OSCAL System Security Plan (SSP)
1.0.3Schema URL
Properties
Definitions
A system security plan, such as those described in NIST SP 800-18
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
Used to import the OSCAL profile representing the system's control baseline.
A resolvable URL reference to the profile or catalog to use as the system's control baseline.
Contains the characteristics of the system, such as its name, purpose, and security impact level.
The full name of the system.
A summary of the system.
The overall information system sensitivity categorization, such as defined by FIPS-199.
A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.
Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.
The prescribed base (Confidentiality, Integrity, or Availability) security impact level.
The selected (Confidentiality, Integrity, or Availability) security impact level.
If the selected security level is different from the base security level, this contains the justification for the change.
The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.
A target-level of confidentiality for the system, based on the sensitivity of information within the system.
A target-level of integrity for the system, based on the sensitivity of information within the system.
A target-level of availability for the system, based on the sensitivity of information within the system.
Describes the operational status of the system.
The current operating status.
The date the system received its authorization.
A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.
A summary of the system's authorization boundary.
A graphic that provides a visual representation the system, or some aspect of it.
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
A summary of the diagram.
A brief caption to annotate the diagram.
A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.
A summary of the system's network architecture.
A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.
A summary of the system's data flow.
Provides information as to how the system is implemented.
Describes how the system satisfies a set of controls.
A statement describing important things to know about how this set of control satisfaction documentation is approached.
Describes how the system satisfies the requirements of an individual control.
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).
Identifies which statements within a control are addressed.
A human-oriented identifier reference to a control statement.
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).
Defines how the referenced component implements a set of controls.
A machine-oriented identifier reference to the component that is implemeting a given control.
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
An implementation statement that describes how a control or a control statement is implemented within the referenced system component.
Identifies content intended for external consumption, such as with leveraged organizations.
6 nested properties
An implementation statement that describes the aspects of the control or control statement implementation that can be available to another system leveraging this system.
Provides information about the publication and availability of the containing document.
A name given to the document, which may be used by a tool for display and navigation.
An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).
A name given to the document revision, which may be used by a tool for display and navigation.
A location, with associated metadata that can be referenced.
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
A name given to the location, which may be used by a tool for display and navigation.
A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).
A responsible entity which is either a person or an organization.
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
A category describing the kind of party the object describes.
The full name of the party. This is typically the legal name associated with the party.
A short common name, abbreviation, or acronym for the party.
A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).
Defines a function assumed or expected to be assumed by a party in a specific situation.
A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
A name given to the role, which may be used by a tool for display and navigation.
A short common name, abbreviation, or acronym for the role.
A summary of the role's purpose and associated responsibilities.
A human-oriented identifier reference to roles served by the user.
A collection of resources, which may be included directly or by reference.
An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.
A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.
Indicates the value of the attribute, characteristic, or quality.
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.
A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.
A reference to a local or remote resource
A resolvable URL reference to a resource.
Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.
Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.
A textual label to associate with the link, which may be used for presentation in a tool.
A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.
A human-oriented identifier reference to roles served by the user.
A reference to one or more roles with responsibility for performing a function relative to the containing object.
A human-oriented identifier reference to roles responsible for the business function.
A representation of a cryptographic digest generated over a resource using a specified hash algorithm.
Method by which a hash is derived
Additional commentary on the containing object.
The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.
The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.
A string used to distinguish the current version of the document from other previous (and future) versions.
The OSCAL model version the document was authored against.
An email address as defined by RFC 5322 Section 3.4.1.
Contact number by telephone.
Indicates the type of phone number.
A postal address for the location.
Indicates the type of address.
City, town or geographical region for the mailing address.
State, province or analogous geographical region for mailing address
Postal or ZIP code for mailing address
The ISO 3166-1 alpha-2 country code for the mailing address.
A single line of an address.
A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element.
Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.
A defined component that can be part of an implemented system.
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
A category describing the purpose of the component.
A human readable name for the system component.
A description of the component, including information about its function.
Describes the operational status of the system component.
2 nested properties
The operational status.
A summary of the technological or business purpose of the component.
Information about the protocol used to provide a service.
The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry.
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
A human readable name for the protocol (e.g., Transport Layer Security).
Where applicable this is the IPv4 port range on which the service operates.
Indicates the starting port number in a port range
Indicates the ending port number in a port range
Indicates the transport type.
Indicates the degree to which the a given control is implemented.
Identifies the implementation status of the control or control objective.
A type of user that interacts with the system based on an associated role.
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
A name given to the user, which may be used by a tool for display and navigation.
A short common name, abbreviation, or acronym for the user.
A summary of the user's purpose within the system.
Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.
A human readable name for the privilege.
A summary of the privilege's purpose within the system.
Describes a function performed for a given authorized privilege by this user class.
A single managed inventory item within the system.
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
A summary of the inventory item stating its purpose within the system.
Identifies the parameter that will be set by the enclosed value.
A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.
A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.
Identifies the identification system from which the provided identifier was assigned.
A partition of a control's definition or a child of another part.
A textual label that uniquely identifies the part's semantic type.
A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.
A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.
A name given to the part, which may be used by a tool for display and navigation.
Permits multiple paragraphs, lists, tables etc.
Parameters provide a mechanism for the dynamic assignment of value(s) in a control.
A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
A textual label that provides a characterization of the parameter.
(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.
A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.
Describes the purpose and use of a parameter
A formal or informal expression of a constraint or test
A textual summary of the constraint to be applied.
A prose statement that provides a recommendation for the use of a parameter.
Prose permits multiple paragraphs, lists, tables etc.
A parameter value or set of values.
Presenting a choice among alternatives
Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.
Include all controls from the imported catalog or profile resources.