OSCAL Component Definition (CDef) 1.0.4 (SchemaStore) JSON Schema

oscal-component-definition-oscal-component-definition:component-definition object

A collection of component descriptions, which may optionally be grouped by capability.

uuid string required

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

metadata assembly_oscal-metadata_metadata required

import-component-definitions assembly_oscal-component-definition_import-component-definition[]

minItems=1

components assembly_oscal-component-definition_defined-component[]

minItems=1

capabilities assembly_oscal-component-definition_capability[]

minItems=1

back-matter assembly_oscal-metadata_back-matter

oscal-component-definition-oscal-component-definition:import-component-definition object

Loads a component definition from another resource.

href string required

A link to a resource that defines a set of components and/or capabilities to import into this collection.

format=uri-reference

oscal-component-definition-oscal-component-definition:defined-component object

A defined component that can be part of an implemented system.

uuid string required

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

type string required

A category describing the purpose of the component.

pattern=^\S(.*\S)?$

title string required

A human readable name for the component.

description string required

A description of the component, including information about its function.

purpose string

A summary of the technological or business purpose of the component.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

responsible-roles assembly_oscal-metadata_responsible-role[]

minItems=1

protocols assembly_oscal-implementation-common_protocol[]

minItems=1

control-implementations assembly_oscal-component-definition_control-implementation[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-component-definition:capability object

A grouping of other components and/or capabilities.

uuid string required

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

name string required

The capability's human-readable name.

pattern=^\S(.*\S)?$

description string required

A summary of the capability.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

incorporates-components assembly_oscal-component-definition_incorporates-component[]

minItems=1

control-implementations assembly_oscal-component-definition_control-implementation[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-component-definition:incorporates-component object

TBD

component-uuid string required

A machine-oriented identifier reference to a component.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

description string required

A description of the component, including information about its function.

oscal-component-definition-oscal-component-definition:control-implementation object

Defines how the component or capability supports a set of controls.

uuid string required

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

source string required

A reference to an OSCAL catalog or profile providing the referenced control or subcontrol definition.

format=uri-reference

description string required

A description of how the specified set of controls are implemented for the containing component or capability.

implemented-requirements assembly_oscal-component-definition_implemented-requirement[] required

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

set-parameters assembly_oscal-implementation-common_set-parameter[]

minItems=1

oscal-component-definition-oscal-component-definition:implemented-requirement object

Describes how the containing component or capability implements an individual control.

uuid string required

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

control-id string required

A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

description string required

A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

set-parameters assembly_oscal-implementation-common_set-parameter[]

minItems=1

responsible-roles assembly_oscal-metadata_responsible-role[]

minItems=1

statements assembly_oscal-component-definition_statement[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-component-definition:statement object

Identifies which statements within a control are addressed.

statement-id string required

A human-oriented identifier reference to a control statement.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

uuid string required

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

description string required

A summary of how the containing control statement is implemented by the component or capability.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

responsible-roles assembly_oscal-metadata_responsible-role[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-implementation-common:system-component object

A defined component that can be part of an implemented system.

uuid string required

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

type string required

A category describing the purpose of the component.

pattern=^\S(.*\S)?$

title string required

A human readable name for the system component.

description string required

A description of the component, including information about its function.

status object required

Describes the operational status of the system component.

2 nested properties

state string required

The operational status.

Values: "under-development" "operational" "disposition" "other"

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

remarks field_oscal-metadata_remarks

purpose string

A summary of the technological or business purpose of the component.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

responsible-roles assembly_oscal-metadata_responsible-role[]

minItems=1

protocols assembly_oscal-implementation-common_protocol[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-implementation-common:protocol object

Information about the protocol used to provide a service.

name string required

The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry.

pattern=^\S(.*\S)?$

uuid string

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

title string

A human readable name for the protocol (e.g., Transport Layer Security).

port-ranges assembly_oscal-implementation-common_port-range[]

minItems=1

oscal-component-definition-oscal-implementation-common:port-range object

Where applicable this is the IPv4 port range on which the service operates.

start integer

Indicates the starting port number in a port range

min=0multipleOf=1

end integer

Indicates the ending port number in a port range

min=0multipleOf=1

transport string

Indicates the transport type.

Values: "TCP" "UDP"

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

oscal-component-definition-oscal-implementation-common:implementation-status object

Indicates the degree to which the a given control is implemented.

state string required

Identifies the implementation status of the control or control objective.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-implementation-common:system-user object

A type of user that interacts with the system based on an associated role.

uuid string required

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

title string

A name given to the user, which may be used by a tool for display and navigation.

short-name string

A short common name, abbreviation, or acronym for the user.

pattern=^\S(.*\S)?$

description string

A summary of the user's purpose within the system.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

role-ids field_oscal-metadata_role-id[]

minItems=1

authorized-privileges assembly_oscal-implementation-common_authorized-privilege[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-implementation-common:authorized-privilege object

Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.

title string required

A human readable name for the privilege.

functions-performed field_oscal-implementation-common_function-performed[] required

minItems=1

description string

A summary of the privilege's purpose within the system.

oscal-component-definition-oscal-implementation-common:function-performed string

Describes a function performed for a given authorized privilege by this user class.

oscal-component-definition-oscal-implementation-common:inventory-item object

A single managed inventory item within the system.

uuid string required

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

description string required

A summary of the inventory item stating its purpose within the system.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

responsible-parties assembly_oscal-metadata_responsible-party[]

minItems=1

implemented-components object[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-implementation-common:set-parameter object

Identifies the parameter that will be set by the enclosed value.

param-id string required

A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

values string[] required

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-implementation-common:system-id object

A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.

id string required

identifier-type string

Identifies the identification system from which the provided identifier was assigned.

format=uripattern=^[a-zA-Z][a-zA-Z0-9+\-.]+:.+$

oscal-component-definition-oscal-metadata:metadata object

Provides information about the publication and availability of the containing document.

title string required

A name given to the document, which may be used by a tool for display and navigation.

last-modified field_oscal-metadata_last-modified required

version field_oscal-metadata_version required

oscal-version field_oscal-metadata_oscal-version required

published field_oscal-metadata_published

revisions assembly_oscal-metadata_revision[]

minItems=1

document-ids field_oscal-metadata_document-id[]

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

roles assembly_oscal-metadata_role[]

minItems=1

locations assembly_oscal-metadata_location[]

minItems=1

parties assembly_oscal-metadata_party[]

minItems=1

responsible-parties assembly_oscal-metadata_responsible-party[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-metadata:revision object

An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).

version field_oscal-metadata_version required

title string

A name given to the document revision, which may be used by a tool for display and navigation.

published field_oscal-metadata_published

last-modified field_oscal-metadata_last-modified

oscal-version field_oscal-metadata_oscal-version

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-metadata:location object

A location, with associated metadata that can be referenced.

uuid string required

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

address assembly_oscal-metadata_address required

title string

A name given to the location, which may be used by a tool for display and navigation.

email-addresses field_oscal-metadata_email-address[]

minItems=1

telephone-numbers field_oscal-metadata_telephone-number[]

minItems=1

urls string[]

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-metadata:location-uuid string

A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).

oscal-component-definition-oscal-metadata:party object

A responsible entity which is either a person or an organization.

uuid string required

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

type string required

A category describing the kind of party the object describes.

Values: "person" "organization"

pattern=^\S(.*\S)?$

name string

The full name of the party. This is typically the legal name associated with the party.

pattern=^\S(.*\S)?$

short-name string

A short common name, abbreviation, or acronym for the party.

pattern=^\S(.*\S)?$

external-ids object[]

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

email-addresses field_oscal-metadata_email-address[]

minItems=1

telephone-numbers field_oscal-metadata_telephone-number[]

minItems=1

addresses assembly_oscal-metadata_address[]

minItems=1

location-uuids field_oscal-metadata_location-uuid[]

minItems=1

member-of-organizations string[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-metadata:party-uuid string

A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).

oscal-component-definition-oscal-metadata:role object

Defines a function assumed or expected to be assumed by a party in a specific situation.

id string required

A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

title string required

A name given to the role, which may be used by a tool for display and navigation.

short-name string

A short common name, abbreviation, or acronym for the role.

pattern=^\S(.*\S)?$

description string

A summary of the role's purpose and associated responsibilities.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-metadata:role-id string

A human-oriented identifier reference to roles served by the user.

oscal-component-definition-oscal-metadata:back-matter object

A collection of resources, which may be included directly or by reference.

resources object[]

minItems=1

oscal-component-definition-oscal-metadata:property object

An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.

name string required

A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

value string required

Indicates the value of the attribute, characteristic, or quality.

pattern=^\S(.*\S)?$

uuid string

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

ns string

A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.

format=uripattern=^[a-zA-Z][a-zA-Z0-9+\-.]+:.+$

class string

A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-metadata:link object

A reference to a local or remote resource

href string required

A resolvable URL reference to a resource.

format=uri-reference

rel string

Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

media-type string

Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.

pattern=^\S(.*\S)?$

text string

A textual label to associate with the link, which may be used for presentation in a tool.

oscal-component-definition-oscal-metadata:responsible-party object

A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.

role-id string required

A human-oriented identifier reference to roles served by the user.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

party-uuids field_oscal-metadata_party-uuid[] required

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-metadata:responsible-role object

A reference to one or more roles with responsibility for performing a function relative to the containing object.

role-id string required

A human-oriented identifier reference to roles responsible for the business function.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

party-uuids field_oscal-metadata_party-uuid[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-metadata:hash object

A representation of a cryptographic digest generated over a resource using a specified hash algorithm.

algorithm string required

Method by which a hash is derived

pattern=^\S(.*\S)?$

value string required

oscal-component-definition-oscal-metadata:remarks string

Additional commentary on the containing object.

oscal-component-definition-oscal-metadata:published string

The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.

oscal-component-definition-oscal-metadata:last-modified string

The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.

oscal-component-definition-oscal-metadata:version string

A string used to distinguish the current version of the document from other previous (and future) versions.

oscal-component-definition-oscal-metadata:oscal-version string

The OSCAL model version the document was authored against.

oscal-component-definition-oscal-metadata:email-address string

An email address as defined by RFC 5322 Section 3.4.1.

oscal-component-definition-oscal-metadata:telephone-number object

Contact number by telephone.

number string required

type string

Indicates the type of phone number.

pattern=^\S(.*\S)?$

oscal-component-definition-oscal-metadata:address object

A postal address for the location.

type string

Indicates the type of address.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

addr-lines field_oscal-metadata_addr-line[]

minItems=1

city string

City, town or geographical region for the mailing address.

pattern=^\S(.*\S)?$

state string

State, province or analogous geographical region for mailing address

pattern=^\S(.*\S)?$

postal-code string

Postal or ZIP code for mailing address

pattern=^\S(.*\S)?$

country string

The ISO 3166-1 alpha-2 country code for the mailing address.

pattern=^\S(.*\S)?$

oscal-component-definition-oscal-metadata:addr-line string

A single line of an address.

oscal-component-definition-oscal-metadata:document-id object

A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element.

identifier string required

scheme string

Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.

format=uripattern=^[a-zA-Z][a-zA-Z0-9+\-.]+:.+$

oscal-component-definition-oscal-catalog-common:part object

A partition of a control's definition or a child of another part.

name string required

A textual label that uniquely identifies the part's semantic type.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

id string

A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

ns string

A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.

format=uripattern=^[a-zA-Z][a-zA-Z0-9+\-.]+:.+$

class string

A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

title string

A name given to the part, which may be used by a tool for display and navigation.

props assembly_oscal-metadata_property[]

minItems=1

prose string

Permits multiple paragraphs, lists, tables etc.

parts assembly_oscal-catalog-common_part[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

oscal-component-definition-oscal-catalog-common:parameter object

Parameters provide a mechanism for the dynamic assignment of value(s) in a control.

id string required

A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

class string

A textual label that provides a characterization of the parameter.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

depends-on string

(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

label string

A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.

usage string

Describes the purpose and use of a parameter

constraints assembly_oscal-catalog-common_parameter-constraint[]

minItems=1

guidelines assembly_oscal-catalog-common_parameter-guideline[]

minItems=1

values field_oscal-catalog-common_parameter-value[]

minItems=1

select assembly_oscal-catalog-common_parameter-selection

remarks field_oscal-metadata_remarks

oscal-component-definition-oscal-catalog-common:parameter-constraint object

A formal or informal expression of a constraint or test

description string

A textual summary of the constraint to be applied.

tests object[]

minItems=1

oscal-component-definition-oscal-catalog-common:parameter-guideline object

A prose statement that provides a recommendation for the use of a parameter.

prose string required

Prose permits multiple paragraphs, lists, tables etc.

oscal-component-definition-oscal-catalog-common:parameter-value string

A parameter value or set of values.

oscal-component-definition-oscal-catalog-common:parameter-selection object

Presenting a choice among alternatives

how-many string

Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.

Values: "one" "one-or-more"

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

choice string[]

minItems=1

oscal-component-definition-oscal-catalog-common:include-all object

Include all controls from the imported catalog or profile resources.

OSCAL Component Definition (CDef)

Schema URL

Properties

Definitions