OSCAL Catalog 1.1.1 (SchemaStore) JSON Schema

json-schema-directive string

A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.

oscal-catalog-oscal-catalog:catalog object

A structured, organized collection of control information.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

metadata assembly_oscal-metadata_metadata required

params assembly_oscal-control-common_parameter[]

minItems=1

controls assembly_oscal-catalog_control[]

minItems=1

groups assembly_oscal-catalog_group[]

minItems=1

back-matter assembly_oscal-metadata_back-matter

oscal-catalog-oscal-catalog:group object

A group of controls, or of groups of controls.

title string required

A name given to the group, which may be used by a tool for display and navigation.

id string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

class string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

params assembly_oscal-control-common_parameter[]

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

parts assembly_oscal-control-common_part[]

minItems=1

groups assembly_oscal-catalog_group[]

minItems=1

controls assembly_oscal-catalog_control[]

minItems=1

oscal-catalog-oscal-catalog:control object

A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information.

id string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

title string required

A name given to the control, which may be used by a tool for display and navigation.

class string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

params assembly_oscal-control-common_parameter[]

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

parts assembly_oscal-control-common_part[]

minItems=1

controls assembly_oscal-catalog_control[]

minItems=1

oscal-catalog-oscal-control-common:part object

An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.

name string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

id string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

ns string

A universal resource identifier (URI) formatted according to RFC3986.

format=uripattern=^[a-zA-Z][a-zA-Z0-9+\-.]+:.+$

class string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

title string

An optional name given to the part, which may be used by a tool for display and navigation.

props assembly_oscal-metadata_property[]

minItems=1

prose string

Permits multiple paragraphs, lists, tables etc.

parts assembly_oscal-control-common_part[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

oscal-catalog-oscal-control-common:parameter object

Parameters provide a mechanism for the dynamic assignment of value(s) in a control.

id string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

class string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

depends-on string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

label string

A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.

usage string

Describes the purpose and use of a parameter.

constraints assembly_oscal-control-common_parameter-constraint[]

minItems=1

guidelines assembly_oscal-control-common_parameter-guideline[]

minItems=1

values field_oscal-control-common_parameter-value[]

minItems=1

select assembly_oscal-control-common_parameter-selection

remarks field_oscal-metadata_remarks

oscal-catalog-oscal-control-common:parameter-constraint object

A formal or informal expression of a constraint or test.

description string

A textual summary of the constraint to be applied.

tests object[]

minItems=1

oscal-catalog-oscal-control-common:parameter-guideline object

A prose statement that provides a recommendation for the use of a parameter.

prose string required

Prose permits multiple paragraphs, lists, tables etc.

oscal-catalog-oscal-control-common:parameter-value string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

oscal-catalog-oscal-control-common:parameter-selection object

Presenting a choice among alternatives.

how-many

Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.

All of: TokenDatatype string, enum enum

choice string[]

minItems=1

oscal-catalog-oscal-control-common:include-all object

Include all controls from the imported catalog or profile resources.

oscal-catalog-oscal-metadata:metadata object

Provides information about the containing document, and defines concepts that are shared across the document.

title string required

A name given to the document, which may be used by a tool for display and navigation.

last-modified field_oscal-metadata_last-modified required

version field_oscal-metadata_version required

oscal-version field_oscal-metadata_oscal-version required

published field_oscal-metadata_published

revisions object[]

minItems=1

document-ids field_oscal-metadata_document-id[]

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

roles object[]

minItems=1

locations object[]

minItems=1

parties object[]

minItems=1

responsible-parties assembly_oscal-metadata_responsible-party[]

minItems=1

actions assembly_oscal-metadata_action[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-catalog-oscal-metadata:location-uuid string

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

oscal-catalog-oscal-metadata:party-uuid string

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

oscal-catalog-oscal-metadata:role-id string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

oscal-catalog-oscal-metadata:back-matter object

A collection of resources that may be referenced from within the OSCAL document instance.

resources object[]

minItems=1

oscal-catalog-oscal-metadata:property object

An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.

name string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

value string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

uuid string

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

ns string

A universal resource identifier (URI) formatted according to RFC3986.

format=uripattern=^[a-zA-Z][a-zA-Z0-9+\-.]+:.+$

class string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

group string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

remarks field_oscal-metadata_remarks

oscal-catalog-oscal-metadata:link object

A reference to a local or remote resource, that has a specific relation to the containing object.

href string required

A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.

format=uri-reference

rel TokenDatatype | enum

Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.

media-type string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

resource-fragment string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

text string

A textual label to associate with the link, which may be used for presentation in a tool.

oscal-catalog-oscal-metadata:responsible-party object

A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.

role-id string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

party-uuids field_oscal-metadata_party-uuid[] required

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-catalog-oscal-metadata:action object

An action applied by a role within a given party to the content.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

type string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

system string required

A universal resource identifier (URI) formatted according to RFC3986.

format=uripattern=^[a-zA-Z][a-zA-Z0-9+\-.]+:.+$

date string

A string representing a point in time with a required timezone.

format=date-timepattern=^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

responsible-parties assembly_oscal-metadata_responsible-party[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-catalog-oscal-metadata:responsible-role object

A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.

role-id string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

party-uuids field_oscal-metadata_party-uuid[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-catalog-oscal-metadata:hash object

A representation of a cryptographic digest generated over a resource using a specified hash algorithm.

algorithm StringDatatype | enum required

The digest method by which a hash is derived.

value string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

oscal-catalog-oscal-metadata:remarks string

Additional commentary about the containing object.

oscal-catalog-oscal-metadata:published string

A string representing a point in time with a required timezone.

oscal-catalog-oscal-metadata:last-modified string

A string representing a point in time with a required timezone.

oscal-catalog-oscal-metadata:version string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

oscal-catalog-oscal-metadata:oscal-version string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

oscal-catalog-oscal-metadata:email-address

An email address string formatted according to RFC 6531.

oscal-catalog-oscal-metadata:telephone-number object

A telephone service number as defined by ITU-T E.164.

number string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

type StringDatatype | enum

Indicates the type of phone number.

oscal-catalog-oscal-metadata:address object

A postal address for the location.

type TokenDatatype | enum

Indicates the type of address.

addr-lines field_oscal-metadata_addr-line[]

minItems=1

city string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

state string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

postal-code string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

country string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

oscal-catalog-oscal-metadata:addr-line string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

oscal-catalog-oscal-metadata:document-id object

A document identifier qualified by an identifier scheme.

identifier string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

scheme URIDatatype | enum

Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.

Base64Datatype string

Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.

DateTimeWithTimezoneDatatype string

A string representing a point in time with a required timezone.

EmailAddressDatatype

An email address string formatted according to RFC 6531.

StringDatatype string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

TokenDatatype string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

URIDatatype string

A universal resource identifier (URI) formatted according to RFC3986.

URIReferenceDatatype string

A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.

UUIDDatatype string

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

OSCAL Catalog

Schema URL

Properties

Definitions