OSCAL System Security Plan (SSP) 1.0.6 (SchemaStore) JSON Schema

json-schema-directive string

A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.

oscal-ssp-oscal-ssp:system-security-plan object

A system security plan, such as those described in NIST SP 800-18

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

metadata assembly_oscal-metadata_metadata required

import-profile assembly_oscal-ssp_import-profile required

system-characteristics assembly_oscal-ssp_system-characteristics required

system-implementation assembly_oscal-ssp_system-implementation required

control-implementation assembly_oscal-ssp_control-implementation required

back-matter assembly_oscal-metadata_back-matter

oscal-ssp-oscal-ssp:import-profile object

Used to import the OSCAL profile representing the system's control baseline.

href string required

A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.

format=uri-reference

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-ssp:system-characteristics object

Contains the characteristics of the system, such as its name, purpose, and security impact level.

system-ids field_oscal-implementation-common_system-id[] required

minItems=1

system-name string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

description string required

A summary of the system.

security-sensitivity-level string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

system-information assembly_oscal-ssp_system-information required

security-impact-level assembly_oscal-ssp_security-impact-level required

status assembly_oscal-ssp_status required

authorization-boundary assembly_oscal-ssp_authorization-boundary required

system-name-short string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

date-authorized field_oscal-ssp_date-authorized

network-architecture assembly_oscal-ssp_network-architecture

data-flow assembly_oscal-ssp_data-flow

responsible-parties assembly_oscal-metadata_responsible-party[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-ssp:system-information object

Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.

information-types object[] required

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

oscal-ssp-oscal-ssp:base string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

oscal-ssp-oscal-ssp:selected string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

oscal-ssp-oscal-ssp:adjustment-justification string

If the selected security level is different from the base security level, this contains the justification for the change.

oscal-ssp-oscal-ssp:security-impact-level object

The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.

security-objective-confidentiality string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

security-objective-integrity string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

security-objective-availability string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

oscal-ssp-oscal-ssp:status object

Describes the operational status of the system.

state required

The current operating status.

All of: StringDatatype string, enum enum

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-ssp:date-authorized string

A string representing a 24-hour period with an optional timezone.

oscal-ssp-oscal-ssp:authorization-boundary object

A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.

description string required

A summary of the system's authorization boundary.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

diagrams assembly_oscal-ssp_diagram[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-ssp:diagram object

A graphic that provides a visual representation the system, or some aspect of it.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

description string

A summary of the diagram.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

caption string

A brief caption to annotate the diagram.

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-ssp:network-architecture object

A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.

description string required

A summary of the system's network architecture.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

diagrams assembly_oscal-ssp_diagram[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-ssp:data-flow object

A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.

description string required

A summary of the system's data flow.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

diagrams assembly_oscal-ssp_diagram[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-ssp:system-implementation object

Provides information as to how the system is implemented.

users assembly_oscal-implementation-common_system-user[] required

minItems=1

components assembly_oscal-implementation-common_system-component[] required

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

leveraged-authorizations object[]

minItems=1

inventory-items assembly_oscal-implementation-common_inventory-item[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-ssp:control-implementation object

Describes how the system satisfies a set of controls.

description string required

A statement describing important things to know about how this set of control satisfaction documentation is approached.

implemented-requirements assembly_oscal-ssp_implemented-requirement[] required

minItems=1

set-parameters assembly_oscal-implementation-common_set-parameter[]

minItems=1

oscal-ssp-oscal-ssp:implemented-requirement object

Describes how the system satisfies the requirements of an individual control.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

control-id string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

set-parameters assembly_oscal-implementation-common_set-parameter[]

minItems=1

responsible-roles assembly_oscal-metadata_responsible-role[]

minItems=1

statements assembly_oscal-ssp_statement[]

minItems=1

by-components assembly_oscal-ssp_by-component[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-ssp:statement object

Identifies which statements within a control are addressed.

statement-id string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

responsible-roles assembly_oscal-metadata_responsible-role[]

minItems=1

by-components assembly_oscal-ssp_by-component[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-ssp:by-component object

Defines how the referenced component implements a set of controls.

component-uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

description string required

An implementation statement that describes how a control or a control statement is implemented within the referenced system component.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

set-parameters assembly_oscal-implementation-common_set-parameter[]

minItems=1

implementation-status assembly_oscal-implementation-common_implementation-status

export object

Identifies content intended for external consumption, such as with leveraged organizations.

6 nested properties

description string

An implementation statement that describes the aspects of the control or control statement implementation that can be available to another system leveraging this system.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

provided object[]

minItems=1

responsibilities object[]

minItems=1

remarks field_oscal-metadata_remarks

inherited object[]

minItems=1

satisfied object[]

minItems=1

responsible-roles assembly_oscal-metadata_responsible-role[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-metadata:metadata object

Provides information about the publication and availability of the containing document.

title string required

A name given to the document, which may be used by a tool for display and navigation.

last-modified field_oscal-metadata_last-modified required

version field_oscal-metadata_version required

oscal-version field_oscal-metadata_oscal-version required

published field_oscal-metadata_published

revisions assembly_oscal-metadata_revision[]

minItems=1

document-ids field_oscal-metadata_document-id[]

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

roles assembly_oscal-metadata_role[]

minItems=1

locations assembly_oscal-metadata_location[]

minItems=1

parties assembly_oscal-metadata_party[]

minItems=1

responsible-parties assembly_oscal-metadata_responsible-party[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-metadata:revision object

An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).

version field_oscal-metadata_version required

title string

A name given to the document revision, which may be used by a tool for display and navigation.

published field_oscal-metadata_published

last-modified field_oscal-metadata_last-modified

oscal-version field_oscal-metadata_oscal-version

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-metadata:location object

A location, with associated metadata that can be referenced.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

address assembly_oscal-metadata_address required

title string

A name given to the location, which may be used by a tool for display and navigation.

email-addresses field_oscal-metadata_email-address[]

minItems=1

telephone-numbers field_oscal-metadata_telephone-number[]

minItems=1

urls URIDatatype[]

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-metadata:location-uuid string

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

oscal-ssp-oscal-metadata:party object

A responsible entity which is either a person or an organization.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

type required

A category describing the kind of party the object describes.

All of: StringDatatype string, enum enum

name string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

short-name string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

external-ids object[]

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

email-addresses field_oscal-metadata_email-address[]

minItems=1

telephone-numbers field_oscal-metadata_telephone-number[]

minItems=1

addresses assembly_oscal-metadata_address[]

minItems=1

location-uuids field_oscal-metadata_location-uuid[]

minItems=1

member-of-organizations UUIDDatatype[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-metadata:party-uuid string

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

oscal-ssp-oscal-metadata:role object

Defines a function assumed or expected to be assumed by a party in a specific situation.

id string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

title string required

A name given to the role, which may be used by a tool for display and navigation.

short-name string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

description string

A summary of the role's purpose and associated responsibilities.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-metadata:role-id string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

oscal-ssp-oscal-metadata:back-matter object

A collection of resources, which may be included directly or by reference.

resources object[]

minItems=1

oscal-ssp-oscal-metadata:property object

An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.

name TokenDatatype | enum required

A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.

value string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

uuid string

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

ns string

A universal resource identifier (URI) formatted according to RFC3986.

format=uripattern=^[a-zA-Z][a-zA-Z0-9+\-.]+:.+$

class string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-metadata:link object

A reference to a local or remote resource

href string required

A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.

format=uri-reference

rel TokenDatatype | enum

Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.

media-type string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

text string

A textual label to associate with the link, which may be used for presentation in a tool.

oscal-ssp-oscal-metadata:responsible-party object

A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.

role-id string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

party-uuids field_oscal-metadata_party-uuid[] required

minItems=1

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-metadata:responsible-role object

A reference to one or more roles with responsibility for performing a function relative to the containing object.

role-id string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

party-uuids field_oscal-metadata_party-uuid[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-metadata:hash object

A representation of a cryptographic digest generated over a resource using a specified hash algorithm.

algorithm StringDatatype | enum required

Method by which a hash is derived

value string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

oscal-ssp-oscal-metadata:remarks string

Additional commentary on the containing object.

oscal-ssp-oscal-metadata:published string

A string representing a point in time with a required timezone.

oscal-ssp-oscal-metadata:last-modified string

A string representing a point in time with a required timezone.

oscal-ssp-oscal-metadata:version string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

oscal-ssp-oscal-metadata:oscal-version string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

oscal-ssp-oscal-metadata:email-address

An email address string formatted according to RFC 6531.

oscal-ssp-oscal-metadata:telephone-number object

Contact number by telephone.

number string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

type StringDatatype | enum

Indicates the type of phone number.

oscal-ssp-oscal-metadata:address object

A postal address for the location.

type TokenDatatype | enum

Indicates the type of address.

addr-lines field_oscal-metadata_addr-line[]

minItems=1

city string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

state string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

postal-code string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

country string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

oscal-ssp-oscal-metadata:addr-line string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

oscal-ssp-oscal-metadata:document-id object

A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element.

identifier string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

scheme URIDatatype | enum

Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.

oscal-ssp-oscal-implementation-common:system-component object

A defined component that can be part of an implemented system.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

type StringDatatype | enum required

A category describing the purpose of the component.

title string required

A human readable name for the system component.

description string required

A description of the component, including information about its function.

status object required

Describes the operational status of the system component.

2 nested properties

state required

The operational status.

All of: TokenDatatype string, enum enum

remarks field_oscal-metadata_remarks

purpose string

A summary of the technological or business purpose of the component.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

responsible-roles assembly_oscal-metadata_responsible-role[]

minItems=1

protocols assembly_oscal-implementation-common_protocol[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-implementation-common:protocol object

Information about the protocol used to provide a service.

name string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

uuid string

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

title string

A human readable name for the protocol (e.g., Transport Layer Security).

port-ranges assembly_oscal-implementation-common_port-range[]

minItems=1

oscal-ssp-oscal-implementation-common:port-range object

Where applicable this is the IPv4 port range on which the service operates.

start

An integer value that is equal to or greater than 0.

All of: IntegerDatatype integer, number number

end

An integer value that is equal to or greater than 0.

All of: IntegerDatatype integer, number number

transport

Indicates the transport type.

All of: TokenDatatype string, enum enum

oscal-ssp-oscal-implementation-common:implementation-status object

Indicates the degree to which the a given control is implemented.

state TokenDatatype | enum required

Identifies the implementation status of the control or control objective.

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-implementation-common:system-user object

A type of user that interacts with the system based on an associated role.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

title string

A name given to the user, which may be used by a tool for display and navigation.

short-name string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

description string

A summary of the user's purpose within the system.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

role-ids field_oscal-metadata_role-id[]

minItems=1

authorized-privileges assembly_oscal-implementation-common_authorized-privilege[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-implementation-common:authorized-privilege object

Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.

title string required

A human readable name for the privilege.

functions-performed field_oscal-implementation-common_function-performed[] required

minItems=1

description string

A summary of the privilege's purpose within the system.

oscal-ssp-oscal-implementation-common:function-performed string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

oscal-ssp-oscal-implementation-common:inventory-item object

A single managed inventory item within the system.

uuid string required

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

pattern=^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

description string required

A summary of the inventory item stating its purpose within the system.

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

responsible-parties assembly_oscal-metadata_responsible-party[]

minItems=1

implemented-components object[]

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-implementation-common:set-parameter object

Identifies the parameter that will be set by the enclosed value.

param-id string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

values StringDatatype[] required

minItems=1

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-implementation-common:system-id object

A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.

id string required

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

pattern=^\S(.*\S)?$

identifier-type URIDatatype | enum

Identifies the identification system from which the provided identifier was assigned.

oscal-ssp-oscal-catalog-common:part object

A partition of a control's definition or a child of another part.

name string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

id string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

ns string

A universal resource identifier (URI) formatted according to RFC3986.

format=uripattern=^[a-zA-Z][a-zA-Z0-9+\-.]+:.+$

class string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

title string

A name given to the part, which may be used by a tool for display and navigation.

props assembly_oscal-metadata_property[]

minItems=1

prose string

Permits multiple paragraphs, lists, tables etc.

parts assembly_oscal-catalog-common_part[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

oscal-ssp-oscal-catalog-common:parameter object

Parameters provide a mechanism for the dynamic assignment of value(s) in a control.

id string required

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

class string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

depends-on string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

pattern=^(\p{L}|_)(\p{L}|\p{N}|[.\-_])*$

props assembly_oscal-metadata_property[]

minItems=1

links assembly_oscal-metadata_link[]

minItems=1

label string

A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.

usage string

Describes the purpose and use of a parameter

constraints assembly_oscal-catalog-common_parameter-constraint[]

minItems=1

guidelines assembly_oscal-catalog-common_parameter-guideline[]

minItems=1

values field_oscal-catalog-common_parameter-value[]

minItems=1

select assembly_oscal-catalog-common_parameter-selection

remarks field_oscal-metadata_remarks

oscal-ssp-oscal-catalog-common:parameter-constraint object

A formal or informal expression of a constraint or test

description string

A textual summary of the constraint to be applied.

tests object[]

minItems=1

oscal-ssp-oscal-catalog-common:parameter-guideline object

A prose statement that provides a recommendation for the use of a parameter.

prose string required

Prose permits multiple paragraphs, lists, tables etc.

oscal-ssp-oscal-catalog-common:parameter-value string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

oscal-ssp-oscal-catalog-common:parameter-selection object

Presenting a choice among alternatives

how-many

Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.

All of: TokenDatatype string, enum enum

choice string[]

minItems=1

oscal-ssp-oscal-catalog-common:include-all object

Include all controls from the imported catalog or profile resources.

Base64Datatype string

Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.

DateDatatype string

A string representing a 24-hour period with an optional timezone.

DateTimeWithTimezoneDatatype string

A string representing a point in time with a required timezone.

EmailAddressDatatype

An email address string formatted according to RFC 6531.

IntegerDatatype integer

A whole number value.

NonNegativeIntegerDatatype

An integer value that is equal to or greater than 0.

StringDatatype string

A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ ]+

TokenDatatype string

A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.

URIDatatype string

A universal resource identifier (URI) formatted according to RFC3986.

URIReferenceDatatype string

A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.

UUIDDatatype string

A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.

OSCAL System Security Plan (SSP)

Schema URL

Properties

Definitions