "type" : "string" }, + "categorizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Information Type Categorization", + "description" : "A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60.", + "type" : "object", + "properties" : + { "system" : + { "title" : "Information Type Identification System", + "description" : "Specifies the information type identification system used.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://doi.org/10.6028/NIST.SP.800-60v2r1" ] } ] }, + "information-type-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Information Type Systematized Identifier", + "description" : "A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/StringDatatype" } } }, + "required" : + [ "system" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "confidentiality-impact" : + { "$ref" : "#assembly_oscal-ssp_impact" }, + "integrity-impact" : + { "$ref" : "#assembly_oscal-ssp_impact" }, + "availability-impact" : + { "$ref" : "#assembly_oscal-ssp_impact" } }, + "required" : + [ "title", + "description" ], + "additionalProperties" : false } } }, + "required" : + [ "information-types" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:impact" : + { "title" : "Impact Level", + "description" : "The expected level of impact resulting from the described information.", + "$id" : "#assembly_oscal-ssp_impact", + "type" : "object", + "properties" : + { "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "base" : + { "$ref" : "#field_oscal-ssp_base" }, + "selected" : + { "$ref" : "#field_oscal-ssp_selected" }, + "adjustment-justification" : + { "$ref" : "#field_oscal-ssp_adjustment-justification" } }, + "required" : + [ "base" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:base" : + { "title" : "Base Level (Confidentiality, Integrity, or Availability)", + "description" : "The prescribed base (Confidentiality, Integrity, or Availability) security impact level.", + "$id" : "#field_oscal-ssp_base", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-complete-oscal-ssp:selected" : + { "title" : "Selected Level (Confidentiality, Integrity, or Availability)", + "description" : "The selected (Confidentiality, Integrity, or Availability) security impact level.", + "$id" : "#field_oscal-ssp_selected", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-complete-oscal-ssp:adjustment-justification" : + { "title" : "Adjustment Justification", + "description" : "If the selected security level is different from the base security level, this contains the justification for the change.", + "$id" : "#field_oscal-ssp_adjustment-justification", + "type" : "string" }, + "oscal-complete-oscal-ssp:security-impact-level" : + { "title" : "Security Impact Level", + "description" : "The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.", + "$id" : "#assembly_oscal-ssp_security-impact-level", + "type" : "object", + "properties" : + { "security-objective-confidentiality" : + { "title" : "Security Objective: Confidentiality", + "description" : "A target-level of confidentiality for the system, based on the sensitivity of information within the system.", + "$ref" : "#/definitions/StringDatatype" }, + "security-objective-integrity" : + { "title" : "Security Objective: Integrity", + "description" : "A target-level of integrity for the system, based on the sensitivity of information within the system.", + "$ref" : "#/definitions/StringDatatype" }, + "security-objective-availability" : + { "title" : "Security Objective: Availability", + "description" : "A target-level of availability for the system, based on the sensitivity of information within the system.", + "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "security-objective-confidentiality", + "security-objective-integrity", + "security-objective-availability" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:status" : + { "title" : "Status", + "description" : "Describes the operational status of the system.", + "$id" : "#assembly_oscal-ssp_status", + "type" : "object", + "properties" : + { "state" : + { "title" : "State", + "description" : "The current operating status.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "operational", + "under-development", + "under-major-modification", + "disposition", + "other" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:date-authorized" : + { "title" : "System Authorization Date", + "description" : "The date the system received its authorization.", + "$id" : "#field_oscal-ssp_date-authorized", + "$ref" : "#/definitions/DateDatatype" }, + "oscal-complete-oscal-ssp:authorization-boundary" : + { "title" : "Authorization Boundary", + "description" : "A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.", + "$id" : "#assembly_oscal-ssp_authorization-boundary", + "type" : "object", + "properties" : + { "description" : + { "title" : "Authorization Boundary Description", + "description" : "A summary of the system's authorization boundary.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "diagrams" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ssp_diagram" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "description" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:diagram" : + { "title" : "Diagram", + "description" : "A graphic that provides a visual representation the system, or some aspect of it.", + "$id" : "#assembly_oscal-ssp_diagram", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Diagram ID", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Diagram Description", + "description" : "A summary of the diagram.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "caption" : + { "title" : "Caption", + "description" : "A brief caption to annotate the diagram.", + "type" : "string" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:network-architecture" : + { "title" : "Network Architecture", + "description" : "A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.", + "$id" : "#assembly_oscal-ssp_network-architecture", + "type" : "object", + "properties" : + { "description" : + { "title" : "Network Architecture Description", + "description" : "A summary of the system's network architecture.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "diagrams" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ssp_diagram" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "description" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:data-flow" : + { "title" : "Data Flow", + "description" : "A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.", + "$id" : "#assembly_oscal-ssp_data-flow", + "type" : "object", + "properties" : + { "description" : + { "title" : "Data Flow Description", + "description" : "A summary of the system's data flow.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "diagrams" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ssp_diagram" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "description" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:system-implementation" : + { "title" : "System Implementation", + "description" : "Provides information as to how the system is implemented.", + "$id" : "#assembly_oscal-ssp_system-implementation", + "type" : "object", + "properties" : + { "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "leveraged-authorizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Leveraged Authorization", + "description" : "A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Leveraged Authorization Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "title field", + "description" : "A human readable name for the leveraged authorization in the context of the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "party-uuid" : + { "title" : "party-uuid field", + "description" : "A machine-oriented identifier reference to the party that manages the leveraged system.", + "$ref" : "#/definitions/UUIDDatatype" }, + "date-authorized" : + { "$ref" : "#field_oscal-ssp_date-authorized" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "title", + "party-uuid", + "date-authorized" ], + "additionalProperties" : false } }, + "users" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-user" } }, + "components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, + "inventory-items" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "users", + "components" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:control-implementation" : + { "title" : "Control Implementation", + "description" : "Describes how the system satisfies a set of controls.", + "$id" : "#assembly_oscal-ssp_control-implementation", + "type" : "object", + "properties" : + { "description" : + { "title" : "Control Implementation Description", + "description" : "A statement describing important things to know about how this set of control satisfaction documentation is approached.", + "type" : "string" }, + "set-parameters" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, + "implemented-requirements" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ssp_implemented-requirement" } } }, + "required" : + [ "description", + "implemented-requirements" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:implemented-requirement" : + { "title" : "Control-based Requirement", + "description" : "Describes how the system satisfies the requirements of an individual control.", + "$id" : "#assembly_oscal-ssp_implemented-requirement", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Control Requirement Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "control-id" : + { "title" : "Control Identifier Reference", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "set-parameters" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "statements" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ssp_statement" } }, + "by-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ssp_by-component" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "control-id" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:statement" : + { "title" : "Specific Control Statement", + "description" : "Identifies which statements within a control are addressed.", + "$id" : "#assembly_oscal-ssp_statement", + "type" : "object", + "properties" : + { "statement-id" : + { "title" : "Control Statement Reference", + "description" : "A human-oriented identifier reference to a control statement.", + "$ref" : "#/definitions/TokenDatatype" }, + "uuid" : + { "title" : "Control Statement Reference Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "by-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ssp_by-component" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "statement-id", + "uuid" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ssp:by-component" : + { "title" : "Component Control Implementation", + "description" : "Defines how the referenced component implements a set of controls.", + "$id" : "#assembly_oscal-ssp_by-component", + "type" : "object", + "properties" : + { "component-uuid" : + { "title" : "Component Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to the component that is implemeting a given control.", + "$ref" : "#/definitions/UUIDDatatype" }, + "uuid" : + { "title" : "By-Component Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Control Implementation Description", + "description" : "An implementation statement that describes how a control or a control statement is implemented within the referenced system component.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "set-parameters" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, + "implementation-status" : + { "$ref" : "#assembly_oscal-implementation-common_implementation-status" }, + "export" : + { "title" : "Export", + "description" : "Identifies content intended for external consumption, such as with leveraged organizations.", + "type" : "object", + "properties" : + { "description" : + { "title" : "Control Implementation Export Description", + "description" : "An implementation statement that describes the aspects of the control or control statement implementation that can be available to another system leveraging this system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "provided" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Provided Control Implementation", + "description" : "Describes a capability which may be inherited by a leveraging system.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Provided Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, "description" : - { "title" : "Results Description", - "description" : "A human-readable description of this set of test results.", - "type" : "string" }, - "start" : - { "title" : "start field", - "description" : "Date/time stamp identifying the start of the evidence collection reflected in these results.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "end" : - { "title" : "end field", - "description" : "Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + { "title" : "Provided Control Implementation Description", + "description" : "An implementation statement that describes the aspects of the control or control statement implementation that can be provided to another system leveraging this system.", + "type" : "string" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "local-definitions" : - { "title" : "Local Definitions", - "description" : "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", - "type" : "object", - "properties" : - { "components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, - "inventory-items" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, - "users" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-user" } }, - "assessment-assets" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-assets" }, - "tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_task" } } }, - "additionalProperties" : false }, - "reviewed-controls" : - { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, - "attestations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Attestation Statements", - "description" : "A set of textual statements, typically written by the assessor.", - "type" : "object", - "properties" : - { "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } } }, - "required" : - [ "parts" ], - "additionalProperties" : false } }, - "assessment-log" : - { "title" : "Assessment Log", - "description" : "A log of all assessment-related actions taken.", - "type" : "object", - "properties" : - { "entries" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Assessment Log Entry", - "description" : "Identifies the result of an action and/or task that occurred as part of executing an assessment plan or an assessment event that occurred in producing the assessment results.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Log Entry Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Action Title", - "description" : "The title for this event.", - "type" : "string" }, - "description" : - { "title" : "Action Description", - "description" : "A human-readable description of this event.", - "type" : "string" }, - "start" : - { "title" : "Start", - "description" : "Identifies the start date and time of an event.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "end" : - { "title" : "End", - "description" : "Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "logged-by" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_logged-by" } }, - "related-tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_related-task" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "start" ], - "additionalProperties" : false } } }, - "required" : - [ "entries" ], - "additionalProperties" : false }, - "observations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_observation" } }, - "risks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_risk" } }, - "findings" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ar_finding" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "title", - "description", - "start", - "reviewed-controls" ], - "additionalProperties" : false }, - "oscal-complete-oscal-ar:finding" : - { "title" : "Finding", - "description" : "Describes an individual finding.", - "$id" : "#assembly_oscal-ar_finding", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Finding Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Finding Title", - "description" : "The title for this finding.", - "type" : "string" }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "responsibilities" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Control Implementation Responsibility", + "description" : "Describes a control implementation responsibility imposed on a leveraging system.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Responsibility Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "provided-uuid" : + { "title" : "Provided UUID", + "description" : "A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.", + "$ref" : "#/definitions/UUIDDatatype" }, "description" : - { "title" : "Finding Description", - "description" : "A human-readable description of this finding.", - "type" : "string" }, + { "title" : "Control Implementation Responsibility Description", + "description" : "An implementation statement that describes the aspects of the control or control statement implementation that a leveraging system must implement to satisfy the control provided by a leveraged system.", + "type" : "string" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin" } }, - "target" : - { "$ref" : "#assembly_oscal-assessment-common_finding-target" }, - "implementation-statement-uuid" : - { "title" : "Implementation Statement UUID", - "description" : "A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related.", - "$ref" : "#/definitions/UUIDDatatype" }, - "related-observations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Related Observation", - "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", - "type" : "object", - "properties" : - { "observation-uuid" : - { "title" : "Observation Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "observation-uuid" ], - "additionalProperties" : false } }, - "related-risks" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Associated Risk", - "description" : "Relates the finding to a set of referenced risks that were used to determine the finding.", - "type" : "object", - "properties" : - { "risk-uuid" : - { "title" : "Risk Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a risk defined in the list of risks.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "risk-uuid" ], - "additionalProperties" : false } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false }, + "inherited" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Inherited Control Implementation", + "description" : "Describes a control implementation inherited by a leveraging system.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Inherited Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "provided-uuid" : + { "title" : "Provided UUID", + "description" : "A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Inherited Control Implementation Description", + "description" : "An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is inheriting from a leveraged system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "satisfied" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Satisfied Control Implementation Responsibility", + "description" : "Describes how this system satisfies a responsibility imposed by a leveraged system.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Satisfied Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "responsibility-uuid" : + { "title" : "Responsibility UUID", + "description" : "A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Satisfied Control Implementation Responsibility Description", + "description" : "An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is implementing based on a requirement from a leveraged system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "component-uuid", + "uuid", + "description" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ap:assessment-plan" : + { "title" : "Security Assessment Plan (SAP)", + "description" : "An assessment plan, such as those provided by a FedRAMP assessor.", + "$id" : "#assembly_oscal-ap_assessment-plan", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Plan Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "import-ssp" : + { "$ref" : "#assembly_oscal-assessment-common_import-ssp" }, + "local-definitions" : + { "title" : "Local Definitions", + "description" : "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", + "type" : "object", + "properties" : + { "components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, + "inventory-items" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, + "users" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-user" } }, + "objectives-and-methods" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_local-objective" } }, + "activities" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_activity" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false }, + "terms-and-conditions" : + { "title" : "Assessment Plan Terms and Conditions", + "description" : "Used to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition.", + "type" : "object", + "properties" : + { "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } } }, + "additionalProperties" : false }, + "reviewed-controls" : + { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, + "assessment-subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, + "assessment-assets" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-assets" }, + "tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_task" } }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata", + "import-ssp", + "reviewed-controls" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:import-ssp" : + { "title" : "Import System Security Plan", + "description" : "Used by the assessment plan and POA&M to import information about the system.", + "$id" : "#assembly_oscal-assessment-common_import-ssp", + "type" : "object", + "properties" : + { "href" : + { "title" : "System Security Plan Reference", + "description" : "A resolvable URL reference to the system security plan for the system being assessed.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:local-objective" : + { "title" : "Assessment-Specific Control Objective", + "description" : "A local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.", + "$id" : "#assembly_oscal-assessment-common_local-objective", + "type" : "object", + "properties" : + { "control-id" : + { "title" : "Control Identifier Reference", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "$ref" : "#/definitions/TokenDatatype" }, + "description" : + { "title" : "Objective Description", + "description" : "A human-readable description of this control objective.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "control-id", + "parts" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:assessment-method" : + { "title" : "Assessment Method", + "description" : "A local definition of a control objective. Uses catalog syntax for control objective and assessment activities.", + "$id" : "#assembly_oscal-assessment-common_assessment-method", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Method Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Assessment Method Description", + "description" : "A human-readable description of this assessment method.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "part" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-part" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "part" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:activity" : + { "title" : "Activity", + "description" : "Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.", + "$id" : "#assembly_oscal-assessment-common_activity", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Activity Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Included Activity Title", + "description" : "The title for this included activity.", + "type" : "string" }, + "description" : + { "title" : "Included Activity Description", + "description" : "A human-readable description of this included activity.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "steps" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Step", + "description" : "Identifies an individual step in a series of steps related to an activity, such as an assessment test or examination procedure.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Step Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Step Title", + "description" : "The title for this step.", + "type" : "string" }, + "description" : + { "title" : "Step Description", + "description" : "A human-readable description of this step.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "reviewed-controls" : + { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "related-controls" : + { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:task" : + { "title" : "Task", + "description" : "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.", + "$id" : "#assembly_oscal-assessment-common_task", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Task Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Task Type", + "description" : "The type of task.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "milestone", + "action" ] } ] }, + "title" : + { "title" : "Task Title", + "description" : "The title for this task.", + "type" : "string" }, + "description" : + { "title" : "Task Description", + "description" : "A human-readable description of this task.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "timing" : + { "title" : "Event Timing", + "description" : "The timing under which the task is intended to occur.", + "type" : "object", + "properties" : + { "on-date" : + { "title" : "On Date Condition", + "description" : "The task is intended to occur on the specified date.", + "type" : "object", + "properties" : + { "date" : + { "title" : "On Date Condition", + "description" : "The task must occur on the specified date.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : - [ "uuid", - "title", - "description", - "target" ], + [ "date" ], "additionalProperties" : false }, - "oscal-complete-oscal-ar:import-ap" : - { "title" : "Import Assessment Plan", - "description" : "Used by assessment-results to import information about the original plan for assessing the system.", - "$id" : "#assembly_oscal-ar_import-ap", + "within-date-range" : + { "title" : "On Date Range Condition", + "description" : "The task is intended to occur within the specified date range.", "type" : "object", "properties" : - { "href" : - { "title" : "Assessment Plan Reference", - "description" : "A resolvable URL reference to the assessment plan governing the assessment activities.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, + { "start" : + { "title" : "Start Date Condition", + "description" : "The task must occur on or after the specified date.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "end" : + { "title" : "End Date Condition", + "description" : "The task must occur on or before the specified date.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : - [ "href" ], + [ "start", + "end" ], "additionalProperties" : false }, - "oscal-complete-oscal-poam:plan-of-action-and-milestones" : - { "title" : "Plan of Action and Milestones (POA&M)", - "description" : "A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.", - "$id" : "#assembly_oscal-poam_plan-of-action-and-milestones", + "at-frequency" : + { "title" : "Frequency Condition", + "description" : "The task is intended to occur at the specified frequency.", "type" : "object", "properties" : - { "uuid" : - { "title" : "POA&M Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + { "period" : + { "title" : "Period", + "description" : "The task must occur after the specified period has elapsed.", + "$ref" : "#/definitions/PositiveIntegerDatatype" }, + "unit" : + { "title" : "Time Unit", + "description" : "The unit of time for the period.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "seconds", + "minutes", + "hours", + "days", + "months", + "years" ] } ] } }, + "required" : + [ "period", + "unit" ], + "additionalProperties" : false } }, + "additionalProperties" : false }, + "dependencies" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Task Dependency", + "description" : "Used to indicate that a task is dependent on another task.", + "type" : "object", + "properties" : + { "task-uuid" : + { "title" : "Task Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique task.", + "$ref" : "#/definitions/UUIDDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "task-uuid" ], + "additionalProperties" : false } }, + "tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_task" } }, + "associated-activities" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Associated Activity", + "description" : "Identifies an individual activity to be performed as part of a task.", + "type" : "object", + "properties" : + { "activity-uuid" : + { "title" : "Activity Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to an activity defined in the list of activities.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "activity-uuid", + "subjects" ], + "additionalProperties" : false } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "title" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:reviewed-controls" : + { "title" : "Reviewed Controls and Control Objectives", + "description" : "Identifies the controls being assessed and their control objectives.", + "$id" : "#assembly_oscal-assessment-common_reviewed-controls", + "type" : "object", + "properties" : + { "description" : + { "title" : "Control Objective Description", + "description" : "A human-readable description of control objectives.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "control-selections" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Assessed Controls", + "description" : "Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.", + "type" : "object", + "properties" : + { "description" : + { "title" : "Assessed Controls Description", + "description" : "A human-readable description of in-scope controls specified for assessment.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, + "exclude-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false } }, + "control-objective-selections" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Referenced Control Objectives", + "description" : "Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the assessed objectives, and reflects any changes from the plan.", + "type" : "object", + "properties" : + { "description" : + { "title" : "Control Objectives Description", + "description" : "A human-readable description of this collection of control objectives.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-objectives" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, + "exclude-objectives" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "control-selections" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:select-control-by-id" : + { "title" : "Select Control", + "description" : "Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.", + "$id" : "#assembly_oscal-assessment-common_select-control-by-id", + "type" : "object", + "properties" : + { "control-id" : + { "title" : "Control Identifier Reference", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "$ref" : "#/definitions/TokenDatatype" }, + "statement-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Include Specific Statements", + "description" : "Used to constrain the selection to only specificity identified statements.", + "$ref" : "#/definitions/TokenDatatype" } } }, + "required" : + [ "control-id" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:select-objective-by-id" : + { "title" : "Select Objective", + "description" : "Used to select a control objective for inclusion/exclusion based on the control objective's identifier.", + "$id" : "#assembly_oscal-assessment-common_select-objective-by-id", + "type" : "object", + "properties" : + { "objective-id" : + { "title" : "Objective ID", + "description" : "Points to an assessment objective.", + "$ref" : "#/definitions/TokenDatatype" } }, + "required" : + [ "objective-id" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:assessment-subject-placeholder" : + { "title" : "Assessment Subject Placeholder", + "description" : "Used when the assessment subjects will be determined as part of one or more other assessment activities. These assessment subjects will be recorded in the assessment results in the assessment log.", + "$id" : "#assembly_oscal-assessment-common_assessment-subject-placeholder", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Subject Placeholder Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Assessment Subject Placeholder Description", + "description" : "A human-readable description of intent of this assessment subject placeholder.", + "type" : "string" }, + "sources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Assessment Subject Source", + "description" : "Assessment subjects will be identified while conducting the referenced activity-instance.", + "type" : "object", + "properties" : + { "task-uuid" : + { "title" : "Task Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "task-uuid" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "sources" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:assessment-subject" : + { "title" : "Subject of Assessment", + "description" : "Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope.", + "$id" : "#assembly_oscal-assessment-common_assessment-subject", + "type" : "object", + "properties" : + { "type" : + { "title" : "Subject Type", + "description" : "Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user" ] } ] }, + "description" : + { "title" : "Include Subjects Description", + "description" : "A human-readable description of the collection of subjects being included in this assessment.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, + "exclude-subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "type" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:select-subject-by-id" : + { "title" : "Select Assessment Subject", + "description" : "Identifies a set of assessment subjects to include/exclude by UUID.", + "$id" : "#assembly_oscal-assessment-common_select-subject-by-id", + "type" : "object", + "properties" : + { "subject-uuid" : + { "title" : "Subject Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Subject Universally Unique Identifier Reference Type", + "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "subject-uuid", + "type" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:subject-reference" : + { "title" : "Identifies the Subject", + "description" : "A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.", + "$id" : "#assembly_oscal-assessment-common_subject-reference", + "type" : "object", + "properties" : + { "subject-uuid" : + { "title" : "Subject Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Subject Universally Unique Identifier Reference Type", + "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, + "title" : + { "title" : "Subject Reference Title", + "description" : "The title or name for the referenced subject.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "subject-uuid", + "type" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:assessment-assets" : + { "title" : "Assessment Assets", + "description" : "Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.", + "$id" : "#assembly_oscal-assessment-common_assessment-assets", + "type" : "object", + "properties" : + { "components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, + "assessment-platforms" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Assessment Platform", + "description" : "Used to represent the toolset used to perform aspects of the assessment.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Platform Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Assessment Platform Title", + "description" : "The title or name for the assessment platform.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "uses-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Uses Component", + "description" : "The set of components that are used by the assessment platform.", + "type" : "object", + "properties" : + { "component-uuid" : + { "title" : "Component Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", "$ref" : "#/definitions/UUIDDatatype" }, - "metadata" : - { "$ref" : "#assembly_oscal-metadata_metadata" }, - "import-ssp" : - { "$ref" : "#assembly_oscal-assessment-common_import-ssp" }, - "system-id" : - { "$ref" : "#field_oscal-implementation-common_system-id" }, - "local-definitions" : - { "$ref" : "#assembly_oscal-poam_local-definitions" }, - "observations" : - { "type" : "array", + "props" : + { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-assessment-common_observation" } }, - "risks" : - { "type" : "array", + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-assessment-common_risk" } }, - "poam-items" : - { "type" : "array", + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-poam_poam-item" } }, - "back-matter" : - { "$ref" : "#assembly_oscal-metadata_back-matter" } }, - "required" : - [ "uuid", - "metadata", - "poam-items" ], - "additionalProperties" : false }, - "oscal-complete-oscal-poam:local-definitions" : - { "title" : "Local Definitions", - "description" : "Allows components, and inventory-items to be defined within the POA&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA&M.", - "$id" : "#assembly_oscal-poam_local-definitions", - "type" : "object", - "properties" : - { "components" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "component-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "required" : + [ "assessment-platforms" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:finding-target" : + { "title" : "Objective Status", + "description" : "Captures an assessor's conclusions regarding the degree to which an objective is satisfied.", + "$id" : "#assembly_oscal-assessment-common_finding-target", + "type" : "object", + "properties" : + { "type" : + { "title" : "Finding Target Type", + "description" : "Identifies the type of the target.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "statement-id", + "objective-id" ] } ] }, + "target-id" : + { "title" : "Finding Target Identifier Reference", + "description" : "A machine-oriented identifier reference for a specific target qualified by the type.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Objective Status Title", + "description" : "The title for this objective status.", + "type" : "string" }, + "description" : + { "title" : "Objective Status Description", + "description" : "A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "status" : + { "title" : "Objective Status", + "description" : "A determination of if the objective is satisfied or not within a given system.", + "type" : "object", + "properties" : + { "state" : + { "title" : "Objective Status State", + "description" : "An indication as to whether the objective is satisfied or not.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "satisfied", + "not-satisfied" ] } ] }, + "reason" : + { "title" : "Objective Status Reason", + "description" : "The reason the objective was given it's status.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "pass", + "fail", + "other" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "implementation-status" : + { "$ref" : "#assembly_oscal-implementation-common_implementation-status" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "type", + "target-id", + "status" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:finding" : + { "title" : "Finding", + "description" : "Describes an individual finding.", + "$id" : "#assembly_oscal-assessment-common_finding", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Finding Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Finding Title", + "description" : "The title for this finding.", + "type" : "string" }, + "description" : + { "title" : "Finding Description", + "description" : "A human-readable description of this finding.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "target" : + { "$ref" : "#assembly_oscal-assessment-common_finding-target" }, + "implementation-statement-uuid" : + { "title" : "Implementation Statement UUID", + "description" : "A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related.", + "$ref" : "#/definitions/UUIDDatatype" }, + "related-observations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Related Observation", + "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", + "type" : "object", + "properties" : + { "observation-uuid" : + { "title" : "Observation Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "observation-uuid" ], + "additionalProperties" : false } }, + "related-risks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Associated Risk", + "description" : "Relates the finding to a set of referenced risks that were used to determine the finding.", + "type" : "object", + "properties" : + { "risk-uuid" : + { "title" : "Risk Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a risk defined in the list of risks.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "risk-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "title", + "description", + "target" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:observation" : + { "title" : "Observation", + "description" : "Describes an individual observation.", + "$id" : "#assembly_oscal-assessment-common_observation", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Observation Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Observation Title", + "description" : "The title for this observation.", + "type" : "string" }, + "description" : + { "title" : "Observation Description", + "description" : "A human-readable description of this assessment observation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "methods" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Observation Method", + "description" : "Identifies how the observation was made.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "EXAMINE", + "INTERVIEW", + "TEST", + "UNKNOWN" ] } ] } }, + "types" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Observation Type", + "description" : "Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "ssp-statement-issue", + "control-objective", + "mitigation", + "finding", + "historic" ] } ] } }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, + "relevant-evidence" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Relevant Evidence", + "description" : "Links this observation to relevant evidence.", + "type" : "object", + "properties" : + { "href" : + { "title" : "Relevant Evidence Reference", + "description" : "A resolvable URL reference to relevant evidence.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "description" : + { "title" : "Relevant Evidence Description", + "description" : "A human-readable description of this evidence.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "description" ], + "additionalProperties" : false } }, + "collected" : + { "title" : "Collected Field", + "description" : "Date/time stamp identifying when the finding information was collected.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "expires" : + { "title" : "Expires Field", + "description" : "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description", + "methods", + "collected" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:origin" : + { "title" : "Origin", + "description" : "Identifies the source of the finding, such as a tool, interviewed person, or activity.", + "$id" : "#assembly_oscal-assessment-common_origin", + "type" : "object", + "properties" : + { "actors" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin-actor" } }, + "related-tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_related-task" } } }, + "required" : + [ "actors" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:origin-actor" : + { "title" : "Originating Actor", + "description" : "The actor that produces an observation, a finding, or a risk. One or more actor type can be used to specify a person that is using a tool.", + "$id" : "#assembly_oscal-assessment-common_origin-actor", + "type" : "object", + "properties" : + { "type" : + { "title" : "Actor Type", + "description" : "The kind of actor.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "tool", + "assessment-platform", + "party" ] } ] }, + "actor-uuid" : + { "title" : "Actor Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to the tool or person based on the associated type.", + "$ref" : "#/definitions/UUIDDatatype" }, + "role-id" : + { "title" : "Actor Role", + "description" : "For a party, this can optionally be used to specify the role the actor was performing.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "type", + "actor-uuid" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:related-task" : + { "title" : "Task Reference", + "description" : "Identifies an individual task for which the containing object is a consequence of.", + "$id" : "#assembly_oscal-assessment-common_related-task", + "type" : "object", + "properties" : + { "task-uuid" : + { "title" : "Task Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique task.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, + "identified-subject" : + { "title" : "Identified Subject", + "description" : "Used to detail assessment subjects that were identfied by this task.", + "type" : "object", + "properties" : + { "subject-placeholder-uuid" : + { "title" : "Assessment Subject Placeholder Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task.", + "$ref" : "#/definitions/UUIDDatatype" }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } } }, + "required" : + [ "subject-placeholder-uuid", + "subjects" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "task-uuid" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:threat-id" : + { "title" : "Threat ID", + "description" : "A pointer, by ID, to an externally-defined threat.", + "$id" : "#field_oscal-assessment-common_threat-id", + "type" : "object", + "properties" : + { "system" : + { "title" : "Threat Type Identification System", + "description" : "Specifies the source of the threat information.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal" ] } ] }, + "href" : + { "title" : "Threat Information Resource Reference", + "description" : "An optional location for the threat data, from which this ID originates.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "id" : + { "$ref" : "#/definitions/URIDatatype" } }, + "required" : + [ "id", + "system" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:risk" : + { "title" : "Identified Risk", + "description" : "An identified risk.", + "$id" : "#assembly_oscal-assessment-common_risk", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Risk Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Risk Title", + "description" : "The title for this risk.", + "type" : "string" }, + "description" : + { "title" : "Risk Description", + "description" : "A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.", + "type" : "string" }, + "statement" : + { "title" : "Risk Statement", + "description" : "An summary of impact for how the risk affects the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "status" : + { "$ref" : "#field_oscal-assessment-common_risk-status" }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "threat-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-assessment-common_threat-id" } }, + "characterizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_characterization" } }, + "mitigating-factors" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Mitigating Factor", + "description" : "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Mitigating Factor Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "implementation-uuid" : + { "title" : "Implementation UUID", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Mitigating Factor Description", + "description" : "A human-readable description of this mitigating factor.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "deadline" : + { "title" : "Risk Resolution Deadline", + "description" : "The date/time by which the risk must be resolved.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "remediations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_response" } }, + "risk-log" : + { "title" : "Risk Log", + "description" : "A log of all risk-related tasks taken.", + "type" : "object", + "properties" : + { "entries" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Risk Log Entry", + "description" : "Identifies an individual risk response that occurred as part of managing an identified risk.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Risk Log Entry Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Title", + "description" : "The title for this risk log entry.", + "type" : "string" }, + "description" : + { "title" : "Risk Task Description", + "description" : "A human-readable description of what was done regarding the risk.", + "type" : "string" }, + "start" : + { "title" : "Start", + "description" : "Identifies the start date and time of the event.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "end" : + { "title" : "End", + "description" : "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, - "inventory-items" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "logged-by" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_logged-by" } }, + "status-change" : + { "$ref" : "#field_oscal-assessment-common_risk-status" }, + "related-responses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Risk Response Reference", + "description" : "Identifies an individual risk response that this log entry is for.", + "type" : "object", + "properties" : + { "response-uuid" : + { "title" : "Response Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique risk response.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "related-tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_related-task" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "response-uuid" ], + "additionalProperties" : false } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false }, - "oscal-complete-oscal-poam:poam-item" : - { "title" : "POA&M Item", - "description" : "Describes an individual POA&M item.", - "$id" : "#assembly_oscal-poam_poam-item", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "POA&M Item Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, + "required" : + [ "uuid", + "start" ], + "additionalProperties" : false } } }, + "required" : + [ "entries" ], + "additionalProperties" : false }, + "related-observations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Related Observation", + "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", + "type" : "object", + "properties" : + { "observation-uuid" : + { "title" : "Observation Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "observation-uuid" ], + "additionalProperties" : false } } }, + "required" : + [ "uuid", + "title", + "description", + "statement", + "status" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:logged-by" : + { "title" : "Logged By", + "description" : "Used to indicate who created a log entry in what role.", + "$id" : "#assembly_oscal-assessment-common_logged-by", + "type" : "object", + "properties" : + { "party-uuid" : + { "title" : "Party UUID Reference", + "description" : "A machine-oriented identifier reference to the party who is making the log entry.", + "$ref" : "#/definitions/UUIDDatatype" }, + "role-id" : + { "title" : "Actor Role", + "description" : "A point to the role-id of the role in which the party is making the log entry.", + "$ref" : "#/definitions/TokenDatatype" } }, + "required" : + [ "party-uuid" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:risk-status" : + { "title" : "Risk Status", + "description" : "Describes the status of the associated risk.", + "$id" : "#field_oscal-assessment-common_risk-status", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "open", + "investigating", + "remediating", + "deviation-requested", + "deviation-approved", + "closed" ] } ] }, + "oscal-complete-oscal-assessment-common:characterization" : + { "title" : "Characterization", + "description" : "A collection of descriptive data about the containing object from a specific origin.", + "$id" : "#assembly_oscal-assessment-common_characterization", + "type" : "object", + "properties" : + { "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "origin" : + { "$ref" : "#assembly_oscal-assessment-common_origin" }, + "facets" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Facet", + "description" : "An individual characteristic that is part of a larger set produced by the same actor.", + "type" : "object", + "properties" : + { "name" : + { "title" : "Facet Name", + "description" : "The name of the risk metric within the specified system.", + "$ref" : "#/definitions/TokenDatatype" }, + "system" : + { "title" : "Naming System", + "description" : "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal/unknown", + "http://cve.mitre.org", + "http://www.first.org/cvss/v2.0", + "http://www.first.org/cvss/v3.0", + "http://www.first.org/cvss/v3.1" ] } ] }, + "value" : + { "title" : "Facet Value", + "description" : "Indicates the value of the facet.", + "$ref" : "#/definitions/StringDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "name", + "system", + "value" ], + "additionalProperties" : false } } }, + "required" : + [ "origin", + "facets" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:response" : + { "title" : "Risk Response", + "description" : "Describes either recommended or an actual plan for addressing the risk.", + "$id" : "#assembly_oscal-assessment-common_response", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Remediation Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "lifecycle" : + { "title" : "Remediation Intent", + "description" : "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "recommendation", + "planned", + "completed" ] } ] }, + "title" : + { "title" : "Response Title", + "description" : "The title for this response activity.", + "type" : "string" }, + "description" : + { "title" : "Response Description", + "description" : "A human-readable description of this response plan.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "required-assets" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Required Asset", + "description" : "Identifies an asset required to achieve remediation.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Required Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, + "title" : + { "title" : "Title for Required Asset", + "description" : "The title for this required asset.", + "type" : "string" }, + "description" : + { "title" : "Description of Required Asset", + "description" : "A human-readable description of this required asset.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_task" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "lifecycle", + "title", + "description" ], + "additionalProperties" : false }, + "oscal-complete-oscal-assessment-common:assessment-part" : + { "title" : "Assessment Part", + "description" : "A partition of an assessment plan or results or a child of another part.", + "$id" : "#assembly_oscal-assessment-common_assessment-part", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Part Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "asset", + "method", + "objective" ] } ] }, + "ns" : + { "title" : "Part Namespace", + "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "class" : + { "title" : "Part Class", + "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Part Title", + "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ar:assessment-results" : + { "title" : "Security Assessment Results (SAR)", + "description" : "Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.", + "$id" : "#assembly_oscal-ar_assessment-results", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Results Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "import-ap" : + { "$ref" : "#assembly_oscal-ar_import-ap" }, + "local-definitions" : + { "title" : "Local Definitions", + "description" : "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", + "type" : "object", + "properties" : + { "objectives-and-methods" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_local-objective" } }, + "activities" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_activity" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false }, + "results" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ar_result" } }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata", + "import-ap", + "results" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ar:result" : + { "title" : "Assessment Result", + "description" : "Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.", + "$id" : "#assembly_oscal-ar_result", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Results Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Results Title", + "description" : "The title for this set of results.", + "type" : "string" }, + "description" : + { "title" : "Results Description", + "description" : "A human-readable description of this set of test results.", + "type" : "string" }, + "start" : + { "title" : "start field", + "description" : "Date/time stamp identifying the start of the evidence collection reflected in these results.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "end" : + { "title" : "end field", + "description" : "Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "local-definitions" : + { "title" : "Local Definitions", + "description" : "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", + "type" : "object", + "properties" : + { "components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, + "inventory-items" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, + "users" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-user" } }, + "assessment-assets" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-assets" }, + "tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_task" } } }, + "additionalProperties" : false }, + "reviewed-controls" : + { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, + "attestations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Attestation Statements", + "description" : "A set of textual statements, typically written by the assessor.", + "type" : "object", + "properties" : + { "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } } }, + "required" : + [ "parts" ], + "additionalProperties" : false } }, + "assessment-log" : + { "title" : "Assessment Log", + "description" : "A log of all assessment-related actions taken.", + "type" : "object", + "properties" : + { "entries" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Assessment Log Entry", + "description" : "Identifies the result of an action and/or task that occurred as part of executing an assessment plan or an assessment event that occurred in producing the assessment results.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Log Entry Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, "title" : - { "title" : "POA&M Item Title", - "description" : "The title or name for this POA&M item .", - "type" : "string" }, + { "title" : "Action Title", + "description" : "The title for this event.", + "type" : "string" }, "description" : - { "title" : "POA&M Item Description", - "description" : "A human-readable description of POA&M item.", - "type" : "string" }, + { "title" : "Action Description", + "description" : "A human-readable description of this event.", + "type" : "string" }, + "start" : + { "title" : "Start", + "description" : "Identifies the start date and time of an event.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "end" : + { "title" : "End", + "description" : "Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Origin", - "description" : "Identifies the source of the finding, such as a tool or person.", - "type" : "object", - "properties" : - { "actors" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin-actor" } } }, - "required" : - [ "actors" ], - "additionalProperties" : false } }, - "related-observations" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "logged-by" : { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Related Observation", - "description" : "Relates the poam-item to a set of referenced observations that were used to determine the finding.", - "type" : "object", - "properties" : - { "observation-uuid" : - { "title" : "Observation Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "observation-uuid" ], - "additionalProperties" : false } }, - "related-risks" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_logged-by" } }, + "related-tasks" : { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Associated Risk", - "description" : "Relates the finding to a set of referenced risks that were used to determine the finding.", - "type" : "object", - "properties" : - { "risk-uuid" : - { "title" : "Risk Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a risk defined in the list of risks.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "risk-uuid" ], - "additionalProperties" : false } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_related-task" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "title", - "description" ], - "additionalProperties" : false }, - "Base64Datatype" : - { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", - "type" : "string", - "pattern" : "^[0-9A-Za-z+/]+={0,2}$", - "contentEncoding" : "base64" }, - "BooleanDatatype" : - { "description" : "A binary value that is either: true or false.", - "type" : "boolean" }, - "DateDatatype" : - { "description" : "A string representing a 24-hour period with an optional timezone.", - "type" : "string", - "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))(Z|[+-][0-9]{2}:[0-9]{2})?$" }, - "DateTimeWithTimezoneDatatype" : - { "description" : "A string representing a point in time with a required timezone.", - "type" : "string", - "format" : "date-time", - "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, - "EmailAddressDatatype" : - { "description" : "An email address string formatted according to RFC 6531.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" } ] }, - "IntegerDatatype" : - { "description" : "A whole number value.", - "type" : "integer" }, - "NonNegativeIntegerDatatype" : - { "description" : "An integer value that is equal to or greater than 0.", - "allOf" : - [ - { "$ref" : "#/definitions/IntegerDatatype" }, - - { "type" : "number", - "minimum" : 0 } ] }, - "PositiveIntegerDatatype" : - { "description" : "An integer value that is greater than 0.", - "allOf" : - [ - { "$ref" : "#/definitions/IntegerDatatype" }, - - { "type" : "number", - "minimum" : 1 } ] }, - "StringDatatype" : - { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, - "TokenDatatype" : - { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, - "URIDatatype" : - { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, - "URIReferenceDatatype" : - { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", - "type" : "string", - "format" : "uri-reference" }, - "UUIDDatatype" : - { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, - "oneOf" : + "required" : + [ "uuid", + "start" ], + "additionalProperties" : false } } }, + "required" : + [ "entries" ], + "additionalProperties" : false }, + "observations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_observation" } }, + "risks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_risk" } }, + "findings" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_finding" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "title", + "description", + "start", + "reviewed-controls" ], + "additionalProperties" : false }, + "oscal-complete-oscal-ar:import-ap" : + { "title" : "Import Assessment Plan", + "description" : "Used by assessment-results to import information about the original plan for assessing the system.", + "$id" : "#assembly_oscal-ar_import-ap", + "type" : "object", + "properties" : + { "href" : + { "title" : "Assessment Plan Reference", + "description" : "A resolvable URL reference to the assessment plan governing the assessment activities.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-complete-oscal-poam:plan-of-action-and-milestones" : + { "title" : "Plan of Action and Milestones (POA&M)", + "description" : "A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.", + "$id" : "#assembly_oscal-poam_plan-of-action-and-milestones", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "POA&M Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "import-ssp" : + { "$ref" : "#assembly_oscal-assessment-common_import-ssp" }, + "system-id" : + { "$ref" : "#field_oscal-implementation-common_system-id" }, + "local-definitions" : + { "$ref" : "#assembly_oscal-poam_local-definitions" }, + "observations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_observation" } }, + "risks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_risk" } }, + "findings" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_finding" } }, + "poam-items" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-poam_poam-item" } }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata", + "poam-items" ], + "additionalProperties" : false }, + "oscal-complete-oscal-poam:local-definitions" : + { "title" : "Local Definitions", + "description" : "Allows components, and inventory-items to be defined within the POA&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA&M.", + "$id" : "#assembly_oscal-poam_local-definitions", + "type" : "object", + "properties" : + { "components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, + "inventory-items" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, + "assessment-assets" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-assets" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false }, + "oscal-complete-oscal-poam:poam-item" : + { "title" : "POA&M Item", + "description" : "Describes an individual POA&M item.", + "$id" : "#assembly_oscal-poam_poam-item", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "POA&M Item Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "POA&M Item Title", + "description" : "The title or name for this POA&M item .", + "type" : "string" }, + "description" : + { "title" : "POA&M Item Description", + "description" : "A human-readable description of POA&M item.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Origin", + "description" : "Identifies the source of the finding, such as a tool or person.", + "type" : "object", + "properties" : + { "actors" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin-actor" } } }, + "required" : + [ "actors" ], + "additionalProperties" : false } }, + "related-findings" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Related Finding", + "description" : "Relates the poam-item to referenced finding(s).", + "type" : "object", + "properties" : + { "finding-uuid" : + { "title" : "Finding Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a finding defined in the list of findings.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "finding-uuid" ], + "additionalProperties" : false } }, + "related-observations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Related Observation", + "description" : "Relates the poam-item to a set of referenced observations that were used to determine the finding.", + "type" : "object", + "properties" : + { "observation-uuid" : + { "title" : "Observation Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "observation-uuid" ], + "additionalProperties" : false } }, + "related-risks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Associated Risk", + "description" : "Relates the finding to a set of referenced risks that were used to determine the finding.", + "type" : "object", + "properties" : + { "risk-uuid" : + { "title" : "Risk Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a risk defined in the list of risks.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "risk-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "title", + "description" ], + "additionalProperties" : false }, + "Base64Datatype" : + { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", + "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "BooleanDatatype" : + { "description" : "A binary value that is either: true or false.", + "type" : "boolean" }, + "DateDatatype" : + { "description" : "A string representing a 24-hour period with an optional timezone.", + "type" : "string", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))(Z|[+-][0-9]{2}:[0-9]{2})?$" }, + "DateTimeWithTimezoneDatatype" : + { "description" : "A string representing a point in time with a required timezone.", + "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "description" : "An email address string formatted according to RFC 6531.", + "allOf" : [ - { "properties" : - { "$schema" : - { "$ref" : "#json-schema-directive" }, - "catalog" : - { "$ref" : "#assembly_oscal-catalog_catalog" } }, - "required" : - [ "catalog" ], - "additionalProperties" : false }, - - { "properties" : - { "$schema" : - { "$ref" : "#json-schema-directive" }, - "profile" : - { "$ref" : "#assembly_oscal-profile_profile" } }, - "required" : - [ "profile" ], - "additionalProperties" : false }, - - { "properties" : - { "$schema" : - { "$ref" : "#json-schema-directive" }, - "component-definition" : - { "$ref" : "#assembly_oscal-component-definition_component-definition" } }, - "required" : - [ "component-definition" ], - "additionalProperties" : false }, - - { "properties" : - { "$schema" : - { "$ref" : "#json-schema-directive" }, - "system-security-plan" : - { "$ref" : "#assembly_oscal-ssp_system-security-plan" } }, - "required" : - [ "system-security-plan" ], - "additionalProperties" : false }, - - { "properties" : - { "$schema" : - { "$ref" : "#json-schema-directive" }, - "assessment-plan" : - { "$ref" : "#assembly_oscal-ap_assessment-plan" } }, - "required" : - [ "assessment-plan" ], - "additionalProperties" : false }, - - { "properties" : - { "$schema" : - { "$ref" : "#json-schema-directive" }, - "assessment-results" : - { "$ref" : "#assembly_oscal-ar_assessment-results" } }, - "required" : - [ "assessment-results" ], - "additionalProperties" : false }, - - { "properties" : - { "$schema" : - { "$ref" : "#json-schema-directive" }, - "plan-of-action-and-milestones" : - { "$ref" : "#assembly_oscal-poam_plan-of-action-and-milestones" } }, - "required" : - [ "plan-of-action-and-milestones" ], - "additionalProperties" : false } ] } \ No newline at end of file + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "IntegerDatatype" : + { "description" : "A whole number value.", + "type" : "integer" }, + "NonNegativeIntegerDatatype" : + { "description" : "An integer value that is equal to or greater than 0.", + "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 0 } ] }, + "PositiveIntegerDatatype" : + { "description" : "An integer value that is greater than 0.", + "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 1 } ] }, + "StringDatatype" : + { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", + "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", + "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", + "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", + "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "oneOf" : + [ + { "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "catalog" : + { "$ref" : "#assembly_oscal-catalog_catalog" } }, + "required" : + [ "catalog" ], + "additionalProperties" : false }, + + { "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "mapping-collection" : + { "$ref" : "#assembly_oscal-mapping_mapping-collection" } }, + "required" : + [ "mapping-collection" ], + "additionalProperties" : false }, + + { "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "profile" : + { "$ref" : "#assembly_oscal-profile_profile" } }, + "required" : + [ "profile" ], + "additionalProperties" : false }, + + { "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "component-definition" : + { "$ref" : "#assembly_oscal-component-definition_component-definition" } }, + "required" : + [ "component-definition" ], + "additionalProperties" : false }, + + { "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "system-security-plan" : + { "$ref" : "#assembly_oscal-ssp_system-security-plan" } }, + "required" : + [ "system-security-plan" ], + "additionalProperties" : false }, + + { "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "assessment-plan" : + { "$ref" : "#assembly_oscal-ap_assessment-plan" } }, + "required" : + [ "assessment-plan" ], + "additionalProperties" : false }, + + { "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "assessment-results" : + { "$ref" : "#assembly_oscal-ar_assessment-results" } }, + "required" : + [ "assessment-results" ], + "additionalProperties" : false }, + + { "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "plan-of-action-and-milestones" : + { "$ref" : "#assembly_oscal-poam_plan-of-action-and-milestones" } }, + "required" : + [ "plan-of-action-and-milestones" ], + "additionalProperties" : false } ] } \ No newline at end of file diff --git a/json/schema/oscal_component_schema.json b/json/schema/oscal_component_schema.json index fef1792e0d..950e1e4c02 100644 --- a/json/schema/oscal_component_schema.json +++ b/json/schema/oscal_component_schema.json @@ -1,1599 +1,1638 @@ - { "$schema" : "http://json-schema.org/draft-07/schema#", - "$id" : "http://csrc.nist.gov/ns/oscal/1.0.6/oscal-component-definition-schema.json", - "$comment" : "OSCAL Component Definition Model: JSON Schema", + { "$schema" : "http://json-schema.org/draft-07/schema#", + "$id" : "http://csrc.nist.gov/ns/oscal/1.0.6/oscal-component-definition-schema.json", + "$comment" : "OSCAL Component Definition Model: JSON Schema", + "type" : "object", + "definitions" : + { "json-schema-directive" : + { "title" : "Schema Directive", + "description" : "A JSON Schema directive to bind a specific schema to its document instance.", + "$id" : "#json-schema-directive", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "oscal-component-definition-oscal-component-definition:component-definition" : + { "title" : "Component Definition", + "description" : "A collection of component descriptions, which may optionally be grouped by capability.", + "$id" : "#assembly_oscal-component-definition_component-definition", "type" : "object", - "definitions" : - { "json-schema-directive" : - { "title" : "Schema Directive", - "description" : "A JSON Schema directive to bind a specific schema to its document instance.", - "$id" : "#json-schema-directive", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "oscal-component-definition-oscal-component-definition:component-definition" : - { "title" : "Component Definition", - "description" : "A collection of component descriptions, which may optionally be grouped by capability.", - "$id" : "#assembly_oscal-component-definition_component-definition", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Component Definition Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "metadata" : - { "$ref" : "#assembly_oscal-metadata_metadata" }, - "import-component-definitions" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_import-component-definition" } }, - "components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_defined-component" } }, - "capabilities" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_capability" } }, - "back-matter" : - { "$ref" : "#assembly_oscal-metadata_back-matter" } }, - "required" : - [ "uuid", - "metadata" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-component-definition:import-component-definition" : - { "title" : "Import Component Definition", - "description" : "Loads a component definition from another resource.", - "$id" : "#assembly_oscal-component-definition_import-component-definition", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hyperlink Reference", - "description" : "A link to a resource that defines a set of components and/or capabilities to import into this collection.", - "$ref" : "#/definitions/URIReferenceDatatype" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-component-definition:defined-component" : - { "title" : "Component", - "description" : "A defined component that can be part of an implemented system.", - "$id" : "#assembly_oscal-component-definition_defined-component", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Component Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Component Type", - "description" : "A category describing the purpose of the component.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "interconnection", - "software", - "hardware", - "service", - "policy", - "physical", - "process-procedure", - "plan", - "guidance", - "standard", - "validation" ] } ] }, - "title" : - { "title" : "Component Title", - "description" : "A human readable name for the component.", - "type" : "string" }, - "description" : - { "title" : "Component Description", - "description" : "A description of the component, including information about its function.", - "type" : "string" }, - "purpose" : - { "title" : "Purpose", - "description" : "A summary of the technological or business purpose of the component.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "protocols" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, - "control-implementations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_control-implementation" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type", - "title", - "description" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-component-definition:capability" : - { "title" : "Capability", - "description" : "A grouping of other components and/or capabilities.", - "$id" : "#assembly_oscal-component-definition_capability", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Capability Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "name" : - { "title" : "Capability Name", - "description" : "The capability's human-readable name.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Capability Description", - "description" : "A summary of the capability.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "incorporates-components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_incorporates-component" } }, - "control-implementations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_control-implementation" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "name", - "description" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-component-definition:incorporates-component" : - { "title" : "Incorporates Component", - "description" : "TBD", - "$id" : "#assembly_oscal-component-definition_incorporates-component", - "type" : "object", - "properties" : - { "component-uuid" : - { "title" : "Component Reference", - "description" : "A machine-oriented identifier reference to a component.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Component Description", - "description" : "A description of the component, including information about its function.", - "type" : "string" } }, - "required" : - [ "component-uuid", - "description" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-component-definition:control-implementation" : - { "title" : "Control Implementation Set", - "description" : "Defines how the component or capability supports a set of controls.", - "$id" : "#assembly_oscal-component-definition_control-implementation", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Control Implementation Set Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "source" : - { "title" : "Source Resource Reference", - "description" : "A reference to an OSCAL catalog or profile providing the referenced control or subcontrol definition.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "description" : - { "title" : "Control Implementation Description", - "description" : "A description of how the specified set of controls are implemented for the containing component or capability.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "set-parameters" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, - "implemented-requirements" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_implemented-requirement" } } }, - "required" : - [ "uuid", - "source", - "description", - "implemented-requirements" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-component-definition:implemented-requirement" : - { "title" : "Control Implementation", - "description" : "Describes how the containing component or capability implements an individual control.", - "$id" : "#assembly_oscal-component-definition_implemented-requirement", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Control Implementation Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "control-id" : - { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "$ref" : "#/definitions/TokenDatatype" }, - "description" : - { "title" : "Control Implementation Description", - "description" : "A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "set-parameters" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "statements" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-component-definition_statement" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "control-id", - "description" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-component-definition:statement" : - { "title" : "Control Statement Implementation", - "description" : "Identifies which statements within a control are addressed.", - "$id" : "#assembly_oscal-component-definition_statement", - "type" : "object", - "properties" : - { "statement-id" : - { "title" : "Control Statement Reference", - "description" : "A human-oriented identifier reference to a control statement.", - "$ref" : "#/definitions/TokenDatatype" }, - "uuid" : - { "title" : "Control Statement Reference Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Statement Implementation Description", - "description" : "A summary of how the containing control statement is implemented by the component or capability.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "statement-id", - "uuid", - "description" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-implementation-common:system-component" : - { "title" : "Component", - "description" : "A defined component that can be part of an implemented system.", - "$id" : "#assembly_oscal-implementation-common_system-component", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Component Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Component Type", - "description" : "A category describing the purpose of the component.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "this-system", - "system", - "interconnection", - "software", - "hardware", - "service", - "policy", - "physical", - "process-procedure", - "plan", - "guidance", - "standard", - "validation", - "network" ] } ] }, - "title" : - { "title" : "Component Title", - "description" : "A human readable name for the system component.", - "type" : "string" }, - "description" : - { "title" : "Component Description", - "description" : "A description of the component, including information about its function.", - "type" : "string" }, - "purpose" : - { "title" : "Purpose", - "description" : "A summary of the technological or business purpose of the component.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "status" : - { "title" : "Status", - "description" : "Describes the operational status of the system component.", - "type" : "object", - "properties" : - { "state" : - { "title" : "State", - "description" : "The operational status.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "under-development", - "operational", - "disposition", - "other" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "protocols" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type", - "title", - "description", - "status" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-implementation-common:protocol" : - { "title" : "Service Protocol Information", - "description" : "Information about the protocol used to provide a service.", - "$id" : "#assembly_oscal-implementation-common_protocol", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Service Protocol Information Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "name" : - { "title" : "Protocol Name", - "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "title" : - { "title" : "Protocol Title", - "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", - "type" : "string" }, - "port-ranges" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_port-range" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-implementation-common:port-range" : - { "title" : "Port Range", - "description" : "Where applicable this is the IPv4 port range on which the service operates.", - "$id" : "#assembly_oscal-implementation-common_port-range", - "type" : "object", - "properties" : - { "start" : - { "title" : "Start", - "description" : "Indicates the starting port number in a port range", - "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, - "end" : - { "title" : "End", - "description" : "Indicates the ending port number in a port range", - "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, - "transport" : - { "title" : "Transport", - "description" : "Indicates the transport type.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "TCP", - "UDP" ] } ] } }, - "additionalProperties" : false }, - "oscal-component-definition-oscal-implementation-common:implementation-status" : - { "title" : "Implementation Status", - "description" : "Indicates the degree to which the a given control is implemented.", - "$id" : "#assembly_oscal-implementation-common_implementation-status", - "type" : "object", - "properties" : - { "state" : - { "title" : "Implementation State", - "description" : "Identifies the implementation status of the control or control objective.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "implemented", - "partial", - "planned", - "alternative", - "not-applicable" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-implementation-common:system-user" : - { "title" : "System User", - "description" : "A type of user that interacts with the system based on an associated role.", - "$id" : "#assembly_oscal-implementation-common_system-user", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "User Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "User Title", - "description" : "A name given to the user, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "User Short Name", - "description" : "A short common name, abbreviation, or acronym for the user.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "User Description", - "description" : "A summary of the user's purpose within the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "role-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_role-id" } }, - "authorized-privileges" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_authorized-privilege" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-implementation-common:authorized-privilege" : - { "title" : "Privilege", - "description" : "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", - "$id" : "#assembly_oscal-implementation-common_authorized-privilege", - "type" : "object", - "properties" : - { "title" : - { "title" : "Privilege Title", - "description" : "A human readable name for the privilege.", - "type" : "string" }, - "description" : - { "title" : "Privilege Description", - "description" : "A summary of the privilege's purpose within the system.", - "type" : "string" }, - "functions-performed" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-implementation-common_function-performed" } } }, - "required" : - [ "title", - "functions-performed" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-implementation-common:function-performed" : - { "title" : "Functions Performed", - "description" : "Describes a function performed for a given authorized privilege by this user class.", - "$id" : "#field_oscal-implementation-common_function-performed", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-component-definition-oscal-implementation-common:inventory-item" : - { "title" : "Inventory Item", - "description" : "A single managed inventory item within the system.", - "$id" : "#assembly_oscal-implementation-common_inventory-item", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Inventory Item Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Inventory Item Description", - "description" : "A summary of the inventory item stating its purpose within the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "implemented-components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Implemented Component", - "description" : "The set of components that are implemented in a given system inventory item.", - "type" : "object", - "properties" : - { "component-uuid" : - { "title" : "Component Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "component-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-implementation-common:set-parameter" : - { "title" : "Set Parameter Value", - "description" : "Identifies the parameter that will be set by the enclosed value.", - "$id" : "#assembly_oscal-implementation-common_set-parameter", - "type" : "object", - "properties" : - { "param-id" : - { "title" : "Parameter ID", - "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", - "$ref" : "#/definitions/TokenDatatype" }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Parameter Value", - "description" : "A parameter value or set of values.", - "$ref" : "#/definitions/StringDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "param-id", - "values" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-implementation-common:system-id" : - { "title" : "System Identification", - "description" : "A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.", - "$id" : "#field_oscal-implementation-common_system-id", - "type" : "object", - "properties" : - { "identifier-type" : - { "title" : "Identification System Type", - "description" : "Identifies the identification system from which the provided identifier was assigned.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "https://fedramp.gov", - "http://fedramp.gov/ns/oscal", - "https://ietf.org/rfc/rfc4122", - "http://ietf.org/rfc/rfc4122" ] } ] }, - "id" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "id" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", - "$id" : "#assembly_oscal-metadata_metadata", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "revisions" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, - "locations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, - "parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "title", - "last-modified", - "version", - "oscal-version" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:revision" : + "properties" : + { "uuid" : + { "title" : "Component Definition Universally Unique Identifier", + "description" : "Provides a globally unique means to identify a given component definition instance.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "import-component-definitions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_import-component-definition" } }, + "components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_defined-component" } }, + "capabilities" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_capability" } }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-component-definition:import-component-definition" : + { "title" : "Import Component Definition", + "description" : "Loads a component definition from another resource.", + "$id" : "#assembly_oscal-component-definition_import-component-definition", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hyperlink Reference", + "description" : "A link to a resource that defines a set of components and/or capabilities to import into this collection.", + "$ref" : "#/definitions/URIReferenceDatatype" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-component-definition:defined-component" : + { "title" : "Component", + "description" : "A defined component that can be part of an implemented system.", + "$id" : "#assembly_oscal-component-definition_defined-component", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Component Identifier", + "description" : "Provides a globally unique means to identify a given component.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Component Type", + "description" : "A category describing the purpose of the component.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation" ] } ] }, + "title" : + { "title" : "Component Title", + "description" : "A human readable name for the component.", + "type" : "string" }, + "description" : + { "title" : "Component Description", + "description" : "A description of the component, including information about its function.", + "type" : "string" }, + "purpose" : + { "title" : "Purpose", + "description" : "A summary of the technological or business purpose of the component.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "protocols" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, + "control-implementations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_control-implementation" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "title", + "description" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-component-definition:capability" : + { "title" : "Capability", + "description" : "A grouping of other components and/or capabilities.", + "$id" : "#assembly_oscal-component-definition_capability", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Capability Identifier", + "description" : "Provides a globally unique means to identify a given capability.", + "$ref" : "#/definitions/UUIDDatatype" }, + "name" : + { "title" : "Capability Name", + "description" : "The capability's human-readable name.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Capability Description", + "description" : "A summary of the capability.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "incorporates-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_incorporates-component" } }, + "control-implementations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_control-implementation" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "name", + "description" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-component-definition:incorporates-component" : + { "title" : "Incorporates Component", + "description" : "The collection of components comprising this capability.", + "$id" : "#assembly_oscal-component-definition_incorporates-component", + "type" : "object", + "properties" : + { "component-uuid" : + { "title" : "Component Reference", + "description" : "A machine-oriented identifier reference to a component.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Component Description", + "description" : "A description of the component, including information about its function.", + "type" : "string" } }, + "required" : + [ "component-uuid", + "description" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-component-definition:control-implementation" : + { "title" : "Control Implementation Set", + "description" : "Defines how the component or capability supports a set of controls.", + "$id" : "#assembly_oscal-component-definition_control-implementation", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Control Implementation Set Identifier", + "description" : "Provides a means to identify a set of control implementations that are supported by a given component or capability.", + "$ref" : "#/definitions/UUIDDatatype" }, + "source" : + { "title" : "Source Resource Reference", + "description" : "A reference to an OSCAL catalog or profile providing the referenced control or subcontrol definition.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "description" : + { "title" : "Control Implementation Description", + "description" : "A description of how the specified set of controls are implemented for the containing component or capability.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "set-parameters" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, + "implemented-requirements" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_implemented-requirement" } } }, + "required" : + [ "uuid", + "source", + "description", + "implemented-requirements" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-component-definition:implemented-requirement" : + { "title" : "Control Implementation", + "description" : "Describes how the containing component or capability implements an individual control.", + "$id" : "#assembly_oscal-component-definition_implemented-requirement", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Control Implementation Identifier", + "description" : "Provides a globally unique means to identify a given control implementation by a component.", + "$ref" : "#/definitions/UUIDDatatype" }, + "control-id" : + { "title" : "Control Identifier Reference", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "$ref" : "#/definitions/TokenDatatype" }, + "description" : + { "title" : "Control Implementation Description", + "description" : "A suggestion from the supplier (e.g., component vendor or author) for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "set-parameters" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "statements" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-component-definition_statement" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "control-id", + "description" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-component-definition:statement" : + { "title" : "Control Statement Implementation", + "description" : "Identifies which statements within a control are addressed.", + "$id" : "#assembly_oscal-component-definition_statement", + "type" : "object", + "properties" : + { "statement-id" : + { "title" : "Control Statement Reference", + "description" : "A human-oriented identifier reference to a control statement.", + "$ref" : "#/definitions/TokenDatatype" }, + "uuid" : + { "title" : "Control Statement Reference Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Statement Implementation Description", + "description" : "A summary of how the containing control statement is implemented by the component or capability.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "statement-id", + "uuid", + "description" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-implementation-common:system-component" : + { "title" : "Component", + "description" : "A defined component that can be part of an implemented system.", + "$id" : "#assembly_oscal-implementation-common_system-component", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Component Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Component Type", + "description" : "A category describing the purpose of the component.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "this-system", + "system", + "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation", + "network" ] } ] }, + "title" : + { "title" : "Component Title", + "description" : "A human readable name for the system component.", + "type" : "string" }, + "description" : + { "title" : "Component Description", + "description" : "A description of the component, including information about its function.", + "type" : "string" }, + "purpose" : + { "title" : "Purpose", + "description" : "A summary of the technological or business purpose of the component.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "status" : + { "title" : "Status", + "description" : "Describes the operational status of the system component.", + "type" : "object", + "properties" : + { "state" : + { "title" : "State", + "description" : "The operational status.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "under-development", + "operational", + "disposition", + "other" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "protocols" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "title", + "description", + "status" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-implementation-common:protocol" : + { "title" : "Service Protocol Information", + "description" : "Information about the protocol used to provide a service.", + "$id" : "#assembly_oscal-implementation-common_protocol", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Service Protocol Information Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "name" : + { "title" : "Protocol Name", + "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", + "$ref" : "#/definitions/StringDatatype" }, + "title" : + { "title" : "Protocol Title", + "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", + "type" : "string" }, + "port-ranges" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_port-range" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-implementation-common:port-range" : + { "title" : "Port Range", + "description" : "Where applicable this is the IPv4 port range on which the service operates.", + "$id" : "#assembly_oscal-implementation-common_port-range", + "type" : "object", + "properties" : + { "start" : + { "title" : "Start", + "description" : "Indicates the starting port number in a port range", + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, + "end" : + { "title" : "End", + "description" : "Indicates the ending port number in a port range", + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, + "transport" : + { "title" : "Transport", + "description" : "Indicates the transport type.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "TCP", + "UDP" ] } ] } }, + "additionalProperties" : false }, + "oscal-component-definition-oscal-implementation-common:implementation-status" : + { "title" : "Implementation Status", + "description" : "Indicates the degree to which the a given control is implemented.", + "$id" : "#assembly_oscal-implementation-common_implementation-status", + "type" : "object", + "properties" : + { "state" : + { "title" : "Implementation State", + "description" : "Identifies the implementation status of the control or control objective.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "implemented", + "partial", + "planned", + "alternative", + "not-applicable" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-implementation-common:system-user" : + { "title" : "System User", + "description" : "A type of user that interacts with the system based on an associated role.", + "$id" : "#assembly_oscal-implementation-common_system-user", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "User Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "User Title", + "description" : "A name given to the user, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "User Short Name", + "description" : "A short common name, abbreviation, or acronym for the user.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "User Description", + "description" : "A summary of the user's purpose within the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "role-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_role-id" } }, + "authorized-privileges" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_authorized-privilege" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-implementation-common:authorized-privilege" : + { "title" : "Privilege", + "description" : "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", + "$id" : "#assembly_oscal-implementation-common_authorized-privilege", + "type" : "object", + "properties" : + { "title" : + { "title" : "Privilege Title", + "description" : "A human readable name for the privilege.", + "type" : "string" }, + "description" : + { "title" : "Privilege Description", + "description" : "A summary of the privilege's purpose within the system.", + "type" : "string" }, + "functions-performed" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-implementation-common_function-performed" } } }, + "required" : + [ "title", + "functions-performed" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-implementation-common:function-performed" : + { "title" : "Functions Performed", + "description" : "Describes a function performed for a given authorized privilege by this user class.", + "$id" : "#field_oscal-implementation-common_function-performed", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-component-definition-oscal-implementation-common:inventory-item" : + { "title" : "Inventory Item", + "description" : "A single managed inventory item within the system.", + "$id" : "#assembly_oscal-implementation-common_inventory-item", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Inventory Item Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Inventory Item Description", + "description" : "A summary of the inventory item stating its purpose within the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "implemented-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Implemented Component", + "description" : "The set of components that are implemented in a given system inventory item.", + "type" : "object", + "properties" : + { "component-uuid" : + { "title" : "Component Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "component-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-implementation-common:set-parameter" : + { "title" : "Set Parameter Value", + "description" : "Identifies the parameter that will be set by the enclosed value.", + "$id" : "#assembly_oscal-implementation-common_set-parameter", + "type" : "object", + "properties" : + { "param-id" : + { "title" : "Parameter ID", + "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", + "$ref" : "#/definitions/TokenDatatype" }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$ref" : "#/definitions/StringDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "param-id", + "values" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-implementation-common:system-id" : + { "title" : "System Identification", + "description" : "A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.", + "$id" : "#field_oscal-implementation-common_system-id", + "type" : "object", + "properties" : + { "identifier-type" : + { "title" : "Identification System Type", + "description" : "Identifies the identification system from which the provided identifier was assigned.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "https://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "https://ietf.org/rfc/rfc4122", + "http://ietf.org/rfc/rfc4122" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "id" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-metadata:metadata" : + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", + "$id" : "#assembly_oscal-metadata_metadata", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "revisions" : + { "type" : "array", + "minItems" : 1, + "items" : { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:location" : + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, + "locations" : + { "type" : "array", + "minItems" : 1, + "items" : { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_location-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-component-definition-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, + "parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "anyOf" : [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://orcid.org/" ] } ] }, - "id" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_party-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-component-definition-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "actions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_action" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "title", + "last-modified", + "version", + "oscal-version" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-metadata:location-uuid" : + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", + "$id" : "#field_oscal-metadata_location-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-component-definition-oscal-metadata:party-uuid" : + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", + "$id" : "#field_oscal-metadata_party-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-component-definition-oscal-metadata:role-id" : + { "title" : "Role Identifier Reference", + "description" : "Reference to a role by UUID.", + "$id" : "#field_oscal-metadata_role-id", + "$ref" : "#/definitions/TokenDatatype" }, + "oscal-component-definition-oscal-metadata:back-matter" : + { "title" : "Back matter", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", + "$id" : "#assembly_oscal-metadata_back-matter", + "type" : "object", + "properties" : + { "resources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Resource Universally Unique Identifier", + "description" : "A unique identifier for a resource.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Resource Title", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", + "type" : "string" }, + "description" : + { "title" : "Resource Description", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "citation" : + { "title" : "Citation", + "description" : "An optional citation consisting of end note text using structured markup.", + "type" : "object", + "properties" : + { "text" : + { "title" : "Citation Text", + "description" : "A line of citation text.", + "type" : "string" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:role-id" : - { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$id" : "#field_oscal-metadata_role-id", - "$ref" : "#/definitions/TokenDatatype" }, - "oscal-component-definition-oscal-metadata:back-matter" : - { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", - "$id" : "#assembly_oscal-metadata_back-matter", - "type" : "object", - "properties" : - { "resources" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", - "type" : "string" }, - "description" : - { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "citation" : - { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", - "type" : "object", - "properties" : - { "text" : - { "title" : "Citation Text", - "description" : "A line of citation text.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "text" ], - "additionalProperties" : false }, - "rlinks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "hashes" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_hash" } } }, - "required" : - [ "href" ], - "additionalProperties" : false } }, - "base64" : - { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", - "type" : "object", - "properties" : - { "filename" : - { "title" : "File Name", - "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "value" : - { "$ref" : "#/definitions/Base64Datatype" } }, - "required" : - [ "value" ], - "additionalProperties" : false }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:property" : - { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", - "$id" : "#assembly_oscal-metadata_property", - "type" : "object", - "properties" : - { "name" : - { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "marking" ] } ] }, - "uuid" : - { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "ns" : - { "title" : "Property Namespace", - "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "value" : - { "title" : "Property Value", - "description" : "Indicates the value of the attribute, characteristic, or quality.", - "$ref" : "#/definitions/StringDatatype" }, - "class" : - { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "name", - "value" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:link" : - { "title" : "Link", - "description" : "A reference to a local or remote resource", - "$id" : "#assembly_oscal-metadata_link", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URL reference to a resource.", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "text" ], + "additionalProperties" : false }, + "rlinks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource link", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL pointing to the referenced resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, - "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "reference" ] } ] }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "hashes" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_hash" } } }, + "required" : + [ "href" ], + "additionalProperties" : false } }, + "base64" : + { "title" : "Base64", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", + "type" : "object", + "properties" : + { "filename" : + { "title" : "File Name", + "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", + "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "text" : - { "title" : "Link Text", - "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", - "type" : "string" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:responsible-party" : - { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-party", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$ref" : "#/definitions/TokenDatatype" }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id", - "party-uuids" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:responsible-role" : - { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-role", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:hash" : - { "title" : "Hash", - "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", - "$id" : "#field_oscal-metadata_hash", - "type" : "object", - "properties" : - { "algorithm" : - { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "SHA-224", - "SHA-256", - "SHA-384", - "SHA-512", - "SHA3-224", - "SHA3-256", - "SHA3-384", - "SHA3-512" ] } ] }, + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, "value" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "value", - "algorithm" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:remarks" : - { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", - "$id" : "#field_oscal-metadata_remarks", - "type" : "string" }, - "oscal-component-definition-oscal-metadata:published" : - { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_published", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-component-definition-oscal-metadata:last-modified" : - { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_last-modified", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-component-definition-oscal-metadata:version" : - { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", - "$id" : "#field_oscal-metadata_version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-component-definition-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", - "$id" : "#field_oscal-metadata_oscal-version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-component-definition-oscal-metadata:email-address" : - { "title" : "Email Address", - "description" : "An email address as defined by RFC 5322 Section 3.4.1.", - "$id" : "#field_oscal-metadata_email-address", - "$ref" : "#/definitions/EmailAddressDatatype" }, - "oscal-component-definition-oscal-metadata:telephone-number" : - { "title" : "Telephone Number", - "description" : "Contact number by telephone.", - "$id" : "#field_oscal-metadata_telephone-number", - "type" : "object", - "properties" : - { "type" : - { "title" : "type flag", - "description" : "Indicates the type of phone number.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "home", - "office", - "mobile" ] } ] }, - "number" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "number" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:address" : - { "title" : "Address", - "description" : "A postal address for the location.", - "$id" : "#assembly_oscal-metadata_address", - "type" : "object", - "properties" : - { "type" : - { "title" : "Address Type", - "description" : "Indicates the type of address.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "home", - "work" ] } ] }, - "addr-lines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_addr-line" } }, - "city" : - { "title" : "City", - "description" : "City, town or geographical region for the mailing address.", - "$ref" : "#/definitions/StringDatatype" }, - "state" : - { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "postal-code" : - { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "country" : - { "title" : "Country Code", - "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "$ref" : "#/definitions/StringDatatype" } }, - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:addr-line" : - { "title" : "Address line", - "description" : "A single line of an address.", - "$id" : "#field_oscal-metadata_addr-line", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-component-definition-oscal-metadata:document-id" : - { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", - "$id" : "#field_oscal-metadata_document-id", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "Document Identification Scheme", - "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://www.doi.org/" ] } ] }, - "identifier" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "identifier" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-catalog-common:part" : - { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", - "type" : "object", - "properties" : - { "id" : - { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "name" : - { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", - "$ref" : "#/definitions/TokenDatatype" }, - "ns" : - { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "class" : - { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "prose" : - { "title" : "Part Text", - "description" : "Permits multiple paragraphs, lists, tables etc.", - "type" : "string" }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-catalog-common:parameter" : - { "title" : "Parameter", - "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", - "type" : "object", - "properties" : - { "id" : - { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", - "$ref" : "#/definitions/TokenDatatype" }, - "depends-on" : - { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "label" : - { "title" : "Parameter Label", - "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", - "type" : "string" }, - "usage" : - { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", - "type" : "string" }, - "constraints" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, - "guidelines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, - "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-catalog-common:parameter-constraint" : - { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", - "type" : "object", - "properties" : - { "description" : - { "title" : "Constraint Description", - "description" : "A textual summary of the constraint to be applied.", - "type" : "string" }, - "tests" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Constraint Test", - "description" : "A test expression which is expected to be evaluated by a tool.", - "type" : "object", - "properties" : - { "expression" : - { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", - "$ref" : "#/definitions/StringDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "expression" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-component-definition-oscal-catalog-common:parameter-guideline" : - { "title" : "Guideline", - "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", - "type" : "object", - "properties" : - { "prose" : - { "title" : "Guideline Text", - "description" : "Prose permits multiple paragraphs, lists, tables etc.", - "type" : "string" } }, - "required" : - [ "prose" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-catalog-common:parameter-value" : - { "title" : "Parameter Value", - "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-component-definition-oscal-catalog-common:parameter-selection" : - { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", - "type" : "object", - "properties" : - { "how-many" : - { "title" : "Parameter Cardinality", - "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "one", - "one-or-more" ] } ] }, - "choice" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Choice", - "description" : "A value selection among several such options.", - "type" : "string" } } }, - "additionalProperties" : false }, - "oscal-component-definition-oscal-catalog-common:include-all" : - { "title" : "Include All", - "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", - "type" : "object", - "additionalProperties" : false }, - "Base64Datatype" : - { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", - "type" : "string", - "pattern" : "^[0-9A-Za-z+/]+={0,2}$", - "contentEncoding" : "base64" }, - "DateTimeWithTimezoneDatatype" : - { "description" : "A string representing a point in time with a required timezone.", - "type" : "string", - "format" : "date-time", - "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, - "EmailAddressDatatype" : - { "description" : "An email address string formatted according to RFC 6531.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" } ] }, - "IntegerDatatype" : - { "description" : "A whole number value.", - "type" : "integer" }, - "NonNegativeIntegerDatatype" : - { "description" : "An integer value that is equal to or greater than 0.", - "allOf" : - [ - { "$ref" : "#/definitions/IntegerDatatype" }, - - { "type" : "number", - "minimum" : 0 } ] }, - "StringDatatype" : - { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, - "TokenDatatype" : - { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, - "URIDatatype" : - { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, - "URIReferenceDatatype" : - { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", - "type" : "string", - "format" : "uri-reference" }, - "UUIDDatatype" : - { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + { "$ref" : "#/definitions/Base64Datatype" } }, + "required" : + [ "value" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-component-definition-oscal-metadata:property" : + { "title" : "Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", + "$id" : "#assembly_oscal-metadata_property", + "type" : "object", + "properties" : + { "name" : + { "title" : "Property Name", + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "$ref" : "#/definitions/TokenDatatype" }, + "uuid" : + { "title" : "Property Universally Unique Identifier", + "description" : "A unique identifier for a property.", + "$ref" : "#/definitions/UUIDDatatype" }, + "ns" : + { "title" : "Property Namespace", + "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "value" : + { "title" : "Property Value", + "description" : "Indicates the value of the attribute, characteristic, or quality.", + "$ref" : "#/definitions/StringDatatype" }, + "class" : + { "title" : "Property Class", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", + "$ref" : "#/definitions/TokenDatatype" }, + "group" : + { "title" : "Property Group", + "description" : "An identifier for relating distinct sets of properties.", + "$ref" : "#/definitions/TokenDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "name", + "value" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-metadata:link" : + { "title" : "Link", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", + "$id" : "#assembly_oscal-metadata_link", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL reference to a resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "rel" : + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "resource-fragment" : + { "title" : "Resource Fragment", + "description" : "In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded.", + "$ref" : "#/definitions/StringDatatype" }, + "text" : + { "title" : "Link Text", + "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", + "type" : "string" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-metadata:responsible-party" : + { "title" : "Responsible Party", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", + "$id" : "#assembly_oscal-metadata_responsible-party", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role", + "description" : "A reference to a role performed by a party.", + "$ref" : "#/definitions/TokenDatatype" }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id", + "party-uuids" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-metadata:action" : + { "title" : "Action", + "description" : "An action applied by a role within a given party to the content.", + "$id" : "#assembly_oscal-metadata_action", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Action Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "date" : + { "title" : "Action Occurrence Date", + "description" : "The date and time when the action occurred.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "type" : + { "title" : "Action Type", + "description" : "The type of action documented by the assembly, such as an approval.", + "$ref" : "#/definitions/TokenDatatype" }, + "system" : + { "title" : "Action Type System", + "description" : "Specifies the action type system used.", + "$ref" : "#/definitions/URIDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "system" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-metadata:responsible-role" : + { "title" : "Responsible Role", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", + "$id" : "#assembly_oscal-metadata_responsible-role", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role ID", + "description" : "A human-oriented identifier reference to a role performed.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-metadata:hash" : + { "title" : "Hash", + "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", + "$id" : "#field_oscal-metadata_hash", + "type" : "object", + "properties" : + { "algorithm" : + { "title" : "Hash algorithm", + "description" : "The digest method by which a hash is derived.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, + "value" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "value", + "algorithm" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-metadata:remarks" : + { "title" : "Remarks", + "description" : "Additional commentary about the containing object.", + "$id" : "#field_oscal-metadata_remarks", + "type" : "string" }, + "oscal-component-definition-oscal-metadata:published" : + { "title" : "Publication Timestamp", + "description" : "The date and time the document was last made available.", + "$id" : "#field_oscal-metadata_published", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-component-definition-oscal-metadata:last-modified" : + { "title" : "Last Modified Timestamp", + "description" : "The date and time the document was last stored for later retrieval.", + "$id" : "#field_oscal-metadata_last-modified", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-component-definition-oscal-metadata:version" : + { "title" : "Document Version", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", + "$id" : "#field_oscal-metadata_version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-component-definition-oscal-metadata:oscal-version" : + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", + "$id" : "#field_oscal-metadata_oscal-version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-component-definition-oscal-metadata:email-address" : + { "title" : "Email Address", + "description" : "An email address as defined by RFC 5322 Section 3.4.1.", + "$id" : "#field_oscal-metadata_email-address", + "$ref" : "#/definitions/EmailAddressDatatype" }, + "oscal-component-definition-oscal-metadata:telephone-number" : + { "title" : "Telephone Number", + "description" : "A telephone service number as defined by ITU-T E.164.", + "$id" : "#field_oscal-metadata_telephone-number", + "type" : "object", + "properties" : + { "type" : + { "title" : "type flag", + "description" : "Indicates the type of phone number.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, + "number" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "number" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-metadata:address" : + { "title" : "Address", + "description" : "A postal address for the location.", + "$id" : "#assembly_oscal-metadata_address", + "type" : "object", + "properties" : + { "type" : + { "title" : "Address Type", + "description" : "Indicates the type of address.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, + "addr-lines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_addr-line" } }, + "city" : + { "title" : "City", + "description" : "City, town or geographical region for the mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "state" : + { "title" : "State", + "description" : "State, province or analogous geographical region for a mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "postal-code" : + { "title" : "Postal Code", + "description" : "Postal or ZIP code for mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "country" : + { "title" : "Country Code", + "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", + "$ref" : "#/definitions/StringDatatype" } }, + "additionalProperties" : false }, + "oscal-component-definition-oscal-metadata:addr-line" : + { "title" : "Address line", + "description" : "A single line of an address.", + "$id" : "#field_oscal-metadata_addr-line", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-component-definition-oscal-metadata:document-id" : + { "title" : "Document Identifier", + "description" : "A document identifier qualified by an identifier scheme.", + "$id" : "#field_oscal-metadata_document-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "Document Identification Scheme", + "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, + "identifier" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "identifier" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-control-common:part" : + { "title" : "Part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", + "type" : "object", "properties" : - { "$schema" : - { "$ref" : "#json-schema-directive" }, - "component-definition" : - { "$ref" : "#assembly_oscal-component-definition_component-definition" } }, + { "id" : + { "title" : "Part Identifier", + "description" : "A unique identifier for the part.", + "$ref" : "#/definitions/TokenDatatype" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", + "$ref" : "#/definitions/TokenDatatype" }, + "ns" : + { "title" : "Part Namespace", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "class" : + { "title" : "Part Class", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Part Title", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, "required" : - [ "component-definition" ], - "additionalProperties" : false } \ No newline at end of file + [ "name" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-control-common:parameter" : + { "title" : "Parameter", + "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", + "$id" : "#assembly_oscal-control-common_parameter", + "type" : "object", + "properties" : + { "id" : + { "title" : "Parameter Identifier", + "description" : "A unique identifier for the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Parameter Class", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "depends-on" : + { "title" : "Depends on", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "label" : + { "title" : "Parameter Label", + "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", + "type" : "string" }, + "usage" : + { "title" : "Parameter Usage Description", + "description" : "Describes the purpose and use of a parameter.", + "type" : "string" }, + "constraints" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, + "guidelines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-control-common_parameter-value" } }, + "select" : + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-control-common:parameter-constraint" : + { "title" : "Constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", + "type" : "object", + "properties" : + { "description" : + { "title" : "Constraint Description", + "description" : "A textual summary of the constraint to be applied.", + "type" : "string" }, + "tests" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Constraint Test", + "description" : "A test expression which is expected to be evaluated by a tool.", + "type" : "object", + "properties" : + { "expression" : + { "title" : "Constraint test", + "description" : "A formal (executable) expression of a constraint.", + "$ref" : "#/definitions/StringDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "expression" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-component-definition-oscal-control-common:parameter-guideline" : + { "title" : "Guideline", + "description" : "A prose statement that provides a recommendation for the use of a parameter.", + "$id" : "#assembly_oscal-control-common_parameter-guideline", + "type" : "object", + "properties" : + { "prose" : + { "title" : "Guideline Text", + "description" : "Prose permits multiple paragraphs, lists, tables etc.", + "type" : "string" } }, + "required" : + [ "prose" ], + "additionalProperties" : false }, + "oscal-component-definition-oscal-control-common:parameter-value" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$id" : "#field_oscal-control-common_parameter-value", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-component-definition-oscal-control-common:parameter-selection" : + { "title" : "Selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", + "type" : "object", + "properties" : + { "how-many" : + { "title" : "Parameter Cardinality", + "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, + "choice" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Choice", + "description" : "A value selection among several such options.", + "type" : "string" } } }, + "additionalProperties" : false }, + "oscal-component-definition-oscal-control-common:include-all" : + { "title" : "Include All", + "description" : "Include all controls from the imported catalog or profile resources.", + "$id" : "#assembly_oscal-control-common_include-all", + "type" : "object", + "additionalProperties" : false }, + "Base64Datatype" : + { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", + "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "DateTimeWithTimezoneDatatype" : + { "description" : "A string representing a point in time with a required timezone.", + "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "description" : "An email address string formatted according to RFC 6531.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "IntegerDatatype" : + { "description" : "A whole number value.", + "type" : "integer" }, + "NonNegativeIntegerDatatype" : + { "description" : "An integer value that is equal to or greater than 0.", + "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 0 } ] }, + "StringDatatype" : + { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", + "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", + "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", + "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", + "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "component-definition" : + { "$ref" : "#assembly_oscal-component-definition_component-definition" } }, + "required" : + [ "component-definition" ], + "additionalProperties" : false } \ No newline at end of file diff --git a/json/schema/oscal_mapping_schema.json b/json/schema/oscal_mapping_schema.json new file mode 100644 index 0000000000..d5bbde6346 --- /dev/null +++ b/json/schema/oscal_mapping_schema.json @@ -0,0 +1,946 @@ + + { "$schema" : "http://json-schema.org/draft-07/schema#", + "$id" : "http://csrc.nist.gov/ns/oscal/1.0.3/oscal-mapping-schema.json", + "$comment" : "OSCAL Control Mapping Model: JSON Schema", + "type" : "object", + "definitions" : + { "json-schema-directive" : + { "title" : "Schema Directive", + "description" : "A JSON Schema directive to bind a specific schema to its document instance.", + "$id" : "#json-schema-directive", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "oscal-mapping-oscal-mapping:mapping-collection" : + { "title" : "Mapping Collection", + "description" : "A collection of relationship-based control and/or control statement mappings.", + "$id" : "#assembly_oscal-mapping_mapping-collection", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Mapping Collection Universally Unique Identifier", + "description" : "A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "mappings" : + { "anyOf" : + [ + { "$ref" : "#assembly_oscal-mapping_mapping" }, + + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-mapping_mapping" } } ] }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata", + "mappings" ], + "additionalProperties" : false }, + "oscal-mapping-oscal-mapping:mapping" : + { "title" : "Control Mapping", + "description" : "A mapping between two target resources.", + "$id" : "#assembly_oscal-mapping_mapping", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Mapping Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mapping definition elsewhere in this or other OSCAL instances. The locally defined UUID of the mapping can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same mapping across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "source-resource" : + { "$ref" : "#assembly_oscal-mapping-common_mapping-resource-reference" }, + "target-resource" : + { "$ref" : "#assembly_oscal-mapping-common_mapping-resource-reference" }, + "maps" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-mapping-common_map" } } }, + "required" : + [ "uuid", + "source-resource", + "target-resource", + "maps" ], + "additionalProperties" : false }, + "oscal-mapping-oscal-metadata:metadata" : + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", + "$id" : "#assembly_oscal-metadata_metadata", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "revisions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, + "locations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location", + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, + "parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "actions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_action" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "title", + "last-modified", + "version", + "oscal-version" ], + "additionalProperties" : false }, + "oscal-mapping-oscal-metadata:location-uuid" : + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", + "$id" : "#field_oscal-metadata_location-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-mapping-oscal-metadata:party-uuid" : + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", + "$id" : "#field_oscal-metadata_party-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-mapping-oscal-metadata:role-id" : + { "title" : "Role Identifier Reference", + "description" : "Reference to a role by UUID.", + "$id" : "#field_oscal-metadata_role-id", + "$ref" : "#/definitions/TokenDatatype" }, + "oscal-mapping-oscal-metadata:back-matter" : + { "title" : "Back matter", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", + "$id" : "#assembly_oscal-metadata_back-matter", + "type" : "object", + "properties" : + { "resources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Resource Universally Unique Identifier", + "description" : "A unique identifier for a resource.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Resource Title", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", + "type" : "string" }, + "description" : + { "title" : "Resource Description", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "citation" : + { "title" : "Citation", + "description" : "An optional citation consisting of end note text using structured markup.", + "type" : "object", + "properties" : + { "text" : + { "title" : "Citation Text", + "description" : "A line of citation text.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "text" ], + "additionalProperties" : false }, + "rlinks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource link", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL pointing to the referenced resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "hashes" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_hash" } } }, + "required" : + [ "href" ], + "additionalProperties" : false } }, + "base64" : + { "title" : "Base64", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", + "type" : "object", + "properties" : + { "filename" : + { "title" : "File Name", + "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", + "$ref" : "#/definitions/TokenDatatype" }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "value" : + { "$ref" : "#/definitions/Base64Datatype" } }, + "required" : + [ "value" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-mapping-oscal-metadata:property" : + { "title" : "Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", + "$id" : "#assembly_oscal-metadata_property", + "type" : "object", + "properties" : + { "name" : + { "title" : "Property Name", + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "$ref" : "#/definitions/TokenDatatype" }, + "uuid" : + { "title" : "Property Universally Unique Identifier", + "description" : "A unique identifier for a property.", + "$ref" : "#/definitions/UUIDDatatype" }, + "ns" : + { "title" : "Property Namespace", + "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "value" : + { "title" : "Property Value", + "description" : "Indicates the value of the attribute, characteristic, or quality.", + "$ref" : "#/definitions/StringDatatype" }, + "class" : + { "title" : "Property Class", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", + "$ref" : "#/definitions/TokenDatatype" }, + "group" : + { "title" : "Property Group", + "description" : "An identifier for relating distinct sets of properties.", + "$ref" : "#/definitions/TokenDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "name", + "value" ], + "additionalProperties" : false }, + "oscal-mapping-oscal-metadata:link" : + { "title" : "Link", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", + "$id" : "#assembly_oscal-metadata_link", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL reference to a resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "rel" : + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "resource-fragment" : + { "title" : "Resource Fragment", + "description" : "In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded.", + "$ref" : "#/definitions/StringDatatype" }, + "text" : + { "title" : "Link Text", + "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", + "type" : "string" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-mapping-oscal-metadata:responsible-party" : + { "title" : "Responsible Party", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", + "$id" : "#assembly_oscal-metadata_responsible-party", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role", + "description" : "A reference to a role performed by a party.", + "$ref" : "#/definitions/TokenDatatype" }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id", + "party-uuids" ], + "additionalProperties" : false }, + "oscal-mapping-oscal-metadata:action" : + { "title" : "Action", + "description" : "An action applied by a role within a given party to the content.", + "$id" : "#assembly_oscal-metadata_action", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Action Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "date" : + { "title" : "Action Occurrence Date", + "description" : "The date and time when the action occurred.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "type" : + { "title" : "Action Type", + "description" : "The type of action documented by the assembly, such as an approval.", + "$ref" : "#/definitions/TokenDatatype" }, + "system" : + { "title" : "Action Type System", + "description" : "Specifies the action type system used.", + "$ref" : "#/definitions/URIDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "system" ], + "additionalProperties" : false }, + "oscal-mapping-oscal-metadata:responsible-role" : + { "title" : "Responsible Role", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", + "$id" : "#assembly_oscal-metadata_responsible-role", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role ID", + "description" : "A human-oriented identifier reference to a role performed.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id" ], + "additionalProperties" : false }, + "oscal-mapping-oscal-metadata:hash" : + { "title" : "Hash", + "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", + "$id" : "#field_oscal-metadata_hash", + "type" : "object", + "properties" : + { "algorithm" : + { "title" : "Hash algorithm", + "description" : "The digest method by which a hash is derived.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, + "value" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "value", + "algorithm" ], + "additionalProperties" : false }, + "oscal-mapping-oscal-metadata:remarks" : + { "title" : "Remarks", + "description" : "Additional commentary about the containing object.", + "$id" : "#field_oscal-metadata_remarks", + "type" : "string" }, + "oscal-mapping-oscal-metadata:published" : + { "title" : "Publication Timestamp", + "description" : "The date and time the document was last made available.", + "$id" : "#field_oscal-metadata_published", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-mapping-oscal-metadata:last-modified" : + { "title" : "Last Modified Timestamp", + "description" : "The date and time the document was last stored for later retrieval.", + "$id" : "#field_oscal-metadata_last-modified", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-mapping-oscal-metadata:version" : + { "title" : "Document Version", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", + "$id" : "#field_oscal-metadata_version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-mapping-oscal-metadata:oscal-version" : + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", + "$id" : "#field_oscal-metadata_oscal-version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-mapping-oscal-metadata:email-address" : + { "title" : "Email Address", + "description" : "An email address as defined by RFC 5322 Section 3.4.1.", + "$id" : "#field_oscal-metadata_email-address", + "$ref" : "#/definitions/EmailAddressDatatype" }, + "oscal-mapping-oscal-metadata:telephone-number" : + { "title" : "Telephone Number", + "description" : "A telephone service number as defined by ITU-T E.164.", + "$id" : "#field_oscal-metadata_telephone-number", + "type" : "object", + "properties" : + { "type" : + { "title" : "type flag", + "description" : "Indicates the type of phone number.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, + "number" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "number" ], + "additionalProperties" : false }, + "oscal-mapping-oscal-metadata:address" : + { "title" : "Address", + "description" : "A postal address for the location.", + "$id" : "#assembly_oscal-metadata_address", + "type" : "object", + "properties" : + { "type" : + { "title" : "Address Type", + "description" : "Indicates the type of address.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, + "addr-lines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_addr-line" } }, + "city" : + { "title" : "City", + "description" : "City, town or geographical region for the mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "state" : + { "title" : "State", + "description" : "State, province or analogous geographical region for a mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "postal-code" : + { "title" : "Postal Code", + "description" : "Postal or ZIP code for mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "country" : + { "title" : "Country Code", + "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", + "$ref" : "#/definitions/StringDatatype" } }, + "additionalProperties" : false }, + "oscal-mapping-oscal-metadata:addr-line" : + { "title" : "Address line", + "description" : "A single line of an address.", + "$id" : "#field_oscal-metadata_addr-line", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-mapping-oscal-metadata:document-id" : + { "title" : "Document Identifier", + "description" : "A document identifier qualified by an identifier scheme.", + "$id" : "#field_oscal-metadata_document-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "Document Identification Scheme", + "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, + "identifier" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "identifier" ], + "additionalProperties" : false }, + "oscal-mapping-oscal-mapping-common:map" : + { "title" : "Mapping Entry", + "description" : "A relationship-based mapping between a source and target set consisting of members (i.e., controls, control statements) from the respective source and target.", + "$id" : "#assembly_oscal-mapping-common_map", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Mapping Entry Identifier", + "description" : "The unique identifier for the mapping entry.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "relationship" : + { "title" : "Mapping Entry Relationship", + "description" : "The relationship type for the mapping entry, which describes the relationship between the effective requirements of the specified source and target sets.", + "type" : "object", + "properties" : + { "ns" : + { "title" : "Relationship Value Namespace", + "description" : "A namespace qualifying the relationship's value. This allows different organizations to associate distinct semantics for relationships with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "type" : + { "$ref" : "#/definitions/TokenDatatype" } }, + "required" : + [ "type" ], + "additionalProperties" : false }, + "sources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-mapping-common_mapping-item" } }, + "targets" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-mapping-common_mapping-item" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "relationship", + "sources", + "targets" ], + "additionalProperties" : false }, + "oscal-mapping-oscal-mapping-common:mapping-item" : + { "title" : "Mapping Entry Item (source or target)", + "description" : "Identifies a specific edge within a source or target that is the subject of a mapping.", + "$id" : "#assembly_oscal-mapping-common_mapping-item", + "type" : "object", + "properties" : + { "type" : + { "title" : "Subject Type", + "description" : "The semantic type of the subject.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "control", + "statement" ] } ] }, + "id-ref" : + { "title" : "Subject Identifier Reference", + "description" : "A reference to an identified subject that is of the specified type.", + "$ref" : "#/definitions/StringDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "type", + "id-ref" ], + "additionalProperties" : false }, + "oscal-mapping-oscal-mapping-common:mapping-resource-reference" : + { "title" : "Mapped Resource Reference", + "description" : "A reference to a resource that is either the source or target of a mapping.", + "$id" : "#assembly_oscal-mapping-common_mapping-resource-reference", + "type" : "object", + "properties" : + { "type" : + { "title" : "Resource Type", + "description" : "The semantic type of the resource.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "catalog" ] } ] }, + "href" : + { "title" : "Catalog or Profile Reference", + "description" : "A resolvable URL reference to the base catalog or profile that this profile is tailoring.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "type", + "href" ], + "additionalProperties" : false }, + "Base64Datatype" : + { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", + "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "DateTimeWithTimezoneDatatype" : + { "description" : "A string representing a point in time with a required timezone.", + "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "description" : "An email address string formatted according to RFC 6531.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "StringDatatype" : + { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", + "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", + "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", + "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", + "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "mapping-collection" : + { "$ref" : "#assembly_oscal-mapping_mapping-collection" } }, + "required" : + [ "mapping-collection" ], + "additionalProperties" : false } \ No newline at end of file diff --git a/json/schema/oscal_poam_schema.json b/json/schema/oscal_poam_schema.json index e37ced7806..682e5851dd 100644 --- a/json/schema/oscal_poam_schema.json +++ b/json/schema/oscal_poam_schema.json @@ -1,2957 +1,3095 @@ - { "$schema" : "http://json-schema.org/draft-07/schema#", - "$id" : "http://csrc.nist.gov/ns/oscal/1.0.6/oscal-poam-schema.json", - "$comment" : "OSCAL Plan of Action and Milestones (POA&M) Model: JSON Schema", + { "$schema" : "http://json-schema.org/draft-07/schema#", + "$id" : "http://csrc.nist.gov/ns/oscal/1.0.6/oscal-poam-schema.json", + "$comment" : "OSCAL Plan of Action and Milestones (POA&M) Model: JSON Schema", + "type" : "object", + "definitions" : + { "json-schema-directive" : + { "title" : "Schema Directive", + "description" : "A JSON Schema directive to bind a specific schema to its document instance.", + "$id" : "#json-schema-directive", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "oscal-poam-oscal-poam:plan-of-action-and-milestones" : + { "title" : "Plan of Action and Milestones (POA&M)", + "description" : "A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.", + "$id" : "#assembly_oscal-poam_plan-of-action-and-milestones", "type" : "object", - "definitions" : - { "json-schema-directive" : - { "title" : "Schema Directive", - "description" : "A JSON Schema directive to bind a specific schema to its document instance.", - "$id" : "#json-schema-directive", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "oscal-poam-oscal-poam:plan-of-action-and-milestones" : - { "title" : "Plan of Action and Milestones (POA&M)", - "description" : "A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.", - "$id" : "#assembly_oscal-poam_plan-of-action-and-milestones", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "POA&M Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "metadata" : - { "$ref" : "#assembly_oscal-metadata_metadata" }, - "import-ssp" : - { "$ref" : "#assembly_oscal-assessment-common_import-ssp" }, - "system-id" : - { "$ref" : "#field_oscal-implementation-common_system-id" }, - "local-definitions" : - { "$ref" : "#assembly_oscal-poam_local-definitions" }, - "observations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_observation" } }, - "risks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_risk" } }, - "poam-items" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-poam_poam-item" } }, - "back-matter" : - { "$ref" : "#assembly_oscal-metadata_back-matter" } }, - "required" : - [ "uuid", - "metadata", - "poam-items" ], - "additionalProperties" : false }, - "oscal-poam-oscal-poam:local-definitions" : - { "title" : "Local Definitions", - "description" : "Allows components, and inventory-items to be defined within the POA&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA&M.", - "$id" : "#assembly_oscal-poam_local-definitions", - "type" : "object", - "properties" : - { "components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, - "inventory-items" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false }, - "oscal-poam-oscal-poam:poam-item" : - { "title" : "POA&M Item", - "description" : "Describes an individual POA&M item.", - "$id" : "#assembly_oscal-poam_poam-item", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "POA&M Item Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "POA&M Item Title", - "description" : "The title or name for this POA&M item .", - "type" : "string" }, - "description" : - { "title" : "POA&M Item Description", - "description" : "A human-readable description of POA&M item.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Origin", - "description" : "Identifies the source of the finding, such as a tool or person.", - "type" : "object", - "properties" : - { "actors" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin-actor" } } }, - "required" : - [ "actors" ], - "additionalProperties" : false } }, - "related-observations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Related Observation", - "description" : "Relates the poam-item to a set of referenced observations that were used to determine the finding.", - "type" : "object", - "properties" : - { "observation-uuid" : - { "title" : "Observation Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "observation-uuid" ], - "additionalProperties" : false } }, - "related-risks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Associated Risk", - "description" : "Relates the finding to a set of referenced risks that were used to determine the finding.", - "type" : "object", - "properties" : - { "risk-uuid" : - { "title" : "Risk Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a risk defined in the list of risks.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "risk-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "title", - "description" ], - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", - "$id" : "#assembly_oscal-metadata_metadata", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "revisions" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, - "locations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, - "parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "title", - "last-modified", - "version", - "oscal-version" ], - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:revision" : + "properties" : + { "uuid" : + { "title" : "POA&M Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "import-ssp" : + { "$ref" : "#assembly_oscal-assessment-common_import-ssp" }, + "system-id" : + { "$ref" : "#field_oscal-implementation-common_system-id" }, + "local-definitions" : + { "$ref" : "#assembly_oscal-poam_local-definitions" }, + "observations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_observation" } }, + "risks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_risk" } }, + "findings" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_finding" } }, + "poam-items" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-poam_poam-item" } }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata", + "poam-items" ], + "additionalProperties" : false }, + "oscal-poam-oscal-poam:local-definitions" : + { "title" : "Local Definitions", + "description" : "Allows components, and inventory-items to be defined within the POA&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA&M.", + "$id" : "#assembly_oscal-poam_local-definitions", + "type" : "object", + "properties" : + { "components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, + "inventory-items" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, + "assessment-assets" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-assets" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false }, + "oscal-poam-oscal-poam:poam-item" : + { "title" : "POA&M Item", + "description" : "Describes an individual POA&M item.", + "$id" : "#assembly_oscal-poam_poam-item", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "POA&M Item Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "POA&M Item Title", + "description" : "The title or name for this POA&M item .", + "type" : "string" }, + "description" : + { "title" : "POA&M Item Description", + "description" : "A human-readable description of POA&M item.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Origin", + "description" : "Identifies the source of the finding, such as a tool or person.", + "type" : "object", + "properties" : + { "actors" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin-actor" } } }, + "required" : + [ "actors" ], + "additionalProperties" : false } }, + "related-findings" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Related Finding", + "description" : "Relates the poam-item to referenced finding(s).", + "type" : "object", + "properties" : + { "finding-uuid" : + { "title" : "Finding Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a finding defined in the list of findings.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "finding-uuid" ], + "additionalProperties" : false } }, + "related-observations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Related Observation", + "description" : "Relates the poam-item to a set of referenced observations that were used to determine the finding.", + "type" : "object", + "properties" : + { "observation-uuid" : + { "title" : "Observation Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "observation-uuid" ], + "additionalProperties" : false } }, + "related-risks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Associated Risk", + "description" : "Relates the finding to a set of referenced risks that were used to determine the finding.", + "type" : "object", + "properties" : + { "risk-uuid" : + { "title" : "Risk Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a risk defined in the list of risks.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "risk-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "title", + "description" ], + "additionalProperties" : false }, + "oscal-poam-oscal-metadata:metadata" : + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", + "$id" : "#assembly_oscal-metadata_metadata", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "revisions" : + { "type" : "array", + "minItems" : 1, + "items" : { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:location" : + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, + "locations" : + { "type" : "array", + "minItems" : 1, + "items" : { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_location-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-poam-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, + "parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "anyOf" : [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://orcid.org/" ] } ] }, - "id" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_party-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-poam-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "actions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_action" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "title", + "last-modified", + "version", + "oscal-version" ], + "additionalProperties" : false }, + "oscal-poam-oscal-metadata:location-uuid" : + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", + "$id" : "#field_oscal-metadata_location-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-poam-oscal-metadata:party-uuid" : + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", + "$id" : "#field_oscal-metadata_party-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-poam-oscal-metadata:role-id" : + { "title" : "Role Identifier Reference", + "description" : "Reference to a role by UUID.", + "$id" : "#field_oscal-metadata_role-id", + "$ref" : "#/definitions/TokenDatatype" }, + "oscal-poam-oscal-metadata:back-matter" : + { "title" : "Back matter", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", + "$id" : "#assembly_oscal-metadata_back-matter", + "type" : "object", + "properties" : + { "resources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Resource Universally Unique Identifier", + "description" : "A unique identifier for a resource.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Resource Title", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", + "type" : "string" }, + "description" : + { "title" : "Resource Description", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "citation" : + { "title" : "Citation", + "description" : "An optional citation consisting of end note text using structured markup.", + "type" : "object", + "properties" : + { "text" : + { "title" : "Citation Text", + "description" : "A line of citation text.", + "type" : "string" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:role-id" : - { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$id" : "#field_oscal-metadata_role-id", - "$ref" : "#/definitions/TokenDatatype" }, - "oscal-poam-oscal-metadata:back-matter" : - { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", - "$id" : "#assembly_oscal-metadata_back-matter", - "type" : "object", - "properties" : - { "resources" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", - "type" : "string" }, - "description" : - { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "citation" : - { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", - "type" : "object", - "properties" : - { "text" : - { "title" : "Citation Text", - "description" : "A line of citation text.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "text" ], - "additionalProperties" : false }, - "rlinks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "hashes" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_hash" } } }, - "required" : - [ "href" ], - "additionalProperties" : false } }, - "base64" : - { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", - "type" : "object", - "properties" : - { "filename" : - { "title" : "File Name", - "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "value" : - { "$ref" : "#/definitions/Base64Datatype" } }, - "required" : - [ "value" ], - "additionalProperties" : false }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:property" : - { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", - "$id" : "#assembly_oscal-metadata_property", - "type" : "object", - "properties" : - { "name" : - { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "marking" ] } ] }, - "uuid" : - { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "ns" : - { "title" : "Property Namespace", - "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "value" : - { "title" : "Property Value", - "description" : "Indicates the value of the attribute, characteristic, or quality.", - "$ref" : "#/definitions/StringDatatype" }, - "class" : - { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "name", - "value" ], - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:link" : - { "title" : "Link", - "description" : "A reference to a local or remote resource", - "$id" : "#assembly_oscal-metadata_link", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URL reference to a resource.", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "text" ], + "additionalProperties" : false }, + "rlinks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource link", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL pointing to the referenced resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, - "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "reference" ] } ] }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "hashes" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_hash" } } }, + "required" : + [ "href" ], + "additionalProperties" : false } }, + "base64" : + { "title" : "Base64", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", + "type" : "object", + "properties" : + { "filename" : + { "title" : "File Name", + "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", + "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "text" : - { "title" : "Link Text", - "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", - "type" : "string" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:responsible-party" : - { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-party", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$ref" : "#/definitions/TokenDatatype" }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id", - "party-uuids" ], - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:responsible-role" : - { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-role", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id" ], - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:hash" : - { "title" : "Hash", - "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", - "$id" : "#field_oscal-metadata_hash", - "type" : "object", - "properties" : - { "algorithm" : - { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "SHA-224", - "SHA-256", - "SHA-384", - "SHA-512", - "SHA3-224", - "SHA3-256", - "SHA3-384", - "SHA3-512" ] } ] }, + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, "value" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "value", - "algorithm" ], - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:remarks" : - { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", - "$id" : "#field_oscal-metadata_remarks", - "type" : "string" }, - "oscal-poam-oscal-metadata:published" : - { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_published", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-poam-oscal-metadata:last-modified" : - { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_last-modified", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-poam-oscal-metadata:version" : - { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", - "$id" : "#field_oscal-metadata_version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-poam-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", - "$id" : "#field_oscal-metadata_oscal-version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-poam-oscal-metadata:email-address" : - { "title" : "Email Address", - "description" : "An email address as defined by RFC 5322 Section 3.4.1.", - "$id" : "#field_oscal-metadata_email-address", - "$ref" : "#/definitions/EmailAddressDatatype" }, - "oscal-poam-oscal-metadata:telephone-number" : - { "title" : "Telephone Number", - "description" : "Contact number by telephone.", - "$id" : "#field_oscal-metadata_telephone-number", - "type" : "object", - "properties" : - { "type" : - { "title" : "type flag", - "description" : "Indicates the type of phone number.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "home", - "office", - "mobile" ] } ] }, - "number" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "number" ], - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:address" : - { "title" : "Address", - "description" : "A postal address for the location.", - "$id" : "#assembly_oscal-metadata_address", - "type" : "object", - "properties" : - { "type" : - { "title" : "Address Type", - "description" : "Indicates the type of address.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "home", - "work" ] } ] }, - "addr-lines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_addr-line" } }, - "city" : - { "title" : "City", - "description" : "City, town or geographical region for the mailing address.", - "$ref" : "#/definitions/StringDatatype" }, - "state" : - { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "postal-code" : - { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "country" : - { "title" : "Country Code", - "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "$ref" : "#/definitions/StringDatatype" } }, - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:addr-line" : - { "title" : "Address line", - "description" : "A single line of an address.", - "$id" : "#field_oscal-metadata_addr-line", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-poam-oscal-metadata:document-id" : - { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", - "$id" : "#field_oscal-metadata_document-id", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "Document Identification Scheme", - "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://www.doi.org/" ] } ] }, - "identifier" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "identifier" ], - "additionalProperties" : false }, - "oscal-poam-oscal-implementation-common:system-component" : - { "title" : "Component", - "description" : "A defined component that can be part of an implemented system.", - "$id" : "#assembly_oscal-implementation-common_system-component", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Component Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Component Type", - "description" : "A category describing the purpose of the component.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "this-system", - "system", - "interconnection", - "software", - "hardware", - "service", - "policy", - "physical", - "process-procedure", - "plan", - "guidance", - "standard", - "validation", - "network" ] } ] }, - "title" : - { "title" : "Component Title", - "description" : "A human readable name for the system component.", - "type" : "string" }, - "description" : - { "title" : "Component Description", - "description" : "A description of the component, including information about its function.", - "type" : "string" }, - "purpose" : - { "title" : "Purpose", - "description" : "A summary of the technological or business purpose of the component.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "status" : - { "title" : "Status", - "description" : "Describes the operational status of the system component.", - "type" : "object", - "properties" : - { "state" : - { "title" : "State", - "description" : "The operational status.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "under-development", - "operational", - "disposition", - "other" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "protocols" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type", - "title", - "description", - "status" ], - "additionalProperties" : false }, - "oscal-poam-oscal-implementation-common:protocol" : - { "title" : "Service Protocol Information", - "description" : "Information about the protocol used to provide a service.", - "$id" : "#assembly_oscal-implementation-common_protocol", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Service Protocol Information Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "name" : - { "title" : "Protocol Name", - "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "title" : - { "title" : "Protocol Title", - "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", - "type" : "string" }, - "port-ranges" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_port-range" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-poam-oscal-implementation-common:port-range" : - { "title" : "Port Range", - "description" : "Where applicable this is the IPv4 port range on which the service operates.", - "$id" : "#assembly_oscal-implementation-common_port-range", - "type" : "object", - "properties" : - { "start" : - { "title" : "Start", - "description" : "Indicates the starting port number in a port range", - "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, - "end" : - { "title" : "End", - "description" : "Indicates the ending port number in a port range", - "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, - "transport" : - { "title" : "Transport", - "description" : "Indicates the transport type.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "TCP", - "UDP" ] } ] } }, - "additionalProperties" : false }, - "oscal-poam-oscal-implementation-common:implementation-status" : - { "title" : "Implementation Status", - "description" : "Indicates the degree to which the a given control is implemented.", - "$id" : "#assembly_oscal-implementation-common_implementation-status", - "type" : "object", - "properties" : - { "state" : - { "title" : "Implementation State", - "description" : "Identifies the implementation status of the control or control objective.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "implemented", - "partial", - "planned", - "alternative", - "not-applicable" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "oscal-poam-oscal-implementation-common:system-user" : - { "title" : "System User", - "description" : "A type of user that interacts with the system based on an associated role.", - "$id" : "#assembly_oscal-implementation-common_system-user", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "User Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "User Title", - "description" : "A name given to the user, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "User Short Name", - "description" : "A short common name, abbreviation, or acronym for the user.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "User Description", - "description" : "A summary of the user's purpose within the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "role-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_role-id" } }, - "authorized-privileges" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_authorized-privilege" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false }, - "oscal-poam-oscal-implementation-common:authorized-privilege" : - { "title" : "Privilege", - "description" : "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", - "$id" : "#assembly_oscal-implementation-common_authorized-privilege", - "type" : "object", - "properties" : - { "title" : - { "title" : "Privilege Title", - "description" : "A human readable name for the privilege.", - "type" : "string" }, - "description" : - { "title" : "Privilege Description", - "description" : "A summary of the privilege's purpose within the system.", - "type" : "string" }, - "functions-performed" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-implementation-common_function-performed" } } }, - "required" : - [ "title", - "functions-performed" ], - "additionalProperties" : false }, - "oscal-poam-oscal-implementation-common:function-performed" : - { "title" : "Functions Performed", - "description" : "Describes a function performed for a given authorized privilege by this user class.", - "$id" : "#field_oscal-implementation-common_function-performed", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-poam-oscal-implementation-common:inventory-item" : - { "title" : "Inventory Item", - "description" : "A single managed inventory item within the system.", - "$id" : "#assembly_oscal-implementation-common_inventory-item", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Inventory Item Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Inventory Item Description", - "description" : "A summary of the inventory item stating its purpose within the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "implemented-components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Implemented Component", - "description" : "The set of components that are implemented in a given system inventory item.", - "type" : "object", - "properties" : - { "component-uuid" : - { "title" : "Component Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "component-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false }, - "oscal-poam-oscal-implementation-common:set-parameter" : - { "title" : "Set Parameter Value", - "description" : "Identifies the parameter that will be set by the enclosed value.", - "$id" : "#assembly_oscal-implementation-common_set-parameter", - "type" : "object", - "properties" : - { "param-id" : - { "title" : "Parameter ID", - "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", - "$ref" : "#/definitions/TokenDatatype" }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Parameter Value", - "description" : "A parameter value or set of values.", - "$ref" : "#/definitions/StringDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "param-id", - "values" ], - "additionalProperties" : false }, - "oscal-poam-oscal-implementation-common:system-id" : - { "title" : "System Identification", - "description" : "A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.", - "$id" : "#field_oscal-implementation-common_system-id", - "type" : "object", - "properties" : - { "identifier-type" : - { "title" : "Identification System Type", - "description" : "Identifies the identification system from which the provided identifier was assigned.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "https://fedramp.gov", - "http://fedramp.gov/ns/oscal", - "https://ietf.org/rfc/rfc4122", - "http://ietf.org/rfc/rfc4122" ] } ] }, - "id" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "id" ], - "additionalProperties" : false }, - "oscal-poam-oscal-catalog-common:part" : - { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", - "type" : "object", - "properties" : - { "id" : - { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "name" : - { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", - "$ref" : "#/definitions/TokenDatatype" }, - "ns" : - { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "class" : - { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "prose" : - { "title" : "Part Text", - "description" : "Permits multiple paragraphs, lists, tables etc.", - "type" : "string" }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-poam-oscal-catalog-common:parameter" : - { "title" : "Parameter", - "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", - "type" : "object", - "properties" : - { "id" : - { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", - "$ref" : "#/definitions/TokenDatatype" }, - "depends-on" : - { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "label" : - { "title" : "Parameter Label", - "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", - "type" : "string" }, - "usage" : - { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", - "type" : "string" }, - "constraints" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, - "guidelines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, - "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id" ], - "additionalProperties" : false }, - "oscal-poam-oscal-catalog-common:parameter-constraint" : - { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", - "type" : "object", - "properties" : - { "description" : - { "title" : "Constraint Description", - "description" : "A textual summary of the constraint to be applied.", - "type" : "string" }, - "tests" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Constraint Test", - "description" : "A test expression which is expected to be evaluated by a tool.", - "type" : "object", - "properties" : - { "expression" : - { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", - "$ref" : "#/definitions/StringDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "expression" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-poam-oscal-catalog-common:parameter-guideline" : - { "title" : "Guideline", - "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", - "type" : "object", - "properties" : - { "prose" : - { "title" : "Guideline Text", - "description" : "Prose permits multiple paragraphs, lists, tables etc.", - "type" : "string" } }, - "required" : - [ "prose" ], - "additionalProperties" : false }, - "oscal-poam-oscal-catalog-common:parameter-value" : - { "title" : "Parameter Value", - "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-poam-oscal-catalog-common:parameter-selection" : - { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", - "type" : "object", - "properties" : - { "how-many" : - { "title" : "Parameter Cardinality", - "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "one", - "one-or-more" ] } ] }, - "choice" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Choice", - "description" : "A value selection among several such options.", - "type" : "string" } } }, - "additionalProperties" : false }, - "oscal-poam-oscal-catalog-common:include-all" : - { "title" : "Include All", - "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", - "type" : "object", - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:import-ssp" : - { "title" : "Import System Security Plan", - "description" : "Used by the assessment plan and POA&M to import information about the system.", - "$id" : "#assembly_oscal-assessment-common_import-ssp", - "type" : "object", - "properties" : - { "href" : - { "title" : "System Security Plan Reference", - "description" : "A resolvable URL reference to the system security plan for the system being assessed.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:local-objective" : - { "title" : "Assessment-Specific Control Objective", - "description" : "A local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.", - "$id" : "#assembly_oscal-assessment-common_local-objective", - "type" : "object", - "properties" : - { "control-id" : - { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "$ref" : "#/definitions/TokenDatatype" }, - "description" : - { "title" : "Objective Description", - "description" : "A human-readable description of this control objective.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "control-id", - "parts" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:assessment-method" : - { "title" : "Assessment Method", - "description" : "A local definition of a control objective. Uses catalog syntax for control objective and assessment activities.", - "$id" : "#assembly_oscal-assessment-common_assessment-method", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Method Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Assessment Method Description", - "description" : "A human-readable description of this assessment method.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "part" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-part" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "part" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:activity" : - { "title" : "Activity", - "description" : "Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.", - "$id" : "#assembly_oscal-assessment-common_activity", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Activity Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Included Activity Title", - "description" : "The title for this included activity.", - "type" : "string" }, - "description" : - { "title" : "Included Activity Description", - "description" : "A human-readable description of this included activity.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "steps" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Step", - "description" : "Identifies an individual step in a series of steps related to an activity, such as an assessment test or examination procedure.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Step Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Step Title", - "description" : "The title for this step.", - "type" : "string" }, - "description" : - { "title" : "Step Description", - "description" : "A human-readable description of this step.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "reviewed-controls" : - { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "related-controls" : - { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:task" : - { "title" : "Task", - "description" : "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.", - "$id" : "#assembly_oscal-assessment-common_task", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Task Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Task Type", - "description" : "The type of task.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "milestone", - "action" ] } ] }, - "title" : - { "title" : "Task Title", - "description" : "The title for this task.", - "type" : "string" }, - "description" : - { "title" : "Task Description", - "description" : "A human-readable description of this task.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "timing" : - { "title" : "Event Timing", - "description" : "The timing under which the task is intended to occur.", - "type" : "object", - "properties" : - { "on-date" : - { "title" : "On Date Condition", - "description" : "The task is intended to occur on the specified date.", - "type" : "object", - "properties" : - { "date" : - { "title" : "On Date Condition", - "description" : "The task must occur on the specified date.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, - "required" : - [ "date" ], - "additionalProperties" : false }, - "within-date-range" : - { "title" : "On Date Range Condition", - "description" : "The task is intended to occur within the specified date range.", - "type" : "object", - "properties" : - { "start" : - { "title" : "Start Date Condition", - "description" : "The task must occur on or after the specified date.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "end" : - { "title" : "End Date Condition", - "description" : "The task must occur on or before the specified date.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, - "required" : - [ "start", - "end" ], - "additionalProperties" : false }, - "at-frequency" : - { "title" : "Frequency Condition", - "description" : "The task is intended to occur at the specified frequency.", - "type" : "object", - "properties" : - { "period" : - { "title" : "Period", - "description" : "The task must occur after the specified period has elapsed.", - "$ref" : "#/definitions/PositiveIntegerDatatype" }, - "unit" : - { "title" : "Time Unit", - "description" : "The unit of time for the period.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "seconds", - "minutes", - "hours", - "days", - "months", - "years" ] } ] } }, - "required" : - [ "period", - "unit" ], - "additionalProperties" : false } }, - "additionalProperties" : false }, - "dependencies" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Task Dependency", - "description" : "Used to indicate that a task is dependent on another task.", - "type" : "object", - "properties" : - { "task-uuid" : - { "title" : "Task Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique task.", - "$ref" : "#/definitions/UUIDDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "task-uuid" ], - "additionalProperties" : false } }, - "tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_task" } }, - "associated-activities" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Associated Activity", - "description" : "Identifies an individual activity to be performed as part of a task.", - "type" : "object", - "properties" : - { "activity-uuid" : - { "title" : "Activity Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to an activity defined in the list of activities.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "activity-uuid", - "subjects" ], - "additionalProperties" : false } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type", - "title" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:reviewed-controls" : - { "title" : "Reviewed Controls and Control Objectives", - "description" : "Identifies the controls being assessed and their control objectives.", - "$id" : "#assembly_oscal-assessment-common_reviewed-controls", - "type" : "object", - "properties" : - { "description" : - { "title" : "Control Objective Description", - "description" : "A human-readable description of control objectives.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "control-selections" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Assessed Controls", - "description" : "Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.", - "type" : "object", - "properties" : - { "description" : - { "title" : "Assessed Controls Description", - "description" : "A human-readable description of in-scope controls specified for assessment.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, - "exclude-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false } }, - "control-objective-selections" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Referenced Control Objectives", - "description" : "Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the assessed objectives, and reflects any changes from the plan.", - "type" : "object", - "properties" : - { "description" : - { "title" : "Control Objectives Description", - "description" : "A human-readable description of this collection of control objectives.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-objectives" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, - "exclude-objectives" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "control-selections" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:select-control-by-id" : - { "title" : "Select Control", - "description" : "Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.", - "$id" : "#assembly_oscal-assessment-common_select-control-by-id", - "type" : "object", - "properties" : - { "control-id" : - { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "$ref" : "#/definitions/TokenDatatype" }, - "statement-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Include Specific Statements", - "description" : "Used to constrain the selection to only specificity identified statements.", - "$ref" : "#/definitions/TokenDatatype" } } }, - "required" : - [ "control-id" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:select-objective-by-id" : - { "title" : "Select Objective", - "description" : "Used to select a control objective for inclusion/exclusion based on the control objective's identifier.", - "$id" : "#assembly_oscal-assessment-common_select-objective-by-id", - "type" : "object", - "properties" : - { "objective-id" : - { "title" : "Objective ID", - "description" : "Points to an assessment objective.", - "$ref" : "#/definitions/TokenDatatype" } }, - "required" : - [ "objective-id" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:assessment-subject-placeholder" : - { "title" : "Assessment Subject Placeholder", - "description" : "Used when the assessment subjects will be determined as part of one or more other assessment activities. These assessment subjects will be recorded in the assessment results in the assessment log.", - "$id" : "#assembly_oscal-assessment-common_assessment-subject-placeholder", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Subject Placeholder Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Assessment Subject Placeholder Description", - "description" : "A human-readable description of intent of this assessment subject placeholder.", - "type" : "string" }, - "sources" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Assessment Subject Source", - "description" : "Assessment subjects will be identified while conducting the referenced activity-instance.", - "type" : "object", - "properties" : - { "task-uuid" : - { "title" : "Task Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "task-uuid" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "sources" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:assessment-subject" : - { "title" : "Subject of Assessment", - "description" : "Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope.", - "$id" : "#assembly_oscal-assessment-common_assessment-subject", - "type" : "object", - "properties" : - { "type" : - { "title" : "Subject Type", - "description" : "Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "component", - "inventory-item", - "location", - "party", - "user" ] } ] }, - "description" : - { "title" : "Include Subjects Description", - "description" : "A human-readable description of the collection of subjects being included in this assessment.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, - "exclude-subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "type" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:select-subject-by-id" : - { "title" : "Select Assessment Subject", - "description" : "Identifies a set of assessment subjects to include/exclude by UUID.", - "$id" : "#assembly_oscal-assessment-common_select-subject-by-id", - "type" : "object", - "properties" : - { "subject-uuid" : - { "title" : "Subject Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Subject Universally Unique Identifier Reference Type", - "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "component", - "inventory-item", - "location", - "party", - "user", - "resource" ] } ] }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "subject-uuid", - "type" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:subject-reference" : - { "title" : "Identifies the Subject", - "description" : "A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.", - "$id" : "#assembly_oscal-assessment-common_subject-reference", - "type" : "object", - "properties" : - { "subject-uuid" : - { "title" : "Subject Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Subject Universally Unique Identifier Reference Type", - "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "component", - "inventory-item", - "location", - "party", - "user", - "resource" ] } ] }, - "title" : - { "title" : "Subject Reference Title", - "description" : "The title or name for the referenced subject.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "subject-uuid", - "type" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:assessment-assets" : - { "title" : "Assessment Assets", - "description" : "Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.", - "$id" : "#assembly_oscal-assessment-common_assessment-assets", - "type" : "object", - "properties" : - { "components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, - "assessment-platforms" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Assessment Platform", - "description" : "Used to represent the toolset used to perform aspects of the assessment.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Assessment Platform Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Assessment Platform Title", - "description" : "The title or name for the assessment platform.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "uses-components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Uses Component", - "description" : "The set of components that are used by the assessment platform.", - "type" : "object", - "properties" : - { "component-uuid" : - { "title" : "Component Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "component-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false } } }, - "required" : - [ "assessment-platforms" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:finding-target" : - { "title" : "Objective Status", - "description" : "Captures an assessor's conclusions regarding the degree to which an objective is satisfied.", - "$id" : "#assembly_oscal-assessment-common_finding-target", - "type" : "object", - "properties" : - { "type" : - { "title" : "Finding Target Type", - "description" : "Identifies the type of the target.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "statement-id", - "objective-id" ] } ] }, - "target-id" : - { "title" : "Finding Target Identifier Reference", - "description" : "A machine-oriented identifier reference for a specific target qualified by the type.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Objective Status Title", - "description" : "The title for this objective status.", - "type" : "string" }, - "description" : - { "title" : "Objective Status Description", - "description" : "A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "status" : - { "title" : "Objective Status", - "description" : "A determination of if the objective is satisfied or not within a given system.", - "type" : "object", - "properties" : - { "state" : - { "title" : "Objective Status State", - "description" : "An indication as to whether the objective is satisfied or not.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "satisfied", - "not-satisfied" ] } ] }, - "reason" : - { "title" : "Objective Status Reason", - "description" : "The reason the objective was given it's status.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "pass", - "fail", - "other" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "implementation-status" : - { "$ref" : "#assembly_oscal-implementation-common_implementation-status" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "type", - "target-id", - "status" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:observation" : - { "title" : "Observation", - "description" : "Describes an individual observation.", - "$id" : "#assembly_oscal-assessment-common_observation", + { "$ref" : "#/definitions/Base64Datatype" } }, + "required" : + [ "value" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-poam-oscal-metadata:property" : + { "title" : "Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", + "$id" : "#assembly_oscal-metadata_property", + "type" : "object", + "properties" : + { "name" : + { "title" : "Property Name", + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "$ref" : "#/definitions/TokenDatatype" }, + "uuid" : + { "title" : "Property Universally Unique Identifier", + "description" : "A unique identifier for a property.", + "$ref" : "#/definitions/UUIDDatatype" }, + "ns" : + { "title" : "Property Namespace", + "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "value" : + { "title" : "Property Value", + "description" : "Indicates the value of the attribute, characteristic, or quality.", + "$ref" : "#/definitions/StringDatatype" }, + "class" : + { "title" : "Property Class", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", + "$ref" : "#/definitions/TokenDatatype" }, + "group" : + { "title" : "Property Group", + "description" : "An identifier for relating distinct sets of properties.", + "$ref" : "#/definitions/TokenDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "name", + "value" ], + "additionalProperties" : false }, + "oscal-poam-oscal-metadata:link" : + { "title" : "Link", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", + "$id" : "#assembly_oscal-metadata_link", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL reference to a resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "rel" : + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "resource-fragment" : + { "title" : "Resource Fragment", + "description" : "In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded.", + "$ref" : "#/definitions/StringDatatype" }, + "text" : + { "title" : "Link Text", + "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", + "type" : "string" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-poam-oscal-metadata:responsible-party" : + { "title" : "Responsible Party", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", + "$id" : "#assembly_oscal-metadata_responsible-party", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role", + "description" : "A reference to a role performed by a party.", + "$ref" : "#/definitions/TokenDatatype" }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id", + "party-uuids" ], + "additionalProperties" : false }, + "oscal-poam-oscal-metadata:action" : + { "title" : "Action", + "description" : "An action applied by a role within a given party to the content.", + "$id" : "#assembly_oscal-metadata_action", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Action Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "date" : + { "title" : "Action Occurrence Date", + "description" : "The date and time when the action occurred.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "type" : + { "title" : "Action Type", + "description" : "The type of action documented by the assembly, such as an approval.", + "$ref" : "#/definitions/TokenDatatype" }, + "system" : + { "title" : "Action Type System", + "description" : "Specifies the action type system used.", + "$ref" : "#/definitions/URIDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "system" ], + "additionalProperties" : false }, + "oscal-poam-oscal-metadata:responsible-role" : + { "title" : "Responsible Role", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", + "$id" : "#assembly_oscal-metadata_responsible-role", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role ID", + "description" : "A human-oriented identifier reference to a role performed.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id" ], + "additionalProperties" : false }, + "oscal-poam-oscal-metadata:hash" : + { "title" : "Hash", + "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", + "$id" : "#field_oscal-metadata_hash", + "type" : "object", + "properties" : + { "algorithm" : + { "title" : "Hash algorithm", + "description" : "The digest method by which a hash is derived.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, + "value" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "value", + "algorithm" ], + "additionalProperties" : false }, + "oscal-poam-oscal-metadata:remarks" : + { "title" : "Remarks", + "description" : "Additional commentary about the containing object.", + "$id" : "#field_oscal-metadata_remarks", + "type" : "string" }, + "oscal-poam-oscal-metadata:published" : + { "title" : "Publication Timestamp", + "description" : "The date and time the document was last made available.", + "$id" : "#field_oscal-metadata_published", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-poam-oscal-metadata:last-modified" : + { "title" : "Last Modified Timestamp", + "description" : "The date and time the document was last stored for later retrieval.", + "$id" : "#field_oscal-metadata_last-modified", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-poam-oscal-metadata:version" : + { "title" : "Document Version", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", + "$id" : "#field_oscal-metadata_version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-poam-oscal-metadata:oscal-version" : + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", + "$id" : "#field_oscal-metadata_oscal-version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-poam-oscal-metadata:email-address" : + { "title" : "Email Address", + "description" : "An email address as defined by RFC 5322 Section 3.4.1.", + "$id" : "#field_oscal-metadata_email-address", + "$ref" : "#/definitions/EmailAddressDatatype" }, + "oscal-poam-oscal-metadata:telephone-number" : + { "title" : "Telephone Number", + "description" : "A telephone service number as defined by ITU-T E.164.", + "$id" : "#field_oscal-metadata_telephone-number", + "type" : "object", + "properties" : + { "type" : + { "title" : "type flag", + "description" : "Indicates the type of phone number.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, + "number" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "number" ], + "additionalProperties" : false }, + "oscal-poam-oscal-metadata:address" : + { "title" : "Address", + "description" : "A postal address for the location.", + "$id" : "#assembly_oscal-metadata_address", + "type" : "object", + "properties" : + { "type" : + { "title" : "Address Type", + "description" : "Indicates the type of address.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, + "addr-lines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_addr-line" } }, + "city" : + { "title" : "City", + "description" : "City, town or geographical region for the mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "state" : + { "title" : "State", + "description" : "State, province or analogous geographical region for a mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "postal-code" : + { "title" : "Postal Code", + "description" : "Postal or ZIP code for mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "country" : + { "title" : "Country Code", + "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", + "$ref" : "#/definitions/StringDatatype" } }, + "additionalProperties" : false }, + "oscal-poam-oscal-metadata:addr-line" : + { "title" : "Address line", + "description" : "A single line of an address.", + "$id" : "#field_oscal-metadata_addr-line", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-poam-oscal-metadata:document-id" : + { "title" : "Document Identifier", + "description" : "A document identifier qualified by an identifier scheme.", + "$id" : "#field_oscal-metadata_document-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "Document Identification Scheme", + "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, + "identifier" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "identifier" ], + "additionalProperties" : false }, + "oscal-poam-oscal-implementation-common:system-component" : + { "title" : "Component", + "description" : "A defined component that can be part of an implemented system.", + "$id" : "#assembly_oscal-implementation-common_system-component", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Component Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Component Type", + "description" : "A category describing the purpose of the component.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "this-system", + "system", + "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation", + "network" ] } ] }, + "title" : + { "title" : "Component Title", + "description" : "A human readable name for the system component.", + "type" : "string" }, + "description" : + { "title" : "Component Description", + "description" : "A description of the component, including information about its function.", + "type" : "string" }, + "purpose" : + { "title" : "Purpose", + "description" : "A summary of the technological or business purpose of the component.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "status" : + { "title" : "Status", + "description" : "Describes the operational status of the system component.", + "type" : "object", + "properties" : + { "state" : + { "title" : "State", + "description" : "The operational status.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "under-development", + "operational", + "disposition", + "other" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "protocols" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "title", + "description", + "status" ], + "additionalProperties" : false }, + "oscal-poam-oscal-implementation-common:protocol" : + { "title" : "Service Protocol Information", + "description" : "Information about the protocol used to provide a service.", + "$id" : "#assembly_oscal-implementation-common_protocol", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Service Protocol Information Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "name" : + { "title" : "Protocol Name", + "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", + "$ref" : "#/definitions/StringDatatype" }, + "title" : + { "title" : "Protocol Title", + "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", + "type" : "string" }, + "port-ranges" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_port-range" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-poam-oscal-implementation-common:port-range" : + { "title" : "Port Range", + "description" : "Where applicable this is the IPv4 port range on which the service operates.", + "$id" : "#assembly_oscal-implementation-common_port-range", + "type" : "object", + "properties" : + { "start" : + { "title" : "Start", + "description" : "Indicates the starting port number in a port range", + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, + "end" : + { "title" : "End", + "description" : "Indicates the ending port number in a port range", + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, + "transport" : + { "title" : "Transport", + "description" : "Indicates the transport type.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "TCP", + "UDP" ] } ] } }, + "additionalProperties" : false }, + "oscal-poam-oscal-implementation-common:implementation-status" : + { "title" : "Implementation Status", + "description" : "Indicates the degree to which the a given control is implemented.", + "$id" : "#assembly_oscal-implementation-common_implementation-status", + "type" : "object", + "properties" : + { "state" : + { "title" : "Implementation State", + "description" : "Identifies the implementation status of the control or control objective.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "implemented", + "partial", + "planned", + "alternative", + "not-applicable" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "oscal-poam-oscal-implementation-common:system-user" : + { "title" : "System User", + "description" : "A type of user that interacts with the system based on an associated role.", + "$id" : "#assembly_oscal-implementation-common_system-user", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "User Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "User Title", + "description" : "A name given to the user, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "User Short Name", + "description" : "A short common name, abbreviation, or acronym for the user.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "User Description", + "description" : "A summary of the user's purpose within the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "role-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_role-id" } }, + "authorized-privileges" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_authorized-privilege" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false }, + "oscal-poam-oscal-implementation-common:authorized-privilege" : + { "title" : "Privilege", + "description" : "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", + "$id" : "#assembly_oscal-implementation-common_authorized-privilege", + "type" : "object", + "properties" : + { "title" : + { "title" : "Privilege Title", + "description" : "A human readable name for the privilege.", + "type" : "string" }, + "description" : + { "title" : "Privilege Description", + "description" : "A summary of the privilege's purpose within the system.", + "type" : "string" }, + "functions-performed" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-implementation-common_function-performed" } } }, + "required" : + [ "title", + "functions-performed" ], + "additionalProperties" : false }, + "oscal-poam-oscal-implementation-common:function-performed" : + { "title" : "Functions Performed", + "description" : "Describes a function performed for a given authorized privilege by this user class.", + "$id" : "#field_oscal-implementation-common_function-performed", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-poam-oscal-implementation-common:inventory-item" : + { "title" : "Inventory Item", + "description" : "A single managed inventory item within the system.", + "$id" : "#assembly_oscal-implementation-common_inventory-item", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Inventory Item Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Inventory Item Description", + "description" : "A summary of the inventory item stating its purpose within the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "implemented-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Implemented Component", + "description" : "The set of components that are implemented in a given system inventory item.", + "type" : "object", + "properties" : + { "component-uuid" : + { "title" : "Component Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "component-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false }, + "oscal-poam-oscal-implementation-common:set-parameter" : + { "title" : "Set Parameter Value", + "description" : "Identifies the parameter that will be set by the enclosed value.", + "$id" : "#assembly_oscal-implementation-common_set-parameter", + "type" : "object", + "properties" : + { "param-id" : + { "title" : "Parameter ID", + "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", + "$ref" : "#/definitions/TokenDatatype" }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$ref" : "#/definitions/StringDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "param-id", + "values" ], + "additionalProperties" : false }, + "oscal-poam-oscal-implementation-common:system-id" : + { "title" : "System Identification", + "description" : "A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.", + "$id" : "#field_oscal-implementation-common_system-id", + "type" : "object", + "properties" : + { "identifier-type" : + { "title" : "Identification System Type", + "description" : "Identifies the identification system from which the provided identifier was assigned.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "https://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "https://ietf.org/rfc/rfc4122", + "http://ietf.org/rfc/rfc4122" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "id" ], + "additionalProperties" : false }, + "oscal-poam-oscal-control-common:part" : + { "title" : "Part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", + "type" : "object", + "properties" : + { "id" : + { "title" : "Part Identifier", + "description" : "A unique identifier for the part.", + "$ref" : "#/definitions/TokenDatatype" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", + "$ref" : "#/definitions/TokenDatatype" }, + "ns" : + { "title" : "Part Namespace", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "class" : + { "title" : "Part Class", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Part Title", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-poam-oscal-control-common:parameter" : + { "title" : "Parameter", + "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", + "$id" : "#assembly_oscal-control-common_parameter", + "type" : "object", + "properties" : + { "id" : + { "title" : "Parameter Identifier", + "description" : "A unique identifier for the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Parameter Class", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "depends-on" : + { "title" : "Depends on", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "label" : + { "title" : "Parameter Label", + "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", + "type" : "string" }, + "usage" : + { "title" : "Parameter Usage Description", + "description" : "Describes the purpose and use of a parameter.", + "type" : "string" }, + "constraints" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, + "guidelines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-control-common_parameter-value" } }, + "select" : + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id" ], + "additionalProperties" : false }, + "oscal-poam-oscal-control-common:parameter-constraint" : + { "title" : "Constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", + "type" : "object", + "properties" : + { "description" : + { "title" : "Constraint Description", + "description" : "A textual summary of the constraint to be applied.", + "type" : "string" }, + "tests" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Constraint Test", + "description" : "A test expression which is expected to be evaluated by a tool.", + "type" : "object", + "properties" : + { "expression" : + { "title" : "Constraint test", + "description" : "A formal (executable) expression of a constraint.", + "$ref" : "#/definitions/StringDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "expression" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-poam-oscal-control-common:parameter-guideline" : + { "title" : "Guideline", + "description" : "A prose statement that provides a recommendation for the use of a parameter.", + "$id" : "#assembly_oscal-control-common_parameter-guideline", + "type" : "object", + "properties" : + { "prose" : + { "title" : "Guideline Text", + "description" : "Prose permits multiple paragraphs, lists, tables etc.", + "type" : "string" } }, + "required" : + [ "prose" ], + "additionalProperties" : false }, + "oscal-poam-oscal-control-common:parameter-value" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$id" : "#field_oscal-control-common_parameter-value", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-poam-oscal-control-common:parameter-selection" : + { "title" : "Selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", + "type" : "object", + "properties" : + { "how-many" : + { "title" : "Parameter Cardinality", + "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, + "choice" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Choice", + "description" : "A value selection among several such options.", + "type" : "string" } } }, + "additionalProperties" : false }, + "oscal-poam-oscal-control-common:include-all" : + { "title" : "Include All", + "description" : "Include all controls from the imported catalog or profile resources.", + "$id" : "#assembly_oscal-control-common_include-all", + "type" : "object", + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:import-ssp" : + { "title" : "Import System Security Plan", + "description" : "Used by the assessment plan and POA&M to import information about the system.", + "$id" : "#assembly_oscal-assessment-common_import-ssp", + "type" : "object", + "properties" : + { "href" : + { "title" : "System Security Plan Reference", + "description" : "A resolvable URL reference to the system security plan for the system being assessed.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:local-objective" : + { "title" : "Assessment-Specific Control Objective", + "description" : "A local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.", + "$id" : "#assembly_oscal-assessment-common_local-objective", + "type" : "object", + "properties" : + { "control-id" : + { "title" : "Control Identifier Reference", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "$ref" : "#/definitions/TokenDatatype" }, + "description" : + { "title" : "Objective Description", + "description" : "A human-readable description of this control objective.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "control-id", + "parts" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:assessment-method" : + { "title" : "Assessment Method", + "description" : "A local definition of a control objective. Uses catalog syntax for control objective and assessment activities.", + "$id" : "#assembly_oscal-assessment-common_assessment-method", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Method Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Assessment Method Description", + "description" : "A human-readable description of this assessment method.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "part" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-part" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "part" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:activity" : + { "title" : "Activity", + "description" : "Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.", + "$id" : "#assembly_oscal-assessment-common_activity", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Activity Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Included Activity Title", + "description" : "The title for this included activity.", + "type" : "string" }, + "description" : + { "title" : "Included Activity Description", + "description" : "A human-readable description of this included activity.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "steps" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Step", + "description" : "Identifies an individual step in a series of steps related to an activity, such as an assessment test or examination procedure.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Step Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Step Title", + "description" : "The title for this step.", + "type" : "string" }, + "description" : + { "title" : "Step Description", + "description" : "A human-readable description of this step.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "reviewed-controls" : + { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "related-controls" : + { "$ref" : "#assembly_oscal-assessment-common_reviewed-controls" }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:task" : + { "title" : "Task", + "description" : "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.", + "$id" : "#assembly_oscal-assessment-common_task", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Task Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Task Type", + "description" : "The type of task.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "milestone", + "action" ] } ] }, + "title" : + { "title" : "Task Title", + "description" : "The title for this task.", + "type" : "string" }, + "description" : + { "title" : "Task Description", + "description" : "A human-readable description of this task.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "timing" : + { "title" : "Event Timing", + "description" : "The timing under which the task is intended to occur.", + "type" : "object", + "properties" : + { "on-date" : + { "title" : "On Date Condition", + "description" : "The task is intended to occur on the specified date.", "type" : "object", "properties" : - { "uuid" : - { "title" : "Observation Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Observation Title", - "description" : "The title for this observation.", - "type" : "string" }, - "description" : - { "title" : "Observation Description", - "description" : "A human-readable description of this assessment observation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "methods" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Observation Method", - "description" : "Identifies how the observation was made.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "EXAMINE", - "INTERVIEW", - "TEST", - "UNKNOWN" ] } ] } }, - "types" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Observation Type", - "description" : "Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "ssp-statement-issue", - "control-objective", - "mitigation", - "finding", - "historic" ] } ] } }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, - "relevant-evidence" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Relevant Evidence", - "description" : "Links this observation to relevant evidence.", - "type" : "object", - "properties" : - { "href" : - { "title" : "Relevant Evidence Reference", - "description" : "A resolvable URL reference to relevant evidence.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "description" : - { "title" : "Relevant Evidence Description", - "description" : "A human-readable description of this evidence.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "description" ], - "additionalProperties" : false } }, - "collected" : - { "title" : "Collected Field", - "description" : "Date/time stamp identifying when the finding information was collected.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "expires" : - { "title" : "Expires Field", - "description" : "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, + { "date" : + { "title" : "On Date Condition", + "description" : "The task must occur on the specified date.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : - [ "uuid", - "description", - "methods", - "collected" ], + [ "date" ], "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:origin" : - { "title" : "Origin", - "description" : "Identifies the source of the finding, such as a tool, interviewed person, or activity.", - "$id" : "#assembly_oscal-assessment-common_origin", + "within-date-range" : + { "title" : "On Date Range Condition", + "description" : "The task is intended to occur within the specified date range.", "type" : "object", "properties" : - { "actors" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin-actor" } }, - "related-tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_related-task" } } }, + { "start" : + { "title" : "Start Date Condition", + "description" : "The task must occur on or after the specified date.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "end" : + { "title" : "End Date Condition", + "description" : "The task must occur on or before the specified date.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : - [ "actors" ], + [ "start", + "end" ], "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:origin-actor" : - { "title" : "Originating Actor", - "description" : "The actor that produces an observation, a finding, or a risk. One or more actor type can be used to specify a person that is using a tool.", - "$id" : "#assembly_oscal-assessment-common_origin-actor", + "at-frequency" : + { "title" : "Frequency Condition", + "description" : "The task is intended to occur at the specified frequency.", "type" : "object", "properties" : - { "type" : - { "title" : "Actor Type", - "description" : "The kind of actor.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "tool", - "assessment-platform", - "party" ] } ] }, - "actor-uuid" : - { "title" : "Actor Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to the tool or person based on the associated type.", - "$ref" : "#/definitions/UUIDDatatype" }, - "role-id" : - { "title" : "Actor Role", - "description" : "For a party, this can optionally be used to specify the role the actor was performing.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, + { "period" : + { "title" : "Period", + "description" : "The task must occur after the specified period has elapsed.", + "$ref" : "#/definitions/PositiveIntegerDatatype" }, + "unit" : + { "title" : "Time Unit", + "description" : "The unit of time for the period.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "seconds", + "minutes", + "hours", + "days", + "months", + "years" ] } ] } }, "required" : - [ "type", - "actor-uuid" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:related-task" : - { "title" : "Task Reference", - "description" : "Identifies an individual task for which the containing object is a consequence of.", - "$id" : "#assembly_oscal-assessment-common_related-task", - "type" : "object", - "properties" : - { "task-uuid" : - { "title" : "Task Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique task.", + [ "period", + "unit" ], + "additionalProperties" : false } }, + "additionalProperties" : false }, + "dependencies" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Task Dependency", + "description" : "Used to indicate that a task is dependent on another task.", + "type" : "object", + "properties" : + { "task-uuid" : + { "title" : "Task Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique task.", + "$ref" : "#/definitions/UUIDDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "task-uuid" ], + "additionalProperties" : false } }, + "tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_task" } }, + "associated-activities" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Associated Activity", + "description" : "Identifies an individual activity to be performed as part of a task.", + "type" : "object", + "properties" : + { "activity-uuid" : + { "title" : "Activity Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to an activity defined in the list of activities.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "activity-uuid", + "subjects" ], + "additionalProperties" : false } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "title" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:reviewed-controls" : + { "title" : "Reviewed Controls and Control Objectives", + "description" : "Identifies the controls being assessed and their control objectives.", + "$id" : "#assembly_oscal-assessment-common_reviewed-controls", + "type" : "object", + "properties" : + { "description" : + { "title" : "Control Objective Description", + "description" : "A human-readable description of control objectives.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "control-selections" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Assessed Controls", + "description" : "Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.", + "type" : "object", + "properties" : + { "description" : + { "title" : "Assessed Controls Description", + "description" : "A human-readable description of in-scope controls specified for assessment.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, + "exclude-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-control-by-id" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false } }, + "control-objective-selections" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Referenced Control Objectives", + "description" : "Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the assessed objectives, and reflects any changes from the plan.", + "type" : "object", + "properties" : + { "description" : + { "title" : "Control Objectives Description", + "description" : "A human-readable description of this collection of control objectives.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-objectives" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, + "exclude-objectives" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-objective-by-id" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "control-selections" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:select-control-by-id" : + { "title" : "Select Control", + "description" : "Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.", + "$id" : "#assembly_oscal-assessment-common_select-control-by-id", + "type" : "object", + "properties" : + { "control-id" : + { "title" : "Control Identifier Reference", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "$ref" : "#/definitions/TokenDatatype" }, + "statement-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Include Specific Statements", + "description" : "Used to constrain the selection to only specificity identified statements.", + "$ref" : "#/definitions/TokenDatatype" } } }, + "required" : + [ "control-id" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:select-objective-by-id" : + { "title" : "Select Objective", + "description" : "Used to select a control objective for inclusion/exclusion based on the control objective's identifier.", + "$id" : "#assembly_oscal-assessment-common_select-objective-by-id", + "type" : "object", + "properties" : + { "objective-id" : + { "title" : "Objective ID", + "description" : "Points to an assessment objective.", + "$ref" : "#/definitions/TokenDatatype" } }, + "required" : + [ "objective-id" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:assessment-subject-placeholder" : + { "title" : "Assessment Subject Placeholder", + "description" : "Used when the assessment subjects will be determined as part of one or more other assessment activities. These assessment subjects will be recorded in the assessment results in the assessment log.", + "$id" : "#assembly_oscal-assessment-common_assessment-subject-placeholder", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Subject Placeholder Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Assessment Subject Placeholder Description", + "description" : "A human-readable description of intent of this assessment subject placeholder.", + "type" : "string" }, + "sources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Assessment Subject Source", + "description" : "Assessment subjects will be identified while conducting the referenced activity-instance.", + "type" : "object", + "properties" : + { "task-uuid" : + { "title" : "Task Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "task-uuid" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "sources" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:assessment-subject" : + { "title" : "Subject of Assessment", + "description" : "Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope.", + "$id" : "#assembly_oscal-assessment-common_assessment-subject", + "type" : "object", + "properties" : + { "type" : + { "title" : "Subject Type", + "description" : "Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user" ] } ] }, + "description" : + { "title" : "Include Subjects Description", + "description" : "A human-readable description of the collection of subjects being included in this assessment.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, + "exclude-subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_select-subject-by-id" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "type" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:select-subject-by-id" : + { "title" : "Select Assessment Subject", + "description" : "Identifies a set of assessment subjects to include/exclude by UUID.", + "$id" : "#assembly_oscal-assessment-common_select-subject-by-id", + "type" : "object", + "properties" : + { "subject-uuid" : + { "title" : "Subject Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Subject Universally Unique Identifier Reference Type", + "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "subject-uuid", + "type" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:subject-reference" : + { "title" : "Identifies the Subject", + "description" : "A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.", + "$id" : "#assembly_oscal-assessment-common_subject-reference", + "type" : "object", + "properties" : + { "subject-uuid" : + { "title" : "Subject Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Subject Universally Unique Identifier Reference Type", + "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, + "title" : + { "title" : "Subject Reference Title", + "description" : "The title or name for the referenced subject.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "subject-uuid", + "type" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:assessment-assets" : + { "title" : "Assessment Assets", + "description" : "Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.", + "$id" : "#assembly_oscal-assessment-common_assessment-assets", + "type" : "object", + "properties" : + { "components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, + "assessment-platforms" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Assessment Platform", + "description" : "Used to represent the toolset used to perform aspects of the assessment.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Assessment Platform Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Assessment Platform Title", + "description" : "The title or name for the assessment platform.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "uses-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Uses Component", + "description" : "The set of components that are used by the assessment platform.", + "type" : "object", + "properties" : + { "component-uuid" : + { "title" : "Component Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", + "props" : + { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", + "links" : + { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", + "responsible-parties" : + { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, - "identified-subject" : - { "title" : "Identified Subject", - "description" : "Used to detail assessment subjects that were identfied by this task.", - "type" : "object", - "properties" : - { "subject-placeholder-uuid" : - { "title" : "Assessment Subject Placeholder Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task.", - "$ref" : "#/definitions/UUIDDatatype" }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } } }, - "required" : - [ "subject-placeholder-uuid", - "subjects" ], - "additionalProperties" : false }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "task-uuid" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:threat-id" : - { "title" : "Threat ID", - "description" : "A pointer, by ID, to an externally-defined threat.", - "$id" : "#field_oscal-assessment-common_threat-id", - "type" : "object", - "properties" : - { "system" : - { "title" : "Threat Type Identification System", - "description" : "Specifies the source of the threat information.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://fedramp.gov", - "http://fedramp.gov/ns/oscal" ] } ] }, - "href" : - { "title" : "Threat Information Resource Reference", - "description" : "An optional location for the threat data, from which this ID originates.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "id" : - { "$ref" : "#/definitions/URIDatatype" } }, - "required" : - [ "id", - "system" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:risk" : - { "title" : "Identified Risk", - "description" : "An identified risk.", - "$id" : "#assembly_oscal-assessment-common_risk", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Risk Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "component-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "required" : + [ "assessment-platforms" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:finding-target" : + { "title" : "Objective Status", + "description" : "Captures an assessor's conclusions regarding the degree to which an objective is satisfied.", + "$id" : "#assembly_oscal-assessment-common_finding-target", + "type" : "object", + "properties" : + { "type" : + { "title" : "Finding Target Type", + "description" : "Identifies the type of the target.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "statement-id", + "objective-id" ] } ] }, + "target-id" : + { "title" : "Finding Target Identifier Reference", + "description" : "A machine-oriented identifier reference for a specific target qualified by the type.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Objective Status Title", + "description" : "The title for this objective status.", + "type" : "string" }, + "description" : + { "title" : "Objective Status Description", + "description" : "A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "status" : + { "title" : "Objective Status", + "description" : "A determination of if the objective is satisfied or not within a given system.", + "type" : "object", + "properties" : + { "state" : + { "title" : "Objective Status State", + "description" : "An indication as to whether the objective is satisfied or not.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "satisfied", + "not-satisfied" ] } ] }, + "reason" : + { "title" : "Objective Status Reason", + "description" : "The reason the objective was given it's status.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "pass", + "fail", + "other" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "implementation-status" : + { "$ref" : "#assembly_oscal-implementation-common_implementation-status" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "type", + "target-id", + "status" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:finding" : + { "title" : "Finding", + "description" : "Describes an individual finding.", + "$id" : "#assembly_oscal-assessment-common_finding", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Finding Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Finding Title", + "description" : "The title for this finding.", + "type" : "string" }, + "description" : + { "title" : "Finding Description", + "description" : "A human-readable description of this finding.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "target" : + { "$ref" : "#assembly_oscal-assessment-common_finding-target" }, + "implementation-statement-uuid" : + { "title" : "Implementation Statement UUID", + "description" : "A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related.", + "$ref" : "#/definitions/UUIDDatatype" }, + "related-observations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Related Observation", + "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", + "type" : "object", + "properties" : + { "observation-uuid" : + { "title" : "Observation Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "observation-uuid" ], + "additionalProperties" : false } }, + "related-risks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Associated Risk", + "description" : "Relates the finding to a set of referenced risks that were used to determine the finding.", + "type" : "object", + "properties" : + { "risk-uuid" : + { "title" : "Risk Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a risk defined in the list of risks.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "risk-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "title", + "description", + "target" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:observation" : + { "title" : "Observation", + "description" : "Describes an individual observation.", + "$id" : "#assembly_oscal-assessment-common_observation", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Observation Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Observation Title", + "description" : "The title for this observation.", + "type" : "string" }, + "description" : + { "title" : "Observation Description", + "description" : "A human-readable description of this assessment observation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "methods" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Observation Method", + "description" : "Identifies how the observation was made.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "EXAMINE", + "INTERVIEW", + "TEST", + "UNKNOWN" ] } ] } }, + "types" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Observation Type", + "description" : "Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "ssp-statement-issue", + "control-objective", + "mitigation", + "finding", + "historic" ] } ] } }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, + "relevant-evidence" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Relevant Evidence", + "description" : "Links this observation to relevant evidence.", + "type" : "object", + "properties" : + { "href" : + { "title" : "Relevant Evidence Reference", + "description" : "A resolvable URL reference to relevant evidence.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "description" : + { "title" : "Relevant Evidence Description", + "description" : "A human-readable description of this evidence.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "description" ], + "additionalProperties" : false } }, + "collected" : + { "title" : "Collected Field", + "description" : "Date/time stamp identifying when the finding information was collected.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "expires" : + { "title" : "Expires Field", + "description" : "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description", + "methods", + "collected" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:origin" : + { "title" : "Origin", + "description" : "Identifies the source of the finding, such as a tool, interviewed person, or activity.", + "$id" : "#assembly_oscal-assessment-common_origin", + "type" : "object", + "properties" : + { "actors" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin-actor" } }, + "related-tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_related-task" } } }, + "required" : + [ "actors" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:origin-actor" : + { "title" : "Originating Actor", + "description" : "The actor that produces an observation, a finding, or a risk. One or more actor type can be used to specify a person that is using a tool.", + "$id" : "#assembly_oscal-assessment-common_origin-actor", + "type" : "object", + "properties" : + { "type" : + { "title" : "Actor Type", + "description" : "The kind of actor.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "tool", + "assessment-platform", + "party" ] } ] }, + "actor-uuid" : + { "title" : "Actor Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to the tool or person based on the associated type.", + "$ref" : "#/definitions/UUIDDatatype" }, + "role-id" : + { "title" : "Actor Role", + "description" : "For a party, this can optionally be used to specify the role the actor was performing.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "type", + "actor-uuid" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:related-task" : + { "title" : "Task Reference", + "description" : "Identifies an individual task for which the containing object is a consequence of.", + "$id" : "#assembly_oscal-assessment-common_related-task", + "type" : "object", + "properties" : + { "task-uuid" : + { "title" : "Task Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique task.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } }, + "identified-subject" : + { "title" : "Identified Subject", + "description" : "Used to detail assessment subjects that were identfied by this task.", + "type" : "object", + "properties" : + { "subject-placeholder-uuid" : + { "title" : "Assessment Subject Placeholder Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task.", + "$ref" : "#/definitions/UUIDDatatype" }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-subject" } } }, + "required" : + [ "subject-placeholder-uuid", + "subjects" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "task-uuid" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:threat-id" : + { "title" : "Threat ID", + "description" : "A pointer, by ID, to an externally-defined threat.", + "$id" : "#field_oscal-assessment-common_threat-id", + "type" : "object", + "properties" : + { "system" : + { "title" : "Threat Type Identification System", + "description" : "Specifies the source of the threat information.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal" ] } ] }, + "href" : + { "title" : "Threat Information Resource Reference", + "description" : "An optional location for the threat data, from which this ID originates.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "id" : + { "$ref" : "#/definitions/URIDatatype" } }, + "required" : + [ "id", + "system" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:risk" : + { "title" : "Identified Risk", + "description" : "An identified risk.", + "$id" : "#assembly_oscal-assessment-common_risk", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Risk Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Risk Title", + "description" : "The title for this risk.", + "type" : "string" }, + "description" : + { "title" : "Risk Description", + "description" : "A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.", + "type" : "string" }, + "statement" : + { "title" : "Risk Statement", + "description" : "An summary of impact for how the risk affects the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "status" : + { "$ref" : "#field_oscal-assessment-common_risk-status" }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "threat-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-assessment-common_threat-id" } }, + "characterizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_characterization" } }, + "mitigating-factors" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Mitigating Factor", + "description" : "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Mitigating Factor Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "implementation-uuid" : + { "title" : "Implementation UUID", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Mitigating Factor Description", + "description" : "A human-readable description of this mitigating factor.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "deadline" : + { "title" : "Risk Resolution Deadline", + "description" : "The date/time by which the risk must be resolved.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "remediations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_response" } }, + "risk-log" : + { "title" : "Risk Log", + "description" : "A log of all risk-related tasks taken.", + "type" : "object", + "properties" : + { "entries" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Risk Log Entry", + "description" : "Identifies an individual risk response that occurred as part of managing an identified risk.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Risk Log Entry Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, "title" : - { "title" : "Risk Title", - "description" : "The title for this risk.", - "type" : "string" }, + { "title" : "Title", + "description" : "The title for this risk log entry.", + "type" : "string" }, "description" : - { "title" : "Risk Description", - "description" : "A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.", - "type" : "string" }, - "statement" : - { "title" : "Risk Statement", - "description" : "An summary of impact for how the risk affects the system.", - "type" : "string" }, + { "title" : "Risk Task Description", + "description" : "A human-readable description of what was done regarding the risk.", + "type" : "string" }, + "start" : + { "title" : "Start", + "description" : "Identifies the start date and time of the event.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "end" : + { "title" : "End", + "description" : "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "status" : - { "$ref" : "#field_oscal-assessment-common_risk-status" }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin" } }, - "threat-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-assessment-common_threat-id" } }, - "characterizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_characterization" } }, - "mitigating-factors" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "logged-by" : { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Mitigating Factor", - "description" : "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Mitigating Factor Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "implementation-uuid" : - { "title" : "Implementation UUID", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Mitigating Factor Description", - "description" : "A human-readable description of this mitigating factor.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "deadline" : - { "title" : "Risk Resolution Deadline", - "description" : "The date/time by which the risk must be resolved.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "remediations" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_logged-by" } }, + "status-change" : + { "$ref" : "#field_oscal-assessment-common_risk-status" }, + "related-responses" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_response" } }, - "risk-log" : - { "title" : "Risk Log", - "description" : "A log of all risk-related tasks taken.", + "minItems" : 1, + "items" : + { "title" : "Risk Response Reference", + "description" : "Identifies an individual risk response that this log entry is for.", "type" : "object", "properties" : - { "entries" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Risk Log Entry", - "description" : "Identifies an individual risk response that occurred as part of managing an identified risk.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Risk Log Entry Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Title", - "description" : "The title for this risk log entry.", - "type" : "string" }, - "description" : - { "title" : "Risk Task Description", - "description" : "A human-readable description of what was done regarding the risk.", - "type" : "string" }, - "start" : - { "title" : "Start", - "description" : "Identifies the start date and time of the event.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "end" : - { "title" : "End", - "description" : "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "logged-by" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_logged-by" } }, - "status-change" : - { "$ref" : "#field_oscal-assessment-common_risk-status" }, - "related-responses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Risk Response Reference", - "description" : "Identifies an individual risk response that this log entry is for.", - "type" : "object", - "properties" : - { "response-uuid" : - { "title" : "Response Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a unique risk response.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "related-tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_related-task" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "response-uuid" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "start" ], - "additionalProperties" : false } } }, + { "response-uuid" : + { "title" : "Response Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a unique risk response.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "related-tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_related-task" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : - [ "entries" ], - "additionalProperties" : false }, - "related-observations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Related Observation", - "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", - "type" : "object", - "properties" : - { "observation-uuid" : - { "title" : "Observation Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "$ref" : "#/definitions/UUIDDatatype" } }, - "required" : - [ "observation-uuid" ], - "additionalProperties" : false } } }, - "required" : - [ "uuid", - "title", - "description", - "statement", - "status" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:logged-by" : - { "title" : "Logged By", - "description" : "Used to indicate who created a log entry in what role.", - "$id" : "#assembly_oscal-assessment-common_logged-by", - "type" : "object", - "properties" : - { "party-uuid" : - { "title" : "Party UUID Reference", - "description" : "A machine-oriented identifier reference to the party who is making the log entry.", - "$ref" : "#/definitions/UUIDDatatype" }, - "role-id" : - { "title" : "Actor Role", - "description" : "A point to the role-id of the role in which the party is making the log entry.", - "$ref" : "#/definitions/TokenDatatype" } }, - "required" : - [ "party-uuid" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:risk-status" : - { "title" : "Risk Status", - "description" : "Describes the status of the associated risk.", - "$id" : "#field_oscal-assessment-common_risk-status", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "open", - "investigating", - "remediating", - "deviation-requested", - "deviation-approved", - "closed" ] } ] }, - "oscal-poam-oscal-assessment-common:characterization" : - { "title" : "Characterization", - "description" : "A collection of descriptive data about the containing object from a specific origin.", - "$id" : "#assembly_oscal-assessment-common_characterization", - "type" : "object", - "properties" : - { "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "origin" : - { "$ref" : "#assembly_oscal-assessment-common_origin" }, - "facets" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Facet", - "description" : "An individual characteristic that is part of a larger set produced by the same actor.", - "type" : "object", - "properties" : - { "name" : - { "title" : "Facet Name", - "description" : "The name of the risk metric within the specified system.", - "$ref" : "#/definitions/TokenDatatype" }, - "system" : - { "title" : "Naming System", - "description" : "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://fedramp.gov", - "http://fedramp.gov/ns/oscal", - "http://csrc.nist.gov/ns/oscal", - "http://csrc.nist.gov/ns/oscal/unknown", - "http://cve.mitre.org", - "http://www.first.org/cvss/v2.0", - "http://www.first.org/cvss/v3.0", - "http://www.first.org/cvss/v3.1" ] } ] }, - "value" : - { "title" : "Facet Value", - "description" : "Indicates the value of the facet.", - "$ref" : "#/definitions/StringDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "name", - "system", - "value" ], - "additionalProperties" : false } } }, - "required" : - [ "origin", - "facets" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:response" : - { "title" : "Risk Response", - "description" : "Describes either recommended or an actual plan for addressing the risk.", - "$id" : "#assembly_oscal-assessment-common_response", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Remediation Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "lifecycle" : - { "title" : "Remediation Intent", - "description" : "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "recommendation", - "planned", - "completed" ] } ] }, - "title" : - { "title" : "Response Title", - "description" : "The title for this response activity.", - "type" : "string" }, - "description" : - { "title" : "Response Description", - "description" : "A human-readable description of this response plan.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "origins" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_origin" } }, - "required-assets" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Required Asset", - "description" : "Identifies an asset required to achieve remediation.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Required Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "subjects" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, - "title" : - { "title" : "Title for Required Asset", - "description" : "The title for this required asset.", - "type" : "string" }, - "description" : - { "title" : "Description of Required Asset", - "description" : "A human-readable description of this required asset.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "tasks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_task" } }, + [ "response-uuid" ], + "additionalProperties" : false } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "lifecycle", - "title", - "description" ], - "additionalProperties" : false }, - "oscal-poam-oscal-assessment-common:assessment-part" : - { "title" : "Assessment Part", - "description" : "A partition of an assessment plan or results or a child of another part.", - "$id" : "#assembly_oscal-assessment-common_assessment-part", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Part Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "name" : - { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "asset", - "method", - "objective" ] } ] }, - "ns" : - { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "class" : - { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "prose" : - { "title" : "Part Text", - "description" : "Permits multiple paragraphs, lists, tables etc.", - "type" : "string" }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "Base64Datatype" : - { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", - "type" : "string", - "pattern" : "^[0-9A-Za-z+/]+={0,2}$", - "contentEncoding" : "base64" }, - "DateTimeWithTimezoneDatatype" : - { "description" : "A string representing a point in time with a required timezone.", - "type" : "string", - "format" : "date-time", - "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, - "EmailAddressDatatype" : - { "description" : "An email address string formatted according to RFC 6531.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" } ] }, - "IntegerDatatype" : - { "description" : "A whole number value.", - "type" : "integer" }, - "NonNegativeIntegerDatatype" : - { "description" : "An integer value that is equal to or greater than 0.", - "allOf" : - [ - { "$ref" : "#/definitions/IntegerDatatype" }, - - { "type" : "number", - "minimum" : 0 } ] }, - "PositiveIntegerDatatype" : - { "description" : "An integer value that is greater than 0.", - "allOf" : - [ - { "$ref" : "#/definitions/IntegerDatatype" }, + "required" : + [ "uuid", + "start" ], + "additionalProperties" : false } } }, + "required" : + [ "entries" ], + "additionalProperties" : false }, + "related-observations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Related Observation", + "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", + "type" : "object", + "properties" : + { "observation-uuid" : + { "title" : "Observation Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "required" : + [ "observation-uuid" ], + "additionalProperties" : false } } }, + "required" : + [ "uuid", + "title", + "description", + "statement", + "status" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:logged-by" : + { "title" : "Logged By", + "description" : "Used to indicate who created a log entry in what role.", + "$id" : "#assembly_oscal-assessment-common_logged-by", + "type" : "object", + "properties" : + { "party-uuid" : + { "title" : "Party UUID Reference", + "description" : "A machine-oriented identifier reference to the party who is making the log entry.", + "$ref" : "#/definitions/UUIDDatatype" }, + "role-id" : + { "title" : "Actor Role", + "description" : "A point to the role-id of the role in which the party is making the log entry.", + "$ref" : "#/definitions/TokenDatatype" } }, + "required" : + [ "party-uuid" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:risk-status" : + { "title" : "Risk Status", + "description" : "Describes the status of the associated risk.", + "$id" : "#field_oscal-assessment-common_risk-status", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "open", + "investigating", + "remediating", + "deviation-requested", + "deviation-approved", + "closed" ] } ] }, + "oscal-poam-oscal-assessment-common:characterization" : + { "title" : "Characterization", + "description" : "A collection of descriptive data about the containing object from a specific origin.", + "$id" : "#assembly_oscal-assessment-common_characterization", + "type" : "object", + "properties" : + { "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "origin" : + { "$ref" : "#assembly_oscal-assessment-common_origin" }, + "facets" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Facet", + "description" : "An individual characteristic that is part of a larger set produced by the same actor.", + "type" : "object", + "properties" : + { "name" : + { "title" : "Facet Name", + "description" : "The name of the risk metric within the specified system.", + "$ref" : "#/definitions/TokenDatatype" }, + "system" : + { "title" : "Naming System", + "description" : "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, - { "type" : "number", - "minimum" : 1 } ] }, - "StringDatatype" : - { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, - "TokenDatatype" : - { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, - "URIDatatype" : - { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, - "URIReferenceDatatype" : - { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", - "type" : "string", - "format" : "uri-reference" }, - "UUIDDatatype" : - { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal/unknown", + "http://cve.mitre.org", + "http://www.first.org/cvss/v2.0", + "http://www.first.org/cvss/v3.0", + "http://www.first.org/cvss/v3.1" ] } ] }, + "value" : + { "title" : "Facet Value", + "description" : "Indicates the value of the facet.", + "$ref" : "#/definitions/StringDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "name", + "system", + "value" ], + "additionalProperties" : false } } }, + "required" : + [ "origin", + "facets" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:response" : + { "title" : "Risk Response", + "description" : "Describes either recommended or an actual plan for addressing the risk.", + "$id" : "#assembly_oscal-assessment-common_response", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Remediation Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "lifecycle" : + { "title" : "Remediation Intent", + "description" : "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "recommendation", + "planned", + "completed" ] } ] }, + "title" : + { "title" : "Response Title", + "description" : "The title for this response activity.", + "type" : "string" }, + "description" : + { "title" : "Response Description", + "description" : "A human-readable description of this response plan.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "origins" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_origin" } }, + "required-assets" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Required Asset", + "description" : "Identifies an asset required to achieve remediation.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Required Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "subjects" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_subject-reference" } }, + "title" : + { "title" : "Title for Required Asset", + "description" : "The title for this required asset.", + "type" : "string" }, + "description" : + { "title" : "Description of Required Asset", + "description" : "A human-readable description of this required asset.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "tasks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_task" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "lifecycle", + "title", + "description" ], + "additionalProperties" : false }, + "oscal-poam-oscal-assessment-common:assessment-part" : + { "title" : "Assessment Part", + "description" : "A partition of an assessment plan or results or a child of another part.", + "$id" : "#assembly_oscal-assessment-common_assessment-part", + "type" : "object", "properties" : - { "$schema" : - { "$ref" : "#json-schema-directive" }, - "plan-of-action-and-milestones" : - { "$ref" : "#assembly_oscal-poam_plan-of-action-and-milestones" } }, + { "uuid" : + { "title" : "Part Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "asset", + "method", + "objective" ] } ] }, + "ns" : + { "title" : "Part Namespace", + "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "class" : + { "title" : "Part Class", + "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Part Title", + "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-assessment-common_assessment-part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, "required" : - [ "plan-of-action-and-milestones" ], - "additionalProperties" : false } \ No newline at end of file + [ "name" ], + "additionalProperties" : false }, + "Base64Datatype" : + { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", + "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "DateTimeWithTimezoneDatatype" : + { "description" : "A string representing a point in time with a required timezone.", + "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "description" : "An email address string formatted according to RFC 6531.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "IntegerDatatype" : + { "description" : "A whole number value.", + "type" : "integer" }, + "NonNegativeIntegerDatatype" : + { "description" : "An integer value that is equal to or greater than 0.", + "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 0 } ] }, + "PositiveIntegerDatatype" : + { "description" : "An integer value that is greater than 0.", + "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 1 } ] }, + "StringDatatype" : + { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", + "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", + "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", + "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", + "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "plan-of-action-and-milestones" : + { "$ref" : "#assembly_oscal-poam_plan-of-action-and-milestones" } }, + "required" : + [ "plan-of-action-and-milestones" ], + "additionalProperties" : false } \ No newline at end of file diff --git a/json/schema/oscal_profile_schema.json b/json/schema/oscal_profile_schema.json index a6b69ada83..75f473a0c5 100644 --- a/json/schema/oscal_profile_schema.json +++ b/json/schema/oscal_profile_schema.json @@ -1,1303 +1,1349 @@ - { "$schema" : "http://json-schema.org/draft-07/schema#", - "$id" : "http://csrc.nist.gov/ns/oscal/1.0.6/oscal-profile-schema.json", - "$comment" : "OSCAL Profile Model: JSON Schema", + { "$schema" : "http://json-schema.org/draft-07/schema#", + "$id" : "http://csrc.nist.gov/ns/oscal/1.0.6/oscal-profile-schema.json", + "$comment" : "OSCAL Profile Model: JSON Schema", + "type" : "object", + "definitions" : + { "json-schema-directive" : + { "title" : "Schema Directive", + "description" : "A JSON Schema directive to bind a specific schema to its document instance.", + "$id" : "#json-schema-directive", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "oscal-profile-oscal-profile:profile" : + { "title" : "Profile", + "description" : "Each OSCAL profile is defined by a profile element.", + "$id" : "#assembly_oscal-profile_profile", "type" : "object", - "definitions" : - { "json-schema-directive" : - { "title" : "Schema Directive", - "description" : "A JSON Schema directive to bind a specific schema to its document instance.", - "$id" : "#json-schema-directive", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "oscal-profile-oscal-profile:profile" : - { "title" : "Profile", - "description" : "Each OSCAL profile is defined by a Profile element", - "$id" : "#assembly_oscal-profile_profile", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Profile Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "metadata" : - { "$ref" : "#assembly_oscal-metadata_metadata" }, - "imports" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_import" } }, - "merge" : - { "$ref" : "#assembly_oscal-profile_merge" }, - "modify" : - { "$ref" : "#assembly_oscal-profile_modify" }, - "back-matter" : - { "$ref" : "#assembly_oscal-metadata_back-matter" } }, - "required" : - [ "uuid", - "metadata", - "imports" ], - "additionalProperties" : false }, - "oscal-profile-oscal-profile:import" : - { "title" : "Import resource", - "description" : "The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives.", - "$id" : "#assembly_oscal-profile_import", - "type" : "object", - "properties" : - { "href" : - { "title" : "Catalog or Profile Reference", - "description" : "A resolvable URL reference to the base catalog or profile that this profile is tailoring.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_select-control-by-id" } }, - "exclude-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_select-control-by-id" } } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-profile-oscal-profile:merge" : - { "title" : "Merge controls", - "description" : "A Merge element provides structuring directives that drive how controls are organized after resolution.", - "$id" : "#assembly_oscal-profile_merge", - "type" : "object", - "properties" : - { "combine" : - { "title" : "Combination rule", - "description" : "A Combine element defines how to combine multiple (competing) versions of the same control.", - "type" : "object", - "properties" : - { "method" : - { "title" : "Combination method", - "description" : "How clashing controls should be handled", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "use-first", - "merge", - "keep" ] } ] } }, - "additionalProperties" : false }, - "flat" : - { "title" : "Flat", - "description" : "Use the flat structuring method.", - "type" : "object", - "additionalProperties" : false }, - "as-is" : - { "title" : "As-Is Structuring Directive", - "description" : "An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes.", - "$ref" : "#/definitions/BooleanDatatype" }, - "custom" : - { "title" : "Custom grouping", - "description" : "A Custom element frames a structure for embedding represented controls in resolution.", - "type" : "object", - "properties" : - { "groups" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_group" } }, - "insert-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_insert-controls" } } }, - "additionalProperties" : false } }, - "additionalProperties" : false }, - "oscal-profile-oscal-profile:group" : - { "title" : "Control group", - "description" : "A group of (selected) controls or of groups of controls", - "$id" : "#assembly_oscal-profile_group", - "type" : "object", - "properties" : - { "id" : - { "title" : "Group Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Group Class", - "description" : "A textual label that provides a sub-type or characterization of the group.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Group Title", - "description" : "A name given to the group, which may be used by a tool for display and navigation.", - "type" : "string" }, - "params" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "groups" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_group" } }, - "insert-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_insert-controls" } } }, - "required" : - [ "title" ], - "additionalProperties" : false }, - "oscal-profile-oscal-profile:modify" : - { "title" : "Modify controls", - "description" : "Set parameters or amend controls in resolution", - "$id" : "#assembly_oscal-profile_modify", - "type" : "object", - "properties" : - { "set-parameters" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Parameter Setting", - "description" : "A parameter setting, to be propagated to points of insertion", - "type" : "object", - "properties" : - { "param-id" : - { "title" : "Parameter ID", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", - "$ref" : "#/definitions/TokenDatatype" }, - "depends-on" : - { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "label" : - { "title" : "Parameter Label", - "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", - "type" : "string" }, - "usage" : - { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", - "type" : "string" }, - "constraints" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, - "guidelines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, - "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" } }, - "required" : - [ "param-id" ], - "additionalProperties" : false } }, - "alters" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_alter" } } }, - "additionalProperties" : false }, - "oscal-profile-oscal-profile:insert-controls" : - { "title" : "Select controls", - "description" : "Specifies which controls to use in the containing context.", - "$id" : "#assembly_oscal-profile_insert-controls", - "type" : "object", - "properties" : - { "order" : - { "title" : "Order", - "description" : "A designation of how a selection of controls in a profile is to be ordered.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "keep", - "ascending", - "descending" ] } ] }, - "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, - "include-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_select-control-by-id" } }, - "exclude-controls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_select-control-by-id" } } }, - "additionalProperties" : false }, - "oscal-profile-oscal-profile:select-control-by-id" : - { "title" : "Call", - "description" : "Call a control by its ID", - "$id" : "#assembly_oscal-profile_select-control-by-id", - "type" : "object", - "properties" : - { "with-child-controls" : - { "title" : "Include contained controls with control", - "description" : "When a control is included, whether its child (dependent) controls are also included.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "yes", - "no" ] } ] }, - "with-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Match Controls by Identifier", - "description" : "", - "$ref" : "#/definitions/TokenDatatype" } }, - "matching" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Match Controls by Pattern", - "description" : "Select controls by (regular expression) match on ID", - "type" : "object", - "properties" : - { "pattern" : - { "title" : "Pattern", - "description" : "A glob expression matching the IDs of one or more controls to be selected.", - "$ref" : "#/definitions/StringDatatype" } }, - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-profile-oscal-profile:alter" : + "properties" : + { "uuid" : + { "title" : "Profile Universally Unique Identifier", + "description" : "Provides a globally unique means to identify a given profile instance.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "imports" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_import" } }, + "merge" : + { "$ref" : "#assembly_oscal-profile_merge" }, + "modify" : + { "$ref" : "#assembly_oscal-profile_modify" }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata", + "imports" ], + "additionalProperties" : false }, + "oscal-profile-oscal-profile:import" : + { "title" : "Import Resource", + "description" : "Designates a referenced source catalog or profile that provides a source of control information for use in creating a new overlay or baseline.", + "$id" : "#assembly_oscal-profile_import", + "type" : "object", + "properties" : + { "href" : + { "title" : "Catalog or Profile Reference", + "description" : "A resolvable URL reference to the base catalog or profile that this profile is tailoring.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_select-control-by-id" } }, + "exclude-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_select-control-by-id" } } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-profile-oscal-profile:merge" : + { "title" : "Merge Controls", + "description" : "Provides structuring directives that instruct how controls are organized after profile resolution.", + "$id" : "#assembly_oscal-profile_merge", + "type" : "object", + "properties" : + { "combine" : + { "title" : "Combination Rule", + "description" : "A Combine element defines how to resolve duplicate instances of the same control (e.g., controls with the same ID).", + "type" : "object", + "properties" : + { "method" : + { "title" : "Combination Method", + "description" : "Declare how clashing controls should be handled.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "use-first", + "merge", + "keep" ] } ] } }, + "additionalProperties" : false }, + "flat" : + { "title" : "Flat Without Grouping", + "description" : "Directs that controls appear without any grouping structure.", + "type" : "object", + "additionalProperties" : false }, + "as-is" : + { "title" : "Group As-Is", + "description" : "Indicates that the controls selected should retain their original grouping as defined in the import source.", + "$ref" : "#/definitions/BooleanDatatype" }, + "custom" : + { "title" : "Custom Grouping", + "description" : "Provides an alternate grouping structure that selected controls will be placed in.", + "type" : "object", + "properties" : + { "groups" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_group" } }, + "insert-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_insert-controls" } } }, + "additionalProperties" : false } }, + "additionalProperties" : false }, + "oscal-profile-oscal-profile:group" : + { "title" : "Control Group", + "description" : "A group of (selected) controls or of groups of controls.", + "$id" : "#assembly_oscal-profile_group", + "type" : "object", + "properties" : + { "id" : + { "title" : "Group Identifier", + "description" : "Identifies the group.", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Group Class", + "description" : "A textual label that provides a sub-type or characterization of the group.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Group Title", + "description" : "A name to be given to the group for use in display.", + "type" : "string" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "groups" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_group" } }, + "insert-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_insert-controls" } } }, + "required" : + [ "title" ], + "additionalProperties" : false }, + "oscal-profile-oscal-profile:modify" : + { "title" : "Modify Controls", + "description" : "Set parameters or amend controls in resolution.", + "$id" : "#assembly_oscal-profile_modify", + "type" : "object", + "properties" : + { "set-parameters" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Parameter Setting", + "description" : "A parameter setting, to be propagated to points of insertion.", + "type" : "object", + "properties" : + { "param-id" : + { "title" : "Parameter ID", + "description" : "An identifier for the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Parameter Class", + "description" : "A textual label that provides a characterization of the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "depends-on" : + { "title" : "Depends On", + "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "label" : + { "title" : "Parameter Label", + "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", + "type" : "string" }, + "usage" : + { "title" : "Parameter Usage Description", + "description" : "Describes the purpose and use of a parameter.", + "type" : "string" }, + "constraints" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, + "guidelines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-control-common_parameter-value" } }, + "select" : + { "$ref" : "#assembly_oscal-control-common_parameter-selection" } }, + "required" : + [ "param-id" ], + "additionalProperties" : false } }, + "alters" : + { "type" : "array", + "minItems" : 1, + "items" : { "title" : "Alteration", - "description" : "An Alter element specifies changes to be made to an included control when a profile is resolved.", - "$id" : "#assembly_oscal-profile_alter", - "type" : "object", - "properties" : - { "control-id" : - { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "$ref" : "#/definitions/TokenDatatype" }, - "removes" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_remove" } }, - "adds" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-profile_add" } } }, - "required" : - [ "control-id" ], - "additionalProperties" : false }, - "oscal-profile-oscal-profile:remove" : - { "title" : "Removal", - "description" : "Specifies objects to be removed from a control based on specific aspects of the object that must all match.", - "$id" : "#assembly_oscal-profile_remove", - "type" : "object", - "properties" : - { "by-name" : - { "title" : "Reference by (assigned) name", - "description" : "Identify items to remove by matching their assigned name", + "description" : "Specifies changes to be made to an included control when a profile is resolved.", + "type" : "object", + "properties" : + { "control-id" : + { "title" : "Control Identifier Reference", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "$ref" : "#/definitions/TokenDatatype" }, + "removes" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Removal", + "description" : "Specifies objects to be removed from a control based on specific aspects of the object that must all match.", + "type" : "object", + "properties" : + { "by-name" : + { "title" : "Reference by (assigned) name", + "description" : "Identify items remove by matching their assigned name.", "$ref" : "#/definitions/TokenDatatype" }, - "by-class" : - { "title" : "Reference by class", + "by-class" : + { "title" : "Reference by class", "description" : "Identify items to remove by matching their class.", "$ref" : "#/definitions/TokenDatatype" }, - "by-id" : - { "title" : "Reference by ID", + "by-id" : + { "title" : "Reference by ID", "description" : "Identify items to remove indicated by their id.", "$ref" : "#/definitions/TokenDatatype" }, - "by-item-name" : - { "title" : "Item Name Reference", - "description" : "Identify items to remove by the name of the item's information element name, e.g. title or prop", - "$ref" : "#/definitions/TokenDatatype" }, - "by-ns" : - { "title" : "Item Namespace Reference", + "by-item-name" : + { "title" : "Item Name Reference", + "description" : "Identify items to remove by the name of the item's information object name, e.g. title or prop.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "param", + "prop", + "link", + "part", + "mapping", + "map" ] } ] }, + "by-ns" : + { "title" : "Item Namespace Reference", "description" : "Identify items to remove by the item's ns, which is the namespace associated with a part, or prop.", "$ref" : "#/definitions/TokenDatatype" } }, - "additionalProperties" : false }, - "oscal-profile-oscal-profile:add" : - { "title" : "Addition", - "description" : "Specifies contents to be added into controls, in resolution", - "$id" : "#assembly_oscal-profile_add", - "type" : "object", - "properties" : - { "position" : - { "title" : "Position", - "description" : "Where to add the new content with respect to the targeted element (beside it or inside it)", + "additionalProperties" : false } }, + "adds" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Addition", + "description" : "Specifies contents to be added into controls, in resolution.", + "type" : "object", + "properties" : + { "position" : + { "title" : "Position", + "description" : "Where to add the new content with respect to the targeted element (beside it or inside it).", "allOf" : [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "before", - "after", - "starting", - "ending" ] } ] }, - "by-id" : - { "title" : "Reference by ID", + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "before", + "after", + "starting", + "ending" ] } ] }, + "by-id" : + { "title" : "Reference by ID", "description" : "Target location of the addition.", "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Title Change", + "title" : + { "title" : "Title Change", "description" : "A name given to the control, which may be used by a tool for display and navigation.", "type" : "string" }, - "params" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } } }, - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", - "$id" : "#assembly_oscal-metadata_metadata", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "revisions" : - { "type" : "array", + "params" : + { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "props" : - { "type" : "array", + { "$ref" : "#assembly_oscal-control-common_parameter" } }, + "props" : + { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", + "links" : + { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, - "roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, - "locations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, - "parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "title", - "last-modified", - "version", - "oscal-version" ], - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:revision" : + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } } }, + "additionalProperties" : false } } }, + "required" : + [ "control-id" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-profile-oscal-profile:insert-controls" : + { "title" : "Insert Controls", + "description" : "Specifies which controls to use in the containing context.", + "$id" : "#assembly_oscal-profile_insert-controls", + "type" : "object", + "properties" : + { "order" : + { "title" : "Order", + "description" : "A designation of how a selection of controls in a profile is to be ordered.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "keep", + "ascending", + "descending" ] } ] }, + "include-all" : + { "$ref" : "#assembly_oscal-control-common_include-all" }, + "include-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_select-control-by-id" } }, + "exclude-controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_select-control-by-id" } } }, + "additionalProperties" : false }, + "oscal-profile-oscal-profile:select-control-by-id" : + { "title" : "Select Control", + "description" : "Select a control or controls from an imported control set.", + "$id" : "#assembly_oscal-profile_select-control-by-id", + "type" : "object", + "properties" : + { "with-child-controls" : + { "title" : "Include Contained Controls with Control", + "description" : "When a control is included, whether its child (dependent) controls are also included.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "yes", + "no" ] } ] }, + "with-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-profile_with-id" } }, + "matching" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-profile_matching" } } }, + "additionalProperties" : false }, + "oscal-profile-oscal-profile:with-id" : + { "title" : "Match Controls by Identifier", + "description" : "Selecting a control by its ID given as a literal.", + "$id" : "#field_oscal-profile_with-id", + "$ref" : "#/definitions/TokenDatatype" }, + "oscal-profile-oscal-profile:matching" : + { "title" : "Match Controls by Pattern", + "description" : "Selecting a set of controls by matching their IDs with a wildcard pattern.", + "$id" : "#assembly_oscal-profile_matching", + "type" : "object", + "properties" : + { "pattern" : + { "title" : "Pattern", + "description" : "A glob expression matching the IDs of one or more controls to be selected.", + "$ref" : "#/definitions/StringDatatype" } }, + "additionalProperties" : false }, + "oscal-profile-oscal-metadata:metadata" : + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", + "$id" : "#assembly_oscal-metadata_metadata", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "revisions" : + { "type" : "array", + "minItems" : 1, + "items" : { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:location" : + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, + "locations" : + { "type" : "array", + "minItems" : 1, + "items" : { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_location-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-profile-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, + "parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "anyOf" : [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://orcid.org/" ] } ] }, - "id" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_party-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-profile-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "actions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_action" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "title", + "last-modified", + "version", + "oscal-version" ], + "additionalProperties" : false }, + "oscal-profile-oscal-metadata:location-uuid" : + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", + "$id" : "#field_oscal-metadata_location-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-profile-oscal-metadata:party-uuid" : + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", + "$id" : "#field_oscal-metadata_party-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-profile-oscal-metadata:role-id" : + { "title" : "Role Identifier Reference", + "description" : "Reference to a role by UUID.", + "$id" : "#field_oscal-metadata_role-id", + "$ref" : "#/definitions/TokenDatatype" }, + "oscal-profile-oscal-metadata:back-matter" : + { "title" : "Back matter", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", + "$id" : "#assembly_oscal-metadata_back-matter", + "type" : "object", + "properties" : + { "resources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Resource Universally Unique Identifier", + "description" : "A unique identifier for a resource.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Resource Title", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", + "type" : "string" }, + "description" : + { "title" : "Resource Description", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "citation" : + { "title" : "Citation", + "description" : "An optional citation consisting of end note text using structured markup.", + "type" : "object", + "properties" : + { "text" : + { "title" : "Citation Text", + "description" : "A line of citation text.", + "type" : "string" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:role-id" : - { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$id" : "#field_oscal-metadata_role-id", - "$ref" : "#/definitions/TokenDatatype" }, - "oscal-profile-oscal-metadata:back-matter" : - { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", - "$id" : "#assembly_oscal-metadata_back-matter", - "type" : "object", - "properties" : - { "resources" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", - "type" : "string" }, - "description" : - { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "citation" : - { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", - "type" : "object", - "properties" : - { "text" : - { "title" : "Citation Text", - "description" : "A line of citation text.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "text" ], - "additionalProperties" : false }, - "rlinks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "hashes" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_hash" } } }, - "required" : - [ "href" ], - "additionalProperties" : false } }, - "base64" : - { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", - "type" : "object", - "properties" : - { "filename" : - { "title" : "File Name", - "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "value" : - { "$ref" : "#/definitions/Base64Datatype" } }, - "required" : - [ "value" ], - "additionalProperties" : false }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:property" : - { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", - "$id" : "#assembly_oscal-metadata_property", - "type" : "object", - "properties" : - { "name" : - { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "marking" ] } ] }, - "uuid" : - { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "ns" : - { "title" : "Property Namespace", - "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "value" : - { "title" : "Property Value", - "description" : "Indicates the value of the attribute, characteristic, or quality.", - "$ref" : "#/definitions/StringDatatype" }, - "class" : - { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "name", - "value" ], - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:link" : - { "title" : "Link", - "description" : "A reference to a local or remote resource", - "$id" : "#assembly_oscal-metadata_link", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URL reference to a resource.", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "text" ], + "additionalProperties" : false }, + "rlinks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource link", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL pointing to the referenced resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, - "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "reference" ] } ] }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "hashes" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_hash" } } }, + "required" : + [ "href" ], + "additionalProperties" : false } }, + "base64" : + { "title" : "Base64", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", + "type" : "object", + "properties" : + { "filename" : + { "title" : "File Name", + "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", + "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "text" : - { "title" : "Link Text", - "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", - "type" : "string" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:responsible-party" : - { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-party", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$ref" : "#/definitions/TokenDatatype" }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id", - "party-uuids" ], - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:responsible-role" : - { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-role", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id" ], - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:hash" : - { "title" : "Hash", - "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", - "$id" : "#field_oscal-metadata_hash", - "type" : "object", - "properties" : - { "algorithm" : - { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "SHA-224", - "SHA-256", - "SHA-384", - "SHA-512", - "SHA3-224", - "SHA3-256", - "SHA3-384", - "SHA3-512" ] } ] }, + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, "value" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "value", - "algorithm" ], - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:remarks" : - { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", - "$id" : "#field_oscal-metadata_remarks", - "type" : "string" }, - "oscal-profile-oscal-metadata:published" : - { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_published", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-profile-oscal-metadata:last-modified" : - { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_last-modified", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-profile-oscal-metadata:version" : - { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", - "$id" : "#field_oscal-metadata_version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-profile-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", - "$id" : "#field_oscal-metadata_oscal-version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-profile-oscal-metadata:email-address" : - { "title" : "Email Address", - "description" : "An email address as defined by RFC 5322 Section 3.4.1.", - "$id" : "#field_oscal-metadata_email-address", - "$ref" : "#/definitions/EmailAddressDatatype" }, - "oscal-profile-oscal-metadata:telephone-number" : - { "title" : "Telephone Number", - "description" : "Contact number by telephone.", - "$id" : "#field_oscal-metadata_telephone-number", - "type" : "object", - "properties" : - { "type" : - { "title" : "type flag", - "description" : "Indicates the type of phone number.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "home", - "office", - "mobile" ] } ] }, - "number" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "number" ], - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:address" : - { "title" : "Address", - "description" : "A postal address for the location.", - "$id" : "#assembly_oscal-metadata_address", - "type" : "object", - "properties" : - { "type" : - { "title" : "Address Type", - "description" : "Indicates the type of address.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "home", - "work" ] } ] }, - "addr-lines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_addr-line" } }, - "city" : - { "title" : "City", - "description" : "City, town or geographical region for the mailing address.", - "$ref" : "#/definitions/StringDatatype" }, - "state" : - { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "postal-code" : - { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "country" : - { "title" : "Country Code", - "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "$ref" : "#/definitions/StringDatatype" } }, - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:addr-line" : - { "title" : "Address line", - "description" : "A single line of an address.", - "$id" : "#field_oscal-metadata_addr-line", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-profile-oscal-metadata:document-id" : - { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", - "$id" : "#field_oscal-metadata_document-id", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "Document Identification Scheme", - "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://www.doi.org/" ] } ] }, - "identifier" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "identifier" ], - "additionalProperties" : false }, - "oscal-profile-oscal-catalog-common:part" : - { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", - "type" : "object", - "properties" : - { "id" : - { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "name" : - { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", - "$ref" : "#/definitions/TokenDatatype" }, - "ns" : - { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "class" : - { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "prose" : - { "title" : "Part Text", - "description" : "Permits multiple paragraphs, lists, tables etc.", - "type" : "string" }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-profile-oscal-catalog-common:parameter" : - { "title" : "Parameter", - "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", - "type" : "object", - "properties" : - { "id" : - { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", - "$ref" : "#/definitions/TokenDatatype" }, - "depends-on" : - { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "label" : - { "title" : "Parameter Label", - "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", - "type" : "string" }, - "usage" : - { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", - "type" : "string" }, - "constraints" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, - "guidelines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, - "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id" ], - "additionalProperties" : false }, - "oscal-profile-oscal-catalog-common:parameter-constraint" : - { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", - "type" : "object", - "properties" : - { "description" : - { "title" : "Constraint Description", - "description" : "A textual summary of the constraint to be applied.", - "type" : "string" }, - "tests" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Constraint Test", - "description" : "A test expression which is expected to be evaluated by a tool.", - "type" : "object", - "properties" : - { "expression" : - { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", - "$ref" : "#/definitions/StringDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "expression" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-profile-oscal-catalog-common:parameter-guideline" : - { "title" : "Guideline", - "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", - "type" : "object", - "properties" : - { "prose" : - { "title" : "Guideline Text", - "description" : "Prose permits multiple paragraphs, lists, tables etc.", - "type" : "string" } }, - "required" : - [ "prose" ], - "additionalProperties" : false }, - "oscal-profile-oscal-catalog-common:parameter-value" : - { "title" : "Parameter Value", - "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-profile-oscal-catalog-common:parameter-selection" : - { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", - "type" : "object", - "properties" : - { "how-many" : - { "title" : "Parameter Cardinality", - "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "one", - "one-or-more" ] } ] }, - "choice" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Choice", - "description" : "A value selection among several such options.", - "type" : "string" } } }, - "additionalProperties" : false }, - "oscal-profile-oscal-catalog-common:include-all" : - { "title" : "Include All", - "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", - "type" : "object", - "additionalProperties" : false }, - "Base64Datatype" : - { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", - "type" : "string", - "pattern" : "^[0-9A-Za-z+/]+={0,2}$", - "contentEncoding" : "base64" }, - "BooleanDatatype" : - { "description" : "A binary value that is either: true or false.", - "type" : "boolean" }, - "DateTimeWithTimezoneDatatype" : - { "description" : "A string representing a point in time with a required timezone.", - "type" : "string", - "format" : "date-time", - "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, - "EmailAddressDatatype" : - { "description" : "An email address string formatted according to RFC 6531.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" } ] }, - "StringDatatype" : - { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, - "TokenDatatype" : - { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, - "URIDatatype" : - { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, - "URIReferenceDatatype" : - { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", - "type" : "string", - "format" : "uri-reference" }, - "UUIDDatatype" : - { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + { "$ref" : "#/definitions/Base64Datatype" } }, + "required" : + [ "value" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-profile-oscal-metadata:property" : + { "title" : "Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", + "$id" : "#assembly_oscal-metadata_property", + "type" : "object", + "properties" : + { "name" : + { "title" : "Property Name", + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "$ref" : "#/definitions/TokenDatatype" }, + "uuid" : + { "title" : "Property Universally Unique Identifier", + "description" : "A unique identifier for a property.", + "$ref" : "#/definitions/UUIDDatatype" }, + "ns" : + { "title" : "Property Namespace", + "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "value" : + { "title" : "Property Value", + "description" : "Indicates the value of the attribute, characteristic, or quality.", + "$ref" : "#/definitions/StringDatatype" }, + "class" : + { "title" : "Property Class", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", + "$ref" : "#/definitions/TokenDatatype" }, + "group" : + { "title" : "Property Group", + "description" : "An identifier for relating distinct sets of properties.", + "$ref" : "#/definitions/TokenDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "name", + "value" ], + "additionalProperties" : false }, + "oscal-profile-oscal-metadata:link" : + { "title" : "Link", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", + "$id" : "#assembly_oscal-metadata_link", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL reference to a resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "rel" : + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "resource-fragment" : + { "title" : "Resource Fragment", + "description" : "In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded.", + "$ref" : "#/definitions/StringDatatype" }, + "text" : + { "title" : "Link Text", + "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", + "type" : "string" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-profile-oscal-metadata:responsible-party" : + { "title" : "Responsible Party", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", + "$id" : "#assembly_oscal-metadata_responsible-party", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role", + "description" : "A reference to a role performed by a party.", + "$ref" : "#/definitions/TokenDatatype" }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id", + "party-uuids" ], + "additionalProperties" : false }, + "oscal-profile-oscal-metadata:action" : + { "title" : "Action", + "description" : "An action applied by a role within a given party to the content.", + "$id" : "#assembly_oscal-metadata_action", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Action Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "date" : + { "title" : "Action Occurrence Date", + "description" : "The date and time when the action occurred.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "type" : + { "title" : "Action Type", + "description" : "The type of action documented by the assembly, such as an approval.", + "$ref" : "#/definitions/TokenDatatype" }, + "system" : + { "title" : "Action Type System", + "description" : "Specifies the action type system used.", + "$ref" : "#/definitions/URIDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "system" ], + "additionalProperties" : false }, + "oscal-profile-oscal-metadata:responsible-role" : + { "title" : "Responsible Role", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", + "$id" : "#assembly_oscal-metadata_responsible-role", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role ID", + "description" : "A human-oriented identifier reference to a role performed.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id" ], + "additionalProperties" : false }, + "oscal-profile-oscal-metadata:hash" : + { "title" : "Hash", + "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", + "$id" : "#field_oscal-metadata_hash", + "type" : "object", "properties" : - { "$schema" : - { "$ref" : "#json-schema-directive" }, - "profile" : - { "$ref" : "#assembly_oscal-profile_profile" } }, + { "algorithm" : + { "title" : "Hash algorithm", + "description" : "The digest method by which a hash is derived.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, + "value" : + { "$ref" : "#/definitions/StringDatatype" } }, "required" : - [ "profile" ], - "additionalProperties" : false } \ No newline at end of file + [ "value", + "algorithm" ], + "additionalProperties" : false }, + "oscal-profile-oscal-metadata:remarks" : + { "title" : "Remarks", + "description" : "Additional commentary about the containing object.", + "$id" : "#field_oscal-metadata_remarks", + "type" : "string" }, + "oscal-profile-oscal-metadata:published" : + { "title" : "Publication Timestamp", + "description" : "The date and time the document was last made available.", + "$id" : "#field_oscal-metadata_published", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-profile-oscal-metadata:last-modified" : + { "title" : "Last Modified Timestamp", + "description" : "The date and time the document was last stored for later retrieval.", + "$id" : "#field_oscal-metadata_last-modified", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-profile-oscal-metadata:version" : + { "title" : "Document Version", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", + "$id" : "#field_oscal-metadata_version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-profile-oscal-metadata:oscal-version" : + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", + "$id" : "#field_oscal-metadata_oscal-version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-profile-oscal-metadata:email-address" : + { "title" : "Email Address", + "description" : "An email address as defined by RFC 5322 Section 3.4.1.", + "$id" : "#field_oscal-metadata_email-address", + "$ref" : "#/definitions/EmailAddressDatatype" }, + "oscal-profile-oscal-metadata:telephone-number" : + { "title" : "Telephone Number", + "description" : "A telephone service number as defined by ITU-T E.164.", + "$id" : "#field_oscal-metadata_telephone-number", + "type" : "object", + "properties" : + { "type" : + { "title" : "type flag", + "description" : "Indicates the type of phone number.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, + "number" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "number" ], + "additionalProperties" : false }, + "oscal-profile-oscal-metadata:address" : + { "title" : "Address", + "description" : "A postal address for the location.", + "$id" : "#assembly_oscal-metadata_address", + "type" : "object", + "properties" : + { "type" : + { "title" : "Address Type", + "description" : "Indicates the type of address.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, + "addr-lines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_addr-line" } }, + "city" : + { "title" : "City", + "description" : "City, town or geographical region for the mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "state" : + { "title" : "State", + "description" : "State, province or analogous geographical region for a mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "postal-code" : + { "title" : "Postal Code", + "description" : "Postal or ZIP code for mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "country" : + { "title" : "Country Code", + "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", + "$ref" : "#/definitions/StringDatatype" } }, + "additionalProperties" : false }, + "oscal-profile-oscal-metadata:addr-line" : + { "title" : "Address line", + "description" : "A single line of an address.", + "$id" : "#field_oscal-metadata_addr-line", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-profile-oscal-metadata:document-id" : + { "title" : "Document Identifier", + "description" : "A document identifier qualified by an identifier scheme.", + "$id" : "#field_oscal-metadata_document-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "Document Identification Scheme", + "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, + "identifier" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "identifier" ], + "additionalProperties" : false }, + "oscal-profile-oscal-control-common:part" : + { "title" : "Part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", + "type" : "object", + "properties" : + { "id" : + { "title" : "Part Identifier", + "description" : "A unique identifier for the part.", + "$ref" : "#/definitions/TokenDatatype" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", + "$ref" : "#/definitions/TokenDatatype" }, + "ns" : + { "title" : "Part Namespace", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "class" : + { "title" : "Part Class", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Part Title", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-profile-oscal-control-common:parameter" : + { "title" : "Parameter", + "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", + "$id" : "#assembly_oscal-control-common_parameter", + "type" : "object", + "properties" : + { "id" : + { "title" : "Parameter Identifier", + "description" : "A unique identifier for the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Parameter Class", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "depends-on" : + { "title" : "Depends on", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "label" : + { "title" : "Parameter Label", + "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", + "type" : "string" }, + "usage" : + { "title" : "Parameter Usage Description", + "description" : "Describes the purpose and use of a parameter.", + "type" : "string" }, + "constraints" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, + "guidelines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-control-common_parameter-value" } }, + "select" : + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id" ], + "additionalProperties" : false }, + "oscal-profile-oscal-control-common:parameter-constraint" : + { "title" : "Constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", + "type" : "object", + "properties" : + { "description" : + { "title" : "Constraint Description", + "description" : "A textual summary of the constraint to be applied.", + "type" : "string" }, + "tests" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Constraint Test", + "description" : "A test expression which is expected to be evaluated by a tool.", + "type" : "object", + "properties" : + { "expression" : + { "title" : "Constraint test", + "description" : "A formal (executable) expression of a constraint.", + "$ref" : "#/definitions/StringDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "expression" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-profile-oscal-control-common:parameter-guideline" : + { "title" : "Guideline", + "description" : "A prose statement that provides a recommendation for the use of a parameter.", + "$id" : "#assembly_oscal-control-common_parameter-guideline", + "type" : "object", + "properties" : + { "prose" : + { "title" : "Guideline Text", + "description" : "Prose permits multiple paragraphs, lists, tables etc.", + "type" : "string" } }, + "required" : + [ "prose" ], + "additionalProperties" : false }, + "oscal-profile-oscal-control-common:parameter-value" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$id" : "#field_oscal-control-common_parameter-value", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-profile-oscal-control-common:parameter-selection" : + { "title" : "Selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", + "type" : "object", + "properties" : + { "how-many" : + { "title" : "Parameter Cardinality", + "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, + "choice" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Choice", + "description" : "A value selection among several such options.", + "type" : "string" } } }, + "additionalProperties" : false }, + "oscal-profile-oscal-control-common:include-all" : + { "title" : "Include All", + "description" : "Include all controls from the imported catalog or profile resources.", + "$id" : "#assembly_oscal-control-common_include-all", + "type" : "object", + "additionalProperties" : false }, + "Base64Datatype" : + { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", + "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "BooleanDatatype" : + { "description" : "A binary value that is either: true or false.", + "type" : "boolean" }, + "DateTimeWithTimezoneDatatype" : + { "description" : "A string representing a point in time with a required timezone.", + "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "description" : "An email address string formatted according to RFC 6531.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "StringDatatype" : + { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", + "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", + "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", + "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", + "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "profile" : + { "$ref" : "#assembly_oscal-profile_profile" } }, + "required" : + [ "profile" ], + "additionalProperties" : false } \ No newline at end of file diff --git a/json/schema/oscal_ssp_schema.json b/json/schema/oscal_ssp_schema.json index 209d03aaea..e2369e094f 100644 --- a/json/schema/oscal_ssp_schema.json +++ b/json/schema/oscal_ssp_schema.json @@ -1,2162 +1,2157 @@ - { "$schema" : "http://json-schema.org/draft-07/schema#", - "$id" : "http://csrc.nist.gov/ns/oscal/1.0.6/oscal-ssp-schema.json", - "$comment" : "OSCAL System Security Plan (SSP) Model: JSON Schema", + { "$schema" : "http://json-schema.org/draft-07/schema#", + "$id" : "http://csrc.nist.gov/ns/oscal/1.0.6/oscal-ssp-schema.json", + "$comment" : "OSCAL System Security Plan (SSP) Model: JSON Schema", + "type" : "object", + "definitions" : + { "json-schema-directive" : + { "title" : "Schema Directive", + "description" : "A JSON Schema directive to bind a specific schema to its document instance.", + "$id" : "#json-schema-directive", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "oscal-ssp-oscal-ssp:system-security-plan" : + { "title" : "System Security Plan (SSP)", + "description" : "A system security plan, such as those described in NIST SP 800-18.", + "$id" : "#assembly_oscal-ssp_system-security-plan", "type" : "object", - "definitions" : - { "json-schema-directive" : - { "title" : "Schema Directive", - "description" : "A JSON Schema directive to bind a specific schema to its document instance.", - "$id" : "#json-schema-directive", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "oscal-ssp-oscal-ssp:system-security-plan" : - { "title" : "System Security Plan (SSP)", - "description" : "A system security plan, such as those described in NIST SP 800-18", - "$id" : "#assembly_oscal-ssp_system-security-plan", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "System Security Plan Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "metadata" : - { "$ref" : "#assembly_oscal-metadata_metadata" }, - "import-profile" : - { "$ref" : "#assembly_oscal-ssp_import-profile" }, - "system-characteristics" : - { "$ref" : "#assembly_oscal-ssp_system-characteristics" }, - "system-implementation" : - { "$ref" : "#assembly_oscal-ssp_system-implementation" }, - "control-implementation" : - { "$ref" : "#assembly_oscal-ssp_control-implementation" }, - "back-matter" : - { "$ref" : "#assembly_oscal-metadata_back-matter" } }, - "required" : - [ "uuid", - "metadata", - "import-profile", - "system-characteristics", - "system-implementation", - "control-implementation" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-ssp:import-profile" : - { "title" : "Import Profile", - "description" : "Used to import the OSCAL profile representing the system's control baseline.", - "$id" : "#assembly_oscal-ssp_import-profile", - "type" : "object", - "properties" : - { "href" : - { "title" : "Profile Reference", - "description" : "A resolvable URL reference to the profile or catalog to use as the system's control baseline.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-ssp:system-characteristics" : - { "title" : "System Characteristics", - "description" : "Contains the characteristics of the system, such as its name, purpose, and security impact level.", - "$id" : "#assembly_oscal-ssp_system-characteristics", - "type" : "object", - "properties" : - { "system-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-implementation-common_system-id" } }, - "system-name" : - { "title" : "System Name - Full", - "description" : "The full name of the system.", - "$ref" : "#/definitions/StringDatatype" }, - "system-name-short" : - { "title" : "System Name - Short", - "description" : "A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "System Description", - "description" : "A summary of the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "date-authorized" : - { "$ref" : "#field_oscal-ssp_date-authorized" }, - "security-sensitivity-level" : - { "title" : "Security Sensitivity Level", - "description" : "The overall information system sensitivity categorization, such as defined by FIPS-199.", - "$ref" : "#/definitions/StringDatatype" }, - "system-information" : - { "$ref" : "#assembly_oscal-ssp_system-information" }, - "security-impact-level" : - { "$ref" : "#assembly_oscal-ssp_security-impact-level" }, - "status" : - { "$ref" : "#assembly_oscal-ssp_status" }, - "authorization-boundary" : - { "$ref" : "#assembly_oscal-ssp_authorization-boundary" }, - "network-architecture" : - { "$ref" : "#assembly_oscal-ssp_network-architecture" }, - "data-flow" : - { "$ref" : "#assembly_oscal-ssp_data-flow" }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "system-ids", - "system-name", - "description", - "security-sensitivity-level", - "system-information", - "security-impact-level", - "status", - "authorization-boundary" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-ssp:system-information" : - { "title" : "System Information", - "description" : "Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.", - "$id" : "#assembly_oscal-ssp_system-information", - "type" : "object", - "properties" : - { "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "information-types" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Information Type", - "description" : "Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Information Type Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "title field", - "description" : "A human readable name for the information type. This title should be meaningful within the context of the system.", - "type" : "string" }, - "description" : - { "title" : "Information Type Description", - "description" : "A summary of how this information type is used within the system.", - "type" : "string" }, - "categorizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Information Type Categorization", - "description" : "A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60.", - "type" : "object", - "properties" : - { "system" : - { "title" : "Information Type Identification System", - "description" : "Specifies the information type identification system used.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://doi.org/10.6028/NIST.SP.800-60v2r1" ] } ] }, - "information-type-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Information Type Systematized Identifier", - "description" : "A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/StringDatatype" } } }, - "required" : - [ "system" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "confidentiality-impact" : - { "title" : "Confidentiality Impact Level", - "description" : "The expected level of impact resulting from the unauthorized disclosure of the described information.", - "type" : "object", - "properties" : - { "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "base" : - { "$ref" : "#field_oscal-ssp_base" }, - "selected" : - { "$ref" : "#field_oscal-ssp_selected" }, - "adjustment-justification" : - { "$ref" : "#field_oscal-ssp_adjustment-justification" } }, - "required" : - [ "base" ], - "additionalProperties" : false }, - "integrity-impact" : - { "title" : "Integrity Impact Level", - "description" : "The expected level of impact resulting from the unauthorized modification of the described information.", - "type" : "object", - "properties" : - { "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "base" : - { "$ref" : "#field_oscal-ssp_base" }, - "selected" : - { "$ref" : "#field_oscal-ssp_selected" }, - "adjustment-justification" : - { "$ref" : "#field_oscal-ssp_adjustment-justification" } }, - "required" : - [ "base" ], - "additionalProperties" : false }, - "availability-impact" : - { "title" : "Availability Impact Level", - "description" : "The expected level of impact resulting from the disruption of access to or use of the described information or the information system.", - "type" : "object", - "properties" : - { "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "base" : - { "$ref" : "#field_oscal-ssp_base" }, - "selected" : - { "$ref" : "#field_oscal-ssp_selected" }, - "adjustment-justification" : - { "$ref" : "#field_oscal-ssp_adjustment-justification" } }, - "required" : - [ "base" ], - "additionalProperties" : false } }, - "required" : - [ "title", - "description", - "confidentiality-impact", - "integrity-impact", - "availability-impact" ], - "additionalProperties" : false } } }, - "required" : - [ "information-types" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-ssp:base" : - { "title" : "Base Level (Confidentiality, Integrity, or Availability)", - "description" : "The prescribed base (Confidentiality, Integrity, or Availability) security impact level.", - "$id" : "#field_oscal-ssp_base", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ssp-oscal-ssp:selected" : - { "title" : "Selected Level (Confidentiality, Integrity, or Availability)", - "description" : "The selected (Confidentiality, Integrity, or Availability) security impact level.", - "$id" : "#field_oscal-ssp_selected", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ssp-oscal-ssp:adjustment-justification" : - { "title" : "Adjustment Justification", - "description" : "If the selected security level is different from the base security level, this contains the justification for the change.", - "$id" : "#field_oscal-ssp_adjustment-justification", - "type" : "string" }, - "oscal-ssp-oscal-ssp:security-impact-level" : - { "title" : "Security Impact Level", - "description" : "The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.", - "$id" : "#assembly_oscal-ssp_security-impact-level", - "type" : "object", - "properties" : - { "security-objective-confidentiality" : - { "title" : "Security Objective: Confidentiality", - "description" : "A target-level of confidentiality for the system, based on the sensitivity of information within the system.", - "$ref" : "#/definitions/StringDatatype" }, - "security-objective-integrity" : - { "title" : "Security Objective: Integrity", - "description" : "A target-level of integrity for the system, based on the sensitivity of information within the system.", - "$ref" : "#/definitions/StringDatatype" }, - "security-objective-availability" : - { "title" : "Security Objective: Availability", - "description" : "A target-level of availability for the system, based on the sensitivity of information within the system.", - "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "security-objective-confidentiality", - "security-objective-integrity", - "security-objective-availability" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-ssp:status" : - { "title" : "Status", - "description" : "Describes the operational status of the system.", - "$id" : "#assembly_oscal-ssp_status", - "type" : "object", - "properties" : - { "state" : - { "title" : "State", - "description" : "The current operating status.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "operational", - "under-development", - "under-major-modification", - "disposition", - "other" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-ssp:date-authorized" : - { "title" : "System Authorization Date", - "description" : "The date the system received its authorization.", - "$id" : "#field_oscal-ssp_date-authorized", - "$ref" : "#/definitions/DateDatatype" }, - "oscal-ssp-oscal-ssp:authorization-boundary" : - { "title" : "Authorization Boundary", - "description" : "A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.", - "$id" : "#assembly_oscal-ssp_authorization-boundary", - "type" : "object", - "properties" : - { "description" : - { "title" : "Authorization Boundary Description", - "description" : "A summary of the system's authorization boundary.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "diagrams" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ssp_diagram" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "description" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-ssp:diagram" : - { "title" : "Diagram", - "description" : "A graphic that provides a visual representation the system, or some aspect of it.", - "$id" : "#assembly_oscal-ssp_diagram", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Diagram ID", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Diagram Description", - "description" : "A summary of the diagram.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "caption" : - { "title" : "Caption", - "description" : "A brief caption to annotate the diagram.", - "type" : "string" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-ssp:network-architecture" : - { "title" : "Network Architecture", - "description" : "A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.", - "$id" : "#assembly_oscal-ssp_network-architecture", - "type" : "object", - "properties" : - { "description" : - { "title" : "Network Architecture Description", - "description" : "A summary of the system's network architecture.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "diagrams" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ssp_diagram" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "description" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-ssp:data-flow" : - { "title" : "Data Flow", - "description" : "A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.", - "$id" : "#assembly_oscal-ssp_data-flow", - "type" : "object", - "properties" : - { "description" : - { "title" : "Data Flow Description", - "description" : "A summary of the system's data flow.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "diagrams" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ssp_diagram" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "description" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-ssp:system-implementation" : - { "title" : "System Implementation", - "description" : "Provides information as to how the system is implemented.", - "$id" : "#assembly_oscal-ssp_system-implementation", - "type" : "object", - "properties" : - { "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "leveraged-authorizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Leveraged Authorization", - "description" : "A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Leveraged Authorization Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "title field", - "description" : "A human readable name for the leveraged authorization in the context of the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "party-uuid" : - { "title" : "party-uuid field", - "description" : "A machine-oriented identifier reference to the party that manages the leveraged system.", - "$ref" : "#/definitions/UUIDDatatype" }, - "date-authorized" : - { "$ref" : "#field_oscal-ssp_date-authorized" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "title", - "party-uuid", - "date-authorized" ], - "additionalProperties" : false } }, - "users" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-user" } }, - "components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, - "inventory-items" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "users", - "components" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-ssp:control-implementation" : - { "title" : "Control Implementation", - "description" : "Describes how the system satisfies a set of controls.", - "$id" : "#assembly_oscal-ssp_control-implementation", - "type" : "object", - "properties" : - { "description" : - { "title" : "Control Implementation Description", - "description" : "A statement describing important things to know about how this set of control satisfaction documentation is approached.", - "type" : "string" }, - "set-parameters" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, - "implemented-requirements" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ssp_implemented-requirement" } } }, - "required" : - [ "description", - "implemented-requirements" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-ssp:implemented-requirement" : - { "title" : "Control-based Requirement", - "description" : "Describes how the system satisfies the requirements of an individual control.", - "$id" : "#assembly_oscal-ssp_implemented-requirement", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Control Requirement Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "control-id" : - { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "set-parameters" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "statements" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ssp_statement" } }, - "by-components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ssp_by-component" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "control-id" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-ssp:statement" : - { "title" : "Specific Control Statement", - "description" : "Identifies which statements within a control are addressed.", - "$id" : "#assembly_oscal-ssp_statement", - "type" : "object", - "properties" : - { "statement-id" : - { "title" : "Control Statement Reference", - "description" : "A human-oriented identifier reference to a control statement.", - "$ref" : "#/definitions/TokenDatatype" }, - "uuid" : - { "title" : "Control Statement Reference Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "by-components" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-ssp_by-component" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "statement-id", - "uuid" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-ssp:by-component" : - { "title" : "Component Control Implementation", - "description" : "Defines how the referenced component implements a set of controls.", - "$id" : "#assembly_oscal-ssp_by-component", - "type" : "object", - "properties" : - { "component-uuid" : - { "title" : "Component Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to the component that is implemeting a given control.", - "$ref" : "#/definitions/UUIDDatatype" }, - "uuid" : - { "title" : "By-Component Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Control Implementation Description", - "description" : "An implementation statement that describes how a control or a control statement is implemented within the referenced system component.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "set-parameters" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, - "implementation-status" : - { "$ref" : "#assembly_oscal-implementation-common_implementation-status" }, - "export" : - { "title" : "Export", - "description" : "Identifies content intended for external consumption, such as with leveraged organizations.", - "type" : "object", - "properties" : - { "description" : - { "title" : "Control Implementation Export Description", - "description" : "An implementation statement that describes the aspects of the control or control statement implementation that can be available to another system leveraging this system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "provided" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Provided Control Implementation", - "description" : "Describes a capability which may be inherited by a leveraging system.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Provided Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Provided Control Implementation Description", - "description" : "An implementation statement that describes the aspects of the control or control statement implementation that can be provided to another system leveraging this system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "responsibilities" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Control Implementation Responsibility", - "description" : "Describes a control implementation responsibility imposed on a leveraging system.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Responsibility Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "provided-uuid" : - { "title" : "Provided UUID", - "description" : "A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Control Implementation Responsibility Description", - "description" : "An implementation statement that describes the aspects of the control or control statement implementation that a leveraging system must implement to satisfy the control provided by a leveraged system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "additionalProperties" : false }, - "inherited" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Inherited Control Implementation", - "description" : "Describes a control implementation inherited by a leveraging system.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Inherited Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "provided-uuid" : - { "title" : "Provided UUID", - "description" : "A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Inherited Control Implementation Description", - "description" : "An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is inheriting from a leveraged system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "satisfied" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Satisfied Control Implementation Responsibility", - "description" : "Describes how this system satisfies a responsibility imposed by a leveraged system.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Satisfied Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "responsibility-uuid" : - { "title" : "Responsibility UUID", - "description" : "A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system.", - "$ref" : "#/definitions/UUIDDatatype" }, - "description" : - { "title" : "Satisfied Control Implementation Responsibility Description", - "description" : "An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is implementing based on a requirement from a leveraged system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "description" ], - "additionalProperties" : false } }, - "responsible-roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "component-uuid", - "uuid", - "description" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", - "$id" : "#assembly_oscal-metadata_metadata", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "revisions" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "roles" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, - "locations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, - "parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "title", - "last-modified", - "version", - "oscal-version" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:revision" : - { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:location" : - { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_location-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-ssp-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://orcid.org/" ] } ] }, - "id" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$id" : "#field_oscal-metadata_party-uuid", - "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-ssp-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:role-id" : - { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$id" : "#field_oscal-metadata_role-id", - "$ref" : "#/definitions/TokenDatatype" }, - "oscal-ssp-oscal-metadata:back-matter" : - { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", - "$id" : "#assembly_oscal-metadata_back-matter", - "type" : "object", - "properties" : - { "resources" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", - "type" : "string" }, - "description" : - { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "document-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_document-id" } }, - "citation" : - { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", - "type" : "object", - "properties" : - { "text" : - { "title" : "Citation Text", - "description" : "A line of citation text.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "text" ], - "additionalProperties" : false }, - "rlinks" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "hashes" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_hash" } } }, - "required" : - [ "href" ], - "additionalProperties" : false } }, - "base64" : - { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", - "type" : "object", - "properties" : - { "filename" : - { "title" : "File Name", - "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "value" : - { "$ref" : "#/definitions/Base64Datatype" } }, - "required" : - [ "value" ], - "additionalProperties" : false }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:property" : - { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", - "$id" : "#assembly_oscal-metadata_property", - "type" : "object", - "properties" : - { "name" : - { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "marking" ] } ] }, - "uuid" : - { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "ns" : - { "title" : "Property Namespace", - "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "value" : - { "title" : "Property Value", - "description" : "Indicates the value of the attribute, characteristic, or quality.", - "$ref" : "#/definitions/StringDatatype" }, - "class" : - { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "name", - "value" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:link" : - { "title" : "Link", - "description" : "A reference to a local or remote resource", - "$id" : "#assembly_oscal-metadata_link", - "type" : "object", - "properties" : - { "href" : - { "title" : "Hypertext Reference", - "description" : "A resolvable URL reference to a resource.", - "$ref" : "#/definitions/URIReferenceDatatype" }, - "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "reference" ] } ] }, - "media-type" : - { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "text" : - { "title" : "Link Text", - "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", - "type" : "string" } }, - "required" : - [ "href" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:responsible-party" : - { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-party", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", - "$ref" : "#/definitions/TokenDatatype" }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id", - "party-uuids" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:responsible-role" : - { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", - "$id" : "#assembly_oscal-metadata_responsible-role", - "type" : "object", - "properties" : - { "role-id" : - { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "$ref" : "#/definitions/TokenDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "party-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_party-uuid" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "role-id" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:hash" : - { "title" : "Hash", - "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", - "$id" : "#field_oscal-metadata_hash", - "type" : "object", - "properties" : - { "algorithm" : - { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", + "properties" : + { "uuid" : + { "title" : "System Security Plan Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "metadata" : + { "$ref" : "#assembly_oscal-metadata_metadata" }, + "import-profile" : + { "$ref" : "#assembly_oscal-ssp_import-profile" }, + "system-characteristics" : + { "$ref" : "#assembly_oscal-ssp_system-characteristics" }, + "system-implementation" : + { "$ref" : "#assembly_oscal-ssp_system-implementation" }, + "control-implementation" : + { "$ref" : "#assembly_oscal-ssp_control-implementation" }, + "back-matter" : + { "$ref" : "#assembly_oscal-metadata_back-matter" } }, + "required" : + [ "uuid", + "metadata", + "import-profile", + "system-characteristics", + "system-implementation", + "control-implementation" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:import-profile" : + { "title" : "Import Profile", + "description" : "Used to import the OSCAL profile representing the system's control baseline.", + "$id" : "#assembly_oscal-ssp_import-profile", + "type" : "object", + "properties" : + { "href" : + { "title" : "Profile Reference", + "description" : "A resolvable URL reference to the profile or catalog to use as the system's control baseline.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:system-characteristics" : + { "title" : "System Characteristics", + "description" : "Contains the characteristics of the system, such as its name, purpose, and security impact level.", + "$id" : "#assembly_oscal-ssp_system-characteristics", + "type" : "object", + "properties" : + { "system-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-implementation-common_system-id" } }, + "system-name" : + { "title" : "System Name - Full", + "description" : "The full name of the system.", + "$ref" : "#/definitions/StringDatatype" }, + "system-name-short" : + { "title" : "System Name - Short", + "description" : "A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "System Description", + "description" : "A summary of the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "date-authorized" : + { "$ref" : "#field_oscal-ssp_date-authorized" }, + "security-sensitivity-level" : + { "title" : "Security Sensitivity Level", + "description" : "The overall information system sensitivity categorization, such as defined by FIPS-199.", + "$ref" : "#/definitions/StringDatatype" }, + "system-information" : + { "$ref" : "#assembly_oscal-ssp_system-information" }, + "security-impact-level" : + { "$ref" : "#assembly_oscal-ssp_security-impact-level" }, + "status" : + { "$ref" : "#assembly_oscal-ssp_status" }, + "authorization-boundary" : + { "$ref" : "#assembly_oscal-ssp_authorization-boundary" }, + "network-architecture" : + { "$ref" : "#assembly_oscal-ssp_network-architecture" }, + "data-flow" : + { "$ref" : "#assembly_oscal-ssp_data-flow" }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "system-ids", + "system-name", + "description", + "security-sensitivity-level", + "system-information", + "security-impact-level", + "status", + "authorization-boundary" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:system-information" : + { "title" : "System Information", + "description" : "Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.", + "$id" : "#assembly_oscal-ssp_system-information", + "type" : "object", + "properties" : + { "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "information-types" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Information Type", + "description" : "Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Information Type Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "title field", + "description" : "A human readable name for the information type. This title should be meaningful within the context of the system.", + "type" : "string" }, + "description" : + { "title" : "Information Type Description", + "description" : "A summary of how this information type is used within the system.", + "type" : "string" }, + "categorizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Information Type Categorization", + "description" : "A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60.", + "type" : "object", + "properties" : + { "system" : + { "title" : "Information Type Identification System", + "description" : "Specifies the information type identification system used.", "anyOf" : [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "SHA-224", - "SHA-256", - "SHA-384", - "SHA-512", - "SHA3-224", - "SHA3-256", - "SHA3-384", - "SHA3-512" ] } ] }, - "value" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "value", - "algorithm" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:remarks" : - { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", - "$id" : "#field_oscal-metadata_remarks", + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://doi.org/10.6028/NIST.SP.800-60v2r1" ] } ] }, + "information-type-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Information Type Systematized Identifier", + "description" : "A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/StringDatatype" } } }, + "required" : + [ "system" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "confidentiality-impact" : + { "$ref" : "#assembly_oscal-ssp_impact" }, + "integrity-impact" : + { "$ref" : "#assembly_oscal-ssp_impact" }, + "availability-impact" : + { "$ref" : "#assembly_oscal-ssp_impact" } }, + "required" : + [ "title", + "description" ], + "additionalProperties" : false } } }, + "required" : + [ "information-types" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:impact" : + { "title" : "Impact Level", + "description" : "The expected level of impact resulting from the described information.", + "$id" : "#assembly_oscal-ssp_impact", + "type" : "object", + "properties" : + { "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "base" : + { "$ref" : "#field_oscal-ssp_base" }, + "selected" : + { "$ref" : "#field_oscal-ssp_selected" }, + "adjustment-justification" : + { "$ref" : "#field_oscal-ssp_adjustment-justification" } }, + "required" : + [ "base" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:base" : + { "title" : "Base Level (Confidentiality, Integrity, or Availability)", + "description" : "The prescribed base (Confidentiality, Integrity, or Availability) security impact level.", + "$id" : "#field_oscal-ssp_base", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ssp-oscal-ssp:selected" : + { "title" : "Selected Level (Confidentiality, Integrity, or Availability)", + "description" : "The selected (Confidentiality, Integrity, or Availability) security impact level.", + "$id" : "#field_oscal-ssp_selected", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ssp-oscal-ssp:adjustment-justification" : + { "title" : "Adjustment Justification", + "description" : "If the selected security level is different from the base security level, this contains the justification for the change.", + "$id" : "#field_oscal-ssp_adjustment-justification", + "type" : "string" }, + "oscal-ssp-oscal-ssp:security-impact-level" : + { "title" : "Security Impact Level", + "description" : "The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.", + "$id" : "#assembly_oscal-ssp_security-impact-level", + "type" : "object", + "properties" : + { "security-objective-confidentiality" : + { "title" : "Security Objective: Confidentiality", + "description" : "A target-level of confidentiality for the system, based on the sensitivity of information within the system.", + "$ref" : "#/definitions/StringDatatype" }, + "security-objective-integrity" : + { "title" : "Security Objective: Integrity", + "description" : "A target-level of integrity for the system, based on the sensitivity of information within the system.", + "$ref" : "#/definitions/StringDatatype" }, + "security-objective-availability" : + { "title" : "Security Objective: Availability", + "description" : "A target-level of availability for the system, based on the sensitivity of information within the system.", + "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "security-objective-confidentiality", + "security-objective-integrity", + "security-objective-availability" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:status" : + { "title" : "Status", + "description" : "Describes the operational status of the system.", + "$id" : "#assembly_oscal-ssp_status", + "type" : "object", + "properties" : + { "state" : + { "title" : "State", + "description" : "The current operating status.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "operational", + "under-development", + "under-major-modification", + "disposition", + "other" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:date-authorized" : + { "title" : "System Authorization Date", + "description" : "The date the system received its authorization.", + "$id" : "#field_oscal-ssp_date-authorized", + "$ref" : "#/definitions/DateDatatype" }, + "oscal-ssp-oscal-ssp:authorization-boundary" : + { "title" : "Authorization Boundary", + "description" : "A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.", + "$id" : "#assembly_oscal-ssp_authorization-boundary", + "type" : "object", + "properties" : + { "description" : + { "title" : "Authorization Boundary Description", + "description" : "A summary of the system's authorization boundary.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "diagrams" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ssp_diagram" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "description" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:diagram" : + { "title" : "Diagram", + "description" : "A graphic that provides a visual representation the system, or some aspect of it.", + "$id" : "#assembly_oscal-ssp_diagram", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Diagram ID", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Diagram Description", + "description" : "A summary of the diagram.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "caption" : + { "title" : "Caption", + "description" : "A brief caption to annotate the diagram.", + "type" : "string" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:network-architecture" : + { "title" : "Network Architecture", + "description" : "A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.", + "$id" : "#assembly_oscal-ssp_network-architecture", + "type" : "object", + "properties" : + { "description" : + { "title" : "Network Architecture Description", + "description" : "A summary of the system's network architecture.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "diagrams" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ssp_diagram" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "description" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:data-flow" : + { "title" : "Data Flow", + "description" : "A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.", + "$id" : "#assembly_oscal-ssp_data-flow", + "type" : "object", + "properties" : + { "description" : + { "title" : "Data Flow Description", + "description" : "A summary of the system's data flow.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "diagrams" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ssp_diagram" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "description" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:system-implementation" : + { "title" : "System Implementation", + "description" : "Provides information as to how the system is implemented.", + "$id" : "#assembly_oscal-ssp_system-implementation", + "type" : "object", + "properties" : + { "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "leveraged-authorizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Leveraged Authorization", + "description" : "A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Leveraged Authorization Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "title field", + "description" : "A human readable name for the leveraged authorization in the context of the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "party-uuid" : + { "title" : "party-uuid field", + "description" : "A machine-oriented identifier reference to the party that manages the leveraged system.", + "$ref" : "#/definitions/UUIDDatatype" }, + "date-authorized" : + { "$ref" : "#field_oscal-ssp_date-authorized" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "title", + "party-uuid", + "date-authorized" ], + "additionalProperties" : false } }, + "users" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-user" } }, + "components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_system-component" } }, + "inventory-items" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_inventory-item" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "users", + "components" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:control-implementation" : + { "title" : "Control Implementation", + "description" : "Describes how the system satisfies a set of controls.", + "$id" : "#assembly_oscal-ssp_control-implementation", + "type" : "object", + "properties" : + { "description" : + { "title" : "Control Implementation Description", + "description" : "A statement describing important things to know about how this set of control satisfaction documentation is approached.", + "type" : "string" }, + "set-parameters" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, + "implemented-requirements" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ssp_implemented-requirement" } } }, + "required" : + [ "description", + "implemented-requirements" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:implemented-requirement" : + { "title" : "Control-based Requirement", + "description" : "Describes how the system satisfies the requirements of an individual control.", + "$id" : "#assembly_oscal-ssp_implemented-requirement", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Control Requirement Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "control-id" : + { "title" : "Control Identifier Reference", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "set-parameters" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "statements" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ssp_statement" } }, + "by-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ssp_by-component" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "control-id" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:statement" : + { "title" : "Specific Control Statement", + "description" : "Identifies which statements within a control are addressed.", + "$id" : "#assembly_oscal-ssp_statement", + "type" : "object", + "properties" : + { "statement-id" : + { "title" : "Control Statement Reference", + "description" : "A human-oriented identifier reference to a control statement.", + "$ref" : "#/definitions/TokenDatatype" }, + "uuid" : + { "title" : "Control Statement Reference Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "by-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-ssp_by-component" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "statement-id", + "uuid" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-ssp:by-component" : + { "title" : "Component Control Implementation", + "description" : "Defines how the referenced component implements a set of controls.", + "$id" : "#assembly_oscal-ssp_by-component", + "type" : "object", + "properties" : + { "component-uuid" : + { "title" : "Component Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to the component that is implemeting a given control.", + "$ref" : "#/definitions/UUIDDatatype" }, + "uuid" : + { "title" : "By-Component Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Control Implementation Description", + "description" : "An implementation statement that describes how a control or a control statement is implemented within the referenced system component.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "set-parameters" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_set-parameter" } }, + "implementation-status" : + { "$ref" : "#assembly_oscal-implementation-common_implementation-status" }, + "export" : + { "title" : "Export", + "description" : "Identifies content intended for external consumption, such as with leveraged organizations.", + "type" : "object", + "properties" : + { "description" : + { "title" : "Control Implementation Export Description", + "description" : "An implementation statement that describes the aspects of the control or control statement implementation that can be available to another system leveraging this system.", "type" : "string" }, - "oscal-ssp-oscal-metadata:published" : - { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_published", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-ssp-oscal-metadata:last-modified" : - { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", - "$id" : "#field_oscal-metadata_last-modified", - "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, - "oscal-ssp-oscal-metadata:version" : - { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", - "$id" : "#field_oscal-metadata_version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ssp-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", - "$id" : "#field_oscal-metadata_oscal-version", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ssp-oscal-metadata:email-address" : - { "title" : "Email Address", - "description" : "An email address as defined by RFC 5322 Section 3.4.1.", - "$id" : "#field_oscal-metadata_email-address", - "$ref" : "#/definitions/EmailAddressDatatype" }, - "oscal-ssp-oscal-metadata:telephone-number" : - { "title" : "Telephone Number", - "description" : "Contact number by telephone.", - "$id" : "#field_oscal-metadata_telephone-number", - "type" : "object", - "properties" : - { "type" : - { "title" : "type flag", - "description" : "Indicates the type of phone number.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "home", - "office", - "mobile" ] } ] }, - "number" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "number" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:address" : - { "title" : "Address", - "description" : "A postal address for the location.", - "$id" : "#assembly_oscal-metadata_address", - "type" : "object", - "properties" : - { "type" : - { "title" : "Address Type", - "description" : "Indicates the type of address.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "home", - "work" ] } ] }, - "addr-lines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_addr-line" } }, - "city" : - { "title" : "City", - "description" : "City, town or geographical region for the mailing address.", - "$ref" : "#/definitions/StringDatatype" }, - "state" : - { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "postal-code" : - { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", - "$ref" : "#/definitions/StringDatatype" }, - "country" : - { "title" : "Country Code", - "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "$ref" : "#/definitions/StringDatatype" } }, - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:addr-line" : - { "title" : "Address line", - "description" : "A single line of an address.", - "$id" : "#field_oscal-metadata_addr-line", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ssp-oscal-metadata:document-id" : - { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", - "$id" : "#field_oscal-metadata_document-id", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "Document Identification Scheme", - "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "anyOf" : - [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "http://www.doi.org/" ] } ] }, - "identifier" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "identifier" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-implementation-common:system-component" : - { "title" : "Component", - "description" : "A defined component that can be part of an implemented system.", - "$id" : "#assembly_oscal-implementation-common_system-component", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Component Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Component Type", - "description" : "A category describing the purpose of the component.", - "anyOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "this-system", - "system", - "interconnection", - "software", - "hardware", - "service", - "policy", - "physical", - "process-procedure", - "plan", - "guidance", - "standard", - "validation", - "network" ] } ] }, - "title" : - { "title" : "Component Title", - "description" : "A human readable name for the system component.", - "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "provided" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Provided Control Implementation", + "description" : "Describes a capability which may be inherited by a leveraging system.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Provided Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, "description" : - { "title" : "Component Description", - "description" : "A description of the component, including information about its function.", - "type" : "string" }, - "purpose" : - { "title" : "Purpose", - "description" : "A summary of the technological or business purpose of the component.", - "type" : "string" }, + { "title" : "Provided Control Implementation Description", + "description" : "An implementation statement that describes the aspects of the control or control statement implementation that can be provided to another system leveraging this system.", + "type" : "string" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "status" : - { "title" : "Status", - "description" : "Describes the operational status of the system component.", - "type" : "object", - "properties" : - { "state" : - { "title" : "State", - "description" : "The operational status.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "under-development", - "operational", - "disposition", - "other" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, "responsible-roles" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, - "protocols" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type", - "title", - "description", - "status" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-implementation-common:protocol" : - { "title" : "Service Protocol Information", - "description" : "Information about the protocol used to provide a service.", - "$id" : "#assembly_oscal-implementation-common_protocol", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Service Protocol Information Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "name" : - { "title" : "Protocol Name", - "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", - "$ref" : "#/definitions/StringDatatype" }, - "title" : - { "title" : "Protocol Title", - "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", - "type" : "string" }, - "port-ranges" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_port-range" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-implementation-common:port-range" : - { "title" : "Port Range", - "description" : "Where applicable this is the IPv4 port range on which the service operates.", - "$id" : "#assembly_oscal-implementation-common_port-range", - "type" : "object", - "properties" : - { "start" : - { "title" : "Start", - "description" : "Indicates the starting port number in a port range", - "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, - "end" : - { "title" : "End", - "description" : "Indicates the ending port number in a port range", - "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, - "transport" : - { "title" : "Transport", - "description" : "Indicates the transport type.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "TCP", - "UDP" ] } ] } }, - "additionalProperties" : false }, - "oscal-ssp-oscal-implementation-common:implementation-status" : - { "title" : "Implementation Status", - "description" : "Indicates the degree to which the a given control is implemented.", - "$id" : "#assembly_oscal-implementation-common_implementation-status", - "type" : "object", - "properties" : - { "state" : - { "title" : "Implementation State", - "description" : "Identifies the implementation status of the control or control objective.", - "anyOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "implemented", - "partial", - "planned", - "alternative", - "not-applicable" ] } ] }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "state" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-implementation-common:system-user" : - { "title" : "System User", - "description" : "A type of user that interacts with the system based on an associated role.", - "$id" : "#assembly_oscal-implementation-common_system-user", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "User Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "User Title", - "description" : "A name given to the user, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "User Short Name", - "description" : "A short common name, abbreviation, or acronym for the user.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "User Description", - "description" : "A summary of the user's purpose within the system.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "role-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_role-id" } }, - "authorized-privileges" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-implementation-common_authorized-privilege" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-implementation-common:authorized-privilege" : - { "title" : "Privilege", - "description" : "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", - "$id" : "#assembly_oscal-implementation-common_authorized-privilege", - "type" : "object", - "properties" : - { "title" : - { "title" : "Privilege Title", - "description" : "A human readable name for the privilege.", - "type" : "string" }, - "description" : - { "title" : "Privilege Description", - "description" : "A summary of the privilege's purpose within the system.", - "type" : "string" }, - "functions-performed" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-implementation-common_function-performed" } } }, - "required" : - [ "title", - "functions-performed" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-implementation-common:function-performed" : - { "title" : "Functions Performed", - "description" : "Describes a function performed for a given authorized privilege by this user class.", - "$id" : "#field_oscal-implementation-common_function-performed", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ssp-oscal-implementation-common:inventory-item" : - { "title" : "Inventory Item", - "description" : "A single managed inventory item within the system.", - "$id" : "#assembly_oscal-implementation-common_inventory-item", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Inventory Item Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "responsibilities" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Control Implementation Responsibility", + "description" : "Describes a control implementation responsibility imposed on a leveraging system.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Responsibility Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "provided-uuid" : + { "title" : "Provided UUID", + "description" : "A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.", + "$ref" : "#/definitions/UUIDDatatype" }, "description" : - { "title" : "Inventory Item Description", - "description" : "A summary of the inventory item stating its purpose within the system.", - "type" : "string" }, + { "title" : "Control Implementation Responsibility Description", + "description" : "An implementation statement that describes the aspects of the control or control statement implementation that a leveraging system must implement to satisfy the control provided by a leveraged system.", + "type" : "string" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "implemented-components" : + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Implemented Component", - "description" : "The set of components that are implemented in a given system inventory item.", - "type" : "object", - "properties" : - { "component-uuid" : - { "title" : "Component Universally Unique Identifier Reference", - "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "$ref" : "#/definitions/UUIDDatatype" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "responsible-parties" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "component-uuid" ], - "additionalProperties" : false } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", + "required" : + [ "uuid", "description" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-implementation-common:set-parameter" : - { "title" : "Set Parameter Value", - "description" : "Identifies the parameter that will be set by the enclosed value.", - "$id" : "#assembly_oscal-implementation-common_set-parameter", - "type" : "object", - "properties" : - { "param-id" : - { "title" : "Parameter ID", - "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", - "$ref" : "#/definitions/TokenDatatype" }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Parameter Value", - "description" : "A parameter value or set of values.", - "$ref" : "#/definitions/StringDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "param-id", - "values" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-implementation-common:system-id" : - { "title" : "System Identification", - "description" : "A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.", - "$id" : "#field_oscal-implementation-common_system-id", - "type" : "object", - "properties" : - { "identifier-type" : - { "title" : "Identification System Type", - "description" : "Identifies the identification system from which the provided identifier was assigned.", + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "additionalProperties" : false }, + "inherited" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Inherited Control Implementation", + "description" : "Describes a control implementation inherited by a leveraging system.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Inherited Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "provided-uuid" : + { "title" : "Provided UUID", + "description" : "A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Inherited Control Implementation Description", + "description" : "An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is inheriting from a leveraged system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "satisfied" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Satisfied Control Implementation Responsibility", + "description" : "Describes how this system satisfies a responsibility imposed by a leveraged system.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Satisfied Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "responsibility-uuid" : + { "title" : "Responsibility UUID", + "description" : "A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Satisfied Control Implementation Responsibility Description", + "description" : "An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is implementing based on a requirement from a leveraged system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false } }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "component-uuid", + "uuid", + "description" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-metadata:metadata" : + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", + "$id" : "#assembly_oscal-metadata_metadata", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "revisions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, + "locations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location", + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, + "parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", "anyOf" : [ - { "$ref" : "#/definitions/URIDatatype" }, - - { "enum" : - [ "https://fedramp.gov", - "http://fedramp.gov/ns/oscal", - "https://ietf.org/rfc/rfc4122", - "http://ietf.org/rfc/rfc4122" ] } ] }, - "id" : - { "$ref" : "#/definitions/StringDatatype" } }, - "required" : - [ "id" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-catalog-common:part" : - { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", - "type" : "object", - "properties" : - { "id" : - { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "name" : - { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", - "$ref" : "#/definitions/TokenDatatype" }, - "ns" : - { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "$ref" : "#/definitions/URIDatatype" }, - "class" : - { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "prose" : - { "title" : "Part Text", - "description" : "Permits multiple paragraphs, lists, tables etc.", - "type" : "string" }, - "parts" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } } }, - "required" : - [ "name" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-catalog-common:parameter" : - { "title" : "Parameter", - "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", - "type" : "object", - "properties" : - { "id" : - { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "class" : - { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", - "$ref" : "#/definitions/TokenDatatype" }, - "depends-on" : - { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "$ref" : "#/definitions/TokenDatatype" }, + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "actions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_action" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "title", + "last-modified", + "version", + "oscal-version" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-metadata:location-uuid" : + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", + "$id" : "#field_oscal-metadata_location-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-ssp-oscal-metadata:party-uuid" : + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", + "$id" : "#field_oscal-metadata_party-uuid", + "$ref" : "#/definitions/UUIDDatatype" }, + "oscal-ssp-oscal-metadata:role-id" : + { "title" : "Role Identifier Reference", + "description" : "Reference to a role by UUID.", + "$id" : "#field_oscal-metadata_role-id", + "$ref" : "#/definitions/TokenDatatype" }, + "oscal-ssp-oscal-metadata:back-matter" : + { "title" : "Back matter", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", + "$id" : "#assembly_oscal-metadata_back-matter", + "type" : "object", + "properties" : + { "resources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Resource Universally Unique Identifier", + "description" : "A unique identifier for a resource.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Resource Title", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", + "type" : "string" }, + "description" : + { "title" : "Resource Description", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_document-id" } }, + "citation" : + { "title" : "Citation", + "description" : "An optional citation consisting of end note text using structured markup.", + "type" : "object", + "properties" : + { "text" : + { "title" : "Citation Text", + "description" : "A line of citation text.", + "type" : "string" }, "props" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, "links" : { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "label" : - { "title" : "Parameter Label", - "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", - "type" : "string" }, - "usage" : - { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", - "type" : "string" }, - "constraints" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, - "guidelines" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, - "values" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, - "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-catalog-common:parameter-constraint" : - { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", - "type" : "object", - "properties" : - { "description" : - { "title" : "Constraint Description", - "description" : "A textual summary of the constraint to be applied.", - "type" : "string" }, - "tests" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Constraint Test", - "description" : "A test expression which is expected to be evaluated by a tool.", - "type" : "object", - "properties" : - { "expression" : - { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", - "$ref" : "#/definitions/StringDatatype" }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "expression" ], - "additionalProperties" : false } } }, - "additionalProperties" : false }, - "oscal-ssp-oscal-catalog-common:parameter-guideline" : - { "title" : "Guideline", - "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", - "type" : "object", - "properties" : - { "prose" : - { "title" : "Guideline Text", - "description" : "Prose permits multiple paragraphs, lists, tables etc.", - "type" : "string" } }, - "required" : - [ "prose" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-catalog-common:parameter-value" : - { "title" : "Parameter Value", - "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", - "$ref" : "#/definitions/StringDatatype" }, - "oscal-ssp-oscal-catalog-common:parameter-selection" : - { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", - "type" : "object", - "properties" : - { "how-many" : - { "title" : "Parameter Cardinality", - "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "allOf" : - [ - { "$ref" : "#/definitions/TokenDatatype" }, - - { "enum" : - [ "one", - "one-or-more" ] } ] }, - "choice" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Choice", - "description" : "A value selection among several such options.", - "type" : "string" } } }, - "additionalProperties" : false }, - "oscal-ssp-oscal-catalog-common:include-all" : - { "title" : "Include All", - "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", - "type" : "object", - "additionalProperties" : false }, - "Base64Datatype" : - { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", - "type" : "string", - "pattern" : "^[0-9A-Za-z+/]+={0,2}$", - "contentEncoding" : "base64" }, - "DateDatatype" : - { "description" : "A string representing a 24-hour period with an optional timezone.", - "type" : "string", - "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))(Z|[+-][0-9]{2}:[0-9]{2})?$" }, - "DateTimeWithTimezoneDatatype" : - { "description" : "A string representing a point in time with a required timezone.", - "type" : "string", - "format" : "date-time", - "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, - "EmailAddressDatatype" : - { "description" : "An email address string formatted according to RFC 6531.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" } ] }, - "IntegerDatatype" : - { "description" : "A whole number value.", - "type" : "integer" }, - "NonNegativeIntegerDatatype" : - { "description" : "An integer value that is equal to or greater than 0.", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "text" ], + "additionalProperties" : false }, + "rlinks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource link", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL pointing to the referenced resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "hashes" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_hash" } } }, + "required" : + [ "href" ], + "additionalProperties" : false } }, + "base64" : + { "title" : "Base64", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", + "type" : "object", + "properties" : + { "filename" : + { "title" : "File Name", + "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", + "$ref" : "#/definitions/TokenDatatype" }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "value" : + { "$ref" : "#/definitions/Base64Datatype" } }, + "required" : + [ "value" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-ssp-oscal-metadata:property" : + { "title" : "Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", + "$id" : "#assembly_oscal-metadata_property", + "type" : "object", + "properties" : + { "name" : + { "title" : "Property Name", + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "$ref" : "#/definitions/TokenDatatype" }, + "uuid" : + { "title" : "Property Universally Unique Identifier", + "description" : "A unique identifier for a property.", + "$ref" : "#/definitions/UUIDDatatype" }, + "ns" : + { "title" : "Property Namespace", + "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "value" : + { "title" : "Property Value", + "description" : "Indicates the value of the attribute, characteristic, or quality.", + "$ref" : "#/definitions/StringDatatype" }, + "class" : + { "title" : "Property Class", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", + "$ref" : "#/definitions/TokenDatatype" }, + "group" : + { "title" : "Property Group", + "description" : "An identifier for relating distinct sets of properties.", + "$ref" : "#/definitions/TokenDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "name", + "value" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-metadata:link" : + { "title" : "Link", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", + "$id" : "#assembly_oscal-metadata_link", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL reference to a resource.", + "$ref" : "#/definitions/URIReferenceDatatype" }, + "rel" : + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, + "media-type" : + { "title" : "Media Type", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", + "$ref" : "#/definitions/StringDatatype" }, + "resource-fragment" : + { "title" : "Resource Fragment", + "description" : "In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded.", + "$ref" : "#/definitions/StringDatatype" }, + "text" : + { "title" : "Link Text", + "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", + "type" : "string" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-metadata:responsible-party" : + { "title" : "Responsible Party", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", + "$id" : "#assembly_oscal-metadata_responsible-party", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role", + "description" : "A reference to a role performed by a party.", + "$ref" : "#/definitions/TokenDatatype" }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id", + "party-uuids" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-metadata:action" : + { "title" : "Action", + "description" : "An action applied by a role within a given party to the content.", + "$id" : "#assembly_oscal-metadata_action", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Action Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "date" : + { "title" : "Action Occurrence Date", + "description" : "The date and time when the action occurred.", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "type" : + { "title" : "Action Type", + "description" : "The type of action documented by the assembly, such as an approval.", + "$ref" : "#/definitions/TokenDatatype" }, + "system" : + { "title" : "Action Type System", + "description" : "Specifies the action type system used.", + "$ref" : "#/definitions/URIDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "system" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-metadata:responsible-role" : + { "title" : "Responsible Role", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", + "$id" : "#assembly_oscal-metadata_responsible-role", + "type" : "object", + "properties" : + { "role-id" : + { "title" : "Responsible Role ID", + "description" : "A human-oriented identifier reference to a role performed.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_party-uuid" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "role-id" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-metadata:hash" : + { "title" : "Hash", + "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", + "$id" : "#field_oscal-metadata_hash", + "type" : "object", + "properties" : + { "algorithm" : + { "title" : "Hash algorithm", + "description" : "The digest method by which a hash is derived.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, + "value" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "value", + "algorithm" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-metadata:remarks" : + { "title" : "Remarks", + "description" : "Additional commentary about the containing object.", + "$id" : "#field_oscal-metadata_remarks", + "type" : "string" }, + "oscal-ssp-oscal-metadata:published" : + { "title" : "Publication Timestamp", + "description" : "The date and time the document was last made available.", + "$id" : "#field_oscal-metadata_published", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-ssp-oscal-metadata:last-modified" : + { "title" : "Last Modified Timestamp", + "description" : "The date and time the document was last stored for later retrieval.", + "$id" : "#field_oscal-metadata_last-modified", + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, + "oscal-ssp-oscal-metadata:version" : + { "title" : "Document Version", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", + "$id" : "#field_oscal-metadata_version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ssp-oscal-metadata:oscal-version" : + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", + "$id" : "#field_oscal-metadata_oscal-version", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ssp-oscal-metadata:email-address" : + { "title" : "Email Address", + "description" : "An email address as defined by RFC 5322 Section 3.4.1.", + "$id" : "#field_oscal-metadata_email-address", + "$ref" : "#/definitions/EmailAddressDatatype" }, + "oscal-ssp-oscal-metadata:telephone-number" : + { "title" : "Telephone Number", + "description" : "A telephone service number as defined by ITU-T E.164.", + "$id" : "#field_oscal-metadata_telephone-number", + "type" : "object", + "properties" : + { "type" : + { "title" : "type flag", + "description" : "Indicates the type of phone number.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, + "number" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "number" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-metadata:address" : + { "title" : "Address", + "description" : "A postal address for the location.", + "$id" : "#assembly_oscal-metadata_address", + "type" : "object", + "properties" : + { "type" : + { "title" : "Address Type", + "description" : "Indicates the type of address.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, + "addr-lines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_addr-line" } }, + "city" : + { "title" : "City", + "description" : "City, town or geographical region for the mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "state" : + { "title" : "State", + "description" : "State, province or analogous geographical region for a mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "postal-code" : + { "title" : "Postal Code", + "description" : "Postal or ZIP code for mailing address.", + "$ref" : "#/definitions/StringDatatype" }, + "country" : + { "title" : "Country Code", + "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", + "$ref" : "#/definitions/StringDatatype" } }, + "additionalProperties" : false }, + "oscal-ssp-oscal-metadata:addr-line" : + { "title" : "Address line", + "description" : "A single line of an address.", + "$id" : "#field_oscal-metadata_addr-line", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ssp-oscal-metadata:document-id" : + { "title" : "Document Identifier", + "description" : "A document identifier qualified by an identifier scheme.", + "$id" : "#field_oscal-metadata_document-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "Document Identification Scheme", + "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, + "identifier" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "identifier" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-implementation-common:system-component" : + { "title" : "Component", + "description" : "A defined component that can be part of an implemented system.", + "$id" : "#assembly_oscal-implementation-common_system-component", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Component Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Component Type", + "description" : "A category describing the purpose of the component.", + "anyOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "this-system", + "system", + "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation", + "network" ] } ] }, + "title" : + { "title" : "Component Title", + "description" : "A human readable name for the system component.", + "type" : "string" }, + "description" : + { "title" : "Component Description", + "description" : "A description of the component, including information about its function.", + "type" : "string" }, + "purpose" : + { "title" : "Purpose", + "description" : "A summary of the technological or business purpose of the component.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "status" : + { "title" : "Status", + "description" : "Describes the operational status of the system component.", + "type" : "object", + "properties" : + { "state" : + { "title" : "State", + "description" : "The operational status.", "allOf" : [ - { "$ref" : "#/definitions/IntegerDatatype" }, - - { "type" : "number", - "minimum" : 0 } ] }, - "StringDatatype" : - { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, - "TokenDatatype" : - { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, - "URIDatatype" : - { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, - "URIReferenceDatatype" : - { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", - "type" : "string", - "format" : "uri-reference" }, - "UUIDDatatype" : - { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "under-development", + "operational", + "disposition", + "other" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "responsible-roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-role" } }, + "protocols" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_protocol" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type", + "title", + "description", + "status" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-implementation-common:protocol" : + { "title" : "Service Protocol Information", + "description" : "Information about the protocol used to provide a service.", + "$id" : "#assembly_oscal-implementation-common_protocol", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Service Protocol Information Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "name" : + { "title" : "Protocol Name", + "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", + "$ref" : "#/definitions/StringDatatype" }, + "title" : + { "title" : "Protocol Title", + "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", + "type" : "string" }, + "port-ranges" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_port-range" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-implementation-common:port-range" : + { "title" : "Port Range", + "description" : "Where applicable this is the IPv4 port range on which the service operates.", + "$id" : "#assembly_oscal-implementation-common_port-range", + "type" : "object", "properties" : - { "$schema" : - { "$ref" : "#json-schema-directive" }, - "system-security-plan" : - { "$ref" : "#assembly_oscal-ssp_system-security-plan" } }, + { "start" : + { "title" : "Start", + "description" : "Indicates the starting port number in a port range", + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, + "end" : + { "title" : "End", + "description" : "Indicates the ending port number in a port range", + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, + "transport" : + { "title" : "Transport", + "description" : "Indicates the transport type.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "TCP", + "UDP" ] } ] } }, + "additionalProperties" : false }, + "oscal-ssp-oscal-implementation-common:implementation-status" : + { "title" : "Implementation Status", + "description" : "Indicates the degree to which the a given control is implemented.", + "$id" : "#assembly_oscal-implementation-common_implementation-status", + "type" : "object", + "properties" : + { "state" : + { "title" : "Implementation State", + "description" : "Identifies the implementation status of the control or control objective.", + "anyOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "implemented", + "partial", + "planned", + "alternative", + "not-applicable" ] } ] }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "state" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-implementation-common:system-user" : + { "title" : "System User", + "description" : "A type of user that interacts with the system based on an associated role.", + "$id" : "#assembly_oscal-implementation-common_system-user", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "User Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "User Title", + "description" : "A name given to the user, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "User Short Name", + "description" : "A short common name, abbreviation, or acronym for the user.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "User Description", + "description" : "A summary of the user's purpose within the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "role-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_role-id" } }, + "authorized-privileges" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-implementation-common_authorized-privilege" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-implementation-common:authorized-privilege" : + { "title" : "Privilege", + "description" : "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", + "$id" : "#assembly_oscal-implementation-common_authorized-privilege", + "type" : "object", + "properties" : + { "title" : + { "title" : "Privilege Title", + "description" : "A human readable name for the privilege.", + "type" : "string" }, + "description" : + { "title" : "Privilege Description", + "description" : "A summary of the privilege's purpose within the system.", + "type" : "string" }, + "functions-performed" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-implementation-common_function-performed" } } }, + "required" : + [ "title", + "functions-performed" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-implementation-common:function-performed" : + { "title" : "Functions Performed", + "description" : "Describes a function performed for a given authorized privilege by this user class.", + "$id" : "#field_oscal-implementation-common_function-performed", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ssp-oscal-implementation-common:inventory-item" : + { "title" : "Inventory Item", + "description" : "A single managed inventory item within the system.", + "$id" : "#assembly_oscal-implementation-common_inventory-item", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Inventory Item Universally Unique Identifier", + "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "$ref" : "#/definitions/UUIDDatatype" }, + "description" : + { "title" : "Inventory Item Description", + "description" : "A summary of the inventory item stating its purpose within the system.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "implemented-components" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Implemented Component", + "description" : "The set of components that are implemented in a given system inventory item.", + "type" : "object", + "properties" : + { "component-uuid" : + { "title" : "Component Universally Unique Identifier Reference", + "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", + "$ref" : "#/definitions/UUIDDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "responsible-parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_responsible-party" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "component-uuid" ], + "additionalProperties" : false } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "description" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-implementation-common:set-parameter" : + { "title" : "Set Parameter Value", + "description" : "Identifies the parameter that will be set by the enclosed value.", + "$id" : "#assembly_oscal-implementation-common_set-parameter", + "type" : "object", + "properties" : + { "param-id" : + { "title" : "Parameter ID", + "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", + "$ref" : "#/definitions/TokenDatatype" }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$ref" : "#/definitions/StringDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "param-id", + "values" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-implementation-common:system-id" : + { "title" : "System Identification", + "description" : "A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.", + "$id" : "#field_oscal-implementation-common_system-id", + "type" : "object", + "properties" : + { "identifier-type" : + { "title" : "Identification System Type", + "description" : "Identifies the identification system from which the provided identifier was assigned.", + "anyOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "https://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "https://ietf.org/rfc/rfc4122", + "http://ietf.org/rfc/rfc4122" ] } ] }, + "id" : + { "$ref" : "#/definitions/StringDatatype" } }, + "required" : + [ "id" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-control-common:part" : + { "title" : "Part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", + "type" : "object", + "properties" : + { "id" : + { "title" : "Part Identifier", + "description" : "A unique identifier for the part.", + "$ref" : "#/definitions/TokenDatatype" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", + "$ref" : "#/definitions/TokenDatatype" }, + "ns" : + { "title" : "Part Namespace", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "$ref" : "#/definitions/URIDatatype" }, + "class" : + { "title" : "Part Class", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Part Title", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-control-common:parameter" : + { "title" : "Parameter", + "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", + "$id" : "#assembly_oscal-control-common_parameter", + "type" : "object", + "properties" : + { "id" : + { "title" : "Parameter Identifier", + "description" : "A unique identifier for the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "class" : + { "title" : "Parameter Class", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", + "$ref" : "#/definitions/TokenDatatype" }, + "depends-on" : + { "title" : "Depends on", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", + "$ref" : "#/definitions/TokenDatatype" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "label" : + { "title" : "Parameter Label", + "description" : "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.", + "type" : "string" }, + "usage" : + { "title" : "Parameter Usage Description", + "description" : "Describes the purpose and use of a parameter.", + "type" : "string" }, + "constraints" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, + "guidelines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-control-common_parameter-value" } }, + "select" : + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : - [ "system-security-plan" ], - "additionalProperties" : false } \ No newline at end of file + [ "id" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-control-common:parameter-constraint" : + { "title" : "Constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", + "type" : "object", + "properties" : + { "description" : + { "title" : "Constraint Description", + "description" : "A textual summary of the constraint to be applied.", + "type" : "string" }, + "tests" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Constraint Test", + "description" : "A test expression which is expected to be evaluated by a tool.", + "type" : "object", + "properties" : + { "expression" : + { "title" : "Constraint test", + "description" : "A formal (executable) expression of a constraint.", + "$ref" : "#/definitions/StringDatatype" }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "expression" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "oscal-ssp-oscal-control-common:parameter-guideline" : + { "title" : "Guideline", + "description" : "A prose statement that provides a recommendation for the use of a parameter.", + "$id" : "#assembly_oscal-control-common_parameter-guideline", + "type" : "object", + "properties" : + { "prose" : + { "title" : "Guideline Text", + "description" : "Prose permits multiple paragraphs, lists, tables etc.", + "type" : "string" } }, + "required" : + [ "prose" ], + "additionalProperties" : false }, + "oscal-ssp-oscal-control-common:parameter-value" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$id" : "#field_oscal-control-common_parameter-value", + "$ref" : "#/definitions/StringDatatype" }, + "oscal-ssp-oscal-control-common:parameter-selection" : + { "title" : "Selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", + "type" : "object", + "properties" : + { "how-many" : + { "title" : "Parameter Cardinality", + "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, + "choice" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Choice", + "description" : "A value selection among several such options.", + "type" : "string" } } }, + "additionalProperties" : false }, + "oscal-ssp-oscal-control-common:include-all" : + { "title" : "Include All", + "description" : "Include all controls from the imported catalog or profile resources.", + "$id" : "#assembly_oscal-control-common_include-all", + "type" : "object", + "additionalProperties" : false }, + "Base64Datatype" : + { "description" : "Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.", + "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "DateDatatype" : + { "description" : "A string representing a 24-hour period with an optional timezone.", + "type" : "string", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))(Z|[+-][0-9]{2}:[0-9]{2})?$" }, + "DateTimeWithTimezoneDatatype" : + { "description" : "A string representing a point in time with a required timezone.", + "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "description" : "An email address string formatted according to RFC 6531.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "IntegerDatatype" : + { "description" : "A whole number value.", + "type" : "integer" }, + "NonNegativeIntegerDatatype" : + { "description" : "An integer value that is equal to or greater than 0.", + "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 0 } ] }, + "StringDatatype" : + { "description" : "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+", + "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "description" : "A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.", + "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "description" : "A universal resource identifier (URI) formatted according to RFC3986.", + "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "description" : "A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.", + "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "properties" : + { "$schema" : + { "$ref" : "#json-schema-directive" }, + "system-security-plan" : + { "$ref" : "#assembly_oscal-ssp_system-security-plan" } }, + "required" : + [ "system-security-plan" ], + "additionalProperties" : false } \ No newline at end of file diff --git a/xml/convert/oscal_assessment-plan_json-to-xml-converter.xsl b/xml/convert/oscal_assessment-plan_json-to-xml-converter.xsl index 67dbacb47b..2de90331fa 100644 --- a/xml/convert/oscal_assessment-plan_json-to-xml-converter.xsl +++ b/xml/convert/oscal_assessment-plan_json-to-xml-converter.xsl @@ -1,12 +1,12 @@ + xmlns:j="http://www.w3.org/2005/xpath-functions" + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + version="3.0" + exclude-result-prefixes="#all"> @@ -31,7 +31,7 @@ + select="unparsed-text($file) ! json-to-xml(.)"> {{ $err:description }} @@ -130,6 +130,7 @@ + @@ -142,6 +143,7 @@ + @@ -152,64 +154,32 @@ + - - - - - - - - - - - - - - + - - - - - - - - + + + + - + - - + + + - - - - - - - - - - - - - - - - - - - + + @@ -369,8 +339,8 @@ + key="reviewed-controls" + gi="reviewed-controls"> reviewed-controls @@ -386,9 +356,9 @@ + name="include-all" + key="include-all" + gi="include-all"> include-all @@ -398,8 +368,8 @@ + name="select-objective-by-id" + gi="include-objective"> @@ -407,8 +377,8 @@ + name="select-objective-by-id" + gi="exclude-objective"> @@ -416,8 +386,8 @@ + key="related-controls" + gi="related-controls"> related-controls @@ -469,8 +439,8 @@ + key="assessment-assets" + gi="assessment-assets"> assessment-assets @@ -525,12 +495,12 @@ + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks @@ -538,8 +508,8 @@ + mode="get-value-property" + priority="8"> @@ -548,16 +518,16 @@ + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> @@ -566,16 +536,16 @@ + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> @@ -584,16 +554,16 @@ + as-type="token" + name="role-id" + gi="role-id" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> @@ -602,16 +572,16 @@ + as-type="string" + name="function-performed" + gi="function-performed" + in-json="SCALAR"> + mode="get-value-property" + priority="9"> @@ -631,797 +601,890 @@ + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="3"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> - + + mode="keep-value-property" + priority="8"> + as-type="string" + name="value" + key="value" + gi="value"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="8"> + + + + + + + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="8"> + + + + + + + priority="6"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> - + mode="keep-value-property" + priority="6"> + - - + + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="token" + name="location-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="7"> + priority="8"> + as-type="string" + name="type" + key="type" + gi="type"> - + mode="keep-value-property" + priority="8"> + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - - + + + as-type="string" + name="type" + key="type" + gi="type"> - + + priority="8"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="6"> + + + + + + + + + + + + + + + + + + + + + + + + + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="4"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + as-type="string" + name="system-component-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="6"> + priority="7"> + as-type="token" + name="state" + key="state" + gi="state"> + mode="keep-value-property" + priority="7"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="string" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="nonNegativeInteger" + name="start" + key="start" + gi="start"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="nonNegativeInteger" + name="end" + key="end" + gi="end"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="token" + name="transport" + key="transport" + gi="transport"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + mode="keep-value-property" + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + mode="keep-value-property" + priority="6"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="8"> - + + mode="keep-value-property" + priority="8"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + mode="keep-value-property" + priority="14"> + as-type="token" + name="objective-id" + key="objective-id" + gi="objective-id"> + mode="keep-value-property" + priority="14"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="6"> - + + mode="keep-value-property" + priority="6"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="6"> + priority="1"> + as-type="token" + name="type" + key="type" + gi="type"> + mode="keep-value-property" + priority="5"> + as-type="uuid" + name="subject-uuid" + key="subject-uuid" + gi="subject-uuid"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="subject-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="8"> + priority="6"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + mode="keep-value-property" + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="5"> + as-type="token" + name="type" + key="type" + gi="type"> + mode="keep-value-property" + priority="5"> + priority="8"> + as-type="dateTime-with-timezone" + name="date" + key="date" + gi="date"> + mode="keep-value-property" + priority="8"> + priority="8"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start"> + mode="keep-value-property" + priority="8"> + priority="8"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end"> + mode="keep-value-property" + priority="8"> + priority="8"> + as-type="positiveInteger" + name="period" + key="period" + gi="period"> + mode="keep-value-property" + priority="8"> + priority="8"> + as-type="string" + name="unit" + key="unit" + gi="unit"> + mode="keep-value-property" + priority="8"> + priority="7"> + as-type="uuid" + name="task-uuid" + key="task-uuid" + gi="task-uuid"> + mode="keep-value-property" + priority="7"> + priority="7"> + as-type="uuid" + name="activity-uuid" + key="activity-uuid" + gi="activity-uuid"> + mode="keep-value-property" + priority="7"> + priority="6"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="8"> + priority="3"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> + mode="keep-value-property" + priority="10"> + priority="7"> + as-type="token" + name="filename" + key="filename" + gi="filename"> + mode="keep-value-property" + priority="7"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="7"> + priority="4"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1429,22 +1492,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1452,22 +1515,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1475,22 +1538,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1498,22 +1561,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1521,14 +1584,14 @@ + mode="get-value-property" + priority="4"> + priority="5"> @@ -1543,14 +1606,14 @@ + priority="4"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -1558,15 +1621,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1574,22 +1637,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1597,22 +1660,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1620,22 +1683,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1643,22 +1706,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1666,22 +1729,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1689,41 +1752,41 @@ + mode="get-value-property" + priority="8"> + priority="5"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1731,22 +1794,36 @@ + mode="get-value-property" + priority="6"> + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1754,22 +1831,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1777,23 +1854,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -1801,22 +1878,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1824,22 +1901,38 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1847,14 +1940,14 @@ + mode="get-value-property" + priority="6"> + priority="6"> @@ -1870,34 +1963,34 @@ + priority="8"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> + priority="7"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -1905,22 +1998,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -1928,22 +2021,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -1951,22 +2044,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -1974,79 +2067,80 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="7"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2054,22 +2148,42 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + + + + + priority="6"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -2077,22 +2191,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -2100,41 +2214,41 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="external-id" + gi="external-id"> + mode="get-value-property"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2142,52 +2256,52 @@ + mode="get-value-property" + priority="8"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="8"> @@ -2200,34 +2314,34 @@ + priority="10"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="9"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -2235,22 +2349,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -2258,22 +2372,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -2281,22 +2395,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -2304,41 +2418,41 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2346,19 +2460,65 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + priority="3"> + key="local-definitions" + gi="local-definitions"> local-definitions @@ -2371,15 +2531,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2387,23 +2547,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2411,22 +2571,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -2434,22 +2594,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2457,14 +2617,14 @@ + mode="get-value-property" + priority="8"> + priority="6"> @@ -2476,15 +2636,15 @@ + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2492,22 +2652,22 @@ + mode="get-value-property" + priority="10"> + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2515,23 +2675,23 @@ + mode="get-value-property" + priority="8"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2539,22 +2699,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2562,22 +2722,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2585,14 +2745,14 @@ + mode="get-value-property" + priority="10"> + priority="7"> @@ -2604,15 +2764,15 @@ + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2620,22 +2780,22 @@ + mode="get-value-property" + priority="10"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2643,22 +2803,22 @@ + mode="get-value-property" + priority="12"> + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2666,22 +2826,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -2689,23 +2849,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2713,22 +2873,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2736,22 +2896,22 @@ + mode="get-value-property" + priority="8"> + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2759,23 +2919,23 @@ + mode="get-value-property" + priority="8"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2783,23 +2943,23 @@ + mode="get-value-property" + priority="8"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2807,22 +2967,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2830,22 +2990,22 @@ + mode="get-value-property" + priority="8"> + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2853,46 +3013,46 @@ + mode="get-value-property" + priority="8"> + match="j:map[@key='assessment-plan']/j:map[@key='local-definitions']/j:array[@key='objectives-and-methods']/j:map//j:array[@key='parts']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose" + _metaschema-json-id="/assembly/oscal-control-common/part/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE" + in-json="string"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2900,22 +3060,22 @@ + mode="get-value-property" + priority="10"> + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2923,23 +3083,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2947,22 +3107,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2970,14 +3130,14 @@ + mode="get-value-property" + priority="8"> + priority="7"> @@ -2992,15 +3152,15 @@ + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3008,23 +3168,23 @@ + mode="get-value-property" + priority="8"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3032,22 +3192,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3055,23 +3215,23 @@ + mode="get-value-property" + priority="10"> + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3079,22 +3239,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3102,14 +3262,14 @@ + mode="get-value-property" + priority="11"> + priority="10"> @@ -3123,16 +3283,16 @@ + priority="11"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3140,22 +3300,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3163,14 +3323,14 @@ + mode="get-value-property" + priority="13"> + priority="13"> @@ -3179,26 +3339,26 @@ + priority="15"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + mode="get-value-property" + priority="15"> + priority="12"> @@ -3207,26 +3367,26 @@ + priority="14"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + mode="get-value-property" + priority="14"> + priority="10"> @@ -3240,16 +3400,16 @@ + priority="11"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3257,22 +3417,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3280,22 +3440,22 @@ + mode="get-value-property" + priority="13"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3303,23 +3463,23 @@ + mode="get-value-property" + priority="12"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3327,22 +3487,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3350,14 +3510,14 @@ + mode="get-value-property" + priority="9"> + priority="8"> @@ -3371,16 +3531,16 @@ + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3388,22 +3548,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3411,14 +3571,14 @@ + mode="get-value-property" + priority="11"> + priority="11"> @@ -3427,26 +3587,26 @@ + priority="13"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + mode="get-value-property" + priority="13"> + priority="10"> @@ -3455,26 +3615,26 @@ + priority="12"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + mode="get-value-property" + priority="12"> + priority="8"> @@ -3488,16 +3648,16 @@ + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3505,22 +3665,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3528,22 +3688,22 @@ + mode="get-value-property" + priority="11"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3551,19 +3711,19 @@ + mode="get-value-property" + priority="10"> + priority="3"> + key="terms-and-conditions" + gi="terms-and-conditions"> terms-and-conditions @@ -3571,15 +3731,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3587,46 +3747,46 @@ + mode="get-value-property" + priority="6"> + match="j:map[@key='assessment-plan']/j:map[@key='terms-and-conditions']//j:array[@key='parts']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-assessment-common/assessment-part/prose" + _metaschema-json-id="/assembly/oscal-assessment-common/assessment-part/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-assessment-common/assessment-part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-assessment-common/assessment-part/prose/PROSE" + in-json="string"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3634,23 +3794,23 @@ + mode="get-value-property" + priority="8"> + priority="4"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3658,22 +3818,22 @@ + mode="get-value-property" + priority="4"> + priority="6"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3681,14 +3841,14 @@ + mode="get-value-property" + priority="6"> + priority="5"> @@ -3702,16 +3862,16 @@ + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3719,22 +3879,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3742,14 +3902,14 @@ + mode="get-value-property" + priority="8"> + priority="8"> @@ -3758,26 +3918,26 @@ + priority="10"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="7"> @@ -3786,26 +3946,26 @@ + priority="9"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + mode="get-value-property" + priority="9"> + priority="5"> @@ -3819,16 +3979,16 @@ + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3836,22 +3996,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3859,23 +4019,23 @@ + mode="get-value-property" + priority="8"> + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3883,22 +4043,22 @@ + mode="get-value-property" + priority="5"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3906,22 +4066,22 @@ + mode="get-value-property" + priority="7"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3929,22 +4089,22 @@ + mode="get-value-property" + priority="10"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3952,22 +4112,22 @@ + mode="get-value-property" + priority="9"> + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3975,23 +4135,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3999,22 +4159,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -4022,22 +4182,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4045,14 +4205,14 @@ + mode="get-value-property" + priority="8"> + priority="6"> @@ -4064,15 +4224,15 @@ + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4080,22 +4240,22 @@ + mode="get-value-property" + priority="10"> + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4103,14 +4263,14 @@ + mode="get-value-property" + priority="8"> + priority="5"> @@ -4123,15 +4283,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4139,22 +4299,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4162,14 +4322,14 @@ + mode="get-value-property" + priority="8"> + priority="7"> @@ -4181,15 +4341,15 @@ + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4197,22 +4357,22 @@ + mode="get-value-property" + priority="10"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4220,22 +4380,22 @@ + mode="get-value-property" + priority="12"> + priority="5"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4243,23 +4403,23 @@ + mode="get-value-property" + priority="5"> + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4267,22 +4427,22 @@ + mode="get-value-property" + priority="5"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4290,14 +4450,14 @@ + mode="get-value-property" + priority="7"> + priority="5"> @@ -4310,7 +4470,7 @@ + priority="7"> @@ -4321,13 +4481,13 @@ + priority="7"> + name="within-date-range" + key="within-date-range" + gi="within-date-range"> within-date-range @@ -4336,13 +4496,13 @@ + priority="7"> + name="at-frequency" + key="at-frequency" + gi="at-frequency"> at-frequency @@ -4351,7 +4511,7 @@ + priority="6"> @@ -4360,7 +4520,7 @@ + priority="6"> @@ -4373,15 +4533,15 @@ + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4389,22 +4549,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4412,23 +4572,23 @@ + mode="get-value-property" + priority="11"> + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4436,22 +4596,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4459,22 +4619,22 @@ + mode="get-value-property" + priority="11"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4482,22 +4642,22 @@ + mode="get-value-property" + priority="14"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4505,23 +4665,23 @@ + mode="get-value-property" + priority="13"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4529,22 +4689,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4552,22 +4712,22 @@ + mode="get-value-property" + priority="9"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4575,22 +4735,22 @@ + mode="get-value-property" + priority="12"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4598,22 +4758,22 @@ + mode="get-value-property" + priority="11"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4621,14 +4781,14 @@ + mode="get-value-property" + priority="9"> + priority="5"> @@ -4644,15 +4804,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4660,23 +4820,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4684,33 +4844,33 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> @@ -4723,15 +4883,15 @@ + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4739,22 +4899,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4762,14 +4922,14 @@ + mode="get-value-property" + priority="9"> + priority="7"> @@ -4779,14 +4939,14 @@ + priority="6"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -4797,7 +4957,7 @@ + mode="get-value-property"> @@ -4811,8 +4971,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-line')]"> @@ -4822,8 +4982,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-multiline')]"> @@ -4852,15 +5012,15 @@ + group-starting-with=".[matches(., '^```')]"> + select="not((position() mod 2) + number($starts-with-code))"/>

+ expand-text="true" + select="(replace(.,'^```','') ! normalize-space(.))[matches(.,'\S')]"/> @@ -4891,9 +5051,9 @@ + priority="1" + match="p[exists(@code)]" + expand-text="true">

          
             language-{.}
@@ -4931,8 +5091,8 @@
       
    
    
+                  priority="5"
+                  mode="make-row"/>
    
       
          
@@ -4943,7 +5103,7 @@
       
    
    
+                  mode="make-row">
       
          
             
@@ -4962,9 +5122,9 @@
    
       
          
+                              select="tokenize(., '\n')">
             
  • + type="{ if (matches(.,'\s*\d')) then 'ol' else 'ul' }">
    @@ -4978,7 +5138,7 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -4992,9 +5152,9 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + group-starting-with="li[(@level = $level) or not(@type = preceding-sibling::*[1]/@type)]">
  • @@ -5173,40 +5333,40 @@ { insertion } + elements="s:*"/> + elements="s:flag s:value"/> + name="write-xml"/> + match="s:*[exists(@gi)]" + mode="write-xml"> + match="s:value[@as-type=('markup-line','markup-multiline')]" + mode="write-xml"> + match="p | ul | ol | pre | h1 | h2 | h3 | h4 | h5 | h6 | table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="s:flag" + mode="write-xml"> + match="*" + mode="cast-prose"> diff --git a/xml/convert/oscal_assessment-results_json-to-xml-converter.xsl b/xml/convert/oscal_assessment-results_json-to-xml-converter.xsl index 0e2925a277..e680ab39b4 100644 --- a/xml/convert/oscal_assessment-results_json-to-xml-converter.xsl +++ b/xml/convert/oscal_assessment-results_json-to-xml-converter.xsl @@ -1,12 +1,12 @@ + xmlns:j="http://www.w3.org/2005/xpath-functions" + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + version="3.0" + exclude-result-prefixes="#all"> @@ -31,7 +31,7 @@ + select="unparsed-text($file) ! json-to-xml(.)"> {{ $err:description }} @@ -92,8 +92,8 @@ + key="assessment-results" + gi="assessment-results"> assessment-results @@ -128,6 +128,7 @@ + @@ -140,6 +141,7 @@ + @@ -150,64 +152,32 @@ + - - - - - - - - - - - - - - + - - - - - - - - + + + + - + - - + + + - - - - - - - - - - - - - - - - - - - + + @@ -283,8 +253,8 @@ + key="reviewed-controls" + gi="reviewed-controls"> reviewed-controls @@ -300,9 +270,9 @@ + name="include-all" + key="include-all" + gi="include-all"> include-all @@ -312,8 +282,8 @@ + name="select-objective-by-id" + gi="include-objective"> @@ -321,8 +291,8 @@ + name="select-objective-by-id" + gi="exclude-objective"> @@ -341,8 +311,8 @@ + key="related-controls" + gi="related-controls"> related-controls @@ -452,8 +422,8 @@ + key="assessment-assets" + gi="assessment-assets"> assessment-assets @@ -669,8 +639,8 @@ + key="implementation-status" + gi="implementation-status"> implementation-status @@ -692,12 +662,12 @@ + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks @@ -705,8 +675,8 @@ + mode="get-value-property" + priority="8"> @@ -715,16 +685,16 @@ + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> @@ -733,16 +703,16 @@ + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> @@ -751,16 +721,16 @@ + as-type="token" + name="role-id" + gi="role-id" + in-json="SCALAR"> + mode="get-value-property" + priority="9"> @@ -769,16 +739,16 @@ + as-type="string" + name="function-performed" + gi="function-performed" + in-json="SCALAR"> + mode="get-value-property" + priority="11"> @@ -787,11 +757,11 @@ + as-type="token" + name="risk-status" + key="status" + gi="status" + in-json="SCALAR"> status @@ -799,8 +769,8 @@ + mode="get-value-property" + priority="7"> @@ -824,11 +794,11 @@ + as-type="token" + name="risk-status" + key="status-change" + gi="status-change" + in-json="SCALAR"> status-change @@ -836,8 +806,8 @@ + mode="get-value-property" + priority="10"> @@ -857,1248 +827,1341 @@ + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="3"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> - + + mode="keep-value-property" + priority="8"> + as-type="string" + name="value" + key="value" + gi="value"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="8"> + + + + + + + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="8"> + + + + + + + priority="6"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> - + mode="keep-value-property" + priority="6"> + - - + + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="token" + name="location-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="7"> + priority="8"> + as-type="string" + name="type" + key="type" + gi="type"> - + mode="keep-value-property" + priority="8"> + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - - + + + as-type="string" + name="type" + key="type" + gi="type"> - + + priority="8"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="6"> + + + + + + + + + + + + + + + + + + + + + + + + + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="4"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + mode="keep-value-property" + priority="6"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="8"> - + + mode="keep-value-property" + priority="8"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + mode="keep-value-property" + priority="14"> + as-type="token" + name="objective-id" + key="objective-id" + gi="objective-id"> + mode="keep-value-property" + priority="14"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="system-component-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="8"> + priority="9"> + as-type="token" + name="state" + key="state" + gi="state"> + mode="keep-value-property" + priority="9"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="string" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="nonNegativeInteger" + name="start" + key="start" + gi="start"> + mode="keep-value-property" + priority="12"> + priority="1"> + as-type="nonNegativeInteger" + name="end" + key="end" + gi="end"> + mode="keep-value-property" + priority="12"> + priority="1"> + as-type="token" + name="transport" + key="transport" + gi="transport"> + mode="keep-value-property" + priority="12"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + priority="10"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + mode="keep-value-property" + priority="10"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + priority="9"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="9"> + priority="11"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + mode="keep-value-property" + priority="11"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="token" + name="type" + key="type" + gi="type"> + mode="keep-value-property" + priority="8"> + priority="11"> + as-type="dateTime-with-timezone" + name="date" + key="date" + gi="date"> + mode="keep-value-property" + priority="11"> + priority="11"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start"> + mode="keep-value-property" + priority="11"> + priority="11"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end"> + mode="keep-value-property" + priority="11"> + priority="11"> + as-type="positiveInteger" + name="period" + key="period" + gi="period"> + mode="keep-value-property" + priority="11"> + priority="11"> + as-type="string" + name="unit" + key="unit" + gi="unit"> + mode="keep-value-property" + priority="11"> + priority="10"> + as-type="uuid" + name="task-uuid" + key="task-uuid" + gi="task-uuid"> + mode="keep-value-property" + priority="10"> + priority="10"> + as-type="uuid" + name="activity-uuid" + key="activity-uuid" + gi="activity-uuid"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="token" + name="type" + key="type" + gi="type"> + mode="keep-value-property" + priority="12"> + as-type="uuid" + name="subject-uuid" + key="subject-uuid" + gi="subject-uuid"> + mode="keep-value-property" + priority="15"> + as-type="token" + name="subject-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="15"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="9"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="9"> - + + mode="keep-value-property" + priority="9"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="9"> + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="uuid" + name="party-uuid" + key="party-uuid" + gi="party-uuid"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="uuid" + name="task-uuid" + key="task-uuid" + gi="task-uuid"> + mode="keep-value-property" + priority="10"> + priority="11"> + as-type="uuid" + name="subject-placeholder-uuid" + key="subject-placeholder-uuid" + gi="subject-placeholder-uuid"> + mode="keep-value-property" + priority="11"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="7"> + as-type="token" + name="type" + key="type" + gi="type"> + mode="keep-value-property" + priority="11"> + priority="1"> + as-type="uuid" + name="actor-uuid" + key="actor-uuid" + gi="actor-uuid"> + mode="keep-value-property" + priority="11"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="11"> + as-type="uuid" + name="subject-uuid" + key="subject-uuid" + gi="subject-uuid"> + mode="keep-value-property" + priority="9"> + as-type="token" + name="subject-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="9"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="7"> + priority="1"> + as-type="uri" + name="system" + key="system" + gi="system"> + mode="keep-value-property" + priority="9"> + priority="1"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="9"> + priority="11"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="11"> + priority="11"> + as-type="uri" + name="system" + key="system" + gi="system"> + mode="keep-value-property" + priority="11"> + priority="11"> + as-type="string" + name="value" + key="value" + gi="value"> + mode="keep-value-property" + priority="11"> + priority="9"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="uuid" + name="implementation-uuid" + key="implementation-uuid" + gi="implementation-uuid"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="token" + name="lifecycle" + key="lifecycle" + gi="lifecycle"> + mode="keep-value-property" + priority="9"> + priority="11"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="11"> + priority="10"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="10"> + priority="12"> + as-type="uuid" + name="response-uuid" + key="response-uuid" + gi="response-uuid"> + mode="keep-value-property" + priority="12"> + priority="9"> + as-type="uuid" + name="observation-uuid" + key="observation-uuid" + gi="observation-uuid"> + mode="keep-value-property" + priority="9"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="7"> + as-type="string" + name="type" + key="type" + gi="type"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="target-id" + key="target-id" + gi="target-id"> + mode="keep-value-property" + priority="8"> + priority="9"> + as-type="token" + name="state" + key="state" + gi="state"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="token" + name="reason" + key="reason" + gi="reason"> + mode="keep-value-property" + priority="9"> + priority="1"> + as-type="token" + name="state" + key="state" + gi="state"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="uuid" + name="observation-uuid" + key="observation-uuid" + gi="observation-uuid"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="uuid" + name="risk-uuid" + key="risk-uuid" + gi="risk-uuid"> + mode="keep-value-property" + priority="9"> + priority="6"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="8"> + priority="3"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> + mode="keep-value-property" + priority="10"> + priority="7"> + as-type="token" + name="filename" + key="filename" + gi="filename"> + mode="keep-value-property" + priority="7"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="7"> + priority="4"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2106,22 +2169,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -2129,22 +2192,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -2152,22 +2215,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -2175,22 +2238,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -2198,14 +2261,14 @@ + mode="get-value-property" + priority="4"> + priority="5"> @@ -2220,14 +2283,14 @@ + priority="4"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -2235,15 +2298,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2251,22 +2314,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -2274,22 +2337,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -2297,22 +2360,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -2320,22 +2383,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -2343,22 +2406,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2366,41 +2429,41 @@ + mode="get-value-property" + priority="8"> + priority="5"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2408,22 +2471,36 @@ + mode="get-value-property" + priority="6"> + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2431,22 +2508,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -2454,23 +2531,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2478,22 +2555,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2501,22 +2578,38 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2524,14 +2617,14 @@ + mode="get-value-property" + priority="6"> + priority="6"> @@ -2547,34 +2640,34 @@ + priority="8"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> + priority="7"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -2582,22 +2675,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -2605,22 +2698,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -2628,22 +2721,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -2651,79 +2744,80 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="7"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2731,22 +2825,42 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + + + + + priority="6"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -2754,22 +2868,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -2777,41 +2891,41 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="external-id" + gi="external-id"> + mode="get-value-property"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2819,52 +2933,52 @@ + mode="get-value-property" + priority="8"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="8"> @@ -2877,34 +2991,34 @@ + priority="10"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="9"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -2912,22 +3026,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -2935,22 +3049,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -2958,22 +3072,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -2981,41 +3095,41 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3023,19 +3137,65 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + priority="3"> + key="local-definitions" + gi="local-definitions"> local-definitions @@ -3045,16 +3205,16 @@ + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3062,22 +3222,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3085,22 +3245,22 @@ + mode="get-value-property" + priority="8"> + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3108,46 +3268,46 @@ + mode="get-value-property" + priority="8"> + match="j:map[@key='assessment-results']/j:map[@key='local-definitions']/j:array[@key='objectives-and-methods']/j:map//j:array[@key='parts']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose" + _metaschema-json-id="/assembly/oscal-control-common/part/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE" + in-json="string"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3155,22 +3315,22 @@ + mode="get-value-property" + priority="10"> + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3178,23 +3338,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3202,22 +3362,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3225,14 +3385,14 @@ + mode="get-value-property" + priority="8"> + priority="7"> @@ -3247,15 +3407,15 @@ + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3263,23 +3423,23 @@ + mode="get-value-property" + priority="8"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3287,22 +3447,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3310,23 +3470,23 @@ + mode="get-value-property" + priority="10"> + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3334,22 +3494,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3357,14 +3517,14 @@ + mode="get-value-property" + priority="11"> + priority="10"> @@ -3378,16 +3538,16 @@ + priority="11"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3395,22 +3555,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3418,14 +3578,14 @@ + mode="get-value-property" + priority="13"> + priority="13"> @@ -3434,26 +3594,26 @@ + priority="15"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + mode="get-value-property" + priority="15"> + priority="12"> @@ -3462,26 +3622,26 @@ + priority="14"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + mode="get-value-property" + priority="14"> + priority="10"> @@ -3495,16 +3655,16 @@ + priority="11"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3512,22 +3672,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3535,22 +3695,22 @@ + mode="get-value-property" + priority="13"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3558,23 +3718,23 @@ + mode="get-value-property" + priority="12"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3582,22 +3742,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3605,14 +3765,14 @@ + mode="get-value-property" + priority="9"> + priority="8"> @@ -3626,16 +3786,16 @@ + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3643,22 +3803,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3666,14 +3826,14 @@ + mode="get-value-property" + priority="11"> + priority="11"> @@ -3682,26 +3842,26 @@ + priority="13"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + mode="get-value-property" + priority="13"> + priority="10"> @@ -3710,26 +3870,26 @@ + priority="12"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + mode="get-value-property" + priority="12"> + priority="8"> @@ -3743,16 +3903,16 @@ + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3760,22 +3920,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3783,22 +3943,22 @@ + mode="get-value-property" + priority="11"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3806,22 +3966,22 @@ + mode="get-value-property" + priority="10"> + priority="5"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3829,23 +3989,23 @@ + mode="get-value-property" + priority="5"> + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3853,22 +4013,22 @@ + mode="get-value-property" + priority="5"> + priority="5"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> start @@ -3876,22 +4036,22 @@ + mode="get-value-property" + priority="5"> + priority="5"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end" + in-json="SCALAR"> end @@ -3899,22 +4059,22 @@ + mode="get-value-property" + priority="5"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3922,19 +4082,19 @@ + mode="get-value-property" + priority="7"> + priority="5"> + key="local-definitions" + gi="local-definitions"> local-definitions @@ -3946,15 +4106,15 @@ + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3962,23 +4122,23 @@ + mode="get-value-property" + priority="8"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3986,22 +4146,22 @@ + mode="get-value-property" + priority="8"> + priority="8"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -4009,22 +4169,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4032,14 +4192,14 @@ + mode="get-value-property" + priority="10"> + priority="8"> @@ -4051,15 +4211,15 @@ + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4067,22 +4227,22 @@ + mode="get-value-property" + priority="12"> + priority="10"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4090,23 +4250,23 @@ + mode="get-value-property" + priority="10"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4114,22 +4274,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4137,22 +4297,22 @@ + mode="get-value-property" + priority="10"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4160,14 +4320,14 @@ + mode="get-value-property" + priority="12"> + priority="9"> @@ -4179,15 +4339,15 @@ + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4195,22 +4355,22 @@ + mode="get-value-property" + priority="12"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4218,22 +4378,22 @@ + mode="get-value-property" + priority="14"> + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4241,22 +4401,22 @@ + mode="get-value-property" + priority="8"> + priority="8"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -4264,23 +4424,23 @@ + mode="get-value-property" + priority="8"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4288,22 +4448,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4311,22 +4471,22 @@ + mode="get-value-property" + priority="10"> + priority="10"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4334,23 +4494,23 @@ + mode="get-value-property" + priority="10"> + priority="10"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4358,22 +4518,22 @@ + mode="get-value-property" + priority="10"> + priority="9"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4381,23 +4541,23 @@ + mode="get-value-property" + priority="9"> + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4405,22 +4565,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -4428,22 +4588,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4451,14 +4611,14 @@ + mode="get-value-property" + priority="11"> + priority="9"> @@ -4470,15 +4630,15 @@ + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4486,22 +4646,22 @@ + mode="get-value-property" + priority="13"> + priority="11"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4509,14 +4669,14 @@ + mode="get-value-property" + priority="11"> + priority="8"> @@ -4529,15 +4689,15 @@ + priority="9"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4545,22 +4705,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4568,14 +4728,14 @@ + mode="get-value-property" + priority="11"> + priority="10"> @@ -4587,15 +4747,15 @@ + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4603,22 +4763,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4626,22 +4786,22 @@ + mode="get-value-property" + priority="15"> + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4649,23 +4809,23 @@ + mode="get-value-property" + priority="8"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4673,22 +4833,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4696,14 +4856,14 @@ + mode="get-value-property" + priority="10"> + priority="8"> @@ -4716,7 +4876,7 @@ + priority="10"> @@ -4727,13 +4887,13 @@ + priority="10"> + name="within-date-range" + key="within-date-range" + gi="within-date-range"> within-date-range @@ -4742,13 +4902,13 @@ + priority="10"> + name="at-frequency" + key="at-frequency" + gi="at-frequency"> at-frequency @@ -4757,7 +4917,7 @@ + priority="9"> @@ -4766,7 +4926,7 @@ + priority="9"> @@ -4779,15 +4939,15 @@ + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4795,22 +4955,22 @@ + mode="get-value-property" + priority="12"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4818,23 +4978,23 @@ + mode="get-value-property" + priority="14"> + priority="12"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4842,22 +5002,22 @@ + mode="get-value-property" + priority="12"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4865,22 +5025,22 @@ + mode="get-value-property" + priority="14"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4888,22 +5048,22 @@ + mode="get-value-property" + priority="17"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4911,23 +5071,23 @@ + mode="get-value-property" + priority="16"> + priority="10"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4935,22 +5095,22 @@ + mode="get-value-property" + priority="10"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4958,22 +5118,22 @@ + mode="get-value-property" + priority="12"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4981,22 +5141,22 @@ + mode="get-value-property" + priority="15"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5004,22 +5164,22 @@ + mode="get-value-property" + priority="14"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5027,23 +5187,23 @@ + mode="get-value-property" + priority="12"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5051,22 +5211,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5074,14 +5234,14 @@ + mode="get-value-property" + priority="8"> + priority="7"> @@ -5095,16 +5255,16 @@ + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5112,22 +5272,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5135,14 +5295,14 @@ + mode="get-value-property" + priority="10"> + priority="10"> @@ -5151,26 +5311,26 @@ + priority="12"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + mode="get-value-property" + priority="12"> + priority="9"> @@ -5179,26 +5339,26 @@ + priority="11"> + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + mode="get-value-property" + priority="11"> + priority="7"> @@ -5212,16 +5372,16 @@ + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5229,22 +5389,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5252,14 +5412,14 @@ + mode="get-value-property" + priority="10"> + priority="6"> @@ -5268,15 +5428,15 @@ + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5284,22 +5444,22 @@ + mode="get-value-property" + priority="11"> + priority="9"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5307,46 +5467,46 @@ + mode="get-value-property" + priority="9"> + match="j:map[@key='assessment-results']/j:array[@key='results']/j:map/j:array[@key='attestations']/j:map//j:array[@key='parts']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-assessment-common/assessment-part/prose" + _metaschema-json-id="/assembly/oscal-assessment-common/assessment-part/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-assessment-common/assessment-part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-assessment-common/assessment-part/prose/PROSE" + in-json="string"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5354,14 +5514,14 @@ + mode="get-value-property" + priority="11"> + priority="5"> @@ -5372,7 +5532,7 @@ + priority="7"> @@ -5389,15 +5549,15 @@ + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5405,23 +5565,23 @@ + mode="get-value-property" + priority="8"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5429,22 +5589,22 @@ + mode="get-value-property" + priority="8"> + priority="8"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> start @@ -5452,22 +5612,22 @@ + mode="get-value-property" + priority="8"> + priority="8"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end" + in-json="SCALAR"> end @@ -5475,22 +5635,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5498,22 +5658,22 @@ + mode="get-value-property" + priority="10"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5521,22 +5681,22 @@ + mode="get-value-property" + priority="12"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5544,23 +5704,23 @@ + mode="get-value-property" + priority="14"> + priority="12"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5568,22 +5728,22 @@ + mode="get-value-property" + priority="12"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5591,22 +5751,22 @@ + mode="get-value-property" + priority="14"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5614,22 +5774,22 @@ + mode="get-value-property" + priority="17"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5637,19 +5797,19 @@ + mode="get-value-property" + priority="16"> + priority="10"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -5658,16 +5818,16 @@ + priority="13"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5675,22 +5835,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5698,22 +5858,22 @@ + mode="get-value-property" + priority="15"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5721,22 +5881,22 @@ + mode="get-value-property" + priority="18"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5744,22 +5904,22 @@ + mode="get-value-property" + priority="17"> + priority="7"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5767,23 +5927,23 @@ + mode="get-value-property" + priority="7"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5791,22 +5951,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5814,60 +5974,60 @@ + mode="get-value-property" + priority="9"> + priority="8"> + as-type="string" + name="method" + gi="method" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> + priority="8"> + as-type="token" + name="type" + gi="type" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5875,22 +6035,22 @@ + mode="get-value-property" + priority="13"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5898,22 +6058,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5921,23 +6081,23 @@ + mode="get-value-property" + priority="15"> + priority="13"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5945,22 +6105,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5968,22 +6128,22 @@ + mode="get-value-property" + priority="15"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5991,22 +6151,22 @@ + mode="get-value-property" + priority="18"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6014,19 +6174,19 @@ + mode="get-value-property" + priority="17"> + priority="11"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -6035,16 +6195,16 @@ + priority="14"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -6052,22 +6212,22 @@ + mode="get-value-property" + priority="14"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6075,22 +6235,22 @@ + mode="get-value-property" + priority="16"> + priority="19"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6098,22 +6258,22 @@ + mode="get-value-property" + priority="19"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6121,14 +6281,14 @@ + mode="get-value-property" + priority="18"> + priority="8"> @@ -6141,15 +6301,15 @@ + priority="9"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -6157,22 +6317,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6180,14 +6340,14 @@ + mode="get-value-property" + priority="11"> + priority="8"> @@ -6199,16 +6359,16 @@ + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -6216,22 +6376,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6239,22 +6399,22 @@ + mode="get-value-property" + priority="11"> + priority="7"> + as-type="dateTime-with-timezone" + name="collected" + key="collected" + gi="collected" + in-json="SCALAR"> collected @@ -6262,22 +6422,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="dateTime-with-timezone" + name="expires" + key="expires" + gi="expires" + in-json="SCALAR"> expires @@ -6285,22 +6445,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -6308,23 +6468,23 @@ + mode="get-value-property" + priority="7"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -6332,23 +6492,23 @@ + mode="get-value-property" + priority="7"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="statement" + key="statement" + gi="statement" + in-json="SCALAR"> statement @@ -6356,22 +6516,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6379,22 +6539,22 @@ + mode="get-value-property" + priority="9"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6402,22 +6562,22 @@ + mode="get-value-property" + priority="13"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6425,22 +6585,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6448,23 +6608,23 @@ + mode="get-value-property" + priority="15"> + priority="13"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -6472,22 +6632,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6495,22 +6655,22 @@ + mode="get-value-property" + priority="15"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6518,22 +6678,22 @@ + mode="get-value-property" + priority="18"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6541,19 +6701,19 @@ + mode="get-value-property" + priority="17"> + priority="11"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -6562,16 +6722,16 @@ + priority="14"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -6579,22 +6739,22 @@ + mode="get-value-property" + priority="14"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6602,22 +6762,22 @@ + mode="get-value-property" + priority="16"> + priority="19"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6625,22 +6785,22 @@ + mode="get-value-property" + priority="19"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6648,22 +6808,22 @@ + mode="get-value-property" + priority="18"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6671,22 +6831,22 @@ + mode="get-value-property" + priority="11"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6694,22 +6854,22 @@ + mode="get-value-property" + priority="14"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6717,22 +6877,22 @@ + mode="get-value-property" + priority="14"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6740,23 +6900,23 @@ + mode="get-value-property" + priority="16"> + priority="14"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -6764,22 +6924,22 @@ + mode="get-value-property" + priority="14"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6787,22 +6947,22 @@ + mode="get-value-property" + priority="16"> + priority="19"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6810,22 +6970,22 @@ + mode="get-value-property" + priority="19"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6833,19 +6993,19 @@ + mode="get-value-property" + priority="18"> + priority="12"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -6854,16 +7014,16 @@ + priority="15"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -6871,22 +7031,22 @@ + mode="get-value-property" + priority="15"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6894,22 +7054,22 @@ + mode="get-value-property" + priority="17"> + priority="20"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6917,22 +7077,22 @@ + mode="get-value-property" + priority="20"> + priority="19"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6940,14 +7100,14 @@ + mode="get-value-property" + priority="19"> + priority="10"> @@ -6960,15 +7120,15 @@ + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -6976,14 +7136,14 @@ + mode="get-value-property" + priority="13"> + priority="8"> @@ -6996,16 +7156,16 @@ + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -7013,22 +7173,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7036,14 +7196,14 @@ + mode="get-value-property" + priority="11"> + priority="10"> @@ -7056,15 +7216,15 @@ + priority="11"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -7072,22 +7232,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7095,22 +7255,22 @@ + mode="get-value-property" + priority="13"> + priority="7"> + as-type="dateTime-with-timezone" + name="deadline" + key="deadline" + gi="deadline" + in-json="SCALAR"> deadline @@ -7118,14 +7278,14 @@ + mode="get-value-property" + priority="7"> + priority="8"> @@ -7142,15 +7302,15 @@ + priority="9"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -7158,23 +7318,23 @@ + mode="get-value-property" + priority="9"> + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -7182,22 +7342,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7205,22 +7365,22 @@ + mode="get-value-property" + priority="11"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7228,22 +7388,22 @@ + mode="get-value-property" + priority="15"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7251,22 +7411,22 @@ + mode="get-value-property" + priority="15"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7274,23 +7434,23 @@ + mode="get-value-property" + priority="17"> + priority="15"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -7298,22 +7458,22 @@ + mode="get-value-property" + priority="15"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7321,22 +7481,22 @@ + mode="get-value-property" + priority="17"> + priority="20"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7344,22 +7504,22 @@ + mode="get-value-property" + priority="20"> + priority="19"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7367,19 +7527,19 @@ + mode="get-value-property" + priority="19"> + priority="13"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -7388,16 +7548,16 @@ + priority="16"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -7405,22 +7565,22 @@ + mode="get-value-property" + priority="16"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7428,22 +7588,22 @@ + mode="get-value-property" + priority="18"> + priority="21"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7451,22 +7611,22 @@ + mode="get-value-property" + priority="21"> + priority="20"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7474,14 +7634,14 @@ + mode="get-value-property" + priority="20"> + priority="10"> @@ -7495,7 +7655,7 @@ + priority="12"> @@ -7508,15 +7668,15 @@ + priority="13"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -7524,22 +7684,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7547,22 +7707,22 @@ + mode="get-value-property" + priority="15"> + priority="11"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -7570,23 +7730,23 @@ + mode="get-value-property" + priority="11"> + priority="11"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -7594,22 +7754,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7617,22 +7777,22 @@ + mode="get-value-property" + priority="13"> + priority="11"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -7640,23 +7800,23 @@ + mode="get-value-property" + priority="11"> + priority="11"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -7664,22 +7824,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7687,14 +7847,14 @@ + mode="get-value-property" + priority="13"> + priority="11"> @@ -7707,7 +7867,7 @@ + priority="13"> @@ -7718,13 +7878,13 @@ + priority="13"> + name="within-date-range" + key="within-date-range" + gi="within-date-range"> within-date-range @@ -7733,13 +7893,13 @@ + priority="13"> + name="at-frequency" + key="at-frequency" + gi="at-frequency"> at-frequency @@ -7748,7 +7908,7 @@ + priority="12"> @@ -7757,7 +7917,7 @@ + priority="12"> @@ -7770,15 +7930,15 @@ + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7786,22 +7946,22 @@ + mode="get-value-property" + priority="15"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7809,23 +7969,23 @@ + mode="get-value-property" + priority="17"> + priority="15"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -7833,22 +7993,22 @@ + mode="get-value-property" + priority="15"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7856,22 +8016,22 @@ + mode="get-value-property" + priority="17"> + priority="20"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7879,22 +8039,22 @@ + mode="get-value-property" + priority="20"> + priority="19"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7902,23 +8062,23 @@ + mode="get-value-property" + priority="19"> + priority="13"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -7926,22 +8086,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7949,22 +8109,22 @@ + mode="get-value-property" + priority="15"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7972,22 +8132,22 @@ + mode="get-value-property" + priority="18"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -7995,22 +8155,22 @@ + mode="get-value-property" + priority="17"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8018,14 +8178,14 @@ + mode="get-value-property" + priority="15"> + priority="7"> @@ -8036,7 +8196,7 @@ + priority="9"> @@ -8054,15 +8214,15 @@ + priority="10"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -8070,23 +8230,23 @@ + mode="get-value-property" + priority="10"> + priority="10"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -8094,22 +8254,22 @@ + mode="get-value-property" + priority="10"> + priority="10"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> start @@ -8117,22 +8277,22 @@ + mode="get-value-property" + priority="10"> + priority="10"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end" + in-json="SCALAR"> end @@ -8140,22 +8300,22 @@ + mode="get-value-property" + priority="10"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8163,14 +8323,14 @@ + mode="get-value-property" + priority="12"> + priority="11"> @@ -8182,15 +8342,15 @@ + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8198,22 +8358,22 @@ + mode="get-value-property" + priority="14"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8221,22 +8381,22 @@ + mode="get-value-property" + priority="16"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8244,23 +8404,23 @@ + mode="get-value-property" + priority="18"> + priority="16"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -8268,22 +8428,22 @@ + mode="get-value-property" + priority="16"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8291,22 +8451,22 @@ + mode="get-value-property" + priority="18"> + priority="21"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8314,22 +8474,22 @@ + mode="get-value-property" + priority="21"> + priority="20"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8337,19 +8497,19 @@ + mode="get-value-property" + priority="20"> + priority="14"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -8358,16 +8518,16 @@ + priority="17"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -8375,22 +8535,22 @@ + mode="get-value-property" + priority="17"> + priority="19"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8398,22 +8558,22 @@ + mode="get-value-property" + priority="19"> + priority="22"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8421,22 +8581,22 @@ + mode="get-value-property" + priority="22"> + priority="21"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8444,14 +8604,14 @@ + mode="get-value-property" + priority="21"> + priority="8"> @@ -8459,15 +8619,15 @@ + priority="7"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -8475,23 +8635,23 @@ + mode="get-value-property" + priority="7"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -8499,22 +8659,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8522,22 +8682,22 @@ + mode="get-value-property" + priority="9"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8545,22 +8705,22 @@ + mode="get-value-property" + priority="13"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8568,22 +8728,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8591,23 +8751,23 @@ + mode="get-value-property" + priority="15"> + priority="13"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -8615,22 +8775,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8638,22 +8798,22 @@ + mode="get-value-property" + priority="15"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8661,22 +8821,22 @@ + mode="get-value-property" + priority="18"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8684,19 +8844,19 @@ + mode="get-value-property" + priority="17"> + priority="11"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -8705,16 +8865,16 @@ + priority="14"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -8722,22 +8882,22 @@ + mode="get-value-property" + priority="14"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8745,22 +8905,22 @@ + mode="get-value-property" + priority="16"> + priority="19"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8768,22 +8928,22 @@ + mode="get-value-property" + priority="19"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8791,22 +8951,22 @@ + mode="get-value-property" + priority="18"> + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -8814,23 +8974,23 @@ + mode="get-value-property" + priority="8"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -8838,22 +8998,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -8861,14 +9021,14 @@ + mode="get-value-property" + priority="10"> + priority="8"> @@ -8881,15 +9041,15 @@ + priority="7"> + as-type="uuid" + name="implementation-statement-uuid" + key="implementation-statement-uuid" + gi="implementation-statement-uuid" + in-json="SCALAR"> implementation-statement-uuid @@ -8897,14 +9057,14 @@ + mode="get-value-property" + priority="7"> + priority="8"> @@ -8912,7 +9072,7 @@ + priority="8"> @@ -8920,7 +9080,7 @@ + priority="5"> @@ -8936,15 +9096,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -8952,23 +9112,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -8976,33 +9136,33 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> @@ -9015,15 +9175,15 @@ + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9031,22 +9191,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -9054,14 +9214,14 @@ + mode="get-value-property" + priority="9"> + priority="7"> @@ -9071,14 +9231,14 @@ + priority="6"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -9089,7 +9249,7 @@ + mode="get-value-property"> @@ -9103,8 +9263,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-line')]"> @@ -9114,8 +9274,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-multiline')]"> @@ -9144,15 +9304,15 @@ + group-starting-with=".[matches(., '^```')]"> + select="not((position() mod 2) + number($starts-with-code))"/>

    + expand-text="true" + select="(replace(.,'^```','') ! normalize-space(.))[matches(.,'\S')]"/> @@ -9183,9 +9343,9 @@ + priority="1" + match="p[exists(@code)]" + expand-text="true">

              
                 language-{.}
    @@ -9223,8 +9383,8 @@
           
        
        
    +                  priority="5"
    +                  mode="make-row"/>
        
           
              
    @@ -9235,7 +9395,7 @@
           
        
        
    +                  mode="make-row">
           
              
                 
    @@ -9254,9 +9414,9 @@
        
           
              
    +                              select="tokenize(., '\n')">
                 
  • + type="{ if (matches(.,'\s*\d')) then 'ol' else 'ul' }">
    @@ -9270,7 +9430,7 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -9284,9 +9444,9 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + group-starting-with="li[(@level = $level) or not(@type = preceding-sibling::*[1]/@type)]">
  • @@ -9465,40 +9625,40 @@ { insertion } + elements="s:*"/> + elements="s:flag s:value"/> + name="write-xml"/> + match="s:*[exists(@gi)]" + mode="write-xml"> + match="s:value[@as-type=('markup-line','markup-multiline')]" + mode="write-xml"> + match="p | ul | ol | pre | h1 | h2 | h3 | h4 | h5 | h6 | table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="s:flag" + mode="write-xml"> + match="*" + mode="cast-prose"> diff --git a/xml/convert/oscal_catalog_json-to-xml-converter.xsl b/xml/convert/oscal_catalog_json-to-xml-converter.xsl index 6119eda09c..4937757112 100644 --- a/xml/convert/oscal_catalog_json-to-xml-converter.xsl +++ b/xml/convert/oscal_catalog_json-to-xml-converter.xsl @@ -1,12 +1,12 @@ + xmlns:j="http://www.w3.org/2005/xpath-functions" + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + version="3.0" + exclude-result-prefixes="#all"> @@ -31,7 +31,7 @@ + select="unparsed-text($file) ! json-to-xml(.)"> {{ $err:description }} @@ -126,6 +126,7 @@ + @@ -138,6 +139,7 @@ + @@ -148,64 +150,32 @@ + - - - - - - - - - - - - - - + - - - - - - - - + + + + - + - - + + + - - - - - - - - - - - - - - - - - - - + + @@ -264,6 +234,7 @@ + @@ -282,6 +253,57 @@ + + + + + + target-resource + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -311,12 +333,12 @@ + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks @@ -324,8 +346,8 @@ + mode="get-value-property" + priority="8"> @@ -334,16 +356,16 @@ + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> @@ -352,16 +374,16 @@ + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> @@ -370,16 +392,16 @@ + as-type="string" + name="parameter-value" + gi="value" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> @@ -400,434 +422,613 @@ + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="3"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> - + + mode="keep-value-property" + priority="8"> + as-type="string" + name="value" + key="value" + gi="value"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="8"> + + + + + + + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="8"> + + + + + + + priority="6"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> - + mode="keep-value-property" + priority="6"> + - - + + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="token" + name="location-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="7"> + priority="8"> + as-type="string" + name="type" + key="type" + gi="type"> - + mode="keep-value-property" + priority="8"> + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - - + + + as-type="string" + name="type" + key="type" + gi="type"> - + + priority="8"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="6"> + + + + + + + + + + + + + + + + + + + + + + + + + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="token" + name="depends-on" + key="depends-on" + deprecated="1.0.1" + gi="depends-on"> + mode="keep-value-property" + priority="5"> + as-type="token" + name="how-many" + key="how-many" + gi="how-many"> + mode="keep-value-property" + priority="7"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="5"> + mode="keep-value-property" + priority="7"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="7"> - + + mode="keep-value-property" + priority="7"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="7"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="5"> + priority="6"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="8"> + priority="3"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> + mode="keep-value-property" + priority="10"> + priority="7"> + as-type="token" + name="filename" + key="filename" + gi="filename"> + mode="keep-value-property" + priority="7"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="7"> + priority="4"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -835,22 +1036,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -858,22 +1059,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -881,22 +1082,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -904,22 +1105,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -927,14 +1128,14 @@ + mode="get-value-property" + priority="4"> + priority="5"> @@ -949,14 +1150,14 @@ + priority="4"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -964,15 +1165,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -980,22 +1181,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1003,22 +1204,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1026,22 +1227,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1049,22 +1250,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1072,22 +1273,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1095,41 +1296,41 @@ + mode="get-value-property" + priority="8"> + priority="5"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1137,22 +1338,36 @@ + mode="get-value-property" + priority="6"> + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1160,22 +1375,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1183,23 +1398,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -1207,22 +1422,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1230,22 +1445,38 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1253,14 +1484,14 @@ + mode="get-value-property" + priority="6"> + priority="6"> @@ -1276,34 +1507,34 @@ + priority="8"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> + priority="7"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -1311,22 +1542,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -1334,22 +1565,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -1357,22 +1588,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -1380,79 +1611,80 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="7"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1460,22 +1692,42 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + + + + + priority="6"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -1483,22 +1735,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1506,41 +1758,41 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="external-id" + gi="external-id"> + mode="get-value-property"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1548,52 +1800,52 @@ + mode="get-value-property" + priority="8"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="8"> @@ -1606,34 +1858,34 @@ + priority="10"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="9"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -1641,22 +1893,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -1664,22 +1916,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -1687,22 +1939,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -1710,41 +1962,41 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1752,22 +2004,68 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1775,22 +2073,22 @@ + mode="get-value-property" + priority="7"> + priority="5"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -1798,23 +2096,23 @@ + mode="get-value-property" + priority="5"> + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage @@ -1822,23 +2120,23 @@ + mode="get-value-property" + priority="5"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -1846,14 +2144,14 @@ + mode="get-value-property" + priority="7"> + priority="8"> @@ -1862,15 +2160,15 @@ + priority="9"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -1878,65 +2176,65 @@ + mode="get-value-property" + priority="9"> + match="j:map[@key='catalog']/j:array[@key='params']/j:map/j:array[@key='guidelines']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + in-json="string"> + priority="8"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> + priority="5"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1944,22 +2242,22 @@ + mode="get-value-property" + priority="5"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1967,22 +2265,22 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -1990,23 +2288,23 @@ + mode="get-value-property" + priority="7"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage @@ -2014,23 +2312,23 @@ + mode="get-value-property" + priority="7"> + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2038,14 +2336,14 @@ + mode="get-value-property" + priority="9"> + priority="10"> @@ -2054,15 +2352,15 @@ + priority="11"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -2070,65 +2368,65 @@ + mode="get-value-property" + priority="11"> + match="j:map[@key='catalog']//j:array[@key='controls']/j:map/j:array[@key='params']/j:map/j:array[@key='guidelines']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + in-json="string"> + priority="10"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2136,22 +2434,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2159,46 +2457,46 @@ + mode="get-value-property" + priority="7"> + match="j:map[@key='catalog']//j:array[@key='controls']/j:map//j:array[@key='parts']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose" + _metaschema-json-id="/assembly/oscal-control-common/part/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE" + in-json="string"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2206,22 +2504,150 @@ + mode="get-value-property" + priority="9"> + + + + + + + + + + mapping + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + relationship + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + priority="5"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2229,22 +2655,22 @@ + mode="get-value-property" + priority="5"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2252,22 +2678,22 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -2275,23 +2701,23 @@ + mode="get-value-property" + priority="7"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage @@ -2299,23 +2725,23 @@ + mode="get-value-property" + priority="7"> + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2323,14 +2749,14 @@ + mode="get-value-property" + priority="9"> + priority="10"> @@ -2339,15 +2765,15 @@ + priority="11"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -2355,65 +2781,65 @@ + mode="get-value-property" + priority="11"> + match="j:map[@key='catalog']//j:array[@key='groups']/j:map/j:array[@key='params']/j:map/j:array[@key='guidelines']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + in-json="string"> + priority="10"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2421,22 +2847,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2444,46 +2870,46 @@ + mode="get-value-property" + priority="7"> + match="j:map[@key='catalog']//j:array[@key='groups']/j:map//j:array[@key='parts']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose" + _metaschema-json-id="/assembly/oscal-control-common/part/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE" + in-json="string"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2491,22 +2917,22 @@ + mode="get-value-property" + priority="9"> + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2514,22 +2940,22 @@ + mode="get-value-property" + priority="8"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2537,22 +2963,22 @@ + mode="get-value-property" + priority="12"> + priority="10"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -2560,23 +2986,23 @@ + mode="get-value-property" + priority="10"> + priority="10"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage @@ -2584,23 +3010,23 @@ + mode="get-value-property" + priority="10"> + priority="12"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2608,14 +3034,14 @@ + mode="get-value-property" + priority="12"> + priority="13"> @@ -2624,15 +3050,15 @@ + priority="14"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -2640,65 +3066,65 @@ + mode="get-value-property" + priority="14"> + match="j:map[@key='catalog']//j:array[@key='groups']/j:map//j:array[@key='controls']/j:map/j:array[@key='params']/j:map/j:array[@key='guidelines']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + in-json="string"> + priority="13"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + mode="get-value-property" + priority="13"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2706,22 +3132,22 @@ + mode="get-value-property" + priority="10"> + priority="10"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2729,46 +3155,46 @@ + mode="get-value-property" + priority="10"> + match="j:map[@key='catalog']//j:array[@key='groups']/j:map//j:array[@key='controls']/j:map//j:array[@key='parts']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose" + _metaschema-json-id="/assembly/oscal-control-common/part/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE" + in-json="string"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2776,14 +3202,142 @@ + mode="get-value-property" + priority="12"> + + + + + + + + + + mapping + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + relationship + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + priority="5"> @@ -2799,15 +3353,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2815,23 +3369,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2839,33 +3393,33 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> @@ -2878,15 +3432,15 @@ + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2894,22 +3448,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2917,14 +3471,14 @@ + mode="get-value-property" + priority="9"> + priority="7"> @@ -2934,14 +3488,14 @@ + priority="6"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -2952,7 +3506,7 @@ + mode="get-value-property"> @@ -2966,8 +3520,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-line')]"> @@ -2977,8 +3531,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-multiline')]"> @@ -3007,15 +3561,15 @@ + group-starting-with=".[matches(., '^```')]"> + select="not((position() mod 2) + number($starts-with-code))"/>

    + expand-text="true" + select="(replace(.,'^```','') ! normalize-space(.))[matches(.,'\S')]"/> @@ -3046,9 +3600,9 @@ + priority="1" + match="p[exists(@code)]" + expand-text="true">

              
                 language-{.}
    @@ -3086,8 +3640,8 @@
           
        
        
    +                  priority="5"
    +                  mode="make-row"/>
        
           
              
    @@ -3098,7 +3652,7 @@
           
        
        
    +                  mode="make-row">
           
              
                 
    @@ -3117,9 +3671,9 @@
        
           
              
    +                              select="tokenize(., '\n')">
                 
  • + type="{ if (matches(.,'\s*\d')) then 'ol' else 'ul' }">
    @@ -3133,7 +3687,7 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3147,9 +3701,9 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + group-starting-with="li[(@level = $level) or not(@type = preceding-sibling::*[1]/@type)]">
  • @@ -3328,40 +3882,40 @@ { insertion } + elements="s:*"/> + elements="s:flag s:value"/> + name="write-xml"/> + match="s:*[exists(@gi)]" + mode="write-xml"> + match="s:value[@as-type=('markup-line','markup-multiline')]" + mode="write-xml"> + match="p | ul | ol | pre | h1 | h2 | h3 | h4 | h5 | h6 | table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="s:flag" + mode="write-xml"> + match="*" + mode="cast-prose"> diff --git a/xml/convert/oscal_complete_json-to-xml-converter.xsl b/xml/convert/oscal_complete_json-to-xml-converter.xsl index a930789379..3f9981414f 100644 --- a/xml/convert/oscal_complete_json-to-xml-converter.xsl +++ b/xml/convert/oscal_complete_json-to-xml-converter.xsl @@ -1,12 +1,12 @@ + xmlns:j="http://www.w3.org/2005/xpath-functions" + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + version="3.0" + exclude-result-prefixes="#all"> @@ -31,7 +31,7 @@ + select="unparsed-text($file) ! json-to-xml(.)"> {{ $err:description }} @@ -126,6 +126,7 @@ + @@ -138,6 +139,7 @@ + @@ -148,64 +150,32 @@ + - - - - - - - - - - - - - - + - - - - - - - - + + + + - + - - + + + - - - - - - - - - - - - - - - - - - - + + @@ -264,6 +234,7 @@ + @@ -297,6 +268,75 @@ + + + + + + target-resource + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + target + + + + + + + + + + + + @@ -337,6 +377,53 @@ + + + + + + mapping-collection + + + http://csrc.nist.gov/ns/oscal/1.0 + + + + + + + + + + + + + mapping + + + + + + + + + + + + + source-resource + + + + + + + + @@ -369,14 +456,21 @@ + name="include-all" + key="include-all" + gi="include-all"> include-all + + + + + + + @@ -411,45 +505,12 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + key="component-definition" + gi="component-definition"> component-definition @@ -468,8 +529,8 @@ + name="import-component-definition" + gi="import-component-definition"> @@ -490,9 +551,9 @@ - + - + @@ -572,8 +633,8 @@ + key="system-security-plan" + gi="system-security-plan"> system-security-plan @@ -604,8 +665,8 @@ + key="system-characteristics" + gi="system-characteristics"> system-characteristics @@ -631,8 +692,8 @@ + key="system-information" + gi="system-information"> system-information @@ -641,12 +702,56 @@ + + + + + + confidentiality-impact + + + + + + + + + + + + + + integrity-impact + + + + + + + + + + + + + + availability-impact + + + + + + + + + key="security-impact-level" + gi="security-impact-level"> security-impact-level @@ -659,8 +764,8 @@ + key="authorization-boundary" + gi="authorization-boundary"> authorization-boundary @@ -687,8 +792,8 @@ + key="network-architecture" + gi="network-architecture"> network-architecture @@ -717,8 +822,8 @@ + key="system-implementation" + gi="system-implementation"> system-implementation @@ -790,8 +895,8 @@ + key="implementation-status" + gi="implementation-status"> implementation-status @@ -863,8 +968,8 @@ + key="reviewed-controls" + gi="reviewed-controls"> reviewed-controls @@ -880,8 +985,8 @@ + name="select-objective-by-id" + gi="include-objective"> @@ -889,8 +994,8 @@ + name="select-objective-by-id" + gi="exclude-objective"> @@ -898,8 +1003,8 @@ + key="related-controls" + gi="related-controls"> related-controls @@ -951,8 +1056,8 @@ + key="assessment-assets" + gi="assessment-assets"> assessment-assets @@ -997,8 +1102,8 @@ + key="assessment-results" + gi="assessment-results"> assessment-results @@ -1174,30 +1279,12 @@ - - - - - - target - - - - - - - - - - - - + key="plan-of-action-and-milestones" + gi="plan-of-action-and-milestones"> plan-of-action-and-milestones @@ -1211,6 +1298,7 @@ + @@ -1219,13 +1307,14 @@ + key="local-definitions" + gi="local-definitions"> local-definitions + @@ -1239,6 +1328,7 @@ + @@ -1248,12 +1338,12 @@ + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks @@ -1261,8 +1351,8 @@ + mode="get-value-property" + priority="8"> @@ -1271,16 +1361,16 @@ + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> @@ -1289,16 +1379,16 @@ + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> @@ -1307,16 +1397,16 @@ + as-type="string" + name="parameter-value" + gi="value" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> @@ -1335,13 +1425,31 @@ + + + + + + + + + + + + + as-type="string" + name="system-id" + gi="system-id"> system-id @@ -1351,7 +1459,7 @@ + mode="get-value-property"> @@ -1360,16 +1468,16 @@ + as-type="token" + name="role-id" + gi="role-id" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> @@ -1378,16 +1486,16 @@ + as-type="string" + name="function-performed" + gi="function-performed" + in-json="SCALAR"> + mode="get-value-property" + priority="9"> @@ -1396,11 +1504,11 @@ + as-type="token" + name="risk-status" + key="status" + gi="status" + in-json="SCALAR"> status @@ -1408,8 +1516,8 @@ + mode="get-value-property" + priority="7"> @@ -1433,11 +1541,11 @@ + as-type="token" + name="risk-status" + key="status-change" + gi="status-change" + in-json="SCALAR"> status-change @@ -1445,2115 +1553,2343 @@ + mode="get-value-property" + priority="10"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="3"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> - + + mode="keep-value-property" + priority="8"> + as-type="string" + name="value" + key="value" + gi="value"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="8"> + + + + + + + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> - + mode="keep-value-property" + priority="8"> + + as-type="string" + name="resource-fragment" + key="resource-fragment" + gi="resource-fragment"> + + + + + + - - + + - - + + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - - + + + as-type="token" + name="location-type" + key="type" + gi="type"> - - + + + as-type="string" + name="type" + key="type" + gi="type"> - - + + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - - + + + as-type="string" + name="type" + key="type" + gi="type"> - - + + + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> - + + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="6"> + + + + + + + + + + + + + + + + + + + + + + + + + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="token" + name="depends-on" + key="depends-on" + deprecated="1.0.1" + gi="depends-on"> + mode="keep-value-property" + priority="5"> + as-type="token" + name="how-many" + key="how-many" + gi="how-many"> + mode="keep-value-property" + priority="7"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="5"> + mode="keep-value-property" + priority="7"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="7"> - + + mode="keep-value-property" + priority="7"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="7"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="token" + name="class" + key="class" + gi="class"> - + mode="keep-value-property" + priority="5"> + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - - + + + as-type="uri-reference" + name="href" + key="href" + gi="href"> - - + + + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> - + + priority="3"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> - + mode="keep-value-property" + priority="10"> + + + + + + + + + + + + + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - - + + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="3"> + priority="1"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="5"> + as-type="token" + name="with-child-controls" + key="with-child-controls" + gi="with-child-controls"> - + mode="keep-value-property" + priority="8"> + + as-type="string" + name="pattern" + key="pattern" + gi="pattern"> - + + priority="5"> + as-type="string" + name="method" + key="method" + gi="method"> + mode="keep-value-property" + priority="5"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="token" + name="order" + key="order" + gi="order"> + mode="keep-value-property" + priority="11"> + priority="6"> + as-type="token" + name="param-id" + key="param-id" + gi="param-id"> + mode="keep-value-property" + priority="6"> + priority="6"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="6"> + priority="6"> + as-type="token" + name="depends-on" + key="depends-on" + deprecated="1.0.1" + gi="depends-on"> - + mode="keep-value-property" + priority="6"> + + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> - - + + + as-type="token" + name="by-name" + key="by-name" + gi="by-name"> - - + + + as-type="token" + name="by-class" + key="by-class" + gi="by-class"> - - + + + as-type="token" + name="by-id" + key="by-id" + gi="by-id"> - - + + + as-type="token" + name="by-item-name" + key="by-item-name" + gi="by-item-name"> - - + + + as-type="token" + name="by-ns" + key="by-ns" + gi="by-ns"> - - + + + as-type="token" + name="position" + key="position" + default="ending" + gi="position"> - - + + + as-type="token" + name="by-id" + key="by-id" + gi="by-id"> - + + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="3"> + priority="1"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="5"> + as-type="string" + name="defined-component-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="7"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="7"> + priority="1"> + as-type="string" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="7"> + priority="1"> + as-type="nonNegativeInteger" + name="start" + key="start" + gi="start"> + mode="keep-value-property" + priority="9"> + priority="1"> + as-type="nonNegativeInteger" + name="end" + key="end" + gi="end"> + mode="keep-value-property" + priority="9"> + priority="1"> + as-type="token" + name="transport" + key="transport" + gi="transport"> + mode="keep-value-property" + priority="9"> + priority="7"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + mode="keep-value-property" + priority="7"> + + as-type="uri-reference" + name="source" + key="source" + gi="source"> + mode="keep-value-property" + priority="7"> + as-type="token" + name="param-id" + key="param-id" + gi="param-id"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="9"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + mode="keep-value-property" + priority="9"> + as-type="token" + name="statement-id" + key="statement-id" + gi="statement-id"> + mode="keep-value-property" + priority="11"> + priority="11"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="11"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="string" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + mode="keep-value-property" + priority="7"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="3"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="4"> + priority="1"> + as-type="uri" + name="identifier-type" + key="identifier-type" + gi="identifier-type"> + mode="keep-value-property" + priority="6"> + priority="7"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="7"> + priority="9"> + as-type="uri" + name="system" + key="system" + gi="system"> + mode="keep-value-property" + priority="9"> + priority="5"> + as-type="string" + name="state" + key="state" + gi="state"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="7"> + priority="6"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + as-type="string" + name="system-component-type" + key="type" + gi="type"> - + mode="keep-value-property" + priority="6"> + + as-type="token" + name="state" + key="state" + gi="state"> - + + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + mode="keep-value-property" + priority="8"> + priority="6"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + mode="keep-value-property" + priority="6"> + as-type="token" + name="statement-id" + key="statement-id" + gi="statement-id"> + mode="keep-value-property" + priority="8"> + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="token" + name="state" + key="state" + gi="state"> + mode="keep-value-property" + priority="11"> + priority="13"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="13"> + priority="13"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="13"> + as-type="uuid" + name="provided-uuid" + key="provided-uuid" + gi="provided-uuid"> + mode="keep-value-property" + priority="13"> + priority="12"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="12"> + as-type="uuid" + name="provided-uuid" + key="provided-uuid" + gi="provided-uuid"> + mode="keep-value-property" + priority="12"> + priority="12"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="12"> + as-type="uuid" + name="responsibility-uuid" + key="responsibility-uuid" + gi="responsibility-uuid"> + mode="keep-value-property" + priority="12"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="3"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="4"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + mode="keep-value-property" + priority="6"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + mode="keep-value-property" + priority="14"> + as-type="token" + name="objective-id" + key="objective-id" + gi="objective-id"> + mode="keep-value-property" + priority="14"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="6"> - + + mode="keep-value-property" + priority="6"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="6"> + priority="1"> + as-type="token" + name="type" + key="type" + gi="type"> + mode="keep-value-property" + priority="5"> + as-type="uuid" + name="subject-uuid" + key="subject-uuid" + gi="subject-uuid"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="subject-type" + key="type" + gi="type"> - + mode="keep-value-property" + priority="8"> + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - - + + + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> - + + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="token" + name="type" + key="type" + gi="type"> + mode="keep-value-property" + priority="5"> + priority="8"> + as-type="dateTime-with-timezone" + name="date" + key="date" + gi="date"> + mode="keep-value-property" + priority="8"> + priority="8"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start"> + mode="keep-value-property" + priority="8"> + priority="8"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end"> + mode="keep-value-property" + priority="8"> + priority="8"> + as-type="positiveInteger" + name="period" + key="period" + gi="period"> + mode="keep-value-property" + priority="8"> + priority="8"> + as-type="string" + name="unit" + key="unit" + gi="unit"> + mode="keep-value-property" + priority="8"> + priority="7"> + as-type="uuid" + name="task-uuid" + key="task-uuid" + gi="task-uuid"> + mode="keep-value-property" + priority="7"> + priority="7"> + as-type="uuid" + name="activity-uuid" + key="activity-uuid" + gi="activity-uuid"> + mode="keep-value-property" + priority="7"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="3"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="4"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="5"> + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="uuid" + name="party-uuid" + key="party-uuid" + gi="party-uuid"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="uuid" + name="task-uuid" + key="task-uuid" + gi="task-uuid"> - + mode="keep-value-property" + priority="10"> + + as-type="uuid" + name="subject-placeholder-uuid" + key="subject-placeholder-uuid" + gi="subject-placeholder-uuid"> - + + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="7"> + as-type="token" + name="type" + key="type" + gi="type"> + mode="keep-value-property" + priority="11"> + priority="1"> + as-type="uuid" + name="actor-uuid" + key="actor-uuid" + gi="actor-uuid"> + mode="keep-value-property" + priority="11"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="11"> + as-type="uuid" + name="subject-uuid" + key="subject-uuid" + gi="subject-uuid"> + mode="keep-value-property" + priority="9"> + as-type="token" + name="subject-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="9"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="7"> + priority="1"> + as-type="uri" + name="system" + key="system" + gi="system"> + mode="keep-value-property" + priority="9"> + priority="1"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="9"> + priority="11"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="11"> + priority="11"> + as-type="uri" + name="system" + key="system" + gi="system"> + mode="keep-value-property" + priority="11"> + priority="11"> + as-type="string" + name="value" + key="value" + gi="value"> + mode="keep-value-property" + priority="11"> + priority="9"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="uuid" + name="implementation-uuid" + key="implementation-uuid" + gi="implementation-uuid"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="token" + name="lifecycle" + key="lifecycle" + gi="lifecycle"> + mode="keep-value-property" + priority="9"> + priority="11"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="11"> + priority="10"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="10"> + priority="12"> + as-type="uuid" + name="response-uuid" + key="response-uuid" + gi="response-uuid"> + mode="keep-value-property" + priority="12"> + priority="9"> + as-type="uuid" + name="observation-uuid" + key="observation-uuid" + gi="observation-uuid"> + mode="keep-value-property" + priority="9"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + mode="keep-value-property" + priority="7"> + + as-type="string" + name="type" + key="type" + gi="type"> - - + + + as-type="token" + name="target-id" + key="target-id" + gi="target-id"> - - + + + as-type="token" + name="state" + key="state" + gi="state"> - - + + + as-type="token" + name="reason" + key="reason" + gi="reason"> - - + + + as-type="uuid" + name="observation-uuid" + key="observation-uuid" + gi="observation-uuid"> - - + + + as-type="uuid" + name="risk-uuid" + key="risk-uuid" + gi="risk-uuid"> - + + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="3"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="5"> + + + + + + + priority="7"> + as-type="uuid" + name="observation-uuid" + key="observation-uuid" + gi="observation-uuid"> + mode="keep-value-property" + priority="7"> + priority="7"> + as-type="uuid" + name="risk-uuid" + key="risk-uuid" + gi="risk-uuid"> + mode="keep-value-property" + priority="7"> + priority="4"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3561,22 +3897,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -3584,22 +3920,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -3607,22 +3943,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -3630,22 +3966,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -3653,14 +3989,14 @@ + mode="get-value-property" + priority="4"> + priority="5"> @@ -3675,14 +4011,14 @@ + priority="4"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -3690,15 +4026,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3706,22 +4042,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -3729,22 +4065,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -3752,22 +4088,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -3775,22 +4111,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -3798,22 +4134,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3821,41 +4157,41 @@ + mode="get-value-property" + priority="8"> + priority="5"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3863,22 +4199,36 @@ + mode="get-value-property" + priority="6"> + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3886,22 +4236,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -3909,23 +4259,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3933,22 +4283,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3956,22 +4306,38 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3979,14 +4345,14 @@ + mode="get-value-property" + priority="6"> + priority="6"> @@ -4002,34 +4368,34 @@ + priority="8"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> + priority="7"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -4037,22 +4403,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -4060,22 +4426,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -4083,22 +4449,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -4106,79 +4472,80 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="7"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4186,22 +4553,42 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + + + + + priority="6"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -4209,22 +4596,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -4232,41 +4619,41 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="external-id" + gi="external-id"> + mode="get-value-property"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4274,52 +4661,52 @@ + mode="get-value-property" + priority="8"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="8"> @@ -4332,34 +4719,34 @@ + priority="10"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="9"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -4367,22 +4754,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -4390,22 +4777,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -4413,22 +4800,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -4436,41 +4823,41 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4478,22 +4865,68 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4501,22 +4934,22 @@ + mode="get-value-property" + priority="7"> + priority="5"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -4524,23 +4957,23 @@ + mode="get-value-property" + priority="5"> + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage @@ -4548,23 +4981,23 @@ + mode="get-value-property" + priority="5"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4572,14 +5005,14 @@ + mode="get-value-property" + priority="7"> + priority="8"> @@ -4588,15 +5021,15 @@ + priority="9"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -4604,65 +5037,65 @@ + mode="get-value-property" + priority="9"> + match="j:map[@key='catalog']/j:array[@key='params']/j:map/j:array[@key='guidelines']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + in-json="string"> + priority="8"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> + priority="5"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4670,22 +5103,22 @@ + mode="get-value-property" + priority="5"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4693,22 +5126,22 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -4716,23 +5149,23 @@ + mode="get-value-property" + priority="7"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage @@ -4740,23 +5173,23 @@ + mode="get-value-property" + priority="7"> + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4764,14 +5197,14 @@ + mode="get-value-property" + priority="9"> + priority="10"> @@ -4780,15 +5213,15 @@ + priority="11"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -4796,65 +5229,65 @@ + mode="get-value-property" + priority="11"> + match="j:map[@key='catalog']//j:array[@key='controls']/j:map/j:array[@key='params']/j:map/j:array[@key='guidelines']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + in-json="string"> + priority="10"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4862,22 +5295,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4885,46 +5318,46 @@ + mode="get-value-property" + priority="7"> + match="j:map[@key='catalog']//j:array[@key='controls']/j:map//j:array[@key='parts']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose" + _metaschema-json-id="/assembly/oscal-control-common/part/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE" + in-json="string"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4932,22 +5365,150 @@ + mode="get-value-property" + priority="9"> + + + + + + + + + + mapping + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + relationship + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + priority="5"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4955,22 +5516,22 @@ + mode="get-value-property" + priority="5"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4978,22 +5539,22 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -5001,23 +5562,23 @@ + mode="get-value-property" + priority="7"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage @@ -5025,23 +5586,23 @@ + mode="get-value-property" + priority="7"> + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5049,14 +5610,14 @@ + mode="get-value-property" + priority="9"> + priority="10"> @@ -5065,15 +5626,15 @@ + priority="11"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -5081,65 +5642,65 @@ + mode="get-value-property" + priority="11"> + match="j:map[@key='catalog']//j:array[@key='groups']/j:map/j:array[@key='params']/j:map/j:array[@key='guidelines']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + in-json="string"> + priority="10"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5147,22 +5708,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5170,46 +5731,46 @@ + mode="get-value-property" + priority="7"> + match="j:map[@key='catalog']//j:array[@key='groups']/j:map//j:array[@key='parts']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose" + _metaschema-json-id="/assembly/oscal-control-common/part/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE" + in-json="string"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5217,22 +5778,22 @@ + mode="get-value-property" + priority="9"> + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5240,22 +5801,22 @@ + mode="get-value-property" + priority="8"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5263,22 +5824,22 @@ + mode="get-value-property" + priority="12"> + priority="10"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -5286,23 +5847,23 @@ + mode="get-value-property" + priority="10"> + priority="10"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage @@ -5310,23 +5871,23 @@ + mode="get-value-property" + priority="10"> + priority="12"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5334,14 +5895,14 @@ + mode="get-value-property" + priority="12"> + priority="13"> @@ -5350,15 +5911,15 @@ + priority="14"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -5366,65 +5927,65 @@ + mode="get-value-property" + priority="14"> + match="j:map[@key='catalog']//j:array[@key='groups']/j:map//j:array[@key='controls']/j:map/j:array[@key='params']/j:map/j:array[@key='guidelines']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + in-json="string"> + priority="13"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + mode="get-value-property" + priority="13"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5432,22 +5993,22 @@ + mode="get-value-property" + priority="10"> + priority="10"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5455,46 +6016,46 @@ + mode="get-value-property" + priority="10"> + match="j:map[@key='catalog']//j:array[@key='groups']/j:map//j:array[@key='controls']/j:map//j:array[@key='parts']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose" + _metaschema-json-id="/assembly/oscal-control-common/part/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE" + in-json="string"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5502,14 +6063,142 @@ + mode="get-value-property" + priority="12"> + + + + + + + + + + mapping + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + relationship + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + priority="5"> @@ -5525,15 +6214,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5541,23 +6230,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5565,33 +6254,33 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> @@ -5604,15 +6293,15 @@ + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5620,22 +6309,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5643,14 +6332,14 @@ + mode="get-value-property" + priority="9"> + priority="7"> @@ -5660,14 +6349,14 @@ + priority="6"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -5678,130 +6367,130 @@ + mode="get-value-property"> - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published - + - + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified - + - + - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version - + - + - + + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version - + - + - + @@ -5813,321 +6502,351 @@ - + - + + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published - + - + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified - + - + - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version - + - + - + + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="string" + name="document-id" + gi="document-id"> - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + address @@ -6140,327 +6859,348 @@ - + - + + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> - + - + - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city - + - + - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state - + - + - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code - + - + - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country - + - + - + + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> - + - + - + + as-type="string" + name="telephone-number" + gi="telephone-number"> - - + + - + - + + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + + + + + + + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name - + - + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name - + - + - + + as-type="string" + name="external-id" + gi="external-id"> - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> - + - + - + + as-type="string" + name="telephone-number" + gi="telephone-number"> - - + + - + - + @@ -6470,9770 +7210,9692 @@ - + - + + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> - + - + - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city - + - + - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state - + - + - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code - + - + - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country - + - + - + + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - - - - - - - - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - - - - - - - - - - - - - combine - - - - - - - - - - flat - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - as-is + text - - + + - - - - - - custom - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="token" + name="relationship" + key="relationship" + gi="relationship"> - label + relationship + - - - + + + + - + - - + + - usage + text - - + + - + - - + + - description + text - - + + - + - - - + + + + + + + + + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - expression + title - - - - - - - - - - - - - - - - - - - - - + - + - - + + - text + description - - + + - + - + - - title - + as-type="string" + name="document-id" + gi="document-id"> + - - - + + + + - - - - - - - + + + + + + citation + + + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - - - - - - - - + - - - - - + + + + + - + - + + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> + + base64 + + + - - - + + + + - - - - - - - - - - - - - - - - - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + - - + + - - - - - - - - - - - - - - - - - + - + + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> + + published + - - + + - - - - - - - - - - - - - - - - - - - - - - - - - + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - text + last-modified - - + + - + - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> - label + version - - + + - + - - + + - usage + oscal-version - - + + - + - - - - description - - - - - - - - - - - - - - + + + + + + + + + - + - - + + - expression + revisions - - - - - - - - - - - - - - - + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + - + - + - + + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> - title + published - - + + - + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - text + last-modified - - + + - + - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> - label + version - - + + - + - - + + - usage + oscal-version - - + + - + - - + + - description + text - - + + - + - - - - - + + + + + - + + + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - expression + text - - + + - - - - - - - + + + + + + + + + + + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + - + - + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - text + short-name - - + + - + - - + + - title + description - - + + - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - + + + + - - - - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - - + + - description + address + + + + + + + + + + + + - - + + - + - + - + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> + + city + - - - - + + + - + - - + + - citation + state - - - - + + - + + + + + + - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> - text + postal-code - - + + - + - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> - text + country - - + + - - - - - - - - - - + - + - - base64 - - - + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> - - - - + + + - + - + - - title - + as-type="string" + name="telephone-number" + gi="telephone-number"> + - - - + + + + - + - + - - published - + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - last-modified + text - - + + - + - + + + + + + + + + + + + + + + + + + + + + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> - version + name - + - + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - oscal-version + short-name - + - + - - - - - - - - - - - + + + + + - - - - - - revisions - - - + + + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + - - published - + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> - - + + - + - + - - last-modified - + as-type="string" + name="telephone-number" + gi="telephone-number"> + - - - + + + + - + - + + + + + + + + + + + + + - - version - + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> - + - + - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> - oscal-version + city - + - + - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> - text + state - - + + - + - + - + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> + + postal-code + - - - - + + + - + - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> - text + country - - + + - + - + - - title - + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - short-name + text - - + + - + - - + + - description + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + + + + + + + + combine + + + + + + + + + + flat + + + + + + + as-type="boolean" + name="as-is" + key="as-is" + gi="as-is" + in-json="SCALAR"> - title + as-is - - + + - + - - + + - address + custom - - - - - - + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - city + text - - + + - + - + + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> - state + label - - + + - + - - + + - postal-code + usage - - + + - + - - + + - country + description - - + + - + - + + + + + + + + + + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> + + expression + - - + + - - - - - - + + + + + + - - - - - - - + - + + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - name + title - - + + - + + + + + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - short-name + text - - + + - + - - - - - + + + + + + - - - - - + + + + + + + + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> + + label + - - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - + + + + usage + - - + + - + - - + + - city + description - - + + - + - + + + + + + + + + + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> - state + expression - + - + + + + + + + + + - + - - postal-code - + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> - - + + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - country + title - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - + - + + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> - text + label - + - + - - + + - title + usage - - + + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + + + + + + + + + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> - purpose + expression - + + + + + + + + + + + + + + + + + + + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + + + + + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - - + + - + - - - + + + + + - + - - + + - description + title - - + + - + - - + + - text + description - - + + - + - + + as-type="string" + name="document-id" + gi="document-id"> + - - - + + + + - + - - - - - + + + + citation + + - - - - - + - - + + - description + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - - - - - - + + + + + + - + - + + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> - text + base64 + + - - - + + + + - - - - - - - - - - - - - - + - - + + - description + title - - + + - + - + + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> - text + published - - + + - + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - text + last-modified - - + + - + - - + + - description + version - - + + - + - + + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> - text + oscal-version - - + + - + - - + + + + + + + + + + + + + + + + - description + revisions + + + + + + + + + + title - - + + - - - - - - - - - - - - - - + - - + + - description + published - - + + - + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - text + last-modified - - + + - + - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> + + version + - + - - - - - - - - - - - - - - - - + - - + + - description + oscal-version - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="string" + name="document-id" + gi="document-id"> + - - - + + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - + + + + + - - + - - + + - description + title - - + + - + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - text + short-name - - + + - + - + + + + description + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - + + + + - - - - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - - + + - description + address + + + + + + + + + + + + - - + + - + - + - + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> + + city + - - - - + + + - + - - + + - citation + state - - - - + + - + + + + + + - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> - text + postal-code - - + + - + - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> - text + country - - + + - - - - - - - - - - + - + - - base64 - - - + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> - - - - + + + - + - + - - title - + as-type="string" + name="telephone-number" + gi="telephone-number"> + - - - + + + + - + - + - - published - + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - last-modified + text - - + + - + - + + + + + + + + + + + + + + + + + + + + + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> - version + name - + - + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - oscal-version + short-name - + - + - - - - - - - - - - - + + + + + - - - - - - revisions - - - + + + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + - - published - + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> - - + + - + - + - - last-modified - + as-type="string" + name="telephone-number" + gi="telephone-number"> + - - - + + + + - + - + + + + + + + + + + + + + - - version - + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> - + - + - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> - oscal-version + city - + - + - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> - text + state - - + + - + - + - + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> + + postal-code + - - - - + + + - + - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> - text + country - - + + - + - + - - title - + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - short-name + text - - + + - + - - + + - description + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - - + + - address + description - - - - - - - - - - - - - - + + - + - + + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> - city + purpose - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - state + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - postal-code + text - - + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - country + title - - - - - - - - - - - - - - + + - + - - - - - - - - - - - + + + + + + + + + + - + - - + + + + description + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + - - name - + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> - + - + - - + + + + + + + + + + + + + + + + + - short-name + description - - + + - - - - - - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> - - + + - + - + - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - - - + + + - + - - - - - - - - + + + + + + + + + - + - - + + + + description + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - city + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - state + text - - + + - + - - + + - postal-code + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - country + text - - + + - + - - + + + + description + - - + + - + - - + + + + + + + + + + + + + + + - text + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - system-name + text - - + + - + - + - - system-name-short - + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> - + - + - + + + + + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - date-authorized - - - - - - - - - - + - + - - security-sensitivity-level - + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + + - - - - - + + - + - + + + + description + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - - + + - description + text - - + + - + - - - - + + + + + + + + + + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + - - + + - + - - + + - text + description - - + + - + + + + + + + + + + + + + + + - - + + - confidentiality-impact + citation + - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - base + text - - + + - + - + + + + + + + + + + + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> - selected + base64 + + - - - + + + + - + - - + + - adjustment-justification + title - - + + - - - - - - integrity-impact - - - - - - - - - + - + + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> - text + published - - + + - + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - base + last-modified - - + + - + - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> - selected + version - + - + - - + + - adjustment-justification + oscal-version - - + + - + - - - - availability-impact - + + + + + + + - - - + - + - + + + + revisions + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - + + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> - base + published - - + + - + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - selected + last-modified - - + + - + - - + + - adjustment-justification + version - - + + - + - + + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> - security-objective-confidentiality + oscal-version - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - security-objective-integrity + text - - + + - + - + + as-type="string" + name="document-id" + gi="document-id"> + + + + + + + + + + + + + + - security-objective-availability + text - - + + - + - - - - status - - + + + + + + + + - + - - + + - description + title - - + + - + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - text + short-name - - + + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - caption + title - + - + - - + + - description + address + + + + + + + + + + + + - - + + - + - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> - text + city - - + + - + - - + + - description + state - - + + - + - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> - text + postal-code - - + + - + - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> - caption + country - - + + - + - - - - description - + + - - + + - + - + - - text - + as-type="string" + name="telephone-number" + gi="telephone-number"> + - - - + + + + - + - - - - description - + + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + + + + + + + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> - caption + name - - + + - + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - text + short-name - - + + - + - + - - text - + as-type="string" + name="external-id" + gi="external-id"> + - - - - - - - - - - - - - - - - - - - - - - - - title - - - - - - - + + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + - - party-uuid - + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> - - + + - + - + - - date-authorized - + as-type="string" + name="telephone-number" + gi="telephone-number"> + - - - + + + + - + - - - - title - - - - - - - - + + + + + + + + + - + - + - - short-name - + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> - + - + - - + + - description + city - - + + - + - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> - text + state - - + + - + - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> - title + postal-code - - + + - + - - + + - description + country - - + + - + - + - - title - + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> - - + + - + - - + + - description + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - purpose + text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - status - - - - - - + - + + as-type="string" + name="system-name" + key="system-name" + gi="system-name" + in-json="SCALAR"> - text + system-name - - + + - + - + + as-type="string" + name="system-name-short" + key="system-name-short" + gi="system-name-short" + in-json="SCALAR"> - title + system-name-short - - + + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="date" + name="date-authorized" + key="date-authorized" + gi="date-authorized" + in-json="SCALAR"> - text + date-authorized - - + + - - - - - - - - - - - - + - + + as-type="string" + name="security-sensitivity-level" + key="security-sensitivity-level" + gi="security-sensitivity-level" + in-json="SCALAR"> - text + security-sensitivity-level - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - control-implementation - + + + + - - + + + + + + - + - - + + - description + title - - + + - + - - + + + + description + - - + + - + - - - - - - - - - - - + + + + - + - + - - text - + as-type="string" + name="information-type-id" + gi="information-type-id" + in-json="SCALAR"> - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - - - - - + - + + as-type="string" + name="base" + key="base" + gi="base" + in-json="SCALAR"> - text + base - - + + - + - + + as-type="string" + name="selected" + key="selected" + gi="selected" + in-json="SCALAR"> - text + selected - - + + - + - + + collapsible="no" + as-type="markup-multiline" + name="adjustment-justification" + key="adjustment-justification" + gi="adjustment-justification" + in-json="SCALAR"> - description + adjustment-justification - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="string" + name="base" + key="base" + gi="base" + in-json="SCALAR"> + + base + - + - + - - + + - export + selected - - - - - - - + + - + + + + + + - + + collapsible="no" + as-type="markup-multiline" + name="adjustment-justification" + key="adjustment-justification" + gi="adjustment-justification" + in-json="SCALAR"> - description + adjustment-justification - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - - - - + - - + + - description + base - - + + - + - + + as-type="string" + name="selected" + key="selected" + gi="selected" + in-json="SCALAR"> - text + selected - - + + - + - - + + - text + adjustment-justification - - + + - - - - - - - - - - - - - - + - - + + - description + security-objective-confidentiality - - + + - + - + + as-type="string" + name="security-objective-integrity" + key="security-objective-integrity" + gi="security-objective-integrity" + in-json="SCALAR"> - text + security-objective-integrity - - + + - + - + + as-type="string" + name="security-objective-availability" + key="security-objective-availability" + gi="security-objective-availability" + in-json="SCALAR"> - text + security-objective-availability - - + + - + - - - - - - - - + + + + status + + + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - text + description - - + + - - - - - - - - - - - - - - + - - + + - description + text - - + + - + - + + as-type="markup-line" + name="caption" + key="caption" + gi="caption" + in-json="SCALAR"> - text + caption - + - + - - + + - text + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="caption" + key="caption" + gi="caption" + in-json="SCALAR"> + + caption + - - + + - + - - + + - export + description - - - - - - - + + - + + + + + + - + + + + text + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - - - - + - - + + - description + caption - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - - + - + + - + - - + + - description + title - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="uuid" + name="party-uuid" + key="party-uuid" + gi="party-uuid" + in-json="SCALAR"> - text + party-uuid - - + + - - - - - - - - - - - - - + - - + + - description + date-authorized - - + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - text + short-name - - + + - - - - - - - - - - - - - - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - - + + - text + description - - + + - - - - - - - - - - - - - - - - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - - - - - - - - - - - - - - - - - - - - citation - - - - - - - + - + + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> - text + purpose - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - - + + + + status + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - base64 + text - - - - - - + + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - - + + - published + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - last-modified + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - version + text - - + + - + - + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - oscal-version + text - - + + - + - - - - - - - - - - - - - - - - - - revisions - - - - - - - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - - + + - published + control-implementation - - - - - - - + + + + - + - - + + - last-modified + description - - + + - + - + - - version - + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> - + - + - - - - oscal-version - - - - - - - - + + + + + + + + + + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + - + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> - - - - + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - short-name + text - - + + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + - - title - + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> - - + + - + - - + + - address + export - - - - - - + + + + + + - + - - + + + + description + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - city + text - - + + - + - - + + + + + + + + + + + + + + - state + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - postal-code + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - country + text - - - - - - - - - - - - - - + + - + - - - - - - - - - - - + + + + + + + + + + - + - - + + + + description + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - name + text - - + + - + - - + + + + + + + + + + + + + + - short-name + description - - + + - + - + - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - - - + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - - - - - - + + + + + + + + + + - + - - - + + + + description + - - - - + + + - - - - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - city + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - state + text - - + + - + - - + + - postal-code + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - country + text - - + + - + - + + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> - - + + - + - - - - text + + + + export + + + + + + + + + + + + + + + description - - + + - - - - - - local-definitions - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - purpose + text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - status - - + + + + + + + + - + - + + + + description + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - + + + + + - + - + - - + + - text + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - - - - - - short-name - - - - - - - - - - - - - - - description - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - - + + + + + + + + + + + + + + + + - description + citation + + + + + + + + + + + + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + base64 + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - - - - - - - - - + - + + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> - text + published - - + + - + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - title + last-modified - - + + - + - - + + - description + version - - + + - + - + + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> - text + oscal-version - - + + - + - - - + + - + + + + - - - + - + + + + revisions + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - - + + - description + published - - + + - + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - text + last-modified - - + + - + - - + + - description + version - - + + - + - + + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> - text + oscal-version - - + + - - - - - - - - - - - - - - + - - + + - description + text - - + + - + - + + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - + - + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + - - + + - - - - - - - - - + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> + + short-name + - - + + - - - - - - - - - - - - - - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - - + + - description + address + + + + + + + + + + + + - - + + - + - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> - text + city - - + + - - - - - - - - - - - - - - + - - + + - description + state - - + + - + - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> - text + postal-code - - + + - - - - - - - - - + - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> + + country + - - + + - - - - - - - - - + - + + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> - - + + - - - - - - - - - - - - - - + - - - - description - + + + - - - + + + + - + - + - - text - + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - terms-and-conditions - - - - - + - + + + + + + + + + + + + + + + + + + + + + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> - title + name - - + + - - - - - - - - - + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - text + short-name - - + + - + - - - - description - + + + - - - + + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - - - - - + - - - - description - + + - - + + - + - + - - text - + as-type="string" + name="telephone-number" + gi="telephone-number"> + - - - + + + + - + - - - - + + + + + + + + - + - + + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> - - + + - - - - - - - - - + - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> + + city + - - + + - - - - - - - - - - - - - - + - - + + - description + state - - + + - + - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> - text + postal-code - - + + - + - - + + - description + country - - + + - + - + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + local-definitions + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + status @@ -16242,116 +16904,127 @@ - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - - - - - - - - - + + + + description + + + - + + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + @@ -16359,4566 +17032,7059 @@ - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + + + short-name + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - timing - - - - - - - - - - - - on-date - - - - - - - - - - within-date-range - - - - - - - - - - - at-frequency - - - - - - - - - - - - - - - - - - - - - - - - - - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - - + + - text + description - - + + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + + + + + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - description + title - - + + - + - - + + - text + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - - + + - text + description - - + + - - - - - - - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - - - + + + - + - - - - citation - - + + + + + + + - + - - + + - text + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - - + + + + - + - + - - base64 - - - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> - - - - + + + - + - + + + + + + + + + - - title - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> - - + + - + - - + + + + + + + + + + + + + + + - published + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - last-modified + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - version + text - - + + - + - - + + - oscal-version + description - - + + - - - - - - - - - - - - - - - - - - - - revisions - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - - + + + + + + + + + + + + + + + - published + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - last-modified + text - - + + - + - + + + + + + + + + - - version - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> - - + + - + - + + + + + + + + + - - oscal-version - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> - - + + - + - - + + + + + + + + + + + + + + + - text + description - - + + - + - + - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - - - + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + terms-and-conditions + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + + + + + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - short-name + text - - + + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + + + + + + + + + + + + + + - title + description - - + + - + - - + + - address + text - - - - - - - - - - - - - - + + - + - + + + + + + + + + - - city - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> - - + + - + - + + + + + + + + + - - state - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> - - + + - + - - + + + + + + + + + + + + + + + - postal-code + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - country + text - - + + - + - - + + + + description + - - + + - + - + - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - - - + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - name + title - - + + - + - - + + - short-name + description - - + + - + - + - + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> + + purpose + - - - - + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + status + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - + - + - + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + - - - - + + + - + - - - - - - - - + + + + + + + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - city + text - - + + - + - + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - state + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - postal-code + text - - + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - country + title + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + timing + + + + + + + + + + + + on-date + + + + + + + + + + within-date-range + + + + + + + + + + + at-frequency + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + + + + + + + + + + + + + + + citation + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + base64 + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + + + + + published + + + + + + + + + + + + + + + last-modified + + + + + + + + + + + + + + + version + + + + + + + + + + + + + + + oscal-version + + + + + + + + + + + + + + + + + + + + + + + + + + + + + revisions + + + + + + + + + + title + + + + + + + + + + + + + + + published + + + + + + + + + + + + + + + last-modified + + + + + + + + + + + + + + + version + + + + + + + + + + + + + + + oscal-version + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + + + + + short-name + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + + + + + address + + + + + + + + + + + + + + + + + + + + + + + + + + + city + + + + + + + + + + + + + + + state + + + + + + + + + + + + + + + postal-code + + + + + + + + + + + + + + + country + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + name + + + + + + + + + + + + + + + short-name + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + city + + + + + + + + + + + + + + + state + + + + + + + + + + + + + + + postal-code + + + + + + + + + + + + + + + country + + + + + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + local-definitions + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + title + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + title + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> + + + + + + + + + + + + + + + + + + + + + + + + + - text + description - - + + - - - - - - local-definitions - - - - - - - + - - + + - description + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - - - - - - - - - + - - + + - text + description - - + + - + - + + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> - title + start - - + + - + - - + + - description + end - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - - - - - - - + + + + local-definitions + + + + + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> - text + purpose - + - - - - - - description - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - - - - - + + + + status + + - + - - + + - description + text - - + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - - - - - - - - - + - - + + + + description + - - + + - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - - - - - - - - - - - - - - + - - + + - description + text - - + + - + - + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - description + title - - + + - + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - text + short-name - - + + - - - - - - - - - - - - - - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + - - + + - + - - - - - + + + + description + + + - + + + + + + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + - - + + - - - - - - - - - - - - - - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + + + purpose + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + status + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - - + + + + + + + + + + + + + + - description + title - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - start + text - - + + - + - + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - end + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - local-definitions - - - - - - - - - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - purpose + text - + - + - - + + - text + timing - - + + + + - - - - + + + + + + on-date + + + - + - - + + - status + within-date-range - + + + + + + + + + + at-frequency + + + + + + + + + + - + - + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - text + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + - - short-name - - - - - - - - - - - - - + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - description + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - - - - description - - - - - - - - + + + + + + + + + + - + - - + + - purpose + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - status - - - + + + + - + - + - - text - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> - - + + - + - + + + + + + + + + - - title - + as-type="token" + name="statement-id" + gi="statement-id" + in-json="SCALAR"> - - + + - + - - - - + + + - + + + - + - - + + - title + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - - + + - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + title + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + assessment-log + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> - text + start - - + + - - - - - - timing - - - - - - - + - - + + - on-date + end - - + + - - - - - - within-date-range - - - - + + + + - + - - + + - at-frequency + text - - - - - - - - - - - + + - - - - - - - - - - - + + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + identified-subject + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - - - - - - - + + + + - + + + + + + - - - - description - + + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - - + + + + text + + + - + + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - + - - - - - + + + + description + + + - + + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - - - - - - - - - - - - - - + - - + + - description + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - + + + + identified-subject + + + - + - + + + + description + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - assessment-log - - - - - + - - - + + + + - - - - - - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + + + text + + + + + + + + + + + + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - start + text - - + + - + - + + as-type="dateTime-with-timezone" + name="collected" + key="collected" + gi="collected" + in-json="SCALAR"> - end + collected - + - + - + + as-type="dateTime-with-timezone" + name="expires" + key="expires" + gi="expires" + in-json="SCALAR"> - text + expires - - + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - - + + - text + description - - + + - + - + + collapsible="no" + as-type="markup-multiline" + name="statement" + key="statement" + gi="statement" + in-json="SCALAR"> - description + statement - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - identified-subject + text - - - + + - + + + + + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - title + identified-subject + + + + + + + + + + + description - - + + - + - - + + - description + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + key="identified-subject" + gi="identified-subject"> identified-subject @@ -20926,103 +24092,199 @@ - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + @@ -21032,1246 +24294,1301 @@ - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - + + + + deadline + + + + + + + + + + + + + + + + + + + - + - + + + + title + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - collected + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - expires + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - - + + - statement + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - text + identified-subject + + + + + + + + + + + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - description + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - identified-subject + title - - - + + - + + + + + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - - + + - text + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - text + timing - - + + + + - - - - + + + + + + on-date + + + - + - + + + + within-date-range + + + + + + + + + + + at-frequency + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - identified-subject - - - - - - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - - - - - - - - - description - - - - - - - - - - + - - + + - text + risk-log - - - - - - - + + - + - - - - + + + + + + + + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - - + + - text + description - - + + - + - + + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> - deadline + start - + - - - - - - - - - - - - - - - - - + - + - - title - - - - - - - - - - - - - + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end" + in-json="SCALAR"> - description + end - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + key="identified-subject" + gi="identified-subject"> identified-subject @@ -22279,3209 +25596,3131 @@ - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - - - - - + - - - - - - - - + + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - - + + - text + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - - + + - description + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - timing - - - - - - - - - - - - on-date - - - - - - - - - - within-date-range - - - - - - - - - - - at-frequency - - - - - - - - - - - - - - - - - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - description + identified-subject - - - - - - - + + + - + - - + + - text + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - - - - - - - - - - - description - - - - - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - - + + - text + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - risk-log + status - + + + - + - - + + + + implementation-statement-uuid + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - - - - - - start - - - - - - - - - - + - + - - end - + as-type="string" + name="document-id" + gi="document-id"> + - - - + + + + - + - - + + - text + citation - - - - - - - - - - - - - + - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> - text + base64 + + - - - + + + + - + - - + + - description + title - - + + - + - + + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> - text + published - - + + - + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - text + last-modified - - + + - + - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> - text + version - - + + - - - - - - identified-subject - - - - - - + - - + + - description + oscal-version - - + + - + - + + + + + + + + + + + + + + + + + + revisions + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - + + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> - text + published - - + + - + - + + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> - text + last-modified - - + + - - - - - - - - + - + + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> - title + version - - + + - + - - + + - description + oscal-version - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - + + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> - text + short-name - - + + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - - + + - text + address + + + + + + + + + + + + - - + + - - - - - - identified-subject - - - - - - + - - + + - description + city - - + + - + - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> - text + state - - + + - + - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> - text + postal-code - - + + - + - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> - text + country - - + + - + - + - - title - + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> - - + + - + - - - - description - + + + - - - + + + + - + - + - - text - + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> - - + + - - - - - - status - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - implementation-statement-uuid + text - - + + - - - - - - - - - - - - - - - + - - + + - - + + + + - - - - + + + + + + - + - + + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> - title + name - - + + - + - - + + - description + short-name - - + + - + - + + as-type="string" + name="external-id" + gi="external-id"> - - - + + + - - - - - - citation - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + - - text - + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> - - + + - + - - - - - + + + + + + + + + + + + + + + + + + + + + + - + - + - - base64 - - - + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> - - - - + + + - + - + + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> - title + city - - + + - + - + + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> - published + state - - + + - + - + + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> - last-modified + postal-code - - + + - + - + + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> - version + country - + - + + + + + + + + + + + + + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - oscal-version + text - - + + - - - - - - - - - - - - - - - - - - - - revisions - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - published + text - - + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - last-modified + title - - + + - + - - + + - version + description - - + + - + - + + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> - oscal-version + purpose - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - - - - - - - - + + + + status + + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - - + + - short-name + description - - + + - + - - + + - description + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - - + + - address + text - - - - - - - - - - - - - - + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - city + title - - + + - + - - + + - state + description - - + + - + - + + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> - postal-code + purpose - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - country + text - - + + - + - + + + + status + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - + - - - + + + + title + - - - - + + + - + - + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - name + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - short-name + text - - + + - + - + - + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> + + title + - - - - + + + - + - - + + - text + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - + - + - + as-type="string" + name="method" + gi="method" + in-json="SCALAR"> - - - - + + + - - - - - - - - - - - - - + - + + as-type="token" + name="type" + gi="type" + in-json="SCALAR"> - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - city + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - state + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - postal-code + text - - + + - + - - + + - country + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + + + + identified-subject + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - purpose + text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - status + text - + + + + + + + + + + + + + + + + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="dateTime-with-timezone" + name="collected" + key="collected" + gi="collected" + in-json="SCALAR"> - text + collected - - + + - - - - - - - - - - - - + - + + as-type="dateTime-with-timezone" + name="expires" + key="expires" + gi="expires" + in-json="SCALAR"> - text + expires - - + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - - + + - title + description - - + + - + - + + collapsible="no" + as-type="markup-multiline" + name="statement" + key="statement" + gi="statement" + in-json="SCALAR"> - description + statement - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - - - - - - - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + key="identified-subject" + gi="identified-subject"> identified-subject @@ -25489,818 +28728,825 @@ - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - - - + - - + + - description + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - collected + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - expires + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - - + + - description + text - - + + - + - + + + + identified-subject + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> - statement + description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - identified-subject - - - - - - + - - + + - description + deadline - - + + - + - - - - text - - - - - - - - + + + + + + + + + + + + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - - + + - text + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + key="identified-subject" + gi="identified-subject"> identified-subject @@ -26308,1621 +29554,1548 @@ - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - - - - + + + + + + - - - - - - text - - - - - - - - - - + - - - - - + + + + + - + - + - - + + - description + title - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - - - - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - - + + - text + description - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - deadline + text - - + + - - - - - - - - - - - - - - - - - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - text + timing - - + + + + - - - - + + + + + + on-date + + + - + - + + + + within-date-range + + + + + + + + + + + at-frequency + + + + + + + + + + + + + + + + + + + + + + + + + + + + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - identified-subject - - - - - - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - - - - - - - - - - - - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - - + + - text + risk-log - - + + - - - - + + + + + + + + + + + + + + + + - + - + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> - text + start - - + + - + - + - - title - - - - - - - - - - - - - + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end" + in-json="SCALAR"> - description + end - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - - - - - - timing - - - - - - - - - - - - on-date - - - - - + - - - - within-date-range - - - + + + + + + + - + - - + + - at-frequency + text - - - - - - - - - - - + + - - - - - - - - - - - + + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + identified-subject + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + + + + + + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> - text + title - + - + - - + + - risk-log + description - - + + - - - - - - - - - - - - - - - - + + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - title + text - + - + - - + + - description + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - start + text - - + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> - end + text - - + + - + - - + + - text + description - - + + - - - - - - - - - - - - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + + + identified-subject + + + + + + + + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - identified-subject + title - - - + + - + + + + + + - + + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description - + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text - + - + - - + + - text + status - - - - - - - + + + + - + - + + as-type="uuid" + name="implementation-statement-uuid" + key="implementation-statement-uuid" + gi="implementation-statement-uuid" + in-json="SCALAR"> - text + implementation-statement-uuid - - + + - + - + + + + + + + + + priority="5"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -27930,23 +31103,23 @@ + mode="get-value-property" + priority="5"> + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -27954,22 +31127,22 @@ + mode="get-value-property" + priority="5"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -27977,14 +31150,14 @@ + mode="get-value-property" + priority="7"> + priority="6"> @@ -27992,15 +31165,15 @@ + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -28008,14 +31181,22 @@ + mode="get-value-property" + priority="11"> + + + + + + + + priority="6"> @@ -28023,7 +31204,7 @@ + priority="6"> @@ -28031,7 +31212,7 @@ + priority="5"> @@ -28047,15 +31228,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -28063,23 +31244,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -28087,33 +31268,33 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> @@ -28126,15 +31307,15 @@ + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -28142,22 +31323,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -28165,14 +31346,14 @@ + mode="get-value-property" + priority="9"> + priority="7"> @@ -28182,14 +31363,14 @@ + priority="6"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -28200,7 +31381,7 @@ + mode="get-value-property"> @@ -28214,8 +31395,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-line')]"> @@ -28225,8 +31406,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-multiline')]"> @@ -28255,15 +31436,15 @@ + group-starting-with=".[matches(., '^```')]"> + select="not((position() mod 2) + number($starts-with-code))"/>

    + expand-text="true" + select="(replace(.,'^```','') ! normalize-space(.))[matches(.,'\S')]"/> @@ -28294,9 +31475,9 @@ + priority="1" + match="p[exists(@code)]" + expand-text="true">

              
                 language-{.}
    @@ -28334,8 +31515,8 @@
           
        
        
    +                  priority="5"
    +                  mode="make-row"/>
        
           
              
    @@ -28346,7 +31527,7 @@
           
        
        
    +                  mode="make-row">
           
              
                 
    @@ -28365,9 +31546,9 @@
        
           
              
    +                              select="tokenize(., '\n')">
                 
  • + type="{ if (matches(.,'\s*\d')) then 'ol' else 'ul' }">
    @@ -28381,7 +31562,7 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -28395,9 +31576,9 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + group-starting-with="li[(@level = $level) or not(@type = preceding-sibling::*[1]/@type)]">
  • @@ -28576,40 +31757,40 @@ { insertion } + elements="s:*"/> + elements="s:flag s:value"/> + name="write-xml"/> + match="s:*[exists(@gi)]" + mode="write-xml"> + match="s:value[@as-type=('markup-line','markup-multiline')]" + mode="write-xml"> + match="p | ul | ol | pre | h1 | h2 | h3 | h4 | h5 | h6 | table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="s:flag" + mode="write-xml"> + match="*" + mode="cast-prose"> diff --git a/xml/convert/oscal_component_json-to-xml-converter.xsl b/xml/convert/oscal_component_json-to-xml-converter.xsl index e482720c53..d21307ca94 100644 --- a/xml/convert/oscal_component_json-to-xml-converter.xsl +++ b/xml/convert/oscal_component_json-to-xml-converter.xsl @@ -1,12 +1,12 @@ + xmlns:j="http://www.w3.org/2005/xpath-functions" + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + version="3.0" + exclude-result-prefixes="#all"> @@ -31,7 +31,7 @@ + select="unparsed-text($file) ! json-to-xml(.)"> {{ $err:description }} @@ -92,8 +92,8 @@ + key="component-definition" + gi="component-definition"> component-definition @@ -128,6 +128,7 @@ + @@ -140,6 +141,7 @@ + @@ -150,64 +152,32 @@ + - - - - - - - - - - - - - - + - - - - - - - - + + + + - + - - + + + - - - - - - - - - - - - - - - - - - - + + @@ -215,8 +185,8 @@ + name="import-component-definition" + gi="import-component-definition"> @@ -312,12 +282,12 @@ + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks @@ -325,8 +295,8 @@ + mode="get-value-property" + priority="8"> @@ -335,16 +305,16 @@ + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> @@ -353,16 +323,16 @@ + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> @@ -382,549 +352,633 @@ + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="3"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> - + + mode="keep-value-property" + priority="8"> + as-type="string" + name="value" + key="value" + gi="value"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="8"> + + + + + + + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="8"> + + + + + + + priority="6"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> - + mode="keep-value-property" + priority="6"> + - - + + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="token" + name="location-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="7"> + priority="8"> + as-type="string" + name="type" + key="type" + gi="type"> - + mode="keep-value-property" + priority="8"> + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - - + + + as-type="string" + name="type" + key="type" + gi="type"> - + + priority="8"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="6"> + + + + + + + + + + + + + + + + + + + + + + + + + priority="1"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="5"> + as-type="string" + name="defined-component-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="7"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="7"> + priority="1"> + as-type="string" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="7"> + priority="1"> + as-type="nonNegativeInteger" + name="start" + key="start" + gi="start"> + mode="keep-value-property" + priority="9"> + priority="1"> + as-type="nonNegativeInteger" + name="end" + key="end" + gi="end"> + mode="keep-value-property" + priority="9"> + priority="1"> + as-type="token" + name="transport" + key="transport" + gi="transport"> + mode="keep-value-property" + priority="9"> + priority="7"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + mode="keep-value-property" + priority="7"> + + as-type="uri-reference" + name="source" + key="source" + gi="source"> + mode="keep-value-property" + priority="7"> + as-type="token" + name="param-id" + key="param-id" + gi="param-id"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="9"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + mode="keep-value-property" + priority="9"> + as-type="token" + name="statement-id" + key="statement-id" + gi="statement-id"> + mode="keep-value-property" + priority="11"> + priority="11"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="11"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="string" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + mode="keep-value-property" + priority="7"> + priority="6"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="8"> + priority="3"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> + mode="keep-value-property" + priority="10"> + priority="7"> + as-type="token" + name="filename" + key="filename" + gi="filename"> + mode="keep-value-property" + priority="7"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="7"> + priority="4"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -932,22 +986,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -955,22 +1009,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -978,22 +1032,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1001,22 +1055,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1024,14 +1078,14 @@ + mode="get-value-property" + priority="4"> + priority="5"> @@ -1046,14 +1100,14 @@ + priority="4"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -1061,15 +1115,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1077,22 +1131,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1100,22 +1154,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1123,22 +1177,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1146,22 +1200,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1169,22 +1223,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1192,41 +1246,41 @@ + mode="get-value-property" + priority="8"> + priority="5"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1234,22 +1288,36 @@ + mode="get-value-property" + priority="6"> + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1257,22 +1325,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1280,23 +1348,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -1304,22 +1372,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1327,22 +1395,38 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1350,14 +1434,14 @@ + mode="get-value-property" + priority="6"> + priority="6"> @@ -1373,34 +1457,34 @@ + priority="8"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> + priority="7"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -1408,22 +1492,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -1431,22 +1515,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -1454,22 +1538,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -1477,79 +1561,80 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="7"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1557,22 +1642,42 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + + + + + priority="6"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -1580,22 +1685,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1603,41 +1708,41 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="external-id" + gi="external-id"> + mode="get-value-property"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1645,52 +1750,52 @@ + mode="get-value-property" + priority="8"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="8"> @@ -1703,34 +1808,34 @@ + priority="10"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="9"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -1738,22 +1843,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -1761,22 +1866,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -1784,22 +1889,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -1807,41 +1912,41 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1849,22 +1954,68 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + priority="5"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1872,23 +2023,23 @@ + mode="get-value-property" + priority="5"> + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -1896,22 +2047,22 @@ + mode="get-value-property" + priority="5"> + priority="5"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -1919,22 +2070,22 @@ + mode="get-value-property" + priority="5"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1942,22 +2093,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1965,22 +2116,22 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1988,14 +2139,14 @@ + mode="get-value-property" + priority="7"> + priority="6"> @@ -2009,16 +2160,16 @@ + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2026,22 +2177,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2049,33 +2200,33 @@ + mode="get-value-property" + priority="9"> + priority="10"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="8"> @@ -2091,16 +2242,16 @@ + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2108,22 +2259,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2131,41 +2282,41 @@ + mode="get-value-property" + priority="11"> + priority="12"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + mode="get-value-property" + priority="12"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2173,14 +2324,14 @@ + mode="get-value-property" + priority="13"> + priority="10"> @@ -2194,16 +2345,16 @@ + priority="11"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2211,22 +2362,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2234,22 +2385,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2257,23 +2408,23 @@ + mode="get-value-property" + priority="15"> + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2281,22 +2432,22 @@ + mode="get-value-property" + priority="5"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2304,23 +2455,23 @@ + mode="get-value-property" + priority="7"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2328,14 +2479,14 @@ + mode="get-value-property" + priority="7"> + priority="6"> @@ -2349,16 +2500,16 @@ + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2366,22 +2517,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2389,33 +2540,33 @@ + mode="get-value-property" + priority="9"> + priority="10"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="8"> @@ -2431,16 +2582,16 @@ + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2448,22 +2599,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2471,41 +2622,41 @@ + mode="get-value-property" + priority="11"> + priority="12"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + mode="get-value-property" + priority="12"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2513,14 +2664,14 @@ + mode="get-value-property" + priority="13"> + priority="10"> @@ -2534,16 +2685,16 @@ + priority="11"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2551,22 +2702,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2574,22 +2725,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2597,14 +2748,14 @@ + mode="get-value-property" + priority="15"> + priority="5"> @@ -2620,15 +2771,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2636,23 +2787,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2660,33 +2811,33 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> @@ -2699,15 +2850,15 @@ + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2715,22 +2866,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2738,14 +2889,14 @@ + mode="get-value-property" + priority="9"> + priority="7"> @@ -2755,14 +2906,14 @@ + priority="6"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -2773,7 +2924,7 @@ + mode="get-value-property"> @@ -2787,8 +2938,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-line')]"> @@ -2798,8 +2949,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-multiline')]"> @@ -2828,15 +2979,15 @@ + group-starting-with=".[matches(., '^```')]"> + select="not((position() mod 2) + number($starts-with-code))"/>

    + expand-text="true" + select="(replace(.,'^```','') ! normalize-space(.))[matches(.,'\S')]"/> @@ -2867,9 +3018,9 @@ + priority="1" + match="p[exists(@code)]" + expand-text="true">

              
                 language-{.}
    @@ -2907,8 +3058,8 @@
           
        
        
    +                  priority="5"
    +                  mode="make-row"/>
        
           
              
    @@ -2919,7 +3070,7 @@
           
        
        
    +                  mode="make-row">
           
              
                 
    @@ -2938,9 +3089,9 @@
        
           
              
    +                              select="tokenize(., '\n')">
                 
  • + type="{ if (matches(.,'\s*\d')) then 'ol' else 'ul' }">
    @@ -2954,7 +3105,7 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -2968,9 +3119,9 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + group-starting-with="li[(@level = $level) or not(@type = preceding-sibling::*[1]/@type)]">
  • @@ -3149,40 +3300,40 @@ { insertion } + elements="s:*"/> + elements="s:flag s:value"/> + name="write-xml"/> + match="s:*[exists(@gi)]" + mode="write-xml"> + match="s:value[@as-type=('markup-line','markup-multiline')]" + mode="write-xml"> + match="p | ul | ol | pre | h1 | h2 | h3 | h4 | h5 | h6 | table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="s:flag" + mode="write-xml"> + match="*" + mode="cast-prose"> diff --git a/xml/convert/oscal_mapping_json-to-xml-converter.xsl b/xml/convert/oscal_mapping_json-to-xml-converter.xsl new file mode 100644 index 0000000000..31b0fa7fb5 --- /dev/null +++ b/xml/convert/oscal_mapping_json-to-xml-converter.xsl @@ -0,0 +1,2571 @@ + + + + + + + + + + + xml + + + No file found at { $file } + + + + + + + {{ $err:description }} + + + + + + + {{ $err:description }} + + + + + + + + + + + + Error in XSLT invocation - an initial template (-it) is expected ('from-json' or 'from-xdm-json-xml'), but none is given + + + + + + + + { $err:description } + + + + + + + + + + No XPath (XML) JSON found at { $file } - using syntax of http://www.w3.org/2005/xpath-functions + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mapping-collection + + + http://csrc.nist.gov/ns/oscal/1.0 + + + + + + + + + + + + + metadata + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mapping + + + + + + + + + + + + + source-resource + + + + + + + + + + + + + + target-resource + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + back-matter + + + + + + + + + + remarks + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + + + + + published + + + + + + + + + + + + + + + last-modified + + + + + + + + + + + + + + + version + + + + + + + + + + + + + + + oscal-version + + + + + + + + + + + + + + + + + + + + + + + + + + + + + revisions + + + + + + + + + + title + + + + + + + + + + + + + + + published + + + + + + + + + + + + + + + last-modified + + + + + + + + + + + + + + + version + + + + + + + + + + + + + + + oscal-version + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + + + + + short-name + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + + + + + address + + + + + + + + + + + + + + + + + + + + + + + + + + + city + + + + + + + + + + + + + + + state + + + + + + + + + + + + + + + postal-code + + + + + + + + + + + + + + + country + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + name + + + + + + + + + + + + + + + short-name + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + city + + + + + + + + + + + + + + + state + + + + + + + + + + + + + + + postal-code + + + + + + + + + + + + + + + country + + + + + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + relationship + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + + + + + + + + + + + + + + + citation + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + base64 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

    + + + + + +

    +
    +
    + + + + + + + + + + + + + + + + +
    + + + + + + + +
    +         
    +            language-{.}
    +         
    +         
    +      
    +
    + + +

    + + +

    +
    +
    + + + + + + + + + + + + + + + + + + + +
    +
    + + + + + + + + + + + + + + + + + + + + + +

    + +

    +
    + ^\s*(\*|\d+\.)\s + + + +
  • + + +
    +
    + +
    +
  • +
    +
    +
    + + + + + + + + + + + + + + + + + + + +
  • + + + + + + + + +
  • +
    + + +
  • + + + + + +
  • +
    +
    +
    +
    + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + &amp; + &lt; + + &quot; + + &#x2A; + &#x60; + &#x7E; + &#x5E; + + + + + + + + + + + + + + + + + + + "" + !\[{{$noclosebracket}}\] + \{\{\s*insert: ,\s*\s*\}\} + \(\) + `` + + \*\*\*\*\*\* + + \*\*\*\* + \*\* + ~~ + \^\^ + + + + + + + + + + + + + + + + (.*?) + + + (\i\c*?) + + + ([^{ @not }]*?) + + + + < + + + xmlns="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + + + > + + </ + + > + + + $1 + + + + <insert xmlns="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + + + /> + + + type='$1' + + + id-ref='$2' + + + href='$2' + + + + alt='$1' + + + + src='$2' + + + { insertion } + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/xml/convert/oscal_poam_json-to-xml-converter.xsl b/xml/convert/oscal_poam_json-to-xml-converter.xsl index 162e438c28..cbeecc1af7 100644 --- a/xml/convert/oscal_poam_json-to-xml-converter.xsl +++ b/xml/convert/oscal_poam_json-to-xml-converter.xsl @@ -1,12 +1,12 @@ + xmlns:j="http://www.w3.org/2005/xpath-functions" + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + version="3.0" + exclude-result-prefixes="#all"> @@ -31,7 +31,7 @@ + select="unparsed-text($file) ! json-to-xml(.)"> {{ $err:description }} @@ -92,8 +92,8 @@ + key="plan-of-action-and-milestones" + gi="plan-of-action-and-milestones"> plan-of-action-and-milestones @@ -107,6 +107,7 @@ + @@ -131,6 +132,7 @@ +
    @@ -143,6 +145,7 @@ +
    @@ -153,64 +156,32 @@ + - - - - - - - - - - - - - - + - - - - - - - - + + + + - + - - + + + - - - - - - - - - - - - - - - - - - - + + @@ -229,13 +200,14 @@ + key="local-definitions" + gi="local-definitions"> local-definitions + @@ -299,6 +271,19 @@ + + + + + + assessment-assets + + + + + @@ -371,9 +356,9 @@ + name="include-all" + key="include-all" + gi="include-all"> include-all @@ -459,6 +444,54 @@ + + + + + + + + + + + + + + + + + + + + + + + target + + + + + + + + + + + + + + + + + + implementation-status + + + + + @@ -469,6 +502,7 @@ + @@ -488,12 +522,12 @@ + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks @@ -501,8 +535,8 @@ + mode="get-value-property" + priority="8"> @@ -511,16 +545,16 @@ + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> @@ -529,16 +563,16 @@ + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> @@ -547,10 +581,10 @@ + as-type="string" + name="system-id" + key="system-id" + gi="system-id"> system-id @@ -568,11 +602,11 @@ + as-type="token" + name="risk-status" + key="status" + gi="status" + in-json="SCALAR"> status @@ -580,8 +614,8 @@ + mode="get-value-property" + priority="5"> @@ -605,11 +639,11 @@ + as-type="token" + name="risk-status" + key="status-change" + gi="status-change" + in-json="SCALAR"> status-change @@ -617,8 +651,8 @@ + mode="get-value-property" + priority="8"> @@ -638,986 +672,1210 @@ + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="3"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> - + + mode="keep-value-property" + priority="8"> + as-type="string" + name="value" + key="value" + gi="value"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="8"> + + + + + + + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="8"> + + + + + + + priority="6"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> - + mode="keep-value-property" + priority="6"> + - - + + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="token" + name="location-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="7"> + priority="8"> + as-type="string" + name="type" + key="type" + gi="type"> - + mode="keep-value-property" + priority="8"> + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - - + + + as-type="string" + name="type" + key="type" + gi="type"> - + + priority="8"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="6"> + + + + + + + + + + + + + + + + + + + + + + + + + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="4"> + priority="1"> + as-type="uri" + name="identifier-type" + key="identifier-type" + gi="identifier-type"> + mode="keep-value-property" + priority="4"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + as-type="string" + name="system-component-type" + key="type" + gi="type"> - + mode="keep-value-property" + priority="6"> + + as-type="token" + name="state" + key="state" + gi="state"> - + + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="string" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="nonNegativeInteger" + name="start" + key="start" + gi="start"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="nonNegativeInteger" + name="end" + key="end" + gi="end"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="token" + name="transport" + key="transport" + gi="transport"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + mode="keep-value-property" + priority="8"> + + + + + + + + + + + + + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="5"> + as-type="token" + name="type" + key="type" + gi="type"> + mode="keep-value-property" + priority="9"> + priority="1"> + as-type="uuid" + name="actor-uuid" + key="actor-uuid" + gi="actor-uuid"> + mode="keep-value-property" + priority="9"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="9"> + priority="1"> + as-type="uuid" + name="task-uuid" + key="task-uuid" + gi="task-uuid"> + mode="keep-value-property" + priority="9"> + priority="1"> + as-type="token" + name="type" + key="type" + gi="type"> + mode="keep-value-property" + priority="11"> + as-type="uuid" + name="subject-uuid" + key="subject-uuid" + gi="subject-uuid"> + mode="keep-value-property" + priority="14"> + as-type="token" + name="subject-type" + key="type" + gi="type"> - + mode="keep-value-property" + priority="14"> + + as-type="uuid" + name="subject-placeholder-uuid" + key="subject-placeholder-uuid" + gi="subject-placeholder-uuid"> - + + as-type="uuid" + name="subject-uuid" + key="subject-uuid" + gi="subject-uuid"> + mode="keep-value-property" + priority="7"> + as-type="token" + name="subject-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="7"> + priority="7"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="7"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="uri" + name="system" + key="system" + gi="system"> + mode="keep-value-property" + priority="7"> + priority="1"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="7"> + priority="9"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="uri" + name="system" + key="system" + gi="system"> + mode="keep-value-property" + priority="9"> + priority="9"> + as-type="string" + name="value" + key="value" + gi="value"> + mode="keep-value-property" + priority="9"> + priority="7"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="7"> + priority="7"> + as-type="uuid" + name="implementation-uuid" + key="implementation-uuid" + gi="implementation-uuid"> + mode="keep-value-property" + priority="7"> + priority="7"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="7"> + priority="7"> + as-type="token" + name="lifecycle" + key="lifecycle" + gi="lifecycle"> + mode="keep-value-property" + priority="7"> + priority="9"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="9"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="9"> + as-type="token" + name="type" + key="type" + gi="type"> + mode="keep-value-property" + priority="9"> + priority="12"> + as-type="dateTime-with-timezone" + name="date" + key="date" + gi="date"> + mode="keep-value-property" + priority="12"> + priority="12"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start"> + mode="keep-value-property" + priority="12"> + priority="12"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end"> + mode="keep-value-property" + priority="12"> + priority="12"> + as-type="positiveInteger" + name="period" + key="period" + gi="period"> + mode="keep-value-property" + priority="12"> + priority="12"> + as-type="string" + name="unit" + key="unit" + gi="unit"> + mode="keep-value-property" + priority="12"> + priority="11"> + as-type="uuid" + name="task-uuid" + key="task-uuid" + gi="task-uuid"> + mode="keep-value-property" + priority="11"> + priority="11"> + as-type="uuid" + name="activity-uuid" + key="activity-uuid" + gi="activity-uuid"> + mode="keep-value-property" + priority="11"> + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="uuid" + name="party-uuid" + key="party-uuid" + gi="party-uuid"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="10"> + priority="10"> + as-type="uuid" + name="response-uuid" + key="response-uuid" + gi="response-uuid"> + mode="keep-value-property" + priority="10"> + priority="7"> + as-type="uuid" + name="observation-uuid" + key="observation-uuid" + gi="observation-uuid"> + mode="keep-value-property" + priority="7"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mode="keep-value-property" + priority="5"> + + as-type="uuid" + name="finding-uuid" + key="finding-uuid" + gi="finding-uuid"> - + + priority="7"> + as-type="uuid" + name="observation-uuid" + key="observation-uuid" + gi="observation-uuid"> + mode="keep-value-property" + priority="7"> + priority="7"> + as-type="uuid" + name="risk-uuid" + key="risk-uuid" + gi="risk-uuid"> + mode="keep-value-property" + priority="7"> + priority="6"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="8"> + priority="3"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> + mode="keep-value-property" + priority="10"> + priority="7"> + as-type="token" + name="filename" + key="filename" + gi="filename"> + mode="keep-value-property" + priority="7"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="7"> + priority="4"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1625,22 +1883,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1648,22 +1906,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1671,22 +1929,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1694,22 +1952,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1717,14 +1975,14 @@ + mode="get-value-property" + priority="4"> + priority="5"> @@ -1739,14 +1997,14 @@ + priority="4"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -1754,15 +2012,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1770,22 +2028,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1793,22 +2051,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1816,22 +2074,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1839,22 +2097,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1862,22 +2120,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1885,41 +2143,41 @@ + mode="get-value-property" + priority="8"> + priority="5"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1927,22 +2185,36 @@ + mode="get-value-property" + priority="6"> + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1950,22 +2222,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1973,23 +2245,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -1997,22 +2269,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2020,22 +2292,38 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2043,14 +2331,14 @@ + mode="get-value-property" + priority="6"> + priority="6"> @@ -2066,34 +2354,34 @@ + priority="8"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> + priority="7"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -2101,22 +2389,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -2124,22 +2412,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -2147,22 +2435,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -2170,79 +2458,80 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="7"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2250,22 +2539,42 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + + + + + priority="6"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -2273,22 +2582,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -2296,41 +2605,41 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="external-id" + gi="external-id"> + mode="get-value-property"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2338,52 +2647,52 @@ + mode="get-value-property" + priority="8"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="8"> @@ -2396,34 +2705,34 @@ + priority="10"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="9"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -2431,22 +2740,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -2454,22 +2763,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -2477,22 +2786,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -2500,41 +2809,41 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2542,22 +2851,68 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2565,23 +2920,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2589,22 +2944,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -2612,22 +2967,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2635,14 +2990,14 @@ + mode="get-value-property" + priority="8"> + priority="6"> @@ -2654,15 +3009,15 @@ + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2670,22 +3025,22 @@ + mode="get-value-property" + priority="10"> + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2693,23 +3048,23 @@ + mode="get-value-property" + priority="8"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2717,22 +3072,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2740,22 +3095,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2763,14 +3118,14 @@ + mode="get-value-property" + priority="10"> + priority="7"> @@ -2782,15 +3137,15 @@ + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2798,22 +3153,22 @@ + mode="get-value-property" + priority="10"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2821,22 +3176,290 @@ + mode="get-value-property" + priority="12"> + + + + + + + + + + title + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + purpose + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + status + + + + + + + + + + + text + + + + + + + + + + + + + + + title + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + priority="5"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2844,23 +3467,23 @@ + mode="get-value-property" + priority="5"> + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2868,22 +3491,22 @@ + mode="get-value-property" + priority="5"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2891,60 +3514,60 @@ + mode="get-value-property" + priority="7"> + priority="6"> + as-type="string" + name="method" + gi="method" + in-json="SCALAR"> + mode="get-value-property" + priority="6"> + priority="6"> + as-type="token" + name="type" + gi="type" + in-json="SCALAR"> + mode="get-value-property" + priority="6"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2952,22 +3575,22 @@ + mode="get-value-property" + priority="11"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2975,22 +3598,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2998,23 +3621,23 @@ + mode="get-value-property" + priority="13"> + priority="11"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3022,22 +3645,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3045,22 +3668,22 @@ + mode="get-value-property" + priority="13"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3068,22 +3691,22 @@ + mode="get-value-property" + priority="16"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3091,19 +3714,19 @@ + mode="get-value-property" + priority="15"> + priority="9"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -3112,16 +3735,16 @@ + priority="12"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3129,22 +3752,22 @@ + mode="get-value-property" + priority="12"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3152,22 +3775,22 @@ + mode="get-value-property" + priority="14"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3175,22 +3798,22 @@ + mode="get-value-property" + priority="17"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3198,14 +3821,14 @@ + mode="get-value-property" + priority="16"> + priority="6"> @@ -3218,15 +3841,15 @@ + priority="7"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3234,22 +3857,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3257,14 +3880,14 @@ + mode="get-value-property" + priority="9"> + priority="6"> @@ -3276,16 +3899,16 @@ + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3293,22 +3916,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3316,22 +3939,22 @@ + mode="get-value-property" + priority="9"> + priority="5"> + as-type="dateTime-with-timezone" + name="collected" + key="collected" + gi="collected" + in-json="SCALAR"> collected @@ -3339,22 +3962,22 @@ + mode="get-value-property" + priority="5"> + priority="5"> + as-type="dateTime-with-timezone" + name="expires" + key="expires" + gi="expires" + in-json="SCALAR"> expires @@ -3362,22 +3985,22 @@ + mode="get-value-property" + priority="5"> + priority="5"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3385,23 +4008,23 @@ + mode="get-value-property" + priority="5"> + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3409,23 +4032,23 @@ + mode="get-value-property" + priority="5"> + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="statement" + key="statement" + gi="statement" + in-json="SCALAR"> statement @@ -3433,22 +4056,22 @@ + mode="get-value-property" + priority="5"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3456,22 +4079,22 @@ + mode="get-value-property" + priority="7"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3479,22 +4102,22 @@ + mode="get-value-property" + priority="11"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3502,22 +4125,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3525,23 +4148,23 @@ + mode="get-value-property" + priority="13"> + priority="11"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3549,22 +4172,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3572,22 +4195,22 @@ + mode="get-value-property" + priority="13"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3595,22 +4218,22 @@ + mode="get-value-property" + priority="16"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3618,19 +4241,19 @@ + mode="get-value-property" + priority="15"> + priority="9"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -3639,16 +4262,16 @@ + priority="12"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3656,22 +4279,22 @@ + mode="get-value-property" + priority="12"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3679,22 +4302,22 @@ + mode="get-value-property" + priority="14"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3702,22 +4325,22 @@ + mode="get-value-property" + priority="17"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3725,22 +4348,22 @@ + mode="get-value-property" + priority="16"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3748,22 +4371,22 @@ + mode="get-value-property" + priority="9"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3771,22 +4394,22 @@ + mode="get-value-property" + priority="12"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3794,22 +4417,22 @@ + mode="get-value-property" + priority="12"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3817,23 +4440,23 @@ + mode="get-value-property" + priority="14"> + priority="12"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3841,22 +4464,22 @@ + mode="get-value-property" + priority="12"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3864,22 +4487,22 @@ + mode="get-value-property" + priority="14"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3887,22 +4510,22 @@ + mode="get-value-property" + priority="17"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3910,19 +4533,19 @@ + mode="get-value-property" + priority="16"> + priority="10"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -3931,16 +4554,16 @@ + priority="13"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3948,22 +4571,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3971,22 +4594,22 @@ + mode="get-value-property" + priority="15"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3994,22 +4617,22 @@ + mode="get-value-property" + priority="18"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4017,14 +4640,14 @@ + mode="get-value-property" + priority="17"> + priority="8"> @@ -4037,15 +4660,15 @@ + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4053,14 +4676,14 @@ + mode="get-value-property" + priority="11"> + priority="6"> @@ -4073,16 +4696,16 @@ + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4090,22 +4713,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4113,14 +4736,14 @@ + mode="get-value-property" + priority="9"> + priority="8"> @@ -4133,15 +4756,15 @@ + priority="9"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4149,22 +4772,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4172,22 +4795,22 @@ + mode="get-value-property" + priority="11"> + priority="5"> + as-type="dateTime-with-timezone" + name="deadline" + key="deadline" + gi="deadline" + in-json="SCALAR"> deadline @@ -4195,14 +4818,14 @@ + mode="get-value-property" + priority="5"> + priority="6"> @@ -4219,15 +4842,15 @@ + priority="7"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4235,23 +4858,23 @@ + mode="get-value-property" + priority="7"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4259,22 +4882,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4282,22 +4905,22 @@ + mode="get-value-property" + priority="9"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4305,22 +4928,22 @@ + mode="get-value-property" + priority="13"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4328,22 +4951,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4351,23 +4974,23 @@ + mode="get-value-property" + priority="15"> + priority="13"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4375,22 +4998,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4398,22 +5021,22 @@ + mode="get-value-property" + priority="15"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4421,22 +5044,22 @@ + mode="get-value-property" + priority="18"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4444,19 +5067,19 @@ + mode="get-value-property" + priority="17"> + priority="11"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -4465,16 +5088,16 @@ + priority="14"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4482,22 +5105,22 @@ + mode="get-value-property" + priority="14"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4505,22 +5128,22 @@ + mode="get-value-property" + priority="16"> + priority="19"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4528,22 +5151,22 @@ + mode="get-value-property" + priority="19"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4551,14 +5174,14 @@ + mode="get-value-property" + priority="18"> + priority="8"> @@ -4572,7 +5195,7 @@ + priority="10"> @@ -4585,15 +5208,15 @@ + priority="11"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4601,22 +5224,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4624,22 +5247,22 @@ + mode="get-value-property" + priority="13"> + priority="9"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4647,23 +5270,23 @@ + mode="get-value-property" + priority="9"> + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4671,22 +5294,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4694,22 +5317,22 @@ + mode="get-value-property" + priority="11"> + priority="9"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -4717,23 +5340,23 @@ + mode="get-value-property" + priority="9"> + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4741,22 +5364,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4764,14 +5387,14 @@ + mode="get-value-property" + priority="11"> + priority="9"> @@ -4784,7 +5407,7 @@ + priority="11"> @@ -4795,13 +5418,13 @@ + priority="11"> + name="within-date-range" + key="within-date-range" + gi="within-date-range"> within-date-range @@ -4810,13 +5433,13 @@ + priority="11"> + name="at-frequency" + key="at-frequency" + gi="at-frequency"> at-frequency @@ -4825,7 +5448,7 @@ + priority="10"> @@ -4834,7 +5457,7 @@ + priority="10"> @@ -4847,15 +5470,15 @@ + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4863,22 +5486,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4886,23 +5509,23 @@ + mode="get-value-property" + priority="15"> + priority="13"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4910,22 +5533,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4933,22 +5556,22 @@ + mode="get-value-property" + priority="15"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4956,22 +5579,22 @@ + mode="get-value-property" + priority="18"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4979,23 +5602,23 @@ + mode="get-value-property" + priority="17"> + priority="11"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5003,22 +5626,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5026,22 +5649,22 @@ + mode="get-value-property" + priority="13"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5049,22 +5672,22 @@ + mode="get-value-property" + priority="16"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5072,22 +5695,22 @@ + mode="get-value-property" + priority="15"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5095,14 +5718,14 @@ + mode="get-value-property" + priority="13"> + priority="5"> @@ -5113,7 +5736,7 @@ + priority="7"> @@ -5131,15 +5754,15 @@ + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5147,23 +5770,23 @@ + mode="get-value-property" + priority="8"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5171,22 +5794,22 @@ + mode="get-value-property" + priority="8"> + priority="8"> + as-type="dateTime-with-timezone" + name="start" + key="start" + gi="start" + in-json="SCALAR"> start @@ -5194,22 +5817,22 @@ + mode="get-value-property" + priority="8"> + priority="8"> + as-type="dateTime-with-timezone" + name="end" + key="end" + gi="end" + in-json="SCALAR"> end @@ -5217,22 +5840,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5240,14 +5863,14 @@ + mode="get-value-property" + priority="10"> + priority="9"> @@ -5259,15 +5882,15 @@ + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5275,22 +5898,22 @@ + mode="get-value-property" + priority="12"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5298,22 +5921,22 @@ + mode="get-value-property" + priority="14"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5321,23 +5944,23 @@ + mode="get-value-property" + priority="16"> + priority="14"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5345,22 +5968,22 @@ + mode="get-value-property" + priority="14"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5368,22 +5991,22 @@ + mode="get-value-property" + priority="16"> + priority="19"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5391,22 +6014,22 @@ + mode="get-value-property" + priority="19"> + priority="18"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5414,19 +6037,19 @@ + mode="get-value-property" + priority="18"> + priority="12"> + key="identified-subject" + gi="identified-subject"> identified-subject @@ -5435,16 +6058,16 @@ + priority="15"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5452,22 +6075,22 @@ + mode="get-value-property" + priority="15"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5475,22 +6098,22 @@ + mode="get-value-property" + priority="17"> + priority="20"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5498,22 +6121,22 @@ + mode="get-value-property" + priority="20"> + priority="19"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5521,30 +6144,491 @@ + mode="get-value-property" + priority="19"> + priority="6"> + + + + + + title + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + identified-subject + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + title + + + + + + + + + + + + + + + description + + + + + + + + + + + + + + + text + + + + + + + + + + + + + + + status + + + + + + + + + + + + implementation-statement-uuid + + + + + + + + + + + + + + + + + + + + + + + + priority="5"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5552,23 +6636,23 @@ + mode="get-value-property" + priority="5"> + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5576,22 +6660,22 @@ + mode="get-value-property" + priority="5"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5599,14 +6683,14 @@ + mode="get-value-property" + priority="7"> + priority="6"> @@ -5614,15 +6698,15 @@ + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5630,14 +6714,22 @@ + mode="get-value-property" + priority="11"> + + + + + + + + priority="6"> @@ -5645,7 +6737,7 @@ + priority="6"> @@ -5653,7 +6745,7 @@ + priority="5"> @@ -5669,15 +6761,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5685,23 +6777,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5709,33 +6801,33 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> @@ -5748,15 +6840,15 @@ + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5764,22 +6856,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5787,14 +6879,14 @@ + mode="get-value-property" + priority="9"> + priority="7"> @@ -5804,14 +6896,14 @@ + priority="6"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -5822,7 +6914,7 @@ + mode="get-value-property"> @@ -5836,8 +6928,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-line')]"> @@ -5847,8 +6939,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-multiline')]"> @@ -5877,15 +6969,15 @@ + group-starting-with=".[matches(., '^```')]"> + select="not((position() mod 2) + number($starts-with-code))"/>

    + expand-text="true" + select="(replace(.,'^```','') ! normalize-space(.))[matches(.,'\S')]"/> @@ -5916,9 +7008,9 @@ + priority="1" + match="p[exists(@code)]" + expand-text="true">

              
                 language-{.}
    @@ -5956,8 +7048,8 @@
           
        
        
    +                  priority="5"
    +                  mode="make-row"/>
        
           
              
    @@ -5968,7 +7060,7 @@
           
        
        
    +                  mode="make-row">
           
              
                 
    @@ -5987,9 +7079,9 @@
        
           
              
    +                              select="tokenize(., '\n')">
                 
  • + type="{ if (matches(.,'\s*\d')) then 'ol' else 'ul' }">
    @@ -6003,7 +7095,7 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -6017,9 +7109,9 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + group-starting-with="li[(@level = $level) or not(@type = preceding-sibling::*[1]/@type)]">
  • @@ -6198,40 +7290,40 @@ { insertion } + elements="s:*"/> + elements="s:flag s:value"/> + name="write-xml"/> + match="s:*[exists(@gi)]" + mode="write-xml"> + match="s:value[@as-type=('markup-line','markup-multiline')]" + mode="write-xml"> + match="p | ul | ol | pre | h1 | h2 | h3 | h4 | h5 | h6 | table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="s:flag" + mode="write-xml"> + match="*" + mode="cast-prose"> diff --git a/xml/convert/oscal_profile_json-to-xml-converter.xsl b/xml/convert/oscal_profile_json-to-xml-converter.xsl index 0d24dd9c49..6f7f141f79 100644 --- a/xml/convert/oscal_profile_json-to-xml-converter.xsl +++ b/xml/convert/oscal_profile_json-to-xml-converter.xsl @@ -1,12 +1,12 @@ + xmlns:j="http://www.w3.org/2005/xpath-functions" + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + version="3.0" + exclude-result-prefixes="#all"> @@ -31,7 +31,7 @@ + select="unparsed-text($file) ! json-to-xml(.)"> {{ $err:description }} @@ -126,6 +126,7 @@ + @@ -138,6 +139,7 @@ + @@ -148,64 +150,32 @@ + - - - - - - - - - - - - - - + - - - - - - - - + + + + - + - - + + + - - - - - - - - - - - - - - - - - - - + + @@ -223,14 +193,21 @@ + name="include-all" + key="include-all" + gi="include-all"> include-all + + + + + + + @@ -339,39 +316,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -386,12 +330,12 @@ + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks @@ -399,8 +343,8 @@ + mode="get-value-property" + priority="8"> @@ -409,16 +353,16 @@ + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> @@ -427,34 +371,52 @@ + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + + + + + + + + + + + + + as-type="string" + name="parameter-value" + gi="value" + in-json="SCALAR"> + mode="get-value-property" + priority="12"> @@ -475,618 +437,708 @@ + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="3"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> - + + mode="keep-value-property" + priority="8"> + as-type="string" + name="value" + key="value" + gi="value"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="8"> + + + + + + + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="8"> + + + + + + + priority="6"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> - + mode="keep-value-property" + priority="6"> + - - + + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="token" + name="location-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="7"> + priority="8"> + as-type="string" + name="type" + key="type" + gi="type"> - + mode="keep-value-property" + priority="8"> + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - - + + + as-type="string" + name="type" + key="type" + gi="type"> - + + priority="8"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="6"> + + + + + + + + + + + + + + + + + + + + + + + + + priority="1"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="5"> + as-type="token" + name="with-child-controls" + key="with-child-controls" + gi="with-child-controls"> - + mode="keep-value-property" + priority="8"> + + as-type="string" + name="pattern" + key="pattern" + gi="pattern"> - + + priority="5"> + as-type="string" + name="method" + key="method" + gi="method"> + mode="keep-value-property" + priority="5"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="8"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="token" + name="depends-on" + key="depends-on" + deprecated="1.0.1" + gi="depends-on"> + mode="keep-value-property" + priority="10"> + as-type="token" + name="how-many" + key="how-many" + gi="how-many"> + mode="keep-value-property" + priority="12"> + mode="keep-value-property" + priority="10"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="10"> - + + mode="keep-value-property" + priority="10"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="token" + name="order" + key="order" + gi="order"> + mode="keep-value-property" + priority="11"> + priority="6"> + as-type="token" + name="param-id" + key="param-id" + gi="param-id"> + mode="keep-value-property" + priority="6"> + priority="6"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="6"> + priority="6"> + as-type="token" + name="depends-on" + key="depends-on" + deprecated="1.0.1" + gi="depends-on"> - + mode="keep-value-property" + priority="6"> + + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> - - + + + as-type="token" + name="by-name" + key="by-name" + gi="by-name"> - - + + + as-type="token" + name="by-class" + key="by-class" + gi="by-class"> - - + + + as-type="token" + name="by-id" + key="by-id" + gi="by-id"> - - + + + as-type="token" + name="by-item-name" + key="by-item-name" + gi="by-item-name"> - - + + + as-type="token" + name="by-ns" + key="by-ns" + gi="by-ns"> - - + + + as-type="token" + name="position" + key="position" + default="ending" + gi="position"> - - + + + as-type="token" + name="by-id" + key="by-id" + gi="by-id"> - + + priority="6"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="8"> + priority="3"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> + mode="keep-value-property" + priority="10"> + priority="7"> + as-type="token" + name="filename" + key="filename" + gi="filename"> + mode="keep-value-property" + priority="7"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="7"> + priority="4"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1094,22 +1146,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1117,22 +1169,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1140,22 +1192,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1163,22 +1215,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1186,14 +1238,14 @@ + mode="get-value-property" + priority="4"> + priority="5"> @@ -1208,14 +1260,14 @@ + priority="4"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -1223,15 +1275,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1239,22 +1291,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1262,22 +1314,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1285,22 +1337,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1308,22 +1360,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1331,22 +1383,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1354,41 +1406,41 @@ + mode="get-value-property" + priority="8"> + priority="5"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1396,22 +1448,36 @@ + mode="get-value-property" + priority="6"> + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1419,22 +1485,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1442,23 +1508,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -1466,22 +1532,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1489,22 +1555,38 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1512,14 +1594,14 @@ + mode="get-value-property" + priority="6"> + priority="6"> @@ -1535,34 +1617,34 @@ + priority="8"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> + priority="7"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -1570,22 +1652,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -1593,22 +1675,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -1616,22 +1698,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -1639,79 +1721,80 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="7"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1719,22 +1802,42 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + + + + + priority="6"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -1742,22 +1845,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1765,41 +1868,41 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="external-id" + gi="external-id"> + mode="get-value-property"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1807,52 +1910,52 @@ + mode="get-value-property" + priority="8"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="8"> @@ -1865,34 +1968,34 @@ + priority="10"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="9"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -1900,22 +2003,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -1923,22 +2026,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -1946,22 +2049,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -1969,41 +2072,41 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2011,51 +2114,70 @@ + mode="get-value-property" + priority="8"> - + - - - - - - + + + + text + + + + + + + + - + - + + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> + + text + - - + + - + - - - + + + + + + priority="6"> @@ -2064,35 +2186,8 @@ - - - - - - - - - - - - - - - - - - - + priority="4"> @@ -2103,7 +2198,7 @@ + priority="5"> @@ -2113,15 +2208,15 @@ + priority="5"> + as-type="boolean" + name="as-is" + key="as-is" + gi="as-is" + in-json="SCALAR"> as-is @@ -2129,14 +2224,14 @@ + mode="get-value-property" + priority="5"> + priority="5"> @@ -2148,15 +2243,15 @@ + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2164,22 +2259,22 @@ + mode="get-value-property" + priority="8"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2187,22 +2282,22 @@ + mode="get-value-property" + priority="12"> + priority="10"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -2210,23 +2305,23 @@ + mode="get-value-property" + priority="10"> + priority="10"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage @@ -2234,23 +2329,23 @@ + mode="get-value-property" + priority="10"> + priority="12"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2258,14 +2353,14 @@ + mode="get-value-property" + priority="12"> + priority="13"> @@ -2274,15 +2369,15 @@ + priority="14"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -2290,65 +2385,65 @@ + mode="get-value-property" + priority="14"> + match="j:map[@key='profile']/j:map[@key='merge']/j:map[@key='custom']//j:array[@key='groups']/j:map/j:array[@key='params']/j:map/j:array[@key='guidelines']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + in-json="string"> + priority="13"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + mode="get-value-property" + priority="13"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2356,22 +2451,22 @@ + mode="get-value-property" + priority="10"> + priority="10"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2379,46 +2474,46 @@ + mode="get-value-property" + priority="10"> + match="j:map[@key='profile']/j:map[@key='merge']/j:map[@key='custom']//j:array[@key='groups']/j:map//j:array[@key='parts']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose" + _metaschema-json-id="/assembly/oscal-control-common/part/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE" + in-json="string"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2426,14 +2521,14 @@ + mode="get-value-property" + priority="12"> + priority="13"> @@ -2442,35 +2537,8 @@ - - - - - - - - - - - - - - - - - - - + priority="12"> @@ -2479,35 +2547,8 @@ - - - - - - - - - - - - - - - - - - - + priority="10"> @@ -2516,35 +2557,8 @@ - - - - - - - - - - - - - - - - - - - + priority="9"> @@ -2553,35 +2567,8 @@ - - - - - - - - - - - - - - - - - - - + priority="5"> @@ -2599,15 +2586,15 @@ + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2615,22 +2602,22 @@ + mode="get-value-property" + priority="8"> + priority="6"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -2638,23 +2625,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage @@ -2662,23 +2649,23 @@ + mode="get-value-property" + priority="6"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2686,14 +2673,14 @@ + mode="get-value-property" + priority="8"> + priority="9"> @@ -2702,15 +2689,15 @@ + priority="10"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -2718,65 +2705,101 @@ + mode="get-value-property" + priority="10"> + match="j:map[@key='profile']/j:map[@key='modify']/j:array[@key='set-parameters']/j:map/j:array[@key='guidelines']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + in-json="string"> + priority="9"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + mode="get-value-property" + priority="9"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2784,22 +2807,22 @@ + mode="get-value-property" + priority="8"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2807,22 +2830,22 @@ + mode="get-value-property" + priority="12"> + priority="10"> + as-type="markup-line" + name="label" + key="label" + gi="label" + in-json="SCALAR"> label @@ -2830,23 +2853,23 @@ + mode="get-value-property" + priority="10"> + priority="10"> + collapsible="no" + as-type="markup-multiline" + name="usage" + key="usage" + gi="usage" + in-json="SCALAR"> usage @@ -2854,23 +2877,23 @@ + mode="get-value-property" + priority="10"> + priority="12"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2878,14 +2901,14 @@ + mode="get-value-property" + priority="12"> + priority="13"> @@ -2894,15 +2917,15 @@ + priority="14"> + as-type="string" + name="expression" + key="expression" + gi="expression" + in-json="SCALAR"> expression @@ -2910,65 +2933,65 @@ + mode="get-value-property" + priority="14"> + match="j:map[@key='profile']/j:map[@key='modify']/j:array[@key='alters']/j:map/j:array[@key='adds']/j:map/j:array[@key='params']/j:map/j:array[@key='guidelines']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + in-json="string"> + priority="13"> + as-type="markup-line" + name="choice" + gi="choice" + in-json="SCALAR"> + mode="get-value-property" + priority="13"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2976,22 +2999,22 @@ + mode="get-value-property" + priority="10"> + priority="10"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2999,46 +3022,46 @@ + mode="get-value-property" + priority="10"> + match="j:map[@key='profile']/j:map[@key='modify']/j:array[@key='alters']/j:map/j:array[@key='adds']/j:map//j:array[@key='parts']/j:map/j:string[@key='prose']"> + _step="prose" + _key="prose" + _metaschema-xml-id="/assembly/oscal-control-common/part/prose" + _metaschema-json-id="/assembly/oscal-control-common/part/prose" + in-xml="UNWRAPPED" + collapsible="no" + as-type="markup-multiline" + name="prose" + key="prose" + _using-name="prose" + _in-xml-name="p ul ol pre table h1 h2 h3 h4 h5 h6" + _in-json-name="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE" + in-json="string"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3046,14 +3069,14 @@ + mode="get-value-property" + priority="12"> + priority="5"> @@ -3069,15 +3092,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3085,23 +3108,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3109,33 +3132,33 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> @@ -3148,15 +3171,15 @@ + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3164,22 +3187,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3187,14 +3210,14 @@ + mode="get-value-property" + priority="9"> + priority="7"> @@ -3204,14 +3227,14 @@ + priority="6"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -3222,7 +3245,7 @@ + mode="get-value-property"> @@ -3236,8 +3259,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-line')]"> @@ -3247,8 +3270,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-multiline')]"> @@ -3277,15 +3300,15 @@ + group-starting-with=".[matches(., '^```')]"> + select="not((position() mod 2) + number($starts-with-code))"/>

    + expand-text="true" + select="(replace(.,'^```','') ! normalize-space(.))[matches(.,'\S')]"/> @@ -3316,9 +3339,9 @@ + priority="1" + match="p[exists(@code)]" + expand-text="true">

              
                 language-{.}
    @@ -3356,8 +3379,8 @@
           
        
        
    +                  priority="5"
    +                  mode="make-row"/>
        
           
              
    @@ -3368,7 +3391,7 @@
           
        
        
    +                  mode="make-row">
           
              
                 
    @@ -3387,9 +3410,9 @@
        
           
              
    +                              select="tokenize(., '\n')">
                 
  • + type="{ if (matches(.,'\s*\d')) then 'ol' else 'ul' }">
    @@ -3403,7 +3426,7 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -3417,9 +3440,9 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + group-starting-with="li[(@level = $level) or not(@type = preceding-sibling::*[1]/@type)]">
  • @@ -3598,40 +3621,40 @@ { insertion } + elements="s:*"/> + elements="s:flag s:value"/> + name="write-xml"/> + match="s:*[exists(@gi)]" + mode="write-xml"> + match="s:value[@as-type=('markup-line','markup-multiline')]" + mode="write-xml"> + match="p | ul | ol | pre | h1 | h2 | h3 | h4 | h5 | h6 | table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="s:flag" + mode="write-xml"> + match="*" + mode="cast-prose"> diff --git a/xml/convert/oscal_ssp_json-to-xml-converter.xsl b/xml/convert/oscal_ssp_json-to-xml-converter.xsl index d92afdf8f5..d6994978fb 100644 --- a/xml/convert/oscal_ssp_json-to-xml-converter.xsl +++ b/xml/convert/oscal_ssp_json-to-xml-converter.xsl @@ -1,12 +1,12 @@ + xmlns:j="http://www.w3.org/2005/xpath-functions" + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + version="3.0" + exclude-result-prefixes="#all"> @@ -31,7 +31,7 @@ + select="unparsed-text($file) ! json-to-xml(.)"> {{ $err:description }} @@ -92,8 +92,8 @@ + key="system-security-plan" + gi="system-security-plan"> system-security-plan @@ -129,6 +129,7 @@ + @@ -141,6 +142,7 @@ + @@ -151,64 +153,32 @@ + - - - - - - - - - - - - - - + - - - - - - - - + + + + - + - - + + + - - - - - - - - - - - - - - - - - - - + + @@ -227,8 +197,8 @@ + key="system-characteristics" + gi="system-characteristics"> system-characteristics @@ -254,8 +224,8 @@ + key="system-information" + gi="system-information"> system-information @@ -264,12 +234,56 @@ + + + + + + confidentiality-impact + + + + + + + + + + + + + + integrity-impact + + + + + + + + + + + + + + availability-impact + + + + + + + + + key="security-impact-level" + gi="security-impact-level"> security-impact-level @@ -282,8 +296,8 @@ + key="authorization-boundary" + gi="authorization-boundary"> authorization-boundary @@ -310,8 +324,8 @@ + key="network-architecture" + gi="network-architecture"> network-architecture @@ -340,8 +354,8 @@ + key="system-implementation" + gi="system-implementation"> system-implementation @@ -469,8 +483,8 @@ + key="implementation-status" + gi="implementation-status"> implementation-status @@ -492,12 +506,12 @@ + collapsible="no" + as-type="markup-multiline" + name="remarks" + key="remarks" + gi="remarks" + in-json="SCALAR"> remarks @@ -505,8 +519,8 @@ + mode="get-value-property" + priority="8"> @@ -515,16 +529,16 @@ + as-type="uuid" + name="location-uuid" + gi="location-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> @@ -533,16 +547,16 @@ + as-type="uuid" + name="party-uuid" + gi="party-uuid" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> @@ -551,9 +565,9 @@ + as-type="string" + name="system-id" + gi="system-id"> @@ -568,16 +582,16 @@ + as-type="token" + name="role-id" + gi="role-id" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> @@ -586,16 +600,16 @@ + as-type="string" + name="function-performed" + gi="function-performed" + in-json="SCALAR"> + mode="get-value-property" + priority="9"> @@ -615,740 +629,823 @@ + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="3"> + as-type="token" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> - + + mode="keep-value-property" + priority="8"> + as-type="string" + name="value" + key="value" + gi="value"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="class" + key="class" + gi="class"> + mode="keep-value-property" + priority="8"> + + + + + + + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="rel" + key="rel" + gi="rel"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="8"> + + + + + + + priority="6"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> - + mode="keep-value-property" + priority="6"> + - - + + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - + + as-type="token" + name="location-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="7"> + priority="8"> + as-type="string" + name="type" + key="type" + gi="type"> - + mode="keep-value-property" + priority="8"> + + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> - - + + + as-type="string" + name="type" + key="type" + gi="type"> - + + priority="8"> + as-type="uri" + name="scheme" + key="scheme" + gi="scheme"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="6"> + + + + + + + + + + + + + + + + + + + + + + + + + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="4"> + priority="1"> + as-type="uri" + name="identifier-type" + key="identifier-type" + gi="identifier-type"> + mode="keep-value-property" + priority="6"> + priority="7"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="7"> + priority="9"> + as-type="uri" + name="system" + key="system" + gi="system"> + mode="keep-value-property" + priority="9"> + priority="5"> + as-type="string" + name="state" + key="state" + gi="state"> + mode="keep-value-property" + priority="5"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="7"> + priority="6"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + as-type="string" + name="system-component-type" + key="type" + gi="type"> + mode="keep-value-property" + priority="6"> + priority="7"> + as-type="token" + name="state" + key="state" + gi="state"> + mode="keep-value-property" + priority="7"> + priority="1"> + as-type="token" + name="role-id" + key="role-id" + gi="role-id"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="string" + name="name" + key="name" + gi="name"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="nonNegativeInteger" + name="start" + key="start" + gi="start"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="nonNegativeInteger" + name="end" + key="end" + gi="end"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="token" + name="transport" + key="transport" + gi="transport"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + mode="keep-value-property" + priority="8"> + as-type="token" + name="param-id" + key="param-id" + gi="param-id"> + mode="keep-value-property" + priority="6"> + priority="6"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + as-type="token" + name="control-id" + key="control-id" + gi="control-id"> + mode="keep-value-property" + priority="6"> + as-type="token" + name="statement-id" + key="statement-id" + gi="statement-id"> + mode="keep-value-property" + priority="8"> + priority="8"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="8"> + priority="1"> + as-type="uuid" + name="component-uuid" + key="component-uuid" + gi="component-uuid"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="10"> + priority="1"> + as-type="token" + name="state" + key="state" + gi="state"> + mode="keep-value-property" + priority="11"> + priority="13"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="13"> + priority="13"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="13"> + as-type="uuid" + name="provided-uuid" + key="provided-uuid" + gi="provided-uuid"> + mode="keep-value-property" + priority="13"> + priority="12"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="12"> + as-type="uuid" + name="provided-uuid" + key="provided-uuid" + gi="provided-uuid"> + mode="keep-value-property" + priority="12"> + priority="12"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="12"> + as-type="uuid" + name="responsibility-uuid" + key="responsibility-uuid" + gi="responsibility-uuid"> + mode="keep-value-property" + priority="12"> + priority="6"> + as-type="uuid" + name="uuid" + key="uuid" + gi="uuid"> + mode="keep-value-property" + priority="6"> + priority="8"> + as-type="uri-reference" + name="href" + key="href" + gi="href"> + mode="keep-value-property" + priority="8"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="8"> + priority="3"> + as-type="string" + name="algorithm" + key="algorithm" + gi="algorithm"> + mode="keep-value-property" + priority="10"> + priority="7"> + as-type="token" + name="filename" + key="filename" + gi="filename"> + mode="keep-value-property" + priority="7"> + as-type="string" + name="media-type" + key="media-type" + gi="media-type"> + mode="keep-value-property" + priority="7"> + priority="4"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1356,22 +1453,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1379,22 +1476,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1402,22 +1499,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1425,22 +1522,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1448,14 +1545,14 @@ + mode="get-value-property" + priority="4"> + priority="5"> @@ -1470,14 +1567,14 @@ + priority="4"> + gi="revisions" + group-json="ARRAY" + name="revision" + key="revisions"> revisions @@ -1485,15 +1582,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1501,22 +1598,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="published" + key="published" + gi="published" + in-json="SCALAR"> published @@ -1524,22 +1621,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="dateTime-with-timezone" + name="last-modified" + key="last-modified" + gi="last-modified" + in-json="SCALAR"> last-modified @@ -1547,22 +1644,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="version" + key="version" + gi="version" + in-json="SCALAR"> version @@ -1570,22 +1667,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="oscal-version" + key="oscal-version" + gi="oscal-version" + in-json="SCALAR"> oscal-version @@ -1593,22 +1690,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1616,41 +1713,41 @@ + mode="get-value-property" + priority="8"> + priority="5"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1658,22 +1755,36 @@ + mode="get-value-property" + priority="6"> + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1681,22 +1792,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -1704,23 +1815,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -1728,22 +1839,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1751,22 +1862,38 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -1774,14 +1901,14 @@ + mode="get-value-property" + priority="6"> + priority="6"> @@ -1797,34 +1924,34 @@ + priority="8"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="8"> + priority="7"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -1832,22 +1959,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -1855,22 +1982,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -1878,22 +2005,22 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -1901,79 +2028,80 @@ + mode="get-value-property" + priority="7"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="7"> + as-type="uri" + name="url" + deprecated="1.1.0" + gi="url" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -1981,22 +2109,42 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + + + + + + + + + + + priority="6"> + as-type="string" + name="name" + key="name" + gi="name" + in-json="SCALAR"> name @@ -2004,22 +2152,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -2027,41 +2175,41 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="external-id" + gi="external-id"> + mode="get-value-property"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2069,52 +2217,52 @@ + mode="get-value-property" + priority="8"> + priority="7"> + as-type="email" + name="email-address" + gi="email-address" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="7"> + as-type="string" + name="telephone-number" + gi="telephone-number"> + mode="get-value-property"> + priority="8"> @@ -2127,34 +2275,34 @@ + priority="10"> + as-type="string" + name="addr-line" + gi="addr-line" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="9"> + as-type="string" + name="city" + key="city" + gi="city" + in-json="SCALAR"> city @@ -2162,22 +2310,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="state" + key="state" + gi="state" + in-json="SCALAR"> state @@ -2185,22 +2333,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="postal-code" + key="postal-code" + gi="postal-code" + in-json="SCALAR"> postal-code @@ -2208,22 +2356,22 @@ + mode="get-value-property" + priority="9"> + priority="9"> + as-type="string" + name="country" + key="country" + gi="country" + in-json="SCALAR"> country @@ -2231,41 +2379,41 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="uuid" + name="member-of-organization" + gi="member-of-organization" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2273,22 +2421,68 @@ + mode="get-value-property" + priority="8"> + + + + + + + + + + text + + + + + + + + + + + + + + + text + + + + + + priority="4"> + as-type="string" + name="system-name" + key="system-name" + gi="system-name" + in-json="SCALAR"> system-name @@ -2296,22 +2490,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="system-name-short" + key="system-name-short" + gi="system-name-short" + in-json="SCALAR"> system-name-short @@ -2319,23 +2513,23 @@ + mode="get-value-property" + priority="4"> + priority="4"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2343,22 +2537,22 @@ + mode="get-value-property" + priority="4"> + priority="6"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2366,22 +2560,22 @@ + mode="get-value-property" + priority="6"> + priority="4"> + as-type="date" + name="date-authorized" + key="date-authorized" + gi="date-authorized" + in-json="SCALAR"> date-authorized @@ -2389,22 +2583,22 @@ + mode="get-value-property" + priority="4"> + priority="4"> + as-type="string" + name="security-sensitivity-level" + key="security-sensitivity-level" + gi="security-sensitivity-level" + in-json="SCALAR"> security-sensitivity-level @@ -2412,22 +2606,22 @@ + mode="get-value-property" + priority="4"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2435,14 +2629,14 @@ + mode="get-value-property" + priority="7"> + priority="6"> @@ -2458,15 +2652,15 @@ + priority="7"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -2474,23 +2668,23 @@ + mode="get-value-property" + priority="7"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2498,14 +2692,14 @@ + mode="get-value-property" + priority="7"> + priority="8"> @@ -2514,34 +2708,34 @@ + priority="10"> + as-type="string" + name="information-type-id" + gi="information-type-id" + in-json="SCALAR"> + mode="get-value-property" + priority="10"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2549,39 +2743,22 @@ + mode="get-value-property" + priority="9"> - - - - - - confidentiality-impact - - - - - - - - + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2589,22 +2766,22 @@ + mode="get-value-property" + priority="10"> + priority="8"> + as-type="string" + name="base" + key="base" + gi="base" + in-json="SCALAR"> base @@ -2612,22 +2789,22 @@ + mode="get-value-property" + priority="8"> + priority="8"> + as-type="string" + name="selected" + key="selected" + gi="selected" + in-json="SCALAR"> selected @@ -2635,23 +2812,23 @@ + mode="get-value-property" + priority="8"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="adjustment-justification" + key="adjustment-justification" + gi="adjustment-justification" + in-json="SCALAR"> adjustment-justification @@ -2659,39 +2836,22 @@ + mode="get-value-property" + priority="8"> - - - - - - integrity-impact - - - - - - - - + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2699,22 +2859,22 @@ + mode="get-value-property" + priority="10"> + priority="8"> + as-type="string" + name="base" + key="base" + gi="base" + in-json="SCALAR"> base @@ -2722,22 +2882,22 @@ + mode="get-value-property" + priority="8"> + priority="8"> + as-type="string" + name="selected" + key="selected" + gi="selected" + in-json="SCALAR"> selected @@ -2745,23 +2905,23 @@ + mode="get-value-property" + priority="8"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="adjustment-justification" + key="adjustment-justification" + gi="adjustment-justification" + in-json="SCALAR"> adjustment-justification @@ -2769,39 +2929,22 @@ + mode="get-value-property" + priority="8"> - - - - - - availability-impact - - - - - - - - + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -2809,22 +2952,22 @@ + mode="get-value-property" + priority="10"> + priority="8"> + as-type="string" + name="base" + key="base" + gi="base" + in-json="SCALAR"> base @@ -2832,22 +2975,22 @@ + mode="get-value-property" + priority="8"> + priority="8"> + as-type="string" + name="selected" + key="selected" + gi="selected" + in-json="SCALAR"> selected @@ -2855,23 +2998,23 @@ + mode="get-value-property" + priority="8"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="adjustment-justification" + key="adjustment-justification" + gi="adjustment-justification" + in-json="SCALAR"> adjustment-justification @@ -2879,22 +3022,22 @@ + mode="get-value-property" + priority="8"> + priority="5"> + as-type="string" + name="security-objective-confidentiality" + key="security-objective-confidentiality" + gi="security-objective-confidentiality" + in-json="SCALAR"> security-objective-confidentiality @@ -2902,22 +3045,22 @@ + mode="get-value-property" + priority="5"> + priority="5"> + as-type="string" + name="security-objective-integrity" + key="security-objective-integrity" + gi="security-objective-integrity" + in-json="SCALAR"> security-objective-integrity @@ -2925,22 +3068,22 @@ + mode="get-value-property" + priority="5"> + priority="5"> + as-type="string" + name="security-objective-availability" + key="security-objective-availability" + gi="security-objective-availability" + in-json="SCALAR"> security-objective-availability @@ -2948,14 +3091,14 @@ + mode="get-value-property" + priority="5"> + priority="4"> @@ -2967,16 +3110,16 @@ + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -2984,22 +3127,22 @@ + mode="get-value-property" + priority="5"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3007,23 +3150,23 @@ + mode="get-value-property" + priority="7"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3031,22 +3174,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3054,22 +3197,22 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="markup-line" + name="caption" + key="caption" + gi="caption" + in-json="SCALAR"> caption @@ -3077,23 +3220,23 @@ + mode="get-value-property" + priority="7"> + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3101,22 +3244,22 @@ + mode="get-value-property" + priority="5"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3124,23 +3267,23 @@ + mode="get-value-property" + priority="7"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3148,22 +3291,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3171,22 +3314,22 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="markup-line" + name="caption" + key="caption" + gi="caption" + in-json="SCALAR"> caption @@ -3194,23 +3337,23 @@ + mode="get-value-property" + priority="7"> + priority="5"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3218,22 +3361,22 @@ + mode="get-value-property" + priority="5"> + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3241,23 +3384,23 @@ + mode="get-value-property" + priority="7"> + priority="7"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3265,22 +3408,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3288,22 +3431,22 @@ + mode="get-value-property" + priority="9"> + priority="7"> + as-type="markup-line" + name="caption" + key="caption" + gi="caption" + in-json="SCALAR"> caption @@ -3311,22 +3454,22 @@ + mode="get-value-property" + priority="7"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3334,22 +3477,22 @@ + mode="get-value-property" + priority="8"> + priority="6"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3357,14 +3500,14 @@ + mode="get-value-property" + priority="6"> + priority="5"> @@ -3378,15 +3521,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3394,22 +3537,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3417,22 +3560,22 @@ + mode="get-value-property" + priority="8"> + priority="6"> + as-type="uuid" + name="party-uuid" + key="party-uuid" + gi="party-uuid" + in-json="SCALAR"> party-uuid @@ -3440,22 +3583,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="date" + name="date-authorized" + key="date-authorized" + gi="date-authorized" + in-json="SCALAR"> date-authorized @@ -3463,22 +3606,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3486,22 +3629,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="string" + name="short-name" + key="short-name" + gi="short-name" + in-json="SCALAR"> short-name @@ -3509,23 +3652,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3533,22 +3676,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3556,22 +3699,22 @@ + mode="get-value-property" + priority="8"> + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3579,23 +3722,23 @@ + mode="get-value-property" + priority="8"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3603,22 +3746,22 @@ + mode="get-value-property" + priority="8"> + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3626,23 +3769,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3650,22 +3793,22 @@ + mode="get-value-property" + priority="6"> + priority="6"> + as-type="markup-line" + name="purpose" + key="purpose" + gi="purpose" + in-json="SCALAR"> purpose @@ -3673,22 +3816,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3696,14 +3839,14 @@ + mode="get-value-property" + priority="8"> + priority="6"> @@ -3715,15 +3858,15 @@ + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3731,22 +3874,22 @@ + mode="get-value-property" + priority="10"> + priority="8"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -3754,23 +3897,23 @@ + mode="get-value-property" + priority="8"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3778,22 +3921,22 @@ + mode="get-value-property" + priority="6"> + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3801,22 +3944,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3824,14 +3967,14 @@ + mode="get-value-property" + priority="10"> + priority="7"> @@ -3843,15 +3986,15 @@ + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3859,22 +4002,22 @@ + mode="get-value-property" + priority="10"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3882,19 +4025,19 @@ + mode="get-value-property" + priority="12"> + priority="3"> + key="control-implementation" + gi="control-implementation"> control-implementation @@ -3904,16 +4047,16 @@ + priority="4"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -3921,33 +4064,33 @@ + mode="get-value-property" + priority="4"> + priority="7"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + mode="get-value-property" + priority="7"> + priority="5"> @@ -3963,15 +4106,15 @@ + priority="8"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -3979,41 +4122,41 @@ + mode="get-value-property" + priority="8"> + priority="9"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + mode="get-value-property" + priority="9"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4021,14 +4164,14 @@ + mode="get-value-property" + priority="10"> + priority="7"> @@ -4042,15 +4185,15 @@ + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4058,22 +4201,22 @@ + mode="get-value-property" + priority="10"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4081,23 +4224,23 @@ + mode="get-value-property" + priority="12"> + priority="10"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4105,22 +4248,22 @@ + mode="get-value-property" + priority="10"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4128,33 +4271,33 @@ + mode="get-value-property" + priority="12"> + priority="13"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + mode="get-value-property" + priority="13"> + priority="10"> @@ -4170,16 +4313,16 @@ + priority="11"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4187,22 +4330,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4210,14 +4353,14 @@ + mode="get-value-property" + priority="13"> + priority="12"> @@ -4230,16 +4373,16 @@ + priority="13"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4247,22 +4390,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4270,22 +4413,22 @@ + mode="get-value-property" + priority="15"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4293,14 +4436,14 @@ + mode="get-value-property" + priority="17"> + priority="12"> @@ -4314,16 +4457,16 @@ + priority="13"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4331,22 +4474,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4354,22 +4497,22 @@ + mode="get-value-property" + priority="15"> + priority="17"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4377,14 +4520,14 @@ + mode="get-value-property" + priority="17"> + priority="11"> @@ -4397,16 +4540,16 @@ + priority="12"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4414,22 +4557,22 @@ + mode="get-value-property" + priority="12"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4437,22 +4580,22 @@ + mode="get-value-property" + priority="14"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4460,14 +4603,14 @@ + mode="get-value-property" + priority="16"> + priority="11"> @@ -4481,16 +4624,16 @@ + priority="12"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4498,22 +4641,22 @@ + mode="get-value-property" + priority="12"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4521,22 +4664,22 @@ + mode="get-value-property" + priority="14"> + priority="16"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4544,22 +4687,22 @@ + mode="get-value-property" + priority="16"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4567,23 +4710,23 @@ + mode="get-value-property" + priority="14"> + priority="8"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4591,22 +4734,22 @@ + mode="get-value-property" + priority="8"> + priority="10"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4614,33 +4757,33 @@ + mode="get-value-property" + priority="10"> + priority="11"> + as-type="string" + name="value" + gi="value" + in-json="SCALAR"> + mode="get-value-property" + priority="11"> + priority="8"> @@ -4656,16 +4799,16 @@ + priority="9"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4673,22 +4816,22 @@ + mode="get-value-property" + priority="9"> + priority="11"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4696,14 +4839,14 @@ + mode="get-value-property" + priority="11"> + priority="10"> @@ -4716,16 +4859,16 @@ + priority="11"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4733,22 +4876,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4756,22 +4899,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4779,14 +4922,14 @@ + mode="get-value-property" + priority="15"> + priority="10"> @@ -4800,16 +4943,16 @@ + priority="11"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4817,22 +4960,22 @@ + mode="get-value-property" + priority="11"> + priority="13"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4840,22 +4983,22 @@ + mode="get-value-property" + priority="13"> + priority="15"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4863,14 +5006,14 @@ + mode="get-value-property" + priority="15"> + priority="9"> @@ -4883,16 +5026,16 @@ + priority="10"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4900,22 +5043,22 @@ + mode="get-value-property" + priority="10"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4923,22 +5066,22 @@ + mode="get-value-property" + priority="12"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -4946,14 +5089,14 @@ + mode="get-value-property" + priority="14"> + priority="9"> @@ -4967,16 +5110,16 @@ + priority="10"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -4984,22 +5127,22 @@ + mode="get-value-property" + priority="10"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5007,22 +5150,22 @@ + mode="get-value-property" + priority="12"> + priority="14"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5030,22 +5173,22 @@ + mode="get-value-property" + priority="14"> + priority="12"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5053,14 +5196,14 @@ + mode="get-value-property" + priority="12"> + priority="5"> @@ -5076,15 +5219,15 @@ + priority="6"> + as-type="markup-line" + name="title" + key="title" + gi="title" + in-json="SCALAR"> title @@ -5092,23 +5235,23 @@ + mode="get-value-property" + priority="6"> + priority="6"> + collapsible="no" + as-type="markup-multiline" + name="description" + key="description" + gi="description" + in-json="SCALAR"> description @@ -5116,33 +5259,33 @@ + mode="get-value-property" + priority="6"> + priority="7"> + as-type="string" + name="document-id" + gi="document-id"> + mode="get-value-property"> + priority="6"> @@ -5155,15 +5298,15 @@ + priority="7"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5171,22 +5314,22 @@ + mode="get-value-property" + priority="7"> + priority="9"> + as-type="markup-line" + name="text" + key="text" + gi="text" + in-json="SCALAR"> text @@ -5194,14 +5337,14 @@ + mode="get-value-property" + priority="9"> + priority="7"> @@ -5211,14 +5354,14 @@ + priority="6"> + as-type="base64Binary" + name="base64" + key="base64" + gi="base64"> base64 @@ -5229,7 +5372,7 @@ + mode="get-value-property"> @@ -5243,8 +5386,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-line')]"> @@ -5254,8 +5397,8 @@ + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + match="value[@as-type=('markup-multiline')]"> @@ -5284,15 +5427,15 @@ + group-starting-with=".[matches(., '^```')]"> + select="not((position() mod 2) + number($starts-with-code))"/>

    + expand-text="true" + select="(replace(.,'^```','') ! normalize-space(.))[matches(.,'\S')]"/> @@ -5323,9 +5466,9 @@ + priority="1" + match="p[exists(@code)]" + expand-text="true">

              
                 language-{.}
    @@ -5363,8 +5506,8 @@
           
        
        
    +                  priority="5"
    +                  mode="make-row"/>
        
           
              
    @@ -5375,7 +5518,7 @@
           
        
        
    +                  mode="make-row">
           
              
                 
    @@ -5394,9 +5537,9 @@
        
           
              
    +                              select="tokenize(., '\n')">
                 
  • + type="{ if (matches(.,'\s*\d')) then 'ol' else 'ul' }">
    @@ -5410,7 +5553,7 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> @@ -5424,9 +5567,9 @@ + namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + group-starting-with="li[(@level = $level) or not(@type = preceding-sibling::*[1]/@type)]">
  • @@ -5605,40 +5748,40 @@ { insertion } + elements="s:*"/> + elements="s:flag s:value"/> + name="write-xml"/> + match="s:*[exists(@gi)]" + mode="write-xml"> + match="s:value[@as-type=('markup-line','markup-multiline')]" + mode="write-xml"> + match="p | ul | ol | pre | h1 | h2 | h3 | h4 | h5 | h6 | table" + xpath-default-namespace="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel"> + priority="2" + match="s:flag" + mode="write-xml"> + match="*" + mode="cast-prose"> diff --git a/xml/schema/oscal_assessment-plan_schema.xsd b/xml/schema/oscal_assessment-plan_schema.xsd index e0e258e55b..ec9a960f1f 100644 --- a/xml/schema/oscal_assessment-plan_schema.xsd +++ b/xml/schema/oscal_assessment-plan_schema.xsd @@ -1,11 +1,11 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + elementFormDefault="qualified" + targetNamespace="http://csrc.nist.gov/ns/oscal/1.0" + version="1.0.6"> OSCAL Assessment Plan Model @@ -30,13 +30,13 @@ + type="oscal-metadata-metadata-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-import-ssp-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> @@ -49,33 +49,33 @@ + type="oscal-implementation-common-system-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-inventory-item-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-system-user-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-local-objective-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-activity-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -96,38 +96,38 @@ + type="oscal-assessment-common-assessment-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-reviewed-controls-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-assets-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-assessment-common-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-back-matter-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Assessment Plan Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Plan Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -137,11 +137,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -160,473 +160,477 @@ + type="oscal-metadata-published-FIELD" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-last-modified-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-version-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-oscal-version-FIELD" + minOccurs="1" + maxOccurs="1"/> - - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. + revisions + A group of 'revision' elements - Remarks: Additional commentary on the containing object. + revisions: A group of 'revision' elements - - - - - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. - - - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - - - - + + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + - - - - + + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. + Role + Defines a function, which might be assigned to a party in a specific situation. - Location Title: A name given to the location, which may be used by a tool for display and navigation. + Role: Defines a function, which might be assigned to a party in a specific situation. - - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Party Name: The full name of the party. This is typically the legal name associated with the party. + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - - - - - - - Party Short Name - A short common name, abbreviation, or acronym for the party. - - - Party Short Name: A short common name, abbreviation, or acronym for the party. - - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + + - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - - + + + + + + Party Name + The full name of the party. This is typically the legal name associated with the party. + + + Party Name: The full name of the party. This is typically the legal name associated with the party. + + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + - External Identifier Schema - Indicates the type of external identifier. + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. - External Identifier Schema: Indicates the type of external identifier. + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. - - - + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + - - - - - - - - - - - - - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - + + Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -634,10 +638,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -645,10 +649,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -656,10 +660,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -671,10 +675,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -682,22 +686,22 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-document-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -716,13 +720,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -731,35 +735,35 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. + type="oscal-metadata-hash-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -769,14 +773,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -790,10 +794,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -804,10 +808,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -818,10 +822,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -832,20 +836,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -856,20 +860,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -896,10 +900,20 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. + + + Property Class: A textual label that provides a sub-type or characterization of the property's name. + + + + + + Property Group + An identifier for relating distinct sets of properties. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Group: An identifier for relating distinct sets of properties. @@ -907,10 +921,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -942,21 +956,31 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. + + + Media Type: A label that indicates the nature of a resource, as a data serialization or format. + + + + + + Resource Fragment + In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Resource Fragment: In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. @@ -964,32 +988,32 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. + type="oscal-metadata-party-uuid-FIELD" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1000,10 +1024,87 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. + + + Responsible Role: A reference to a role performed by a party. + + + + + + + Action + An action applied by a role within a given party to the content. + + + Action: An action applied by a role within a given party to the content. + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Action Universally Unique Identifier + A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + Action Universally Unique Identifier: A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + + + + Action Occurrence Date + The date and time when the action occurred. + + + Action Occurrence Date: The date and time when the action occurred. + + + + + + Action Type + The type of action documented by the assembly, such as an approval. + + + Action Type: The type of action documented by the assembly, such as an approval. + + + + + + Action Type System + Specifies the action type system used. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Action Type System: Specifies the action type system used. @@ -1011,32 +1112,32 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-party-uuid-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1047,10 +1148,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -1069,10 +1170,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -1082,10 +1183,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1095,10 +1196,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -1106,10 +1207,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -1117,21 +1218,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -1139,10 +1240,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -1150,10 +1251,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -1181,9 +1282,9 @@ + type="oscal-metadata-addr-line-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1202,10 +1303,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -1215,10 +1316,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -1263,10 +1364,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -1274,10 +1375,10 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. @@ -1297,10 +1398,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1344,25 +1445,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1373,10 +1474,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -1406,25 +1507,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-part-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1435,7 +1536,7 @@ Assessment Method Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Method Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1483,13 +1584,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1532,29 +1633,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-reviewed-controls-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1565,7 +1666,7 @@ Step Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Step Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1574,21 +1675,21 @@ + type="oscal-assessment-common-reviewed-controls-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1599,7 +1700,7 @@ Assessment Activity Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Activity Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1647,13 +1748,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1771,10 +1872,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1785,7 +1886,7 @@ Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -1794,9 +1895,9 @@ + type="oscal-assessment-common-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1809,29 +1910,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1842,7 +1943,7 @@ Activity Universally Unique Identifier Reference - A machine-oriented identifier reference to an activity defined in the list of activities. + A machine-oriented identifier reference to an activity defined in the list of activities. Activity Universally Unique Identifier Reference: A machine-oriented identifier reference to an activity defined in the list of activities. @@ -1851,21 +1952,21 @@ + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1876,7 +1977,7 @@ Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1919,13 +2020,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1953,35 +2054,35 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-select-control-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-select-control-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1991,8 +2092,8 @@ + minOccurs="0" + maxOccurs="unbounded"> @@ -2019,35 +2120,35 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-select-objective-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-select-objective-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2060,10 +2161,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2099,10 +2200,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -2165,7 +2266,7 @@ Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2174,21 +2275,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2199,7 +2300,7 @@ Assessment Subject Placeholder Universally Unique Identifier - A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Subject Placeholder Universally Unique Identifier: A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2232,35 +2333,35 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-select-subject-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-select-subject-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2289,21 +2390,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2314,7 +2415,7 @@ Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. @@ -2335,7 +2436,7 @@ Identifies the Subject - A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. + A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. Identifies the Subject: A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. @@ -2357,21 +2458,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2382,7 +2483,7 @@ Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. @@ -2410,9 +2511,9 @@ + type="oscal-implementation-common-system-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2440,13 +2541,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2459,25 +2560,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2488,7 +2589,7 @@ Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -2500,10 +2601,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2514,7 +2615,7 @@ Assessment Platform Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Platform Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2565,13 +2666,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2587,10 +2688,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2620,17 +2721,17 @@ + type="oscal-implementation-common-implementation-status-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2651,13 +2752,151 @@ Finding Target Identifier Reference - A machine-oriented identifier reference for a specific target qualified by the type. + A machine-oriented identifier reference for a specific target qualified by the type. Finding Target Identifier Reference: A machine-oriented identifier reference for a specific target qualified by the type. + + + + Finding + Describes an individual finding. + + + Finding: Describes an individual finding. + + + + + + + Finding Title + The title for this finding. + + + Finding Title: The title for this finding. + + + + + + + + + + + Finding Description + A human-readable description of this finding. + + + Finding Description: A human-readable description of this finding. + + + + + + + + + + + + + + + Implementation Statement UUID + A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. + + + Implementation Statement UUID: A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. + + + + + + + + + Related Observation + Relates the finding to a set of referenced observations that were used to determine the finding. + + + Related Observation: Relates the finding to a set of referenced observations that were used to determine the finding. + + + + + Observation Universally Unique Identifier Reference + A machine-oriented identifier reference to an observation defined in the list of observations. + + + Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. + + + + + + + + + Associated Risk + Relates the finding to a set of referenced risks that were used to determine the finding. + + + Associated Risk: Relates the finding to a set of referenced risks that were used to determine the finding. + + + + + Risk Universally Unique Identifier Reference + A machine-oriented identifier reference to a risk defined in the list of risks. + + + Risk Universally Unique Identifier Reference: A machine-oriented identifier reference to a risk defined in the list of risks. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Finding Universally Unique Identifier + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + + + Finding Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + + + @@ -2699,13 +2938,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2733,13 +2972,13 @@ + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-subject-reference-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2767,21 +3006,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2830,10 +3069,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2844,7 +3083,7 @@ Observation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Observation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2862,13 +3101,13 @@ + type="oscal-assessment-common-origin-actor-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-related-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2882,13 +3121,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2904,7 +3143,7 @@ Actor Universally Unique Identifier Reference - A machine-oriented identifier reference to the tool or person based on the associated type. + A machine-oriented identifier reference to the tool or person based on the associated type. Actor Universally Unique Identifier Reference: A machine-oriented identifier reference to the tool or person based on the associated type. @@ -2932,21 +3171,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2959,15 +3198,15 @@ + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> Assessment Subject Placeholder Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. + A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. Assessment Subject Placeholder Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. @@ -2979,10 +3218,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2993,7 +3232,7 @@ Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -3090,29 +3329,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-risk-status-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-threat-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-characterization-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3140,23 +3379,23 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-subject-reference-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Mitigating Factor Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Mitigating Factor Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3166,7 +3405,7 @@ Implementation UUID - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Implementation UUID: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3188,9 +3427,9 @@ + type="oscal-assessment-common-response-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3270,21 +3509,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-logged-by-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-risk-status-FIELD" + minOccurs="0" + maxOccurs="1"/> @@ -3297,25 +3536,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-related-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3326,7 +3565,7 @@ Response Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique risk response. + A machine-oriented identifier reference to a unique risk response. Response Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique risk response. @@ -3338,10 +3577,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3352,7 +3591,7 @@ Risk Log Entry Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Log Entry Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3377,7 +3616,7 @@ Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. + A machine-oriented identifier reference to an observation defined in the list of observations. Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. @@ -3390,7 +3629,7 @@ Risk Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3410,7 +3649,7 @@ Party UUID Reference - A machine-oriented identifier reference to the party who is making the log entry. + A machine-oriented identifier reference to the party who is making the log entry. Party UUID Reference: A machine-oriented identifier reference to the party who is making the log entry. @@ -3449,17 +3688,17 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> @@ -3472,21 +3711,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3568,17 +3807,17 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3591,9 +3830,9 @@ + type="oscal-assessment-common-subject-reference-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3625,21 +3864,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3650,7 +3889,7 @@ Required Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Required Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3659,17 +3898,17 @@ + type="oscal-assessment-common-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3680,7 +3919,7 @@ Remediation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Remediation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3723,24 +3962,24 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Part Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3777,14 +4016,14 @@ - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -3792,10 +4031,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -3803,61 +4042,61 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -3868,13 +4107,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3895,10 +4134,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -3906,31 +4145,31 @@ + type="oscal-control-common-parameter-constraint-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-guideline-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-value-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-selection-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3941,41 +4180,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -4009,10 +4249,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -4021,10 +4261,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4035,7 +4275,7 @@ - + Guideline @@ -4048,7 +4288,7 @@ - + Parameter Value @@ -4059,14 +4299,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -4096,7 +4336,7 @@ - + Include All @@ -4162,13 +4402,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -4184,10 +4424,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4207,21 +4447,21 @@ + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-protocol-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4232,7 +4472,7 @@ Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4275,15 +4515,15 @@ + type="oscal-implementation-common-port-range-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Service Protocol Information Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Service Protocol Information Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4354,10 +4594,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4429,29 +4669,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-role-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-authorized-privilege-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4462,7 +4702,7 @@ User Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. User Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4510,9 +4750,9 @@ + type="oscal-implementation-common-function-performed-FIELD" + minOccurs="1" + maxOccurs="unbounded"/> @@ -4552,17 +4792,17 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -4575,25 +4815,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4604,7 +4844,7 @@ Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -4616,10 +4856,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4630,7 +4870,7 @@ Inventory Item Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inventory Item Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4664,10 +4904,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4678,7 +4918,7 @@ Parameter ID - A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. + A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. Parameter ID: A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. @@ -4689,7 +4929,7 @@ System Identification - A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. + A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. System Identification: A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. @@ -4756,9 +4996,9 @@ + type="listItemType" + minOccurs="1" + maxOccurs="unbounded"/> diff --git a/xml/schema/oscal_assessment-results_schema.xsd b/xml/schema/oscal_assessment-results_schema.xsd index 080e2d5c07..ecc4ee4a28 100644 --- a/xml/schema/oscal_assessment-results_schema.xsd +++ b/xml/schema/oscal_assessment-results_schema.xsd @@ -1,11 +1,11 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + elementFormDefault="qualified" + targetNamespace="http://csrc.nist.gov/ns/oscal/1.0" + version="1.0.6"> OSCAL Assessment Results Model @@ -30,13 +30,13 @@ + type="oscal-metadata-metadata-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ar-import-ap-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> @@ -49,21 +49,21 @@ + type="oscal-assessment-common-local-objective-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-activity-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -73,19 +73,19 @@ + type="oscal-ar-result-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-metadata-back-matter-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Assessment Results Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Results Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -159,13 +159,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -178,32 +178,32 @@ + type="oscal-implementation-common-system-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-inventory-item-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-system-user-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-assets-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-assessment-common-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-reviewed-controls-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> @@ -216,13 +216,13 @@ + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-part-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> @@ -305,29 +305,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-logged-by-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-related-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -338,7 +338,7 @@ Assessment Log Entry Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Log Entry Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -350,25 +350,25 @@ + type="oscal-assessment-common-observation-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-risk-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-finding-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -379,151 +379,13 @@ Results Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Results Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - Finding - Describes an individual finding. - - - Finding: Describes an individual finding. - - - - - - - Finding Title - The title for this finding. - - - Finding Title: The title for this finding. - - - - - - - - - - - Finding Description - A human-readable description of this finding. - - - Finding Description: A human-readable description of this finding. - - - - - - - - - - - - - - - Implementation Statement UUID - A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. - - - Implementation Statement UUID: A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. - - - - - - - - - Related Observation - Relates the finding to a set of referenced observations that were used to determine the finding. - - - Related Observation: Relates the finding to a set of referenced observations that were used to determine the finding. - - - - - Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. - - - Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. - - - - - - - - - Associated Risk - Relates the finding to a set of referenced risks that were used to determine the finding. - - - Associated Risk: Relates the finding to a set of referenced risks that were used to determine the finding. - - - - - Risk Universally Unique Identifier Reference - A machine-oriented identifier reference to a risk defined in the list of risks. - - - Risk Universally Unique Identifier Reference: A machine-oriented identifier reference to a risk defined in the list of risks. - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Finding Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Finding Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - @@ -538,10 +400,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -562,11 +424,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -585,473 +447,477 @@ + type="oscal-metadata-published-FIELD" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-last-modified-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-version-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-oscal-version-FIELD" + minOccurs="1" + maxOccurs="1"/> - - - - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. - - - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. + revisions + A group of 'revision' elements - Remarks: Additional commentary on the containing object. + revisions: A group of 'revision' elements - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. - - - Location Title: A name given to the location, which may be used by a tool for display and navigation. - - - - + + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - - + + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. - - - Party Name: The full name of the party. This is typically the legal name associated with the party. - - - - - - - - - Party Short Name - A short common name, abbreviation, or acronym for the party. - - - Party Short Name: A short common name, abbreviation, or acronym for the party. - - - - - + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Role + Defines a function, which might be assigned to a party in a specific situation. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Role: Defines a function, which might be assigned to a party in a specific situation. - - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + - External Identifier Schema - Indicates the type of external identifier. + Role Short Name + A short common name, abbreviation, or acronym for the role. - External Identifier Schema: Indicates the type of external identifier. + Role Short Name: A short common name, abbreviation, or acronym for the role. - - - + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + - - - - - - - - - - - - - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - - - - - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. - - - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Role Title: A name given to the role, which may be used by a tool for display and navigation. + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - + - Role Description - A summary of the role's purpose and associated responsibilities. + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Role Description: A summary of the role's purpose and associated responsibilities. + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - - + + + + + + Party Name + The full name of the party. This is typically the legal name associated with the party. + + + Party Name: The full name of the party. This is typically the legal name associated with the party. + + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + + + + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. + + + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + - - + + Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - + + + + Location Universally Unique Identifier Reference + Reference to a location by UUID. + + + Location Universally Unique Identifier Reference: Reference to a location by UUID. + + + + + + + Party Universally Unique Identifier Reference + Reference to a party by UUID. + + + Party Universally Unique Identifier Reference: Reference to a party by UUID. + + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -1059,10 +925,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -1070,10 +936,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -1081,10 +947,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -1096,10 +962,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -1107,22 +973,22 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-document-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -1141,13 +1007,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1156,35 +1022,35 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. + type="oscal-metadata-hash-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1194,14 +1060,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -1215,10 +1081,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1229,10 +1095,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1243,10 +1109,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -1257,20 +1123,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1281,20 +1147,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -1321,10 +1187,20 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. + + + Property Class: A textual label that provides a sub-type or characterization of the property's name. + + + + + + Property Group + An identifier for relating distinct sets of properties. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Group: An identifier for relating distinct sets of properties. @@ -1332,10 +1208,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -1367,21 +1243,31 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. + + + Media Type: A label that indicates the nature of a resource, as a data serialization or format. + + + + + + Resource Fragment + In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Resource Fragment: In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. @@ -1389,32 +1275,32 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. + type="oscal-metadata-party-uuid-FIELD" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1425,10 +1311,87 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. + + + Responsible Role: A reference to a role performed by a party. + + + + + + + Action + An action applied by a role within a given party to the content. + + + Action: An action applied by a role within a given party to the content. + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Action Universally Unique Identifier + A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + Action Universally Unique Identifier: A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + + + + Action Occurrence Date + The date and time when the action occurred. + + + Action Occurrence Date: The date and time when the action occurred. + + + + + + Action Type + The type of action documented by the assembly, such as an approval. + + + Action Type: The type of action documented by the assembly, such as an approval. + + + + + + Action Type System + Specifies the action type system used. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Action Type System: Specifies the action type system used. @@ -1436,32 +1399,32 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-party-uuid-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1472,10 +1435,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -1494,10 +1457,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -1507,10 +1470,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1520,10 +1483,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -1531,10 +1494,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -1542,21 +1505,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -1564,10 +1527,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -1575,10 +1538,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -1606,9 +1569,9 @@ + type="oscal-metadata-addr-line-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1627,10 +1590,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -1640,10 +1603,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -1688,10 +1651,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -1699,10 +1662,10 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. @@ -1722,10 +1685,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1769,25 +1732,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1798,10 +1761,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -1831,25 +1794,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-part-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1860,7 +1823,7 @@ Assessment Method Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Method Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1908,13 +1871,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1957,29 +1920,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-reviewed-controls-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1990,7 +1953,7 @@ Step Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Step Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1999,21 +1962,21 @@ + type="oscal-assessment-common-reviewed-controls-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2024,7 +1987,7 @@ Assessment Activity Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Activity Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2072,13 +2035,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2196,10 +2159,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2210,7 +2173,7 @@ Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -2219,9 +2182,9 @@ + type="oscal-assessment-common-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2234,29 +2197,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2267,7 +2230,7 @@ Activity Universally Unique Identifier Reference - A machine-oriented identifier reference to an activity defined in the list of activities. + A machine-oriented identifier reference to an activity defined in the list of activities. Activity Universally Unique Identifier Reference: A machine-oriented identifier reference to an activity defined in the list of activities. @@ -2276,21 +2239,21 @@ + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2301,7 +2264,7 @@ Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2344,13 +2307,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2378,35 +2341,35 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-select-control-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-select-control-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2416,8 +2379,8 @@ + minOccurs="0" + maxOccurs="unbounded"> @@ -2444,35 +2407,35 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-select-objective-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-select-objective-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2485,10 +2448,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2524,10 +2487,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -2590,7 +2553,7 @@ Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2599,21 +2562,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2624,7 +2587,7 @@ Assessment Subject Placeholder Universally Unique Identifier - A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Subject Placeholder Universally Unique Identifier: A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2657,35 +2620,35 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-select-subject-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-select-subject-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2714,21 +2677,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2739,7 +2702,7 @@ Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. @@ -2760,7 +2723,7 @@ Identifies the Subject - A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. + A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. Identifies the Subject: A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. @@ -2782,21 +2745,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2807,7 +2770,7 @@ Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. @@ -2835,9 +2798,9 @@ + type="oscal-implementation-common-system-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2865,13 +2828,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2884,25 +2847,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2913,7 +2876,7 @@ Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -2925,10 +2888,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2939,7 +2902,7 @@ Assessment Platform Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Platform Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2990,13 +2953,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3012,10 +2975,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3045,17 +3008,17 @@ + type="oscal-implementation-common-implementation-status-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3076,13 +3039,151 @@ Finding Target Identifier Reference - A machine-oriented identifier reference for a specific target qualified by the type. + A machine-oriented identifier reference for a specific target qualified by the type. Finding Target Identifier Reference: A machine-oriented identifier reference for a specific target qualified by the type. + + + + Finding + Describes an individual finding. + + + Finding: Describes an individual finding. + + + + + + + Finding Title + The title for this finding. + + + Finding Title: The title for this finding. + + + + + + + + + + + Finding Description + A human-readable description of this finding. + + + Finding Description: A human-readable description of this finding. + + + + + + + + + + + + + + + Implementation Statement UUID + A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. + + + Implementation Statement UUID: A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. + + + + + + + + + Related Observation + Relates the finding to a set of referenced observations that were used to determine the finding. + + + Related Observation: Relates the finding to a set of referenced observations that were used to determine the finding. + + + + + Observation Universally Unique Identifier Reference + A machine-oriented identifier reference to an observation defined in the list of observations. + + + Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. + + + + + + + + + Associated Risk + Relates the finding to a set of referenced risks that were used to determine the finding. + + + Associated Risk: Relates the finding to a set of referenced risks that were used to determine the finding. + + + + + Risk Universally Unique Identifier Reference + A machine-oriented identifier reference to a risk defined in the list of risks. + + + Risk Universally Unique Identifier Reference: A machine-oriented identifier reference to a risk defined in the list of risks. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Finding Universally Unique Identifier + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + + + Finding Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + + + @@ -3124,13 +3225,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3158,13 +3259,13 @@ + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-subject-reference-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3192,21 +3293,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3255,10 +3356,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3269,7 +3370,7 @@ Observation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Observation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3287,13 +3388,13 @@ + type="oscal-assessment-common-origin-actor-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-related-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3307,13 +3408,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3329,7 +3430,7 @@ Actor Universally Unique Identifier Reference - A machine-oriented identifier reference to the tool or person based on the associated type. + A machine-oriented identifier reference to the tool or person based on the associated type. Actor Universally Unique Identifier Reference: A machine-oriented identifier reference to the tool or person based on the associated type. @@ -3357,21 +3458,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3384,15 +3485,15 @@ + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> Assessment Subject Placeholder Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. + A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. Assessment Subject Placeholder Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. @@ -3404,10 +3505,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3418,7 +3519,7 @@ Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -3515,29 +3616,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-risk-status-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-threat-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-characterization-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3565,23 +3666,23 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-subject-reference-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Mitigating Factor Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Mitigating Factor Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3591,7 +3692,7 @@ Implementation UUID - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Implementation UUID: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3613,9 +3714,9 @@ + type="oscal-assessment-common-response-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3695,21 +3796,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-logged-by-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-risk-status-FIELD" + minOccurs="0" + maxOccurs="1"/> @@ -3722,25 +3823,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-related-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3751,7 +3852,7 @@ Response Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique risk response. + A machine-oriented identifier reference to a unique risk response. Response Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique risk response. @@ -3763,10 +3864,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3777,7 +3878,7 @@ Risk Log Entry Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Log Entry Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3802,7 +3903,7 @@ Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. + A machine-oriented identifier reference to an observation defined in the list of observations. Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. @@ -3815,7 +3916,7 @@ Risk Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3835,7 +3936,7 @@ Party UUID Reference - A machine-oriented identifier reference to the party who is making the log entry. + A machine-oriented identifier reference to the party who is making the log entry. Party UUID Reference: A machine-oriented identifier reference to the party who is making the log entry. @@ -3874,17 +3975,17 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> @@ -3897,21 +3998,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3993,17 +4094,17 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -4016,9 +4117,9 @@ + type="oscal-assessment-common-subject-reference-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -4050,21 +4151,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4075,7 +4176,7 @@ Required Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Required Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4084,17 +4185,17 @@ + type="oscal-assessment-common-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4105,7 +4206,7 @@ Remediation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Remediation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4148,24 +4249,24 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Part Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4202,14 +4303,14 @@ - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -4217,10 +4318,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -4228,61 +4329,61 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -4293,13 +4394,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -4320,10 +4421,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -4331,31 +4432,31 @@ + type="oscal-control-common-parameter-constraint-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-guideline-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-value-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-selection-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4366,41 +4467,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -4434,10 +4536,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -4446,10 +4548,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4460,7 +4562,7 @@ - + Guideline @@ -4473,7 +4575,7 @@ - + Parameter Value @@ -4484,14 +4586,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -4521,7 +4623,7 @@ - + Include All @@ -4587,13 +4689,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -4609,10 +4711,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4632,21 +4734,21 @@ + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-protocol-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4657,7 +4759,7 @@ Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4700,15 +4802,15 @@ + type="oscal-implementation-common-port-range-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Service Protocol Information Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Service Protocol Information Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4779,10 +4881,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4854,29 +4956,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-role-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-authorized-privilege-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4887,7 +4989,7 @@ User Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. User Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4935,9 +5037,9 @@ + type="oscal-implementation-common-function-performed-FIELD" + minOccurs="1" + maxOccurs="unbounded"/> @@ -4977,17 +5079,17 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -5000,25 +5102,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5029,7 +5131,7 @@ Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -5041,10 +5143,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5055,7 +5157,7 @@ Inventory Item Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inventory Item Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -5089,10 +5191,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5103,7 +5205,7 @@ Parameter ID - A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. + A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. Parameter ID: A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. @@ -5114,7 +5216,7 @@ System Identification - A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. + A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. System Identification: A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. @@ -5181,9 +5283,9 @@ + type="listItemType" + minOccurs="1" + maxOccurs="unbounded"/> diff --git a/xml/schema/oscal_catalog_schema.xsd b/xml/schema/oscal_catalog_schema.xsd index 2ce94922e6..c0928d5645 100644 --- a/xml/schema/oscal_catalog_schema.xsd +++ b/xml/schema/oscal_catalog_schema.xsd @@ -1,18 +1,18 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + elementFormDefault="qualified" + targetNamespace="http://csrc.nist.gov/ns/oscal/1.0" + version="1.0.6"> OSCAL Control Catalog Model 1.0.6 oscal-catalog -

    The OSCAL Control Catalog format can be used to describe a collection of security controls and related control enhancements, along with contextualizing documentation and metadata. The root of the Control Catalog format is catalog.

    +

    The OSCAL Control Catalog format can be used to describe a collection of security controls and related control enhancements, along with contextualizing documentation and metadata. The root of the Control Catalog format is catalog.

    catalog
    @@ -22,41 +22,41 @@ Catalog - A collection of controls. + A structured, organized collection of control information. - Catalog: A collection of controls. + Catalog: A structured, organized collection of control information. + type="oscal-metadata-metadata-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-control-common-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-catalog-control-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-catalog-group-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-back-matter-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Catalog Universally Unique Identifier - A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised. + Provides a globally unique means to identify a given catalog instance. - Catalog Universally Unique Identifier: A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised. + Catalog Universally Unique Identifier: Provides a globally unique means to identify a given catalog instance.
    @@ -86,40 +86,40 @@
    + type="oscal-control-common-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-catalog-group-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-catalog-control-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/>
    Group Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Identifies the group for the purpose of cross-linking within the defining instance or from other instances that reference the catalog. - Group Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Group Identifier: Identifies the group for the purpose of cross-linking within the defining instance or from other instances that reference the catalog. @@ -137,10 +137,10 @@ Control - A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance. + A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information. - Control: A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance. + Control: A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information. @@ -159,34 +159,66 @@
    + type="oscal-control-common-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + + + + + Mapping + A mapping between the containing control and another resource. + + + Mapping: A mapping between the containing control and another resource. + + + + + + + + + Mapping Identifier + The unique identifier for the mapping. + + + Mapping Identifier: The unique identifier for the mapping. + + + + + type="oscal-catalog-control-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/>
    Control Identifier - A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document. + Identifies a control such that it can be referenced in the defining catalog and other OSCAL instances (e.g., profiles). - Control Identifier: A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document. + Control Identifier: Identifies a control such that it can be referenced in the defining catalog and other OSCAL instances (e.g., profiles). @@ -200,14 +232,14 @@
    - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -215,10 +247,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -226,61 +258,61 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/>
    Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.
    - + Parameter @@ -291,13 +323,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -318,10 +350,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -329,31 +361,31 @@ + type="oscal-control-common-parameter-constraint-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-guideline-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-value-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-selection-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -364,41 +396,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -432,10 +465,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -444,10 +477,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -458,7 +491,7 @@ - + Guideline @@ -471,7 +504,7 @@ - + Parameter Value @@ -482,14 +515,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -519,7 +552,7 @@ - + Include All @@ -532,11 +565,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -555,473 +588,477 @@
    + type="oscal-metadata-published-FIELD" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-last-modified-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-version-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-oscal-version-FIELD" + minOccurs="1" + maxOccurs="1"/> - - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. + revisions + A group of 'revision' elements - Remarks: Additional commentary on the containing object. + revisions: A group of 'revision' elements - - - -
    - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. - - - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - - - - + + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + - - - - + + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. + Role + Defines a function, which might be assigned to a party in a specific situation. - Location Title: A name given to the location, which may be used by a tool for display and navigation. + Role: Defines a function, which might be assigned to a party in a specific situation. - - - - - - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. - - - Party Name: The full name of the party. This is typically the legal name associated with the party. - - - - - - - - - Party Short Name - A short common name, abbreviation, or acronym for the party. - - - Party Short Name: A short common name, abbreviation, or acronym for the party. - - - - - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - - + + + - External Identifier Schema - Indicates the type of external identifier. + Location Title + A name given to the location, which may be used by a tool for display and navigation. - External Identifier Schema: Indicates the type of external identifier. + Location Title: A name given to the location, which may be used by a tool for display and navigation. - - - + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + +
    - - - - - - - - - - + + - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - + + + + + + Party Name + The full name of the party. This is typically the legal name associated with the party. + + + Party Name: The full name of the party. This is typically the legal name associated with the party. + + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + + + + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. + + + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + + + + Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object.
    - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -1029,10 +1066,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -1040,10 +1077,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -1051,10 +1088,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -1066,10 +1103,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -1077,22 +1114,22 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-document-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -1111,13 +1148,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1126,35 +1163,35 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. + type="oscal-metadata-hash-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1164,14 +1201,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -1185,10 +1222,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1199,10 +1236,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1213,10 +1250,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -1227,20 +1264,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1251,20 +1288,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -1291,10 +1328,20 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. + + + Property Class: A textual label that provides a sub-type or characterization of the property's name. + + + + + + Property Group + An identifier for relating distinct sets of properties. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Group: An identifier for relating distinct sets of properties. @@ -1302,10 +1349,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -1337,21 +1384,31 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. + + + Media Type: A label that indicates the nature of a resource, as a data serialization or format. + + + + + + Resource Fragment + In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Resource Fragment: In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. @@ -1359,32 +1416,32 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. + type="oscal-metadata-party-uuid-FIELD" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1395,10 +1452,87 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. + + + Responsible Role: A reference to a role performed by a party. + + + + + + + Action + An action applied by a role within a given party to the content. + + + Action: An action applied by a role within a given party to the content. + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Action Universally Unique Identifier + A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + Action Universally Unique Identifier: A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + + + + Action Occurrence Date + The date and time when the action occurred. + + + Action Occurrence Date: The date and time when the action occurred. + + + + + + Action Type + The type of action documented by the assembly, such as an approval. + + + Action Type: The type of action documented by the assembly, such as an approval. + + + + + + Action Type System + Specifies the action type system used. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Action Type System: Specifies the action type system used. @@ -1406,32 +1540,32 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-party-uuid-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1442,10 +1576,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -1464,10 +1598,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -1477,10 +1611,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1490,10 +1624,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -1501,10 +1635,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -1512,21 +1646,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -1534,10 +1668,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -1545,10 +1679,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -1576,9 +1710,9 @@ + type="oscal-metadata-addr-line-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1597,10 +1731,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -1610,10 +1744,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -1658,10 +1792,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -1669,15 +1803,198 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + + + + Mapping Entry + A relationship-based mapping between a source and target set consisting of members (i.e., controls, control statements) from the respective source and target. + + + Mapping Entry: A relationship-based mapping between a source and target set consisting of members (i.e., controls, control statements) from the respective source and target. + + + + + + + + + Mapping Entry Relationship + The relationship type for the mapping entry, which describes the relationship between the effective requirements of the specified source and target sets. + + + Mapping Entry Relationship: The relationship type for the mapping entry, which describes the relationship between the effective requirements of the specified source and target sets. + + + + + + + Relationship Value Namespace + A namespace qualifying the relationship's value. This allows different organizations to associate distinct semantics for relationships with the same name. + + + Relationship Value Namespace: A namespace qualifying the relationship's value. This allows different organizations to associate distinct semantics for relationships with the same name. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Mapping Entry Identifier + The unique identifier for the mapping entry. + + + Mapping Entry Identifier: The unique identifier for the mapping entry. + + + + + + + Mapping Entry Item (source or target) + Identifies a specific edge within a source or target that is the subject of a mapping. + + + Mapping Entry Item (source or target): Identifies a specific edge within a source or target that is the subject of a mapping. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Subject Type + The semantic type of the subject. + + + Subject Type: The semantic type of the subject. + + + + + + Subject Identifier Reference + A reference to an identified subject that is of the specified type. + + + Subject Identifier Reference: A reference to an identified subject that is of the specified type. + + + + + + + Mapped Resource Reference + A reference to a resource that is either the source or target of a mapping. + + + Mapped Resource Reference: A reference to a resource that is either the source or target of a mapping. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Resource Type + The semantic type of the resource. + + + Resource Type: The semantic type of the resource. + + + + + + Catalog or Profile Reference + A resolvable URL reference to the base catalog or profile that this profile is tailoring. + + + Catalog or Profile Reference: A resolvable URL reference to the base catalog or profile that this profile is tailoring. + + + @@ -1725,9 +2042,9 @@ + type="listItemType" + minOccurs="1" + maxOccurs="unbounded"/> diff --git a/xml/schema/oscal_complete_schema.xsd b/xml/schema/oscal_complete_schema.xsd index e45ec05267..248b1a9bdb 100644 --- a/xml/schema/oscal_complete_schema.xsd +++ b/xml/schema/oscal_complete_schema.xsd @@ -1,11 +1,11 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + elementFormDefault="qualified" + targetNamespace="http://csrc.nist.gov/ns/oscal/1.0" + version="1.0.6"> OSCAL Unified Model of Models @@ -15,6 +15,7 @@

    This format represents a combination of all of the OSCAL models.

    catalog + mapping-collection profile component-definition system-security-plan @@ -28,41 +29,41 @@ Catalog - A collection of controls. + A structured, organized collection of control information. - Catalog: A collection of controls. + Catalog: A structured, organized collection of control information. + type="oscal-metadata-metadata-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-control-common-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-catalog-control-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-catalog-group-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-back-matter-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Catalog Universally Unique Identifier - A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised. + Provides a globally unique means to identify a given catalog instance. - Catalog Universally Unique Identifier: A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised. + Catalog Universally Unique Identifier: Provides a globally unique means to identify a given catalog instance.
    @@ -92,40 +93,40 @@
    + type="oscal-control-common-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-catalog-group-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-catalog-control-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/>
    Group Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Identifies the group for the purpose of cross-linking within the defining instance or from other instances that reference the catalog. - Group Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Group Identifier: Identifies the group for the purpose of cross-linking within the defining instance or from other instances that reference the catalog. @@ -143,10 +144,10 @@ Control - A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance. + A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information. - Control: A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance. + Control: A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information. @@ -165,34 +166,66 @@ + type="oscal-control-common-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + + + + + Mapping + A mapping between the containing control and another resource. + + + Mapping: A mapping between the containing control and another resource. + + + + + + + + + Mapping Identifier + The unique identifier for the mapping. + + + Mapping Identifier: The unique identifier for the mapping. + + + + + type="oscal-catalog-control-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Control Identifier - A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document. + Identifies a control such that it can be referenced in the defining catalog and other OSCAL instances (e.g., profiles). - Control Identifier: A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document. + Control Identifier: Identifies a control such that it can be referenced in the defining catalog and other OSCAL instances (e.g., profiles). @@ -206,14 +239,14 @@ - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -221,10 +254,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -232,61 +265,61 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/>
    Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -297,13 +330,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -324,10 +357,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -335,31 +368,31 @@ + type="oscal-control-common-parameter-constraint-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-guideline-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-value-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-selection-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -370,41 +403,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -438,10 +472,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -450,10 +484,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -464,7 +498,7 @@ - + Guideline @@ -477,7 +511,7 @@ - + Parameter Value @@ -488,14 +522,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -525,7 +559,7 @@ - + Include All @@ -538,11 +572,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -561,473 +595,477 @@
    + type="oscal-metadata-published-FIELD" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-last-modified-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-version-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-oscal-version-FIELD" + minOccurs="1" + maxOccurs="1"/> - - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. + revisions + A group of 'revision' elements - Remarks: Additional commentary on the containing object. + revisions: A group of 'revision' elements - - - -
    - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. - - - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - - - - + + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + - - - - + + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. + Role + Defines a function, which might be assigned to a party in a specific situation. - Location Title: A name given to the location, which may be used by a tool for display and navigation. + Role: Defines a function, which might be assigned to a party in a specific situation. - - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. - - - Party Name: The full name of the party. This is typically the legal name associated with the party. - - - - - - - Party Short Name - A short common name, abbreviation, or acronym for the party. + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Party Short Name: A short common name, abbreviation, or acronym for the party. + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + +
    - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - - + + + - External Identifier Schema - Indicates the type of external identifier. + Party Name + The full name of the party. This is typically the legal name associated with the party. - External Identifier Schema: Indicates the type of external identifier. + Party Name: The full name of the party. This is typically the legal name associated with the party. - - - + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + + + + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. + + + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + +
    + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + +
    - - - - - - - - - - - - - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - + + Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object.
    - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -1035,10 +1073,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -1046,10 +1084,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -1057,10 +1095,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -1072,10 +1110,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -1083,22 +1121,22 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-document-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -1117,13 +1155,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1132,35 +1170,35 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. + type="oscal-metadata-hash-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1170,14 +1208,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -1191,10 +1229,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1205,10 +1243,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1219,10 +1257,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -1233,20 +1271,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1257,20 +1295,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -1297,10 +1335,20 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. + + + Property Class: A textual label that provides a sub-type or characterization of the property's name. + + + + + + Property Group + An identifier for relating distinct sets of properties. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Group: An identifier for relating distinct sets of properties. @@ -1308,10 +1356,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -1343,68 +1391,155 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. + + + Media Type: A label that indicates the nature of a resource, as a data serialization or format. + + + + + + Resource Fragment + In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. + + + Resource Fragment: In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. + + + + + + + Responsible Party + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. + + + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Responsible Role + A reference to a role performed by a party. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Responsible Role: A reference to a role performed by a party. - + - Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Action + An action applied by a role within a given party to the content. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Action: An action applied by a role within a given party to the content. - + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. - + - Responsible Role - A human-oriented identifier reference to roles served by the user. + Action Universally Unique Identifier + A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + Action Universally Unique Identifier: A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + + + + Action Occurrence Date + The date and time when the action occurred. + + + Action Occurrence Date: The date and time when the action occurred. + + + + + + Action Type + The type of action documented by the assembly, such as an approval. + + + Action Type: The type of action documented by the assembly, such as an approval. + + + + + + Action Type System + Specifies the action type system used. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Action Type System: Specifies the action type system used. @@ -1412,32 +1547,32 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-party-uuid-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1448,10 +1583,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -1470,10 +1605,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -1483,10 +1618,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1496,10 +1631,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -1507,10 +1642,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -1518,21 +1653,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -1540,10 +1675,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -1551,10 +1686,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -1582,9 +1717,9 @@ + type="oscal-metadata-addr-line-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1603,10 +1738,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -1616,10 +1751,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -1664,10 +1799,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -1675,82 +1810,335 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + + + + Mapping Entry + A relationship-based mapping between a source and target set consisting of members (i.e., controls, control statements) from the respective source and target. + + + Mapping Entry: A relationship-based mapping between a source and target set consisting of members (i.e., controls, control statements) from the respective source and target. + + + + + + + + + Mapping Entry Relationship + The relationship type for the mapping entry, which describes the relationship between the effective requirements of the specified source and target sets. + + + Mapping Entry Relationship: The relationship type for the mapping entry, which describes the relationship between the effective requirements of the specified source and target sets. + + + + + + + Relationship Value Namespace + A namespace qualifying the relationship's value. This allows different organizations to associate distinct semantics for relationships with the same name. + + + Relationship Value Namespace: A namespace qualifying the relationship's value. This allows different organizations to associate distinct semantics for relationships with the same name. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Mapping Entry Identifier + The unique identifier for the mapping entry. + + + Mapping Entry Identifier: The unique identifier for the mapping entry. + + + + + + + Mapping Entry Item (source or target) + Identifies a specific edge within a source or target that is the subject of a mapping. + + + Mapping Entry Item (source or target): Identifies a specific edge within a source or target that is the subject of a mapping. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Subject Type + The semantic type of the subject. + + + Subject Type: The semantic type of the subject. + + + + + + Subject Identifier Reference + A reference to an identified subject that is of the specified type. + + + Subject Identifier Reference: A reference to an identified subject that is of the specified type. + + + + + + + Mapped Resource Reference + A reference to a resource that is either the source or target of a mapping. + + + Mapped Resource Reference: A reference to a resource that is either the source or target of a mapping. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Resource Type + The semantic type of the resource. + + + Resource Type: The semantic type of the resource. + + + + + + Catalog or Profile Reference + A resolvable URL reference to the base catalog or profile that this profile is tailoring. + + + Catalog or Profile Reference: A resolvable URL reference to the base catalog or profile that this profile is tailoring. + + + + + + + + Mapping Collection + A collection of relationship-based control and/or control statement mappings. + + + Mapping Collection: A collection of relationship-based control and/or control statement mappings. + + + + + + + + + + Mapping Collection Universally Unique Identifier + A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised. + + + Mapping Collection Universally Unique Identifier: A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised. + + + + + + + Control Mapping + A mapping between two target resources. + + + Control Mapping: A mapping between two target resources. + + + + + + + + + + Mapping Universally Unique Identifier + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mapping definition elsewhere in this or other OSCAL instances. The locally defined UUID of the mapping can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same mapping across revisions of the document. + + + Mapping Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mapping definition elsewhere in this or other OSCAL instances. The locally defined UUID of the mapping can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same mapping across revisions of the document. + + + Profile - Each OSCAL profile is defined by a Profile element + Each OSCAL profile is defined by a profile element. - Profile: Each OSCAL profile is defined by a Profile element + Profile: Each OSCAL profile is defined by a profile element. + type="oscal-metadata-metadata-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-profile-import-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-profile-merge-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-profile-modify-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-back-matter-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Profile Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document. + Provides a globally unique means to identify a given profile instance. - Profile Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document. + Profile Universally Unique Identifier: Provides a globally unique means to identify a given profile instance. - Import resource - The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives. + Import Resource + Designates a referenced source catalog or profile that provides a source of control information for use in creating a new overlay or baseline. - Import resource: The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives. + Import Resource: Designates a referenced source catalog or profile that provides a source of control information for use in creating a new overlay or baseline. + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-profile-select-control-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-profile-select-control-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1766,31 +2154,31 @@ - Merge controls - A Merge element provides structuring directives that drive how controls are organized after resolution. + Merge Controls + Provides structuring directives that instruct how controls are organized after profile resolution. - Merge controls: A Merge element provides structuring directives that drive how controls are organized after resolution. + Merge Controls: Provides structuring directives that instruct how controls are organized after profile resolution. - Combination rule - A Combine element defines how to combine multiple (competing) versions of the same control. + Combination Rule + A Combine element defines how to resolve duplicate instances of the same control (e.g., controls with the same ID). - Combination rule: A Combine element defines how to combine multiple (competing) versions of the same control. + Combination Rule: A Combine element defines how to resolve duplicate instances of the same control (e.g., controls with the same ID). - Combination method - How clashing controls should be handled + Combination Method + Declare how clashing controls should be handled. - Combination method: How clashing controls should be handled + Combination Method: Declare how clashing controls should be handled. @@ -1800,11 +2188,11 @@ - Flat - Use the flat structuring method. + Flat Without Grouping + Directs that controls appear without any grouping structure. - Flat: Use the flat structuring method. + Flat Without Grouping: Directs that controls appear without any grouping structure. @@ -1812,34 +2200,34 @@ - As-Is Structuring Directive - An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes. + Group As-Is + Indicates that the controls selected should retain their original grouping as defined in the import source. - As-Is Structuring Directive: An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes. + Group As-Is: Indicates that the controls selected should retain their original grouping as defined in the import source. - + - Custom grouping - A Custom element frames a structure for embedding represented controls in resolution. + Custom Grouping + Provides an alternate grouping structure that selected controls will be placed in. - Custom grouping: A Custom element frames a structure for embedding represented controls in resolution. + Custom Grouping: Provides an alternate grouping structure that selected controls will be placed in. + type="oscal-profile-group-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-profile-insert-controls-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1849,11 +2237,11 @@ - Control group - A group of (selected) controls or of groups of controls + Control Group + A group of (selected) controls or of groups of controls. - Control group: A group of (selected) controls or of groups of controls + Control Group: A group of (selected) controls or of groups of controls. @@ -1861,10 +2249,10 @@ Group Title - A name given to the group, which may be used by a tool for display and navigation. + A name to be given to the group for use in display. - Group Title: A name given to the group, which may be used by a tool for display and navigation. + Group Title: A name to be given to the group for use in display. @@ -1872,40 +2260,40 @@ + type="oscal-control-common-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-profile-group-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-profile-insert-controls-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Group Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Identifies the group. - Group Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Group Identifier: Identifies the group. @@ -1922,11 +2310,11 @@ - Modify controls - Set parameters or amend controls in resolution + Modify Controls + Set parameters or amend controls in resolution. - Modify controls: Set parameters or amend controls in resolution + Modify Controls: Set parameters or amend controls in resolution. @@ -1934,20 +2322,20 @@ Parameter Setting - A parameter setting, to be propagated to points of insertion + A parameter setting, to be propagated to points of insertion. - Parameter Setting: A parameter setting, to be propagated to points of insertion + Parameter Setting: A parameter setting, to be propagated to points of insertion. + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1963,102 +2351,249 @@ - + + + + + Parameter Usage Description + Describes the purpose and use of a parameter. + + + Parameter Usage Description: Describes the purpose and use of a parameter. + + + + + + + + + + + + + + + + + Parameter ID + An identifier for the parameter. + + + Parameter ID: An identifier for the parameter. + + + + + + Parameter Class + A textual label that provides a characterization of the parameter. + + + Parameter Class: A textual label that provides a characterization of the parameter. + + + + + + Depends On + **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + + Depends On: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + + + + + + + + Alteration + Specifies changes to be made to an included control when a profile is resolved. + + + Alteration: Specifies changes to be made to an included control when a profile is resolved. + + + + + + + Removal + Specifies objects to be removed from a control based on specific aspects of the object that must all match. + + + Removal: Specifies objects to be removed from a control based on specific aspects of the object that must all match. + + + + + Reference by (assigned) name + Identify items remove by matching their assigned name. + + + Reference by (assigned) name: Identify items remove by matching their assigned name. + + + + + + Reference by class + Identify items to remove by matching their class. + + + Reference by class: Identify items to remove by matching their class. + + + + + + Reference by ID + Identify items to remove indicated by their id. + + + Reference by ID: Identify items to remove indicated by their id. + + + + + + Item Name Reference + Identify items to remove by the name of the item's information object name, e.g. title or prop. + + + Item Name Reference: Identify items to remove by the name of the item's information object name, e.g. title or prop. + + + + + + Item Namespace Reference + Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. + + + Item Namespace Reference: Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. + + + + + - Parameter Usage Description - Describes the purpose and use of a parameter + Addition + Specifies contents to be added into controls, in resolution. - Parameter Usage Description: Describes the purpose and use of a parameter + Addition: Specifies contents to be added into controls, in resolution. - - - + + + + + + Title Change + A name given to the control, which may be used by a tool for display and navigation. + + + Title Change: A name given to the control, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + Position + Where to add the new content with respect to the targeted element (beside it or inside it). + + + Position: Where to add the new content with respect to the targeted element (beside it or inside it). + + + + + + Reference by ID + Target location of the addition. + + + Reference by ID: Target location of the addition. + + - - - - - - - - - - Parameter ID - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Parameter ID: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Parameter Class - A textual label that provides a characterization of the parameter. - - - Parameter Class: A textual label that provides a characterization of the parameter. - - - + - Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Control Identifier Reference + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - - Select controls + Insert Controls Specifies which controls to use in the containing context. - Select controls: Specifies which controls to use in the containing context. + Insert Controls: Specifies which controls to use in the containing context. + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-profile-select-control-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-profile-select-control-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2074,216 +2609,66 @@ - Call - Call a control by its ID + Select Control + Select a control or controls from an imported control set. - Call: Call a control by its ID + Select Control: Select a control or controls from an imported control set. - - - - - Match Controls by Identifier - - - - Match Controls by Identifier: - - - - - - - - - Match Controls by Pattern - Select controls by (regular expression) match on ID - - - Match Controls by Pattern: Select controls by (regular expression) match on ID - - - - - Pattern - A glob expression matching the IDs of one or more controls to be selected. - - - Pattern: A glob expression matching the IDs of one or more controls to be selected. - - - - + + - Include contained controls with control + Include Contained Controls with Control When a control is included, whether its child (dependent) controls are also included. - Include contained controls with control: When a control is included, whether its child (dependent) controls are also included. - - - - - - - Alteration - An Alter element specifies changes to be made to an included control when a profile is resolved. - - - Alteration: An Alter element specifies changes to be made to an included control when a profile is resolved. - - - - - - - - - Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - - - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Include Contained Controls with Control: When a control is included, whether its child (dependent) controls are also included. - + - Removal - Specifies objects to be removed from a control based on specific aspects of the object that must all match. + Match Controls by Identifier + Selecting a control by its ID given as a literal. - Removal: Specifies objects to be removed from a control based on specific aspects of the object that must all match. + Match Controls by Identifier: Selecting a control by its ID given as a literal. - - - - Reference by (assigned) name - Identify items to remove by matching their assigned name - - - Reference by (assigned) name: Identify items to remove by matching their assigned name - - - - - - Reference by class - Identify items to remove by matching their class. - - - Reference by class: Identify items to remove by matching their class. - - - - - - Reference by ID - Identify items to remove indicated by their id. - - - Reference by ID: Identify items to remove indicated by their id. - - - - - - Item Name Reference - Identify items to remove by the name of the item's information element name, e.g. title or prop - - - - Item Name Reference: Identify items to remove by the name of the item's information element name, e.g. title or prop - - - - - - Item Namespace Reference - Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. - - - Item Namespace Reference: Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. - - - - + + + - Addition - Specifies contents to be added into controls, in resolution + Match Controls by Pattern + Selecting a set of controls by matching their IDs with a wildcard pattern. - Addition: Specifies contents to be added into controls, in resolution + Match Controls by Pattern: Selecting a set of controls by matching their IDs with a wildcard pattern. - - - - - - Title Change - A name given to the control, which may be used by a tool for display and navigation. - - - Title Change: A name given to the control, which may be used by a tool for display and navigation. - - - - - - - - - - - - - - - Position - Where to add the new content with respect to the targeted element (beside it or inside it) - - - Position: Where to add the new content with respect to the targeted element (beside it or inside it) - - - + - Reference by ID - Target location of the addition. + Pattern + A glob expression matching the IDs of one or more controls to be selected. - Reference by ID: Target location of the addition. + Pattern: A glob expression matching the IDs of one or more controls to be selected. + type="oscal-component-definition-component-definition-ASSEMBLY"/> @@ -2295,34 +2680,34 @@ + type="oscal-metadata-metadata-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-component-definition-import-component-definition-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-component-definition-defined-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-component-definition-capability-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-back-matter-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Component Definition Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given component definition instance. - Component Definition Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Component Definition Universally Unique Identifier: Provides a globally unique means to identify a given component definition instance. @@ -2402,33 +2787,33 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-protocol-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-component-definition-control-implementation-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2439,10 +2824,10 @@ Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given component. - Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Component Identifier: Provides a globally unique means to identify a given component. @@ -2482,29 +2867,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-component-definition-incorporates-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-component-definition-control-implementation-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2515,10 +2900,10 @@ Capability Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given capability. - Capability Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Capability Identifier: Provides a globally unique means to identify a given capability. @@ -2536,10 +2921,10 @@ Incorporates Component - TBD + The collection of components comprising this capability. - Incorporates Component: TBD + Incorporates Component: The collection of components comprising this capability. @@ -2562,7 +2947,7 @@ Component Reference - A machine-oriented identifier reference to a component. + A machine-oriented identifier reference to a component. Component Reference: A machine-oriented identifier reference to a component. @@ -2595,30 +2980,30 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-set-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-component-definition-implemented-requirement-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/>
    Control Implementation Set Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a means to identify a set of control implementations that are supported by a given component or capability. - Control Implementation Set Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Control Implementation Set Identifier: Provides a means to identify a set of control implementations that are supported by a given component or capability. @@ -2647,10 +3032,10 @@ Control Implementation Description - A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. + A suggestion from the supplier (e.g., component vendor or author) for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. - Control Implementation Description: A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. + Control Implementation Description: A suggestion from the supplier (e.g., component vendor or author) for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. @@ -2658,33 +3043,33 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-set-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-component-definition-statement-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2695,20 +3080,20 @@ Control Implementation Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given control implementation by a component. - Control Implementation Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Control Implementation Identifier: Provides a globally unique means to identify a given control implementation by a component. Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -2738,25 +3123,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2767,7 +3152,7 @@ Control Statement Reference - A human-oriented identifier reference to a control statement. + A human-oriented identifier reference to a control statement. Control Statement Reference: A human-oriented identifier reference to a control statement. @@ -2777,7 +3162,7 @@ Control Statement Reference Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Control Statement Reference Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). @@ -2840,13 +3225,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2862,10 +3247,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2885,21 +3270,21 @@ + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-protocol-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2910,7 +3295,7 @@ Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2953,15 +3338,15 @@ + type="oscal-implementation-common-port-range-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/>
    Service Protocol Information Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Service Protocol Information Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3032,10 +3417,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3107,29 +3492,29 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-role-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-authorized-privilege-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3140,7 +3525,7 @@ User Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. User Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3188,9 +3573,9 @@ + type="oscal-implementation-common-function-performed-FIELD" + minOccurs="1" + maxOccurs="unbounded"/>
    @@ -3230,17 +3615,17 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3253,25 +3638,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3282,7 +3667,7 @@ Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -3294,10 +3679,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3308,7 +3693,7 @@ Inventory Item Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inventory Item Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3342,10 +3727,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3356,7 +3741,7 @@ Parameter ID - A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. + A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. Parameter ID: A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. @@ -3367,7 +3752,7 @@ System Identification - A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. + A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. System Identification: A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. @@ -3388,47 +3773,47 @@ + type="oscal-ssp-system-security-plan-ASSEMBLY"/> System Security Plan (SSP) - A system security plan, such as those described in NIST SP 800-18 + A system security plan, such as those described in NIST SP 800-18. - System Security Plan (SSP): A system security plan, such as those described in NIST SP 800-18 + System Security Plan (SSP): A system security plan, such as those described in NIST SP 800-18. + type="oscal-metadata-metadata-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-import-profile-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-system-characteristics-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-system-implementation-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-control-implementation-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-back-matter-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> System Security Plan Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. System Security Plan Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3449,10 +3834,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3481,9 +3866,9 @@ + type="oscal-implementation-common-system-id-FIELD" + minOccurs="1" + maxOccurs="unbounded"/> @@ -3526,66 +3911,66 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-date-authorized-FIELD" + minOccurs="0" + maxOccurs="1"/> Security Sensitivity Level - The overall information system sensitivity categorization, such as defined by FIPS-199. + The overall information system sensitivity categorization, such as defined by FIPS-199. - Security Sensitivity Level: The overall information system sensitivity categorization, such as defined by FIPS-199. + Security Sensitivity Level: The overall information system sensitivity categorization, such as defined by FIPS-199. + type="oscal-ssp-system-information-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-security-impact-level-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-status-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-authorization-boundary-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-network-architecture-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-ssp-data-flow-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3597,29 +3982,29 @@ System Information - Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. + Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. - System Information: Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. + System Information: Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Information Type - Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. + Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. - Information Type: Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. + Information Type: Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. @@ -3668,7 +4053,7 @@ Information Type Systematized Identifier - A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Information Type Systematized Identifier: A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3690,148 +4075,31 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> - - - - - Confidentiality Impact Level - The expected level of impact resulting from the unauthorized disclosure of the described information. - - - Confidentiality Impact Level: The expected level of impact resulting from the unauthorized disclosure of the described information. - - - - - - - - - - Adjustment Justification - If the selected security level is different from the base security level, this contains the justification for the change. - - - Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. - - - - - - - - - - - - - Integrity Impact Level - The expected level of impact resulting from the unauthorized modification of the described information. - - - Integrity Impact Level: The expected level of impact resulting from the unauthorized modification of the described information. - - - - - - - - - - Adjustment Justification - If the selected security level is different from the base security level, this contains the justification for the change. - - - Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. - - - - - - - - - - - - - Availability Impact Level - The expected level of impact resulting from the disruption of access to or use of the described information or the information system. - - - Availability Impact Level: The expected level of impact resulting from the disruption of access to or use of the described information or the information system. - - - - - - - - - - Adjustment Justification - If the selected security level is different from the base security level, this contains the justification for the change. - - - Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. - - - - - - - - + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + + + Information Type Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Information Type Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3841,6 +4109,47 @@ + + + + Impact Level + The expected level of impact resulting from the described information. + + + Impact Level: The expected level of impact resulting from the described information. + + + + + + + + + + Adjustment Justification + If the selected security level is different from the base security level, this contains the justification for the change. + + + Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. + + + + + + + @@ -3887,8 +4196,8 @@ + minOccurs="1" + maxOccurs="1"> @@ -3943,10 +4252,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4001,25 +4310,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-diagram-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4053,13 +4362,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -4079,10 +4388,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4093,7 +4402,7 @@ Diagram ID - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Diagram ID: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4126,25 +4435,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-diagram-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4178,25 +4487,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-diagram-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4215,22 +4524,22 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Leveraged Authorization - A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider. + A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider. - Leveraged Authorization: A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider. + Leveraged Authorization: A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider. @@ -4249,19 +4558,19 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> party-uuid field - A machine-oriented identifier reference to the party that manages the leveraged system. + A machine-oriented identifier reference to the party that manages the leveraged system. party-uuid field: A machine-oriented identifier reference to the party that manages the leveraged system. @@ -4270,17 +4579,17 @@ + type="oscal-ssp-date-authorized-FIELD" + minOccurs="1" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4291,7 +4600,7 @@ Leveraged Authorization Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Leveraged Authorization Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4300,25 +4609,25 @@ + type="oscal-implementation-common-system-user-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-implementation-common-system-component-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-implementation-common-inventory-item-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4352,13 +4661,13 @@ + type="oscal-implementation-common-set-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-implemented-requirement-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> @@ -4372,37 +4681,37 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-set-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-statement-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-by-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4413,7 +4722,7 @@ Control Requirement Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Control Requirement Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4423,10 +4732,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -4441,29 +4750,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-by-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4474,7 +4783,7 @@ Control Statement Reference - A human-oriented identifier reference to a control statement. + A human-oriented identifier reference to a control statement. Control Statement Reference: A human-oriented identifier reference to a control statement. @@ -4484,7 +4793,7 @@ Control Statement Reference Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Control Statement Reference Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). @@ -4517,21 +4826,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-set-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-implementation-status-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> @@ -4559,13 +4868,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -4593,25 +4902,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4622,7 +4931,7 @@ Provided Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Provided Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4657,25 +4966,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4686,7 +4995,7 @@ Responsibility Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Responsibility Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4696,7 +5005,7 @@ Provided UUID - A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. + A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. Provided UUID: A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. @@ -4708,10 +5017,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4747,23 +5056,23 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Inherited Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inherited Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4773,7 +5082,7 @@ Provided UUID - A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. + A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. Provided UUID: A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. @@ -4808,25 +5117,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4837,7 +5146,7 @@ Satisfied Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Satisfied Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4847,7 +5156,7 @@ Responsibility UUID - A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system. + A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system. Responsibility UUID: A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system. @@ -4856,17 +5165,17 @@ + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4877,7 +5186,7 @@ Component Universally Unique Identifier Reference - A machine-oriented identifier reference to the component that is implemeting a given control. + A machine-oriented identifier reference to the component that is implemeting a given control. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to the component that is implemeting a given control. @@ -4887,7 +5196,7 @@ By-Component Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. By-Component Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4906,13 +5215,13 @@ + type="oscal-metadata-metadata-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-import-ssp-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> @@ -4925,33 +5234,33 @@ + type="oscal-implementation-common-system-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-inventory-item-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-system-user-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-local-objective-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-activity-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4972,38 +5281,38 @@ + type="oscal-assessment-common-assessment-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-reviewed-controls-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-assets-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-assessment-common-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-back-matter-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Assessment Plan Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Plan Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -5024,10 +5333,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5071,25 +5380,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5100,10 +5409,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -5133,25 +5442,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-part-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5162,7 +5471,7 @@ Assessment Method Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Method Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -5210,13 +5519,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -5259,29 +5568,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-reviewed-controls-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5292,7 +5601,7 @@ Step Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Step Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -5301,21 +5610,21 @@ + type="oscal-assessment-common-reviewed-controls-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5326,7 +5635,7 @@ Assessment Activity Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Activity Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -5374,13 +5683,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -5498,10 +5807,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5512,7 +5821,7 @@ Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -5521,9 +5830,9 @@ + type="oscal-assessment-common-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -5536,29 +5845,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5569,7 +5878,7 @@ Activity Universally Unique Identifier Reference - A machine-oriented identifier reference to an activity defined in the list of activities. + A machine-oriented identifier reference to an activity defined in the list of activities. Activity Universally Unique Identifier Reference: A machine-oriented identifier reference to an activity defined in the list of activities. @@ -5578,21 +5887,21 @@ + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5603,7 +5912,7 @@ Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -5646,13 +5955,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -5680,35 +5989,35 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-select-control-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-select-control-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5718,8 +6027,8 @@ + minOccurs="0" + maxOccurs="unbounded"> @@ -5746,35 +6055,35 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-select-objective-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-select-objective-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5787,10 +6096,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5826,10 +6135,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -5892,7 +6201,7 @@ Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -5901,21 +6210,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5926,7 +6235,7 @@ Assessment Subject Placeholder Universally Unique Identifier - A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Subject Placeholder Universally Unique Identifier: A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -5959,35 +6268,35 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-select-subject-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-select-subject-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6016,21 +6325,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6041,7 +6350,7 @@ Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. @@ -6062,7 +6371,7 @@ Identifies the Subject - A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. + A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. Identifies the Subject: A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. @@ -6084,21 +6393,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6109,7 +6418,7 @@ Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. @@ -6137,9 +6446,9 @@ + type="oscal-implementation-common-system-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -6167,13 +6476,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -6186,25 +6495,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6215,7 +6524,7 @@ Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -6227,10 +6536,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6241,7 +6550,7 @@ Assessment Platform Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Platform Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -6292,13 +6601,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -6314,10 +6623,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6347,17 +6656,17 @@ + type="oscal-implementation-common-implementation-status-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6378,13 +6687,151 @@ Finding Target Identifier Reference - A machine-oriented identifier reference for a specific target qualified by the type. + A machine-oriented identifier reference for a specific target qualified by the type. Finding Target Identifier Reference: A machine-oriented identifier reference for a specific target qualified by the type. + + + + Finding + Describes an individual finding. + + + Finding: Describes an individual finding. + + + + + + + Finding Title + The title for this finding. + + + Finding Title: The title for this finding. + + + + + + + + + + + Finding Description + A human-readable description of this finding. + + + Finding Description: A human-readable description of this finding. + + + + + + + + + + + + + + + Implementation Statement UUID + A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. + + + Implementation Statement UUID: A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. + + + + + + + + + Related Observation + Relates the finding to a set of referenced observations that were used to determine the finding. + + + Related Observation: Relates the finding to a set of referenced observations that were used to determine the finding. + + + + + Observation Universally Unique Identifier Reference + A machine-oriented identifier reference to an observation defined in the list of observations. + + + Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. + + + + + + + + + Associated Risk + Relates the finding to a set of referenced risks that were used to determine the finding. + + + Associated Risk: Relates the finding to a set of referenced risks that were used to determine the finding. + + + + + Risk Universally Unique Identifier Reference + A machine-oriented identifier reference to a risk defined in the list of risks. + + + Risk Universally Unique Identifier Reference: A machine-oriented identifier reference to a risk defined in the list of risks. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Finding Universally Unique Identifier + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + + + Finding Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + + + @@ -6426,13 +6873,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -6460,13 +6907,13 @@ + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-subject-reference-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -6494,21 +6941,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6557,10 +7004,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6571,7 +7018,7 @@ Observation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Observation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -6589,13 +7036,13 @@ + type="oscal-assessment-common-origin-actor-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-related-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -6609,13 +7056,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -6631,7 +7078,7 @@ Actor Universally Unique Identifier Reference - A machine-oriented identifier reference to the tool or person based on the associated type. + A machine-oriented identifier reference to the tool or person based on the associated type. Actor Universally Unique Identifier Reference: A machine-oriented identifier reference to the tool or person based on the associated type. @@ -6659,21 +7106,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -6686,15 +7133,15 @@ + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> Assessment Subject Placeholder Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. + A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. Assessment Subject Placeholder Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. @@ -6706,10 +7153,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6720,7 +7167,7 @@ Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -6817,29 +7264,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-risk-status-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-threat-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-characterization-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -6867,23 +7314,23 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-subject-reference-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Mitigating Factor Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Mitigating Factor Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -6893,7 +7340,7 @@ Implementation UUID - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Implementation UUID: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -6915,9 +7362,9 @@ + type="oscal-assessment-common-response-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -6997,21 +7444,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-logged-by-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-risk-status-FIELD" + minOccurs="0" + maxOccurs="1"/> @@ -7024,25 +7471,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-related-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7053,7 +7500,7 @@ Response Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique risk response. + A machine-oriented identifier reference to a unique risk response. Response Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique risk response. @@ -7065,10 +7512,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7079,7 +7526,7 @@ Risk Log Entry Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Log Entry Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -7104,7 +7551,7 @@ Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. + A machine-oriented identifier reference to an observation defined in the list of observations. Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. @@ -7117,7 +7564,7 @@ Risk Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -7137,7 +7584,7 @@ Party UUID Reference - A machine-oriented identifier reference to the party who is making the log entry. + A machine-oriented identifier reference to the party who is making the log entry. Party UUID Reference: A machine-oriented identifier reference to the party who is making the log entry. @@ -7176,17 +7623,17 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> @@ -7199,21 +7646,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7295,17 +7742,17 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -7318,9 +7765,9 @@ + type="oscal-assessment-common-subject-reference-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -7352,21 +7799,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7377,7 +7824,7 @@ Required Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Required Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -7386,17 +7833,17 @@ + type="oscal-assessment-common-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7407,7 +7854,7 @@ Remediation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Remediation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -7450,24 +7897,24 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Part Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -7516,13 +7963,13 @@ + type="oscal-metadata-metadata-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ar-import-ap-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> @@ -7535,21 +7982,21 @@ + type="oscal-assessment-common-local-objective-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-activity-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7559,19 +8006,19 @@ + type="oscal-ar-result-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-metadata-back-matter-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Assessment Results Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Results Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -7645,13 +8092,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -7664,32 +8111,32 @@ + type="oscal-implementation-common-system-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-inventory-item-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-system-user-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-assets-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-assessment-common-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-reviewed-controls-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> @@ -7702,13 +8149,13 @@ + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-part-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> @@ -7791,29 +8238,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-logged-by-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-related-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7824,7 +8271,7 @@ Assessment Log Entry Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Log Entry Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -7836,25 +8283,25 @@ + type="oscal-assessment-common-observation-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-risk-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-finding-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7865,151 +8312,13 @@ Results Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Results Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - Finding - Describes an individual finding. - - - Finding: Describes an individual finding. - - - - - - - Finding Title - The title for this finding. - - - Finding Title: The title for this finding. - - - - - - - - - - - Finding Description - A human-readable description of this finding. - - - Finding Description: A human-readable description of this finding. - - - - - - - - - - - - - - - Implementation Statement UUID - A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. - - - Implementation Statement UUID: A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. - - - - - - - - - Related Observation - Relates the finding to a set of referenced observations that were used to determine the finding. - - - Related Observation: Relates the finding to a set of referenced observations that were used to determine the finding. - - - - - Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. - - - Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. - - - - - - - - - Associated Risk - Relates the finding to a set of referenced risks that were used to determine the finding. - - - Associated Risk: Relates the finding to a set of referenced risks that were used to determine the finding. - - - - - Risk Universally Unique Identifier Reference - A machine-oriented identifier reference to a risk defined in the list of risks. - - - Risk Universally Unique Identifier Reference: A machine-oriented identifier reference to a risk defined in the list of risks. - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Finding Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Finding Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - @@ -8024,10 +8333,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -8046,7 +8355,7 @@ + type="oscal-poam-plan-of-action-and-milestones-ASSEMBLY"/> @@ -8058,43 +8367,47 @@ + type="oscal-metadata-metadata-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-import-ssp-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-implementation-common-system-id-FIELD" + minOccurs="0" + maxOccurs="1"/> + type="oscal-poam-local-definitions-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-assessment-common-observation-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-risk-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + + type="oscal-poam-poam-item-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-metadata-back-matter-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> POA&M Universally Unique Identifier - A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. POA&M Universally Unique Identifier: A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -8112,21 +8425,25 @@ + type="oscal-implementation-common-system-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-inventory-item-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -8175,13 +8492,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -8194,12 +8511,34 @@ + type="oscal-assessment-common-origin-actor-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + + + + + Related Finding + Relates the poam-item to referenced finding(s). + + + Related Finding: Relates the poam-item to referenced finding(s). + + + + + Finding Universally Unique Identifier Reference + A machine-oriented identifier reference to a finding defined in the list of findings. + + + Finding Universally Unique Identifier Reference: A machine-oriented identifier reference to a finding defined in the list of findings. + + + + @@ -8214,7 +8553,7 @@ Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. + A machine-oriented identifier reference to an observation defined in the list of observations. Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. @@ -8236,7 +8575,7 @@ Risk Universally Unique Identifier Reference - A machine-oriented identifier reference to a risk defined in the list of risks. + A machine-oriented identifier reference to a risk defined in the list of risks. Risk Universally Unique Identifier Reference: A machine-oriented identifier reference to a risk defined in the list of risks. @@ -8248,10 +8587,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -8262,7 +8601,7 @@ POA&M Item Universally Unique Identifier - A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. POA&M Item Universally Unique Identifier: A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -8316,9 +8655,9 @@ + type="listItemType" + minOccurs="1" + maxOccurs="unbounded"/> diff --git a/xml/schema/oscal_component_schema.xsd b/xml/schema/oscal_component_schema.xsd index 26515954b6..c758ff21d7 100644 --- a/xml/schema/oscal_component_schema.xsd +++ b/xml/schema/oscal_component_schema.xsd @@ -1,26 +1,28 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + elementFormDefault="qualified" + targetNamespace="http://csrc.nist.gov/ns/oscal/1.0" + version="1.0.6"> OSCAL Component Definition Model 1.0.6 oscal-component-definition -

    The OSCAL Component Definition Model can be used to describe the implementation of controls in a component or a set of components grouped as a capability. A component can be either a technical component, or a documentary component. A technical component is a component that is implemented in hardware (physical or virtual) or software. A documentary component is a component implemented in a document, such as a process, procedure, or policy.

    -

    The root of the OSCAL Implementation Component format is component-definition.

    -

    NOTE: This documentation is a work in progress. As a result, documentation for many of the information elements is missing or incomplete.

    +

    The OSCAL Component Definition Model can be used to describe the implementation of controls in a component or a set of components grouped as a capability. A component can be either a technical component, or a documentary component.

    +

    A technical component is a component that is implemented in hardware (physical or virtual) or software. Suppliers may document components in an OSCAL component definition that describes the implementation of controls in their hardware and software.

    +

    A documentary component is a component implemented for a documented process, procedure, or policy. Suppliers may document components in an OSCAL component definition that describes the implementation of controls in their process, procedure, or policy.

    +

    The information provided by a technical or documentary component can be used by component consumers to provide starting narratives for documenting control implementations in an OSCAL SSP.

    +

    The root of the OSCAL Implementation Layer Component Definition model is component-definition.

    component-definition
    + type="oscal-component-definition-component-definition-ASSEMBLY"/> @@ -32,34 +34,34 @@ + type="oscal-metadata-metadata-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-component-definition-import-component-definition-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-component-definition-defined-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-component-definition-capability-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-back-matter-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Component Definition Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given component definition instance. - Component Definition Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Component Definition Universally Unique Identifier: Provides a globally unique means to identify a given component definition instance. @@ -139,33 +141,33 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-protocol-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-component-definition-control-implementation-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -176,10 +178,10 @@ Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given component. - Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Component Identifier: Provides a globally unique means to identify a given component.
    @@ -219,29 +221,29 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-component-definition-incorporates-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-component-definition-control-implementation-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -252,10 +254,10 @@ Capability Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given capability. - Capability Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Capability Identifier: Provides a globally unique means to identify a given capability. @@ -273,10 +275,10 @@ Incorporates Component - TBD + The collection of components comprising this capability. - Incorporates Component: TBD + Incorporates Component: The collection of components comprising this capability. @@ -299,7 +301,7 @@ Component Reference - A machine-oriented identifier reference to a component. + A machine-oriented identifier reference to a component. Component Reference: A machine-oriented identifier reference to a component. @@ -332,30 +334,30 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-set-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-component-definition-implemented-requirement-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/>
    Control Implementation Set Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a means to identify a set of control implementations that are supported by a given component or capability. - Control Implementation Set Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Control Implementation Set Identifier: Provides a means to identify a set of control implementations that are supported by a given component or capability. @@ -384,10 +386,10 @@ Control Implementation Description - A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. + A suggestion from the supplier (e.g., component vendor or author) for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. - Control Implementation Description: A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. + Control Implementation Description: A suggestion from the supplier (e.g., component vendor or author) for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. @@ -395,33 +397,33 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-set-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-component-definition-statement-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -432,20 +434,20 @@ Control Implementation Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given control implementation by a component. - Control Implementation Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Control Implementation Identifier: Provides a globally unique means to identify a given control implementation by a component. Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -475,25 +477,25 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -504,7 +506,7 @@ Control Statement Reference - A human-oriented identifier reference to a control statement. + A human-oriented identifier reference to a control statement. Control Statement Reference: A human-oriented identifier reference to a control statement. @@ -514,7 +516,7 @@ Control Statement Reference Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Control Statement Reference Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). @@ -577,13 +579,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -599,10 +601,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -622,21 +624,21 @@ + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-protocol-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -647,7 +649,7 @@ Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -690,15 +692,15 @@ + type="oscal-implementation-common-port-range-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/>
    Service Protocol Information Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Service Protocol Information Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -769,10 +771,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -844,29 +846,29 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-role-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-authorized-privilege-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -877,7 +879,7 @@ User Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. User Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -925,9 +927,9 @@ + type="oscal-implementation-common-function-performed-FIELD" + minOccurs="1" + maxOccurs="unbounded"/>
    @@ -967,17 +969,17 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -990,25 +992,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1019,7 +1021,7 @@ Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -1031,10 +1033,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1045,7 +1047,7 @@ Inventory Item Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inventory Item Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1079,10 +1081,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1093,7 +1095,7 @@ Parameter ID - A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. + A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. Parameter ID: A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. @@ -1104,7 +1106,7 @@ System Identification - A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. + A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. System Identification: A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. @@ -1127,11 +1129,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -1150,473 +1152,477 @@ + type="oscal-metadata-published-FIELD" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-last-modified-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-version-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-oscal-version-FIELD" + minOccurs="1" + maxOccurs="1"/> - - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. + revisions + A group of 'revision' elements - Remarks: Additional commentary on the containing object. + revisions: A group of 'revision' elements - - - - - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. - - - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - - - - + + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + - - - - + + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. + Role + Defines a function, which might be assigned to a party in a specific situation. - Location Title: A name given to the location, which may be used by a tool for display and navigation. + Role: Defines a function, which might be assigned to a party in a specific situation. - - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Party Name: The full name of the party. This is typically the legal name associated with the party. + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - - - - - - - Party Short Name - A short common name, abbreviation, or acronym for the party. - - - Party Short Name: A short common name, abbreviation, or acronym for the party. - - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + + - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - - + + + - External Identifier Schema - Indicates the type of external identifier. + Party Name + The full name of the party. This is typically the legal name associated with the party. - External Identifier Schema: Indicates the type of external identifier. + Party Name: The full name of the party. This is typically the legal name associated with the party. - - - + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + + + + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. + + + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + +
    + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + +
    - - - - - - - - - - - - - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - + + Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object.
    - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - -
    - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -1624,10 +1630,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -1635,10 +1641,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -1646,10 +1652,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -1661,10 +1667,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -1672,22 +1678,22 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-document-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -1706,13 +1712,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1721,35 +1727,35 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. + type="oscal-metadata-hash-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1759,14 +1765,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -1780,10 +1786,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1794,10 +1800,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1808,10 +1814,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -1822,20 +1828,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1846,20 +1852,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -1886,10 +1892,20 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Class: A textual label that provides a sub-type or characterization of the property's name. + + + + + + Property Group + An identifier for relating distinct sets of properties. + + + Property Group: An identifier for relating distinct sets of properties. @@ -1897,10 +1913,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -1932,21 +1948,31 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. + + + Media Type: A label that indicates the nature of a resource, as a data serialization or format. + + + + + + Resource Fragment + In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Resource Fragment: In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. @@ -1954,32 +1980,32 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. + type="oscal-metadata-party-uuid-FIELD" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1990,10 +2016,87 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. + + + Responsible Role: A reference to a role performed by a party. + + + + + + + Action + An action applied by a role within a given party to the content. + + + Action: An action applied by a role within a given party to the content. + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Action Universally Unique Identifier + A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + Action Universally Unique Identifier: A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + + + + Action Occurrence Date + The date and time when the action occurred. + + + Action Occurrence Date: The date and time when the action occurred. + + + + + + Action Type + The type of action documented by the assembly, such as an approval. + + + Action Type: The type of action documented by the assembly, such as an approval. + + + + + + Action Type System + Specifies the action type system used. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Action Type System: Specifies the action type system used. @@ -2001,32 +2104,32 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-party-uuid-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2037,10 +2140,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -2059,10 +2162,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -2072,10 +2175,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2085,10 +2188,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -2096,10 +2199,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -2107,21 +2210,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -2129,10 +2232,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -2140,10 +2243,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -2171,9 +2274,9 @@ + type="oscal-metadata-addr-line-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2192,10 +2295,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -2205,10 +2308,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -2253,10 +2356,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -2264,23 +2367,23 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -2288,10 +2391,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -2299,61 +2402,61 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -2364,13 +2467,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2391,10 +2494,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -2402,31 +2505,31 @@ + type="oscal-control-common-parameter-constraint-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-guideline-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-value-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-selection-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2437,41 +2540,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -2505,10 +2609,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -2517,10 +2621,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2531,7 +2635,7 @@ - + Guideline @@ -2544,7 +2648,7 @@ - + Parameter Value @@ -2555,14 +2659,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -2592,7 +2696,7 @@ - + Include All @@ -2649,9 +2753,9 @@ + type="listItemType" + minOccurs="1" + maxOccurs="unbounded"/> diff --git a/xml/schema/oscal_mapping_schema.xsd b/xml/schema/oscal_mapping_schema.xsd new file mode 100644 index 0000000000..64482c8c64 --- /dev/null +++ b/xml/schema/oscal_mapping_schema.xsd @@ -0,0 +1,1812 @@ + + + + + OSCAL Control Mapping Model + 1.0.3 + oscal-mapping + +

    The OSCAL Control mapping format can be used to describe how a collection of security controls and related control enhancements relate to another collection of controls. The root of the Control Catalog format is mapping-collection.

    +
    + mapping-collection +
    +
    + + + + + Mapping Collection + A collection of relationship-based control and/or control statement mappings. + + + Mapping Collection: A collection of relationship-based control and/or control statement mappings. + + + + + + + + + + Mapping Collection Universally Unique Identifier + A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised. + + + Mapping Collection Universally Unique Identifier: A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised. + + + + + + + Control Mapping + A mapping between two target resources. + + + Control Mapping: A mapping between two target resources. + + + + + + + + + + Mapping Universally Unique Identifier + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mapping definition elsewhere in this or other OSCAL instances. The locally defined UUID of the mapping can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same mapping across revisions of the document. + + + Mapping Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mapping definition elsewhere in this or other OSCAL instances. The locally defined UUID of the mapping can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same mapping across revisions of the document. + + + + + + + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. + + + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. + + + + + + + Document Title + A name given to the document, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + revisions + A group of 'revision' elements + + + revisions: A group of 'revision' elements + + + + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + + + + + + + + + + Role + Defines a function, which might be assigned to a party in a specific situation. + + + Role: Defines a function, which might be assigned to a party in a specific situation. + + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + + + + + + + + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. + + + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. + + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + + + + + + + + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. + + + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. + + + + + + + Party Name + The full name of the party. This is typically the legal name associated with the party. + + + Party Name: The full name of the party. This is typically the legal name associated with the party. + + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + + + + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. + + + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + + Location Universally Unique Identifier Reference + Reference to a location by UUID. + + + Location Universally Unique Identifier Reference: Reference to a location by UUID. + + + + + + + Party Universally Unique Identifier Reference + Reference to a party by UUID. + + + Party Universally Unique Identifier Reference: Reference to a party by UUID. + + + + + + + Role Identifier Reference + Reference to a role by UUID. + + + Role Identifier Reference: Reference to a role by UUID. + + + + + + + Back matter + A collection of resources that may be referenced from within the OSCAL document instance. + + + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. + + + + + + + Resource + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. + + + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. + + + + + + + Resource Title + An optional name given to the resource, which may be used by a tool for display and navigation. + + + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. + + + + + + + + + + + Resource Description + An optional short summary of the resource used to indicate the purpose of the resource. + + + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. + + + + + + + + + + + + + Citation + An optional citation consisting of end note text using structured markup. + + + Citation: An optional citation consisting of end note text using structured markup. + + + + + + + Citation Text + A line of citation text. + + + Citation Text: A line of citation text. + + + + + + + + + + + + + + + + Resource link + A URL-based pointer to an external resource with an optional hash for verification and change detection. + + + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. + + + + + + + + Hypertext Reference + A resolvable URL pointing to the referenced resource. + + + Hypertext Reference: A resolvable URL pointing to the referenced resource. + + + + + + Media Type + A label that indicates the nature of a resource, as a data serialization or format. + + + Media Type: A label that indicates the nature of a resource, as a data serialization or format. + + + + + + + + + Base64 + A resource encoded using the Base64 alphabet defined by RFC 2045. + + + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. + + + + + + + File Name + Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. + + + File Name: Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. + + + + + + Media Type + A label that indicates the nature of a resource, as a data serialization or format. + + + Media Type: A label that indicates the nature of a resource, as a data serialization or format. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Resource Universally Unique Identifier + A unique identifier for a resource. + + + Resource Universally Unique Identifier: A unique identifier for a resource. + + + + + + + + + + Property + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. + + + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Property Name + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + + + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + + + + + + Property Universally Unique Identifier + A unique identifier for a property. + + + Property Universally Unique Identifier: A unique identifier for a property. + + + + + + Property Namespace + A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name. + + + Property Namespace: A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name. + + + + + + Property Value + Indicates the value of the attribute, characteristic, or quality. + + + Property Value: Indicates the value of the attribute, characteristic, or quality. + + + + + + Property Class + A textual label that provides a sub-type or characterization of the property's name. + + + Property Class: A textual label that provides a sub-type or characterization of the property's name. + + + + + + Property Group + An identifier for relating distinct sets of properties. + + + Property Group: An identifier for relating distinct sets of properties. + + + + + + + Link + A reference to a local or remote resource, that has a specific relation to the containing object. + + + Link: A reference to a local or remote resource, that has a specific relation to the containing object. + + + + + + + Link Text + A textual label to associate with the link, which may be used for presentation in a tool. + + + Link Text: A textual label to associate with the link, which may be used for presentation in a tool. + + + + + + + + + + + Hypertext Reference + A resolvable URL reference to a resource. + + + Hypertext Reference: A resolvable URL reference to a resource. + + + + + + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. + + + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. + + + + + + Media Type + A label that indicates the nature of a resource, as a data serialization or format. + + + Media Type: A label that indicates the nature of a resource, as a data serialization or format. + + + + + + Resource Fragment + In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. + + + Resource Fragment: In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. + + + + + + + Responsible Party + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. + + + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Responsible Role + A reference to a role performed by a party. + + + Responsible Role: A reference to a role performed by a party. + + + + + + + Action + An action applied by a role within a given party to the content. + + + Action: An action applied by a role within a given party to the content. + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Action Universally Unique Identifier + A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + Action Universally Unique Identifier: A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + + + + Action Occurrence Date + The date and time when the action occurred. + + + Action Occurrence Date: The date and time when the action occurred. + + + + + + Action Type + The type of action documented by the assembly, such as an approval. + + + Action Type: The type of action documented by the assembly, such as an approval. + + + + + + Action Type System + Specifies the action type system used. + + + Action Type System: Specifies the action type system used. + + + + + + + Responsible Role + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. + + + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Responsible Role ID + A human-oriented identifier reference to a role performed. + + + Responsible Role ID: A human-oriented identifier reference to a role performed. + + + + + + + Hash + A representation of a cryptographic digest generated over a resource using a specified hash algorithm. + + + Hash: A representation of a cryptographic digest generated over a resource using a specified hash algorithm. + + + + + + + Hash algorithm + The digest method by which a hash is derived. + + + Hash algorithm: The digest method by which a hash is derived. + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + Publication Timestamp + The date and time the document was last made available. + + + Publication Timestamp: The date and time the document was last made available. + + + + + + + Last Modified Timestamp + The date and time the document was last stored for later retrieval. + + + Last Modified Timestamp: The date and time the document was last stored for later retrieval. + + + + + + + Document Version + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. + + + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. + + + + + + + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. + + + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. + + + + + + + Email Address + An email address as defined by RFC 5322 Section 3.4.1. + + + Email Address: An email address as defined by RFC 5322 Section 3.4.1. + + + + + + + Telephone Number + A telephone service number as defined by ITU-T E.164. + + + Telephone Number: A telephone service number as defined by ITU-T E.164. + + + + + + + type flag + Indicates the type of phone number. + + + type flag: Indicates the type of phone number. + + + + + + + + + Address + A postal address for the location. + + + Address: A postal address for the location. + + + + + + + + City + City, town or geographical region for the mailing address. + + + City: City, town or geographical region for the mailing address. + + + + + + + + + State + State, province or analogous geographical region for a mailing address. + + + State: State, province or analogous geographical region for a mailing address. + + + + + + + + + Postal Code + Postal or ZIP code for mailing address. + + + Postal Code: Postal or ZIP code for mailing address. + + + + + + + + + Country Code + The ISO 3166-1 alpha-2 country code for the mailing address. + + + Country Code: The ISO 3166-1 alpha-2 country code for the mailing address. + + + + + + + + + Address Type + Indicates the type of address. + + + Address Type: Indicates the type of address. + + + + + + + Address line + A single line of an address. + + + Address line: A single line of an address. + + + + + + + Document Identifier + A document identifier qualified by an identifier scheme. + + + Document Identifier: A document identifier qualified by an identifier scheme. + + + + + + + Document Identification Scheme + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + + + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + + + + + + + + + Mapping Entry + A relationship-based mapping between a source and target set consisting of members (i.e., controls, control statements) from the respective source and target. + + + Mapping Entry: A relationship-based mapping between a source and target set consisting of members (i.e., controls, control statements) from the respective source and target. + + + + + + + + + Mapping Entry Relationship + The relationship type for the mapping entry, which describes the relationship between the effective requirements of the specified source and target sets. + + + Mapping Entry Relationship: The relationship type for the mapping entry, which describes the relationship between the effective requirements of the specified source and target sets. + + + + + + + Relationship Value Namespace + A namespace qualifying the relationship's value. This allows different organizations to associate distinct semantics for relationships with the same name. + + + Relationship Value Namespace: A namespace qualifying the relationship's value. This allows different organizations to associate distinct semantics for relationships with the same name. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Mapping Entry Identifier + The unique identifier for the mapping entry. + + + Mapping Entry Identifier: The unique identifier for the mapping entry. + + + + + + + Mapping Entry Item (source or target) + Identifies a specific edge within a source or target that is the subject of a mapping. + + + Mapping Entry Item (source or target): Identifies a specific edge within a source or target that is the subject of a mapping. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Subject Type + The semantic type of the subject. + + + Subject Type: The semantic type of the subject. + + + + + + Subject Identifier Reference + A reference to an identified subject that is of the specified type. + + + Subject Identifier Reference: A reference to an identified subject that is of the specified type. + + + + + + + Mapped Resource Reference + A reference to a resource that is either the source or target of a mapping. + + + Mapped Resource Reference: A reference to a resource that is either the source or target of a mapping. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Resource Type + The semantic type of the resource. + + + Resource Type: The semantic type of the resource. + + + + + + Catalog or Profile Reference + A resolvable URL reference to the base catalog or profile that this profile is tailoring. + + + Catalog or Profile Reference: A resolvable URL reference to the base catalog or profile that this profile is tailoring. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The content model is the same as inlineMarkupType, but line endings need + to be preserved, since this is preformatted. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. + + + + The type of object to include from (e.g., parameter, control, component, role, etc.) + + + + + The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. + + + + + + Binary data encoded using the Base64 encoding algorithm + as defined by RFC4648. + + + + + + + + A string representing a point in time with an optional timezone. + + + + + + + + A string representing a point in time with a required timezone. + + + + + + + + An email address string formatted according to RFC 6531. + + + + + + + + + + A non-empty string of Unicode characters with leading and trailing whitespace + disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+ + + + + The 'string' datatype restricts the XSD type by prohibiting leading + and trailing whitespace, and something (not only whitespace) is required. + + + + + This pattern ensures that leading and trailing whitespace is + disallowed. This helps to even the user experience between implementations + related to whitespace. + + + + + + + + A non-empty, non-colonized name as defined by XML Schema Part 2: Datatypes + Second Edition (https://www.w3.org/TR/xmlschema11-2/#NCName), with leading and trailing + whitespace disallowed. + + + + + + A single token may not contain whitespace. + + + + + + + + A universal resource identifier (URI) formatted according to RFC3986. + + + + + Requires a scheme with colon per RFC 3986. + + + + + + + A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986. + + + + + This pattern ensures that leading and trailing whitespace is + disallowed. This helps to even the user experience between implementations + related to whitespace. + + + + + + + A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC + 4122. + + + + + A sequence of 8-4-4-4-12 hex digits, with extra + constraints in the 13th and 17-18th places for version 4 and 5 + + + + + +
    diff --git a/xml/schema/oscal_poam_schema.xsd b/xml/schema/oscal_poam_schema.xsd index d6353a914b..7e6796f0af 100644 --- a/xml/schema/oscal_poam_schema.xsd +++ b/xml/schema/oscal_poam_schema.xsd @@ -1,11 +1,11 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + elementFormDefault="qualified" + targetNamespace="http://csrc.nist.gov/ns/oscal/1.0" + version="1.0.6"> OSCAL Plan of Action and Milestones (POA&M) Model @@ -19,7 +19,7 @@ + type="oscal-poam-plan-of-action-and-milestones-ASSEMBLY"/> @@ -31,43 +31,47 @@ + type="oscal-metadata-metadata-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-import-ssp-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-implementation-common-system-id-FIELD" + minOccurs="0" + maxOccurs="1"/> + type="oscal-poam-local-definitions-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-assessment-common-observation-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-risk-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + + type="oscal-poam-poam-item-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-metadata-back-matter-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> POA&M Universally Unique Identifier - A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. POA&M Universally Unique Identifier: A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -85,21 +89,25 @@ + type="oscal-implementation-common-system-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-inventory-item-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -148,13 +156,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -167,12 +175,34 @@ + type="oscal-assessment-common-origin-actor-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + + + + + Related Finding + Relates the poam-item to referenced finding(s). + + + Related Finding: Relates the poam-item to referenced finding(s). + + + + + Finding Universally Unique Identifier Reference + A machine-oriented identifier reference to a finding defined in the list of findings. + + + Finding Universally Unique Identifier Reference: A machine-oriented identifier reference to a finding defined in the list of findings. + + + + @@ -187,7 +217,7 @@ Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. + A machine-oriented identifier reference to an observation defined in the list of observations. Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. @@ -209,7 +239,7 @@ Risk Universally Unique Identifier Reference - A machine-oriented identifier reference to a risk defined in the list of risks. + A machine-oriented identifier reference to a risk defined in the list of risks. Risk Universally Unique Identifier Reference: A machine-oriented identifier reference to a risk defined in the list of risks. @@ -221,10 +251,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -235,7 +265,7 @@ POA&M Item Universally Unique Identifier - A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. POA&M Item Universally Unique Identifier: A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -245,11 +275,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -268,473 +298,477 @@ + type="oscal-metadata-published-FIELD" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-last-modified-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-version-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-oscal-version-FIELD" + minOccurs="1" + maxOccurs="1"/> - - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. + revisions + A group of 'revision' elements - Remarks: Additional commentary on the containing object. + revisions: A group of 'revision' elements - - - - - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. - - - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - - - - + + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + - - - - + + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. + Role + Defines a function, which might be assigned to a party in a specific situation. - Location Title: A name given to the location, which may be used by a tool for display and navigation. + Role: Defines a function, which might be assigned to a party in a specific situation. - - - - - - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. - - - Party Name: The full name of the party. This is typically the legal name associated with the party. - - - - - - - - - Party Short Name - A short common name, abbreviation, or acronym for the party. - - - Party Short Name: A short common name, abbreviation, or acronym for the party. - - - - - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + - External Identifier Schema - Indicates the type of external identifier. + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. - External Identifier Schema: Indicates the type of external identifier. + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. - - - + +
    +
    + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + +
    + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + +
    - - - - - - - - - - + + - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - + + + + + + Party Name + The full name of the party. This is typically the legal name associated with the party. + + + Party Name: The full name of the party. This is typically the legal name associated with the party. + + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + + + + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. + + + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + + + + Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object.
    - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -742,10 +776,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -753,10 +787,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -764,10 +798,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -779,10 +813,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -790,22 +824,22 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-document-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -824,13 +858,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -839,35 +873,35 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. + type="oscal-metadata-hash-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -877,14 +911,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -898,10 +932,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -912,10 +946,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -926,10 +960,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -940,20 +974,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -964,20 +998,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -1004,10 +1038,20 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. + + + Property Class: A textual label that provides a sub-type or characterization of the property's name. + + + + + + Property Group + An identifier for relating distinct sets of properties. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Group: An identifier for relating distinct sets of properties. @@ -1015,10 +1059,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -1050,21 +1094,31 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. + + + Media Type: A label that indicates the nature of a resource, as a data serialization or format. + + + + + + Resource Fragment + In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Resource Fragment: In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. @@ -1072,32 +1126,32 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. + type="oscal-metadata-party-uuid-FIELD" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1108,10 +1162,87 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. + + + Responsible Role: A reference to a role performed by a party. + + + + + + + Action + An action applied by a role within a given party to the content. + + + Action: An action applied by a role within a given party to the content. + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Action Universally Unique Identifier + A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + Action Universally Unique Identifier: A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + + + + Action Occurrence Date + The date and time when the action occurred. + + + Action Occurrence Date: The date and time when the action occurred. + + + + + + Action Type + The type of action documented by the assembly, such as an approval. + + + Action Type: The type of action documented by the assembly, such as an approval. + + + + + + Action Type System + Specifies the action type system used. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Action Type System: Specifies the action type system used. @@ -1119,32 +1250,32 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-party-uuid-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1155,10 +1286,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -1177,10 +1308,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -1190,10 +1321,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1203,10 +1334,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -1214,10 +1345,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -1225,21 +1356,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -1247,10 +1378,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -1258,10 +1389,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -1289,9 +1420,9 @@ + type="oscal-metadata-addr-line-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1310,10 +1441,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -1323,10 +1454,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -1371,10 +1502,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -1382,10 +1513,10 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. @@ -1447,13 +1578,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1469,10 +1600,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1492,21 +1623,21 @@ + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-protocol-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1517,7 +1648,7 @@ Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1560,15 +1691,15 @@ + type="oscal-implementation-common-port-range-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Service Protocol Information Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Service Protocol Information Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1639,10 +1770,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1714,29 +1845,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-role-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-authorized-privilege-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1747,7 +1878,7 @@ User Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. User Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1795,9 +1926,9 @@ + type="oscal-implementation-common-function-performed-FIELD" + minOccurs="1" + maxOccurs="unbounded"/> @@ -1837,17 +1968,17 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1860,25 +1991,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1889,7 +2020,7 @@ Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -1901,10 +2032,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1915,7 +2046,7 @@ Inventory Item Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inventory Item Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1949,10 +2080,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1963,7 +2094,7 @@ Parameter ID - A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. + A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. Parameter ID: A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. @@ -1974,7 +2105,7 @@ System Identification - A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. + A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. System Identification: A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. @@ -1994,14 +2125,14 @@ - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -2009,10 +2140,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -2020,61 +2151,61 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/>
    Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -2085,13 +2216,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2112,10 +2243,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -2123,31 +2254,31 @@ + type="oscal-control-common-parameter-constraint-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-guideline-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-value-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-selection-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2158,41 +2289,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -2226,10 +2358,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -2238,10 +2370,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2252,7 +2384,7 @@ - + Guideline @@ -2265,7 +2397,7 @@ - + Parameter Value @@ -2276,14 +2408,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -2313,7 +2445,7 @@ - + Include All @@ -2337,10 +2469,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2384,25 +2516,25 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2413,10 +2545,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -2446,25 +2578,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-part-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2475,7 +2607,7 @@ Assessment Method Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Method Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2523,13 +2655,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2572,29 +2704,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-reviewed-controls-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2605,7 +2737,7 @@ Step Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Step Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2614,21 +2746,21 @@ + type="oscal-assessment-common-reviewed-controls-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2639,7 +2771,7 @@ Assessment Activity Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Activity Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2687,13 +2819,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2811,10 +2943,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2825,7 +2957,7 @@ Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -2834,9 +2966,9 @@ + type="oscal-assessment-common-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2849,29 +2981,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2882,7 +3014,7 @@ Activity Universally Unique Identifier Reference - A machine-oriented identifier reference to an activity defined in the list of activities. + A machine-oriented identifier reference to an activity defined in the list of activities. Activity Universally Unique Identifier Reference: A machine-oriented identifier reference to an activity defined in the list of activities. @@ -2891,21 +3023,21 @@ + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2916,7 +3048,7 @@ Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2959,13 +3091,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2993,35 +3125,35 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-select-control-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-select-control-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3031,8 +3163,8 @@ + minOccurs="0" + maxOccurs="unbounded"> @@ -3059,35 +3191,35 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-select-objective-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-select-objective-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3100,10 +3232,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3139,10 +3271,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -3205,7 +3337,7 @@ Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3214,21 +3346,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3239,7 +3371,7 @@ Assessment Subject Placeholder Universally Unique Identifier - A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Subject Placeholder Universally Unique Identifier: A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3272,35 +3404,35 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-select-subject-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-select-subject-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3329,21 +3461,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3354,7 +3486,7 @@ Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. @@ -3375,7 +3507,7 @@ Identifies the Subject - A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. + A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. Identifies the Subject: A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. @@ -3397,21 +3529,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3422,7 +3554,7 @@ Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. @@ -3450,9 +3582,9 @@ + type="oscal-implementation-common-system-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3480,13 +3612,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3499,25 +3631,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3528,7 +3660,7 @@ Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -3540,10 +3672,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3554,7 +3686,7 @@ Assessment Platform Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Platform Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3605,13 +3737,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3627,10 +3759,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3660,17 +3792,17 @@ + type="oscal-implementation-common-implementation-status-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3691,13 +3823,151 @@ Finding Target Identifier Reference - A machine-oriented identifier reference for a specific target qualified by the type. + A machine-oriented identifier reference for a specific target qualified by the type. Finding Target Identifier Reference: A machine-oriented identifier reference for a specific target qualified by the type. + + + + Finding + Describes an individual finding. + + + Finding: Describes an individual finding. + + + + + + + Finding Title + The title for this finding. + + + Finding Title: The title for this finding. + + + + + + + + + + + Finding Description + A human-readable description of this finding. + + + Finding Description: A human-readable description of this finding. + + + + + + + + + + + + + + + Implementation Statement UUID + A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. + + + Implementation Statement UUID: A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. + + + + + + + + + Related Observation + Relates the finding to a set of referenced observations that were used to determine the finding. + + + Related Observation: Relates the finding to a set of referenced observations that were used to determine the finding. + + + + + Observation Universally Unique Identifier Reference + A machine-oriented identifier reference to an observation defined in the list of observations. + + + Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. + + + + + + + + + Associated Risk + Relates the finding to a set of referenced risks that were used to determine the finding. + + + Associated Risk: Relates the finding to a set of referenced risks that were used to determine the finding. + + + + + Risk Universally Unique Identifier Reference + A machine-oriented identifier reference to a risk defined in the list of risks. + + + Risk Universally Unique Identifier Reference: A machine-oriented identifier reference to a risk defined in the list of risks. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Finding Universally Unique Identifier + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + + + Finding Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + + + @@ -3739,13 +4009,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3773,13 +4043,13 @@ + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-subject-reference-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3807,21 +4077,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3870,10 +4140,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3884,7 +4154,7 @@ Observation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Observation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3902,13 +4172,13 @@ + type="oscal-assessment-common-origin-actor-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-assessment-common-related-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3922,13 +4192,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3944,7 +4214,7 @@ Actor Universally Unique Identifier Reference - A machine-oriented identifier reference to the tool or person based on the associated type. + A machine-oriented identifier reference to the tool or person based on the associated type. Actor Universally Unique Identifier Reference: A machine-oriented identifier reference to the tool or person based on the associated type. @@ -3972,21 +4242,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3999,15 +4269,15 @@ + type="oscal-assessment-common-assessment-subject-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> Assessment Subject Placeholder Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. + A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. Assessment Subject Placeholder Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. @@ -4019,10 +4289,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4033,7 +4303,7 @@ Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -4130,29 +4400,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-risk-status-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-threat-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-characterization-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -4180,23 +4450,23 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-subject-reference-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Mitigating Factor Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Mitigating Factor Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4206,7 +4476,7 @@ Implementation UUID - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Implementation UUID: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4228,9 +4498,9 @@ + type="oscal-assessment-common-response-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -4310,21 +4580,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-logged-by-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-risk-status-FIELD" + minOccurs="0" + maxOccurs="1"/> @@ -4337,25 +4607,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-related-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4366,7 +4636,7 @@ Response Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique risk response. + A machine-oriented identifier reference to a unique risk response. Response Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique risk response. @@ -4378,10 +4648,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4392,7 +4662,7 @@ Risk Log Entry Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Log Entry Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4417,7 +4687,7 @@ Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. + A machine-oriented identifier reference to an observation defined in the list of observations. Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. @@ -4430,7 +4700,7 @@ Risk Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4450,7 +4720,7 @@ Party UUID Reference - A machine-oriented identifier reference to the party who is making the log entry. + A machine-oriented identifier reference to the party who is making the log entry. Party UUID Reference: A machine-oriented identifier reference to the party who is making the log entry. @@ -4489,17 +4759,17 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> @@ -4512,21 +4782,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4608,17 +4878,17 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-origin-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -4631,9 +4901,9 @@ + type="oscal-assessment-common-subject-reference-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -4665,21 +4935,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4690,7 +4960,7 @@ Required Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Required Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4699,17 +4969,17 @@ + type="oscal-assessment-common-task-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4720,7 +4990,7 @@ Remediation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Remediation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4763,24 +5033,24 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-assessment-common-assessment-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Part Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4864,9 +5134,9 @@ + type="listItemType" + minOccurs="1" + maxOccurs="unbounded"/> diff --git a/xml/schema/oscal_profile_schema.xsd b/xml/schema/oscal_profile_schema.xsd index 799ec71663..81c4809da3 100644 --- a/xml/schema/oscal_profile_schema.xsd +++ b/xml/schema/oscal_profile_schema.xsd @@ -1,18 +1,20 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + elementFormDefault="qualified" + targetNamespace="http://csrc.nist.gov/ns/oscal/1.0" + version="1.0.6"> OSCAL Profile Model 1.0.6 oscal-profile -

    A profile designates a selection and configuration of controls from one or more catalogs, along with a series of operations over them. The topmost element in the OSCAL profile XML schema is profile.

    +

    In OSCAL a profile represents a set of selected controls from one or more control catalogs. Such a set of controls can be referenced by an OSCAL system security plan (SSP) to establish a control baseline. This effective set of controls is produced from an OSCAL profile using a deterministic, predictable process called profile resolution.

    +

    A profile references one or more OSCAL catalogs or profiles to import controls for control selection and tailoring. A profile can also describe how a resulting catalog is structured. When the profile is resolved, these selections and modifications are processed to produce a resulting OSCAL catalog.

    +

    OSCAL profiles have uses beyond establishing control baselines, such as documentation generation or as reference tables for validations.

    profile
    @@ -22,68 +24,68 @@ Profile - Each OSCAL profile is defined by a Profile element + Each OSCAL profile is defined by a profile element. - Profile: Each OSCAL profile is defined by a Profile element + Profile: Each OSCAL profile is defined by a profile element. + type="oscal-metadata-metadata-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-profile-import-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-profile-merge-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-profile-modify-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-back-matter-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Profile Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document. + Provides a globally unique means to identify a given profile instance. - Profile Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document. + Profile Universally Unique Identifier: Provides a globally unique means to identify a given profile instance.
    - Import resource - The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives. + Import Resource + Designates a referenced source catalog or profile that provides a source of control information for use in creating a new overlay or baseline. - Import resource: The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives. + Import Resource: Designates a referenced source catalog or profile that provides a source of control information for use in creating a new overlay or baseline. + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-profile-select-control-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-profile-select-control-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -99,31 +101,31 @@ - Merge controls - A Merge element provides structuring directives that drive how controls are organized after resolution. + Merge Controls + Provides structuring directives that instruct how controls are organized after profile resolution. - Merge controls: A Merge element provides structuring directives that drive how controls are organized after resolution. + Merge Controls: Provides structuring directives that instruct how controls are organized after profile resolution. - Combination rule - A Combine element defines how to combine multiple (competing) versions of the same control. + Combination Rule + A Combine element defines how to resolve duplicate instances of the same control (e.g., controls with the same ID). - Combination rule: A Combine element defines how to combine multiple (competing) versions of the same control. + Combination Rule: A Combine element defines how to resolve duplicate instances of the same control (e.g., controls with the same ID). - Combination method - How clashing controls should be handled + Combination Method + Declare how clashing controls should be handled. - Combination method: How clashing controls should be handled + Combination Method: Declare how clashing controls should be handled. @@ -133,11 +135,11 @@ - Flat - Use the flat structuring method. + Flat Without Grouping + Directs that controls appear without any grouping structure. - Flat: Use the flat structuring method. + Flat Without Grouping: Directs that controls appear without any grouping structure. @@ -145,34 +147,34 @@ - As-Is Structuring Directive - An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes. + Group As-Is + Indicates that the controls selected should retain their original grouping as defined in the import source. - As-Is Structuring Directive: An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes. + Group As-Is: Indicates that the controls selected should retain their original grouping as defined in the import source.
    - + - Custom grouping - A Custom element frames a structure for embedding represented controls in resolution. + Custom Grouping + Provides an alternate grouping structure that selected controls will be placed in. - Custom grouping: A Custom element frames a structure for embedding represented controls in resolution. + Custom Grouping: Provides an alternate grouping structure that selected controls will be placed in. + type="oscal-profile-group-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-profile-insert-controls-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -182,11 +184,11 @@ - Control group - A group of (selected) controls or of groups of controls + Control Group + A group of (selected) controls or of groups of controls. - Control group: A group of (selected) controls or of groups of controls + Control Group: A group of (selected) controls or of groups of controls. @@ -194,10 +196,10 @@ Group Title - A name given to the group, which may be used by a tool for display and navigation. + A name to be given to the group for use in display. - Group Title: A name given to the group, which may be used by a tool for display and navigation. + Group Title: A name to be given to the group for use in display. @@ -205,40 +207,40 @@ + type="oscal-control-common-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-profile-group-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-profile-insert-controls-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/>
    Group Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Identifies the group. - Group Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Group Identifier: Identifies the group. @@ -255,11 +257,11 @@ - Modify controls - Set parameters or amend controls in resolution + Modify Controls + Set parameters or amend controls in resolution. - Modify controls: Set parameters or amend controls in resolution + Modify Controls: Set parameters or amend controls in resolution. @@ -267,20 +269,20 @@ Parameter Setting - A parameter setting, to be propagated to points of insertion + A parameter setting, to be propagated to points of insertion. - Parameter Setting: A parameter setting, to be propagated to points of insertion + Parameter Setting: A parameter setting, to be propagated to points of insertion. + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -301,10 +303,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -312,32 +314,32 @@ + type="oscal-control-common-parameter-constraint-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-guideline-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-value-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-selection-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Parameter ID - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + An identifier for the parameter. - Parameter ID: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter ID: An identifier for the parameter. @@ -353,45 +355,192 @@ - Depends on + Depends On **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends On: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + + +
    + + + + + Alteration + Specifies changes to be made to an included control when a profile is resolved. + + + Alteration: Specifies changes to be made to an included control when a profile is resolved. + + + + + + + Removal + Specifies objects to be removed from a control based on specific aspects of the object that must all match. + + + Removal: Specifies objects to be removed from a control based on specific aspects of the object that must all match. + + + + + Reference by (assigned) name + Identify items remove by matching their assigned name. + + + Reference by (assigned) name: Identify items remove by matching their assigned name. + + + + + + Reference by class + Identify items to remove by matching their class. + + + Reference by class: Identify items to remove by matching their class. + + + + + + Reference by ID + Identify items to remove indicated by their id. + + + Reference by ID: Identify items to remove indicated by their id. + + + + + + Item Name Reference + Identify items to remove by the name of the item's information object name, e.g. title or prop. + + + Item Name Reference: Identify items to remove by the name of the item's information object name, e.g. title or prop. + + + + + + Item Namespace Reference + Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. + + + Item Namespace Reference: Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. + + + + + + + + + Addition + Specifies contents to be added into controls, in resolution. + + + Addition: Specifies contents to be added into controls, in resolution. + + + + + + + Title Change + A name given to the control, which may be used by a tool for display and navigation. + + + Title Change: A name given to the control, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + Position + Where to add the new content with respect to the targeted element (beside it or inside it). + + + Position: Where to add the new content with respect to the targeted element (beside it or inside it). + + + + + + Reference by ID + Target location of the addition. + + + Reference by ID: Target location of the addition. + + + + + + + + + Control Identifier Reference + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + + + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). -
    - Select controls + Insert Controls Specifies which controls to use in the containing context. - Select controls: Specifies which controls to use in the containing context. + Insert Controls: Specifies which controls to use in the containing context. + type="oscal-control-common-include-all-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-profile-select-control-by-id-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-profile-select-control-by-id-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -407,222 +556,72 @@ - Call - Call a control by its ID + Select Control + Select a control or controls from an imported control set. - Call: Call a control by its ID + Select Control: Select a control or controls from an imported control set. - - - - - Match Controls by Identifier - - - - Match Controls by Identifier: - - - - - - - - - Match Controls by Pattern - Select controls by (regular expression) match on ID - - - Match Controls by Pattern: Select controls by (regular expression) match on ID - - - - - Pattern - A glob expression matching the IDs of one or more controls to be selected. - - - Pattern: A glob expression matching the IDs of one or more controls to be selected. - - - - + + - Include contained controls with control + Include Contained Controls with Control When a control is included, whether its child (dependent) controls are also included. - Include contained controls with control: When a control is included, whether its child (dependent) controls are also included. - - - - - - - Alteration - An Alter element specifies changes to be made to an included control when a profile is resolved. - - - Alteration: An Alter element specifies changes to be made to an included control when a profile is resolved. - - - - - - - - - Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - - - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Include Contained Controls with Control: When a control is included, whether its child (dependent) controls are also included. - + - Removal - Specifies objects to be removed from a control based on specific aspects of the object that must all match. + Match Controls by Identifier + Selecting a control by its ID given as a literal. - Removal: Specifies objects to be removed from a control based on specific aspects of the object that must all match. + Match Controls by Identifier: Selecting a control by its ID given as a literal. - - - - Reference by (assigned) name - Identify items to remove by matching their assigned name - - - Reference by (assigned) name: Identify items to remove by matching their assigned name - - - - - - Reference by class - Identify items to remove by matching their class. - - - Reference by class: Identify items to remove by matching their class. - - - - - - Reference by ID - Identify items to remove indicated by their id. - - - Reference by ID: Identify items to remove indicated by their id. - - - - - - Item Name Reference - Identify items to remove by the name of the item's information element name, e.g. title or prop - - - - Item Name Reference: Identify items to remove by the name of the item's information element name, e.g. title or prop - - - - - - Item Namespace Reference - Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. - - - Item Namespace Reference: Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. - - - - + + + - Addition - Specifies contents to be added into controls, in resolution + Match Controls by Pattern + Selecting a set of controls by matching their IDs with a wildcard pattern. - Addition: Specifies contents to be added into controls, in resolution + Match Controls by Pattern: Selecting a set of controls by matching their IDs with a wildcard pattern. - - - - - - Title Change - A name given to the control, which may be used by a tool for display and navigation. - - - Title Change: A name given to the control, which may be used by a tool for display and navigation. - - - - - - - - - - - - - - - Position - Where to add the new content with respect to the targeted element (beside it or inside it) - - - Position: Where to add the new content with respect to the targeted element (beside it or inside it) - - - + - Reference by ID - Target location of the addition. + Pattern + A glob expression matching the IDs of one or more controls to be selected. - Reference by ID: Target location of the addition. + Pattern: A glob expression matching the IDs of one or more controls to be selected. - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -641,473 +640,477 @@
    + type="oscal-metadata-published-FIELD" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-last-modified-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-version-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-oscal-version-FIELD" + minOccurs="1" + maxOccurs="1"/> - - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. + revisions + A group of 'revision' elements - Remarks: Additional commentary on the containing object. + revisions: A group of 'revision' elements - - - -
    -
    - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. - - - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - - - - + + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + - - - - + + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. - - - Location Title: A name given to the location, which may be used by a tool for display and navigation. - - - - - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. + Role + Defines a function, which might be assigned to a party in a specific situation. - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. + Role: Defines a function, which might be assigned to a party in a specific situation. - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. - - - Party Name: The full name of the party. This is typically the legal name associated with the party. - - - - - - - - - Party Short Name - A short common name, abbreviation, or acronym for the party. - - - Party Short Name: A short common name, abbreviation, or acronym for the party. - - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + +
    - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + - External Identifier Schema - Indicates the type of external identifier. + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. - External Identifier Schema: Indicates the type of external identifier. + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. - - - + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + +
    + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + +
    - - - - - - - - - - + + - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - + + + + + + Party Name + The full name of the party. This is typically the legal name associated with the party. + + + Party Name: The full name of the party. This is typically the legal name associated with the party. + + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + + + + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. + + + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + +
    + + Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object.
    - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - -
    - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -1115,10 +1118,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -1126,10 +1129,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -1137,10 +1140,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -1152,10 +1155,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -1163,22 +1166,22 @@
    + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-document-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -1197,13 +1200,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/>
    @@ -1212,35 +1215,35 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. + type="oscal-metadata-hash-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1250,14 +1253,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -1271,10 +1274,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1285,10 +1288,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1299,10 +1302,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -1313,20 +1316,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1337,20 +1340,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -1377,10 +1380,20 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. + + + Property Class: A textual label that provides a sub-type or characterization of the property's name. + + + + + + Property Group + An identifier for relating distinct sets of properties. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Group: An identifier for relating distinct sets of properties. @@ -1388,10 +1401,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -1423,21 +1436,31 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. + + + Media Type: A label that indicates the nature of a resource, as a data serialization or format. + + + + + + Resource Fragment + In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Resource Fragment: In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. @@ -1445,32 +1468,32 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. + type="oscal-metadata-party-uuid-FIELD" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1481,10 +1504,87 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. + + + Responsible Role: A reference to a role performed by a party. + + + + + + + Action + An action applied by a role within a given party to the content. + + + Action: An action applied by a role within a given party to the content. + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Action Universally Unique Identifier + A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + Action Universally Unique Identifier: A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + + + + Action Occurrence Date + The date and time when the action occurred. + + + Action Occurrence Date: The date and time when the action occurred. + + + + + + Action Type + The type of action documented by the assembly, such as an approval. + + + Action Type: The type of action documented by the assembly, such as an approval. + + + + + + Action Type System + Specifies the action type system used. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Action Type System: Specifies the action type system used. @@ -1492,32 +1592,32 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-party-uuid-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1528,10 +1628,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -1550,10 +1650,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -1563,10 +1663,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1576,10 +1676,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -1587,10 +1687,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -1598,21 +1698,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -1620,10 +1720,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -1631,10 +1731,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -1662,9 +1762,9 @@ + type="oscal-metadata-addr-line-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1683,10 +1783,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -1696,10 +1796,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -1744,10 +1844,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -1755,23 +1855,23 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -1779,10 +1879,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -1790,61 +1890,61 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -1855,13 +1955,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1882,10 +1982,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -1893,31 +1993,31 @@ + type="oscal-control-common-parameter-constraint-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-guideline-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-value-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-selection-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1928,41 +2028,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -1996,10 +2097,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -2008,10 +2109,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2022,7 +2123,7 @@ - + Guideline @@ -2035,7 +2136,7 @@ - + Parameter Value @@ -2046,14 +2147,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -2083,7 +2184,7 @@ - + Include All @@ -2140,9 +2241,9 @@ + type="listItemType" + minOccurs="1" + maxOccurs="unbounded"/> diff --git a/xml/schema/oscal_ssp_schema.xsd b/xml/schema/oscal_ssp_schema.xsd index f3e72007d7..d3d6d0700b 100644 --- a/xml/schema/oscal_ssp_schema.xsd +++ b/xml/schema/oscal_ssp_schema.xsd @@ -1,11 +1,11 @@ + xmlns:m="http://csrc.nist.gov/ns/oscal/metaschema/1.0" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + elementFormDefault="qualified" + targetNamespace="http://csrc.nist.gov/ns/oscal/1.0" + version="1.0.6"> OSCAL System Security Plan (SSP) Model @@ -19,47 +19,47 @@ + type="oscal-ssp-system-security-plan-ASSEMBLY"/> System Security Plan (SSP) - A system security plan, such as those described in NIST SP 800-18 + A system security plan, such as those described in NIST SP 800-18. - System Security Plan (SSP): A system security plan, such as those described in NIST SP 800-18 + System Security Plan (SSP): A system security plan, such as those described in NIST SP 800-18. + type="oscal-metadata-metadata-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-import-profile-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-system-characteristics-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-system-implementation-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-control-implementation-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-back-matter-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> System Security Plan Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. System Security Plan Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -80,10 +80,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -112,9 +112,9 @@ + type="oscal-implementation-common-system-id-FIELD" + minOccurs="1" + maxOccurs="unbounded"/> @@ -157,66 +157,66 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-date-authorized-FIELD" + minOccurs="0" + maxOccurs="1"/> Security Sensitivity Level - The overall information system sensitivity categorization, such as defined by FIPS-199. + The overall information system sensitivity categorization, such as defined by FIPS-199. - Security Sensitivity Level: The overall information system sensitivity categorization, such as defined by FIPS-199. + Security Sensitivity Level: The overall information system sensitivity categorization, such as defined by FIPS-199. + type="oscal-ssp-system-information-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-security-impact-level-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-status-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-authorization-boundary-ASSEMBLY" + minOccurs="1" + maxOccurs="1"/> + type="oscal-ssp-network-architecture-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-ssp-data-flow-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -228,29 +228,29 @@ System Information - Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. + Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. - System Information: Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. + System Information: Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Information Type - Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. + Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. - Information Type: Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. + Information Type: Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. @@ -299,7 +299,7 @@ Information Type Systematized Identifier - A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Information Type Systematized Identifier: A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -321,148 +321,31 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> - - - - - Confidentiality Impact Level - The expected level of impact resulting from the unauthorized disclosure of the described information. - - - Confidentiality Impact Level: The expected level of impact resulting from the unauthorized disclosure of the described information. - - - - - - - - - - Adjustment Justification - If the selected security level is different from the base security level, this contains the justification for the change. - - - Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. - - - - - - - - - - - - - Integrity Impact Level - The expected level of impact resulting from the unauthorized modification of the described information. - - - Integrity Impact Level: The expected level of impact resulting from the unauthorized modification of the described information. - - - - - - - - - - Adjustment Justification - If the selected security level is different from the base security level, this contains the justification for the change. - - - Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. - - - - - - - - - - - - - Availability Impact Level - The expected level of impact resulting from the disruption of access to or use of the described information or the information system. - - - Availability Impact Level: The expected level of impact resulting from the disruption of access to or use of the described information or the information system. - - - - - - - - - - Adjustment Justification - If the selected security level is different from the base security level, this contains the justification for the change. - - - Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. - - - - - - - - + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + + + Information Type Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Information Type Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -472,6 +355,47 @@ + + + + Impact Level + The expected level of impact resulting from the described information. + + + Impact Level: The expected level of impact resulting from the described information. + + + + + + + + + + Adjustment Justification + If the selected security level is different from the base security level, this contains the justification for the change. + + + Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. + + + + + + + @@ -518,8 +442,8 @@ + minOccurs="1" + maxOccurs="1"> @@ -574,10 +498,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -632,25 +556,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-diagram-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -684,13 +608,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -710,10 +634,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -724,7 +648,7 @@ Diagram ID - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Diagram ID: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -757,25 +681,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-diagram-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -809,25 +733,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-diagram-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -846,22 +770,22 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Leveraged Authorization - A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider. + A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider. - Leveraged Authorization: A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider. + Leveraged Authorization: A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider. @@ -880,19 +804,19 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> party-uuid field - A machine-oriented identifier reference to the party that manages the leveraged system. + A machine-oriented identifier reference to the party that manages the leveraged system. party-uuid field: A machine-oriented identifier reference to the party that manages the leveraged system. @@ -901,17 +825,17 @@ + type="oscal-ssp-date-authorized-FIELD" + minOccurs="1" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -922,7 +846,7 @@ Leveraged Authorization Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Leveraged Authorization Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -931,25 +855,25 @@ + type="oscal-implementation-common-system-user-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-implementation-common-system-component-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-implementation-common-inventory-item-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -983,13 +907,13 @@ + type="oscal-implementation-common-set-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-implemented-requirement-ASSEMBLY" + minOccurs="1" + maxOccurs="unbounded"/> @@ -1003,37 +927,37 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-set-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-statement-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-by-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1044,7 +968,7 @@ Control Requirement Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Control Requirement Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1054,10 +978,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -1072,29 +996,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-ssp-by-component-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1105,7 +1029,7 @@ Control Statement Reference - A human-oriented identifier reference to a control statement. + A human-oriented identifier reference to a control statement. Control Statement Reference: A human-oriented identifier reference to a control statement. @@ -1115,7 +1039,7 @@ Control Statement Reference Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Control Statement Reference Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). @@ -1148,21 +1072,21 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-set-parameter-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-implementation-status-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> @@ -1190,13 +1114,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -1224,25 +1148,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1253,7 +1177,7 @@ Provided Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Provided Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1288,25 +1212,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1317,7 +1241,7 @@ Responsibility Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Responsibility Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1327,7 +1251,7 @@ Provided UUID - A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. + A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. Provided UUID: A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. @@ -1339,10 +1263,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1378,23 +1302,23 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Inherited Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inherited Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1404,7 +1328,7 @@ Provided UUID - A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. + A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. Provided UUID: A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. @@ -1439,25 +1363,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1468,7 +1392,7 @@ Satisfied Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Satisfied Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1478,7 +1402,7 @@ Responsibility UUID - A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system. + A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system. Responsibility UUID: A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system. @@ -1487,17 +1411,17 @@ + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1508,7 +1432,7 @@ Component Universally Unique Identifier Reference - A machine-oriented identifier reference to the component that is implemeting a given control. + A machine-oriented identifier reference to the component that is implemeting a given control. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to the component that is implemeting a given control. @@ -1518,7 +1442,7 @@ By-Component Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. By-Component Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1528,11 +1452,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -1551,473 +1475,477 @@ + type="oscal-metadata-published-FIELD" + minOccurs="0" + maxOccurs="1"/> + type="oscal-metadata-last-modified-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-version-FIELD" + minOccurs="1" + maxOccurs="1"/> + type="oscal-metadata-oscal-version-FIELD" + minOccurs="1" + maxOccurs="1"/> - - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. + revisions + A group of 'revision' elements - Remarks: Additional commentary on the containing object. + revisions: A group of 'revision' elements - - - - - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. - - - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - - - - + + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + - - - - + + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. + Role + Defines a function, which might be assigned to a party in a specific situation. - Location Title: A name given to the location, which may be used by a tool for display and navigation. + Role: Defines a function, which might be assigned to a party in a specific situation. - - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + - - - - - + + - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. - - - Party Name: The full name of the party. This is typically the legal name associated with the party. - - - - - - - - - Party Short Name - A short common name, abbreviation, or acronym for the party. - - - Party Short Name: A short common name, abbreviation, or acronym for the party. - - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + + - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - - + + + - External Identifier Schema - Indicates the type of external identifier. + Party Name + The full name of the party. This is typically the legal name associated with the party. - External Identifier Schema: Indicates the type of external identifier. + Party Name: The full name of the party. This is typically the legal name associated with the party. - - - + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + + + + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. + + + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + - - - - - - - - - - - - - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - + + Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -2025,10 +1953,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -2036,10 +1964,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -2047,10 +1975,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -2062,10 +1990,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -2073,22 +2001,22 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-document-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -2107,13 +2035,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2122,35 +2050,35 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. + type="oscal-metadata-hash-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -2160,14 +2088,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -2181,10 +2109,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -2195,10 +2123,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2209,10 +2137,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -2223,20 +2151,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2247,20 +2175,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -2287,10 +2215,20 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Class: A textual label that provides a sub-type or characterization of the property's name. + + + + + + Property Group + An identifier for relating distinct sets of properties. + + + Property Group: An identifier for relating distinct sets of properties. @@ -2298,10 +2236,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -2333,21 +2271,31 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. + + + + + + Resource Fragment + In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. + + + Resource Fragment: In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded. @@ -2355,32 +2303,32 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. + type="oscal-metadata-party-uuid-FIELD" + minOccurs="1" + maxOccurs="unbounded"/> + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2391,10 +2339,87 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. + + + Responsible Role: A reference to a role performed by a party. + + + + + + + Action + An action applied by a role within a given party to the content. + + + Action: An action applied by a role within a given party to the content. + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Action Universally Unique Identifier + A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + Action Universally Unique Identifier: A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document. + + + + + + Action Occurrence Date + The date and time when the action occurred. + + + Action Occurrence Date: The date and time when the action occurred. + + + + + + Action Type + The type of action documented by the assembly, such as an approval. + + + Action Type: The type of action documented by the assembly, such as an approval. + + + + + + Action Type System + Specifies the action type system used. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Action Type System: Specifies the action type system used. @@ -2402,32 +2427,32 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-party-uuid-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2438,10 +2463,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -2460,10 +2485,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -2473,10 +2498,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2486,10 +2511,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -2497,10 +2522,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -2508,21 +2533,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -2530,10 +2555,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -2541,10 +2566,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -2572,9 +2597,9 @@ + type="oscal-metadata-addr-line-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2593,10 +2618,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -2606,10 +2631,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -2654,10 +2679,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -2665,10 +2690,10 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. @@ -2730,13 +2755,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -2752,10 +2777,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2775,21 +2800,21 @@ + type="oscal-metadata-responsible-role-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-protocol-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2800,7 +2825,7 @@ Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2843,15 +2868,15 @@ + type="oscal-implementation-common-port-range-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Service Protocol Information Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Service Protocol Information Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2922,10 +2947,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2997,29 +3022,29 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-role-id-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-implementation-common-authorized-privilege-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3030,7 +3055,7 @@ User Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. User Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3078,9 +3103,9 @@ + type="oscal-implementation-common-function-performed-FIELD" + minOccurs="1" + maxOccurs="unbounded"/> @@ -3120,17 +3145,17 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3143,25 +3168,25 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-responsible-party-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3172,7 +3197,7 @@ Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -3184,10 +3209,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3198,7 +3223,7 @@ Inventory Item Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inventory Item Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3232,10 +3257,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3246,7 +3271,7 @@ Parameter ID - A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. + A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. Parameter ID: A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. @@ -3257,7 +3282,7 @@ System Identification - A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. + A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. System Identification: A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. @@ -3277,14 +3302,14 @@ - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -3292,10 +3317,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -3303,61 +3328,61 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-part-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -3368,13 +3393,13 @@ + type="oscal-metadata-property-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-metadata-link-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> @@ -3395,10 +3420,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -3406,31 +3431,31 @@ + type="oscal-control-common-parameter-constraint-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-guideline-ASSEMBLY" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-value-FIELD" + minOccurs="0" + maxOccurs="unbounded"/> + type="oscal-control-common-parameter-selection-ASSEMBLY" + minOccurs="0" + maxOccurs="1"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3441,41 +3466,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -3509,10 +3535,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -3521,10 +3547,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3535,7 +3561,7 @@ - + Guideline @@ -3548,7 +3574,7 @@ - + Parameter Value @@ -3559,14 +3585,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -3596,7 +3622,7 @@ - + Include All @@ -3653,9 +3679,9 @@ + type="listItemType" + minOccurs="1" + maxOccurs="unbounded"/>