OSCAL System Security Plan (SSP)

1.0.5

Schema URL

https://catalog.lintel.tools/schemas/schemastore/oscal-system-security-plan-ssp/versions/1.0.5.json
← Back to OSCAL System Security Plan (SSP)
Type: object

Properties

system-security-plan assembly_oscal-ssp_system-security-plan required

Definitions

oscal-ssp-oscal-ssp:system-security-plan object

A system security plan, such as those described in NIST SP 800-18

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$
metadata assembly_oscal-metadata_metadata required
import-profile assembly_oscal-ssp_import-profile required
system-characteristics assembly_oscal-ssp_system-characteristics required
system-implementation assembly_oscal-ssp_system-implementation required
control-implementation assembly_oscal-ssp_control-implementation required
back-matter assembly_oscal-metadata_back-matter
oscal-ssp-oscal-ssp:import-profile object

Used to import the OSCAL profile representing the system's control baseline.

href string required
format=uri-reference
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-ssp:system-characteristics object

Contains the characteristics of the system, such as its name, purpose, and security impact level.

system-ids field_oscal-implementation-common_system-id[] required
minItems=1
system-name string required
pattern=^\S(.*\S)?$
description string required

A summary of the system.

security-sensitivity-level string required
pattern=^\S(.*\S)?$
system-information assembly_oscal-ssp_system-information required
security-impact-level assembly_oscal-ssp_security-impact-level required
status assembly_oscal-ssp_status required
authorization-boundary assembly_oscal-ssp_authorization-boundary required
system-name-short string
pattern=^\S(.*\S)?$
props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
date-authorized field_oscal-ssp_date-authorized
network-architecture assembly_oscal-ssp_network-architecture
data-flow assembly_oscal-ssp_data-flow
responsible-parties assembly_oscal-metadata_responsible-party[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-ssp:system-information object

Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.

information-types object[] required
minItems=1
props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
oscal-ssp-oscal-ssp:base string
oscal-ssp-oscal-ssp:selected string
oscal-ssp-oscal-ssp:adjustment-justification string

If the selected security level is different from the base security level, this contains the justification for the change.

oscal-ssp-oscal-ssp:security-impact-level object

The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.

security-objective-confidentiality string required
pattern=^\S(.*\S)?$
security-objective-integrity string required
pattern=^\S(.*\S)?$
security-objective-availability string required
pattern=^\S(.*\S)?$
oscal-ssp-oscal-ssp:status object

Describes the operational status of the system.

state required

The current operating status.

All of: StringDatatype string, enum enum
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-ssp:date-authorized string
oscal-ssp-oscal-ssp:authorization-boundary object

A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.

description string required

A summary of the system's authorization boundary.

props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
diagrams assembly_oscal-ssp_diagram[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-ssp:diagram object

A graphic that provides a visual representation the system, or some aspect of it.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$
description string

A summary of the diagram.

props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
caption string

A brief caption to annotate the diagram.

remarks field_oscal-metadata_remarks
oscal-ssp-oscal-ssp:network-architecture object

A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.

description string required

A summary of the system's network architecture.

props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
diagrams assembly_oscal-ssp_diagram[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-ssp:data-flow object

A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.

description string required

A summary of the system's data flow.

props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
diagrams assembly_oscal-ssp_diagram[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-ssp:system-implementation object

Provides information as to how the system is implemented.

users assembly_oscal-implementation-common_system-user[] required
minItems=1
components assembly_oscal-implementation-common_system-component[] required
minItems=1
props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
leveraged-authorizations object[]
minItems=1
inventory-items assembly_oscal-implementation-common_inventory-item[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-ssp:control-implementation object

Describes how the system satisfies a set of controls.

description string required

A statement describing important things to know about how this set of control satisfaction documentation is approached.

implemented-requirements assembly_oscal-ssp_implemented-requirement[] required
minItems=1
set-parameters assembly_oscal-implementation-common_set-parameter[]
minItems=1
oscal-ssp-oscal-ssp:implemented-requirement object

Describes how the system satisfies the requirements of an individual control.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$
control-id string required
pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$
props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
set-parameters assembly_oscal-implementation-common_set-parameter[]
minItems=1
responsible-roles assembly_oscal-metadata_responsible-role[]
minItems=1
statements assembly_oscal-ssp_statement[]
minItems=1
by-components assembly_oscal-ssp_by-component[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-ssp:statement object

Identifies which statements within a control are addressed.

statement-id string required
pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$
uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$
props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
responsible-roles assembly_oscal-metadata_responsible-role[]
minItems=1
by-components assembly_oscal-ssp_by-component[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-ssp:by-component object

Defines how the referenced component implements a set of controls.

component-uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$
uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$
description string required

An implementation statement that describes how a control or a control statement is implemented within the referenced system component.

props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
set-parameters assembly_oscal-implementation-common_set-parameter[]
minItems=1
implementation-status assembly_oscal-implementation-common_implementation-status
export object

Identifies content intended for external consumption, such as with leveraged organizations.

6 nested properties
description string

An implementation statement that describes the aspects of the control or control statement implementation that can be available to another system leveraging this system.

props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
provided object[]
minItems=1
responsibilities object[]
minItems=1
remarks field_oscal-metadata_remarks
inherited object[]
minItems=1
satisfied object[]
minItems=1
responsible-roles assembly_oscal-metadata_responsible-role[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-metadata:metadata object

Provides information about the publication and availability of the containing document.

title string required

A name given to the document, which may be used by a tool for display and navigation.

last-modified field_oscal-metadata_last-modified required
version field_oscal-metadata_version required
oscal-version field_oscal-metadata_oscal-version required
published field_oscal-metadata_published
revisions assembly_oscal-metadata_revision[]
minItems=1
document-ids field_oscal-metadata_document-id[]
minItems=1
props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
roles assembly_oscal-metadata_role[]
minItems=1
locations assembly_oscal-metadata_location[]
minItems=1
parties assembly_oscal-metadata_party[]
minItems=1
responsible-parties assembly_oscal-metadata_responsible-party[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-metadata:revision object

An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).

version field_oscal-metadata_version required
title string

A name given to the document revision, which may be used by a tool for display and navigation.

published field_oscal-metadata_published
last-modified field_oscal-metadata_last-modified
oscal-version field_oscal-metadata_oscal-version
props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-metadata:location object

A location, with associated metadata that can be referenced.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$
address assembly_oscal-metadata_address required
title string

A name given to the location, which may be used by a tool for display and navigation.

email-addresses field_oscal-metadata_email-address[]
minItems=1
telephone-numbers field_oscal-metadata_telephone-number[]
minItems=1
urls URIDatatype[]
minItems=1
props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-metadata:location-uuid string

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

oscal-ssp-oscal-metadata:party object

A responsible entity which is either a person or an organization.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$
type required

A category describing the kind of party the object describes.

All of: StringDatatype string, enum enum
name string
pattern=^\S(.*\S)?$
short-name string
pattern=^\S(.*\S)?$
external-ids object[]
minItems=1
props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
email-addresses field_oscal-metadata_email-address[]
minItems=1
telephone-numbers field_oscal-metadata_telephone-number[]
minItems=1
addresses assembly_oscal-metadata_address[]
minItems=1
location-uuids field_oscal-metadata_location-uuid[]
minItems=1
member-of-organizations UUIDDatatype[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-metadata:party-uuid string

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

oscal-ssp-oscal-metadata:role object

Defines a function assumed or expected to be assumed by a party in a specific situation.

id string required
pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$
title string required

A name given to the role, which may be used by a tool for display and navigation.

short-name string
pattern=^\S(.*\S)?$
description string

A summary of the role's purpose and associated responsibilities.

props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-metadata:role-id string
oscal-ssp-oscal-metadata:back-matter object

A collection of resources, which may be included directly or by reference.

resources object[]
minItems=1
oscal-ssp-oscal-metadata:property object

An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.

name required

A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.

All of: TokenDatatype string, enum enum
value string required
pattern=^\S(.*\S)?$
uuid string

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$
ns string
format=uripattern=^[a-zA-Z][a-zA-Z0-9+\-.]+:.+$
class string
pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-metadata:responsible-party object

A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.

role-id string required
pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$
party-uuids field_oscal-metadata_party-uuid[] required
minItems=1
props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-metadata:responsible-role object

A reference to one or more roles with responsibility for performing a function relative to the containing object.

role-id string required
pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$
props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
party-uuids field_oscal-metadata_party-uuid[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-metadata:hash object

A representation of a cryptographic digest generated over a resource using a specified hash algorithm.

algorithm required

Method by which a hash is derived

All of: StringDatatype string, enum enum
value string required
pattern=^\S(.*\S)?$
oscal-ssp-oscal-metadata:remarks string

Additional commentary on the containing object.

oscal-ssp-oscal-metadata:published string
oscal-ssp-oscal-metadata:last-modified string
oscal-ssp-oscal-metadata:version string
oscal-ssp-oscal-metadata:oscal-version string
oscal-ssp-oscal-metadata:email-address
oscal-ssp-oscal-metadata:telephone-number object

Contact number by telephone.

number string required
pattern=^\S(.*\S)?$
type

Indicates the type of phone number.

All of: StringDatatype string, enum enum
oscal-ssp-oscal-metadata:address object

A postal address for the location.

type

Indicates the type of address.

All of: TokenDatatype string, enum enum
addr-lines field_oscal-metadata_addr-line[]
minItems=1
city string
pattern=^\S(.*\S)?$
state string
pattern=^\S(.*\S)?$
postal-code string
pattern=^\S(.*\S)?$
country string
pattern=^\S(.*\S)?$
oscal-ssp-oscal-metadata:addr-line string
oscal-ssp-oscal-metadata:document-id object

A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element.

identifier string required
pattern=^\S(.*\S)?$
scheme

Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.

All of: URIDatatype string, enum enum
oscal-ssp-oscal-implementation-common:system-component object

A defined component that can be part of an implemented system.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$
type required

A category describing the purpose of the component.

All of: StringDatatype string, enum enum
title string required

A human readable name for the system component.

description string required

A description of the component, including information about its function.

status object required

Describes the operational status of the system component.

2 nested properties
state required

The operational status.

All of: TokenDatatype string, enum enum
remarks field_oscal-metadata_remarks
purpose string

A summary of the technological or business purpose of the component.

props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
responsible-roles assembly_oscal-metadata_responsible-role[]
minItems=1
protocols assembly_oscal-implementation-common_protocol[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-implementation-common:protocol object

Information about the protocol used to provide a service.

name string required
pattern=^\S(.*\S)?$
uuid string

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$
title string

A human readable name for the protocol (e.g., Transport Layer Security).

port-ranges assembly_oscal-implementation-common_port-range[]
minItems=1
oscal-ssp-oscal-implementation-common:port-range object

Where applicable this is the IPv4 port range on which the service operates.

start
All of: IntegerDatatype integer, number number
end
All of: IntegerDatatype integer, number number
transport

Indicates the transport type.

All of: TokenDatatype string, enum enum
oscal-ssp-oscal-implementation-common:implementation-status object

Indicates the degree to which the a given control is implemented.

state required

Identifies the implementation status of the control or control objective.

All of: TokenDatatype string, enum enum
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-implementation-common:system-user object

A type of user that interacts with the system based on an associated role.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$
title string

A name given to the user, which may be used by a tool for display and navigation.

short-name string
pattern=^\S(.*\S)?$
description string

A summary of the user's purpose within the system.

props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
role-ids field_oscal-metadata_role-id[]
minItems=1
authorized-privileges assembly_oscal-implementation-common_authorized-privilege[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-implementation-common:authorized-privilege object

Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.

title string required

A human readable name for the privilege.

functions-performed field_oscal-implementation-common_function-performed[] required
minItems=1
description string

A summary of the privilege's purpose within the system.

oscal-ssp-oscal-implementation-common:function-performed string
oscal-ssp-oscal-implementation-common:inventory-item object

A single managed inventory item within the system.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$
description string required

A summary of the inventory item stating its purpose within the system.

props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
responsible-parties assembly_oscal-metadata_responsible-party[]
minItems=1
implemented-components object[]
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-implementation-common:set-parameter object

Identifies the parameter that will be set by the enclosed value.

param-id string required
pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$
values StringDatatype[] required
minItems=1
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-implementation-common:system-id object

A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.

id string required
pattern=^\S(.*\S)?$
identifier-type

Identifies the identification system from which the provided identifier was assigned.

All of: URIDatatype string, enum enum
oscal-ssp-oscal-catalog-common:part object

A partition of a control's definition or a child of another part.

name string required
pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$
id string
pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$
ns string
format=uripattern=^[a-zA-Z][a-zA-Z0-9+\-.]+:.+$
class string
pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$
title string

A name given to the part, which may be used by a tool for display and navigation.

props assembly_oscal-metadata_property[]
minItems=1
prose string

Permits multiple paragraphs, lists, tables etc.

parts assembly_oscal-catalog-common_part[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
oscal-ssp-oscal-catalog-common:parameter object

Parameters provide a mechanism for the dynamic assignment of value(s) in a control.

id string required
pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$
class string
pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$
depends-on string
pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$
props assembly_oscal-metadata_property[]
minItems=1
links assembly_oscal-metadata_link[]
minItems=1
label string

A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.

usage string

Describes the purpose and use of a parameter

constraints assembly_oscal-catalog-common_parameter-constraint[]
minItems=1
guidelines assembly_oscal-catalog-common_parameter-guideline[]
minItems=1
values field_oscal-catalog-common_parameter-value[]
minItems=1
select assembly_oscal-catalog-common_parameter-selection
remarks field_oscal-metadata_remarks
oscal-ssp-oscal-catalog-common:parameter-constraint object

A formal or informal expression of a constraint or test

description string

A textual summary of the constraint to be applied.

tests object[]
minItems=1
oscal-ssp-oscal-catalog-common:parameter-guideline object

A prose statement that provides a recommendation for the use of a parameter.

prose string required

Prose permits multiple paragraphs, lists, tables etc.

oscal-ssp-oscal-catalog-common:parameter-value string
oscal-ssp-oscal-catalog-common:parameter-selection object

Presenting a choice among alternatives

how-many

Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.

All of: TokenDatatype string, enum enum
choice string[]
minItems=1
oscal-ssp-oscal-catalog-common:include-all object

Include all controls from the imported catalog or profile resources.

Base64Datatype string
DateDatatype string
DateTimeWithTimezoneDatatype string
EmailAddressDatatype
IntegerDatatype integer
NonNegativeIntegerDatatype
StringDatatype string
TokenDatatype string
URIDatatype string
URIReferenceDatatype string
UUIDDatatype string

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.