JSON Schema Viewer

{ "$schema" : "http://json-schema.org/draft-07/schema#", "$id" : "http://csrc.nist.gov/ns/oscal/1.0-schema.json", "$comment" : "OSCAL Assessment Plan Format: JSON Schema", "type" : "object", "definitions" : { "part" : { "title" : "Part", "description" : "A partition or component of a control or part", "$id" : "#/definitions/part", "type" : "object", "properties" : { "id" : { "title" : "Identifier", "description" : "Unique identifier of the containing object", "type" : "string" }, "name" : { "title" : "Name", "description" : "Identifying the purpose and intended use of the property, part or other object.", "type" : "string" }, "ns" : { "title" : "Namespace", "description" : "A namespace qualifying the name.", "type" : "string" }, "class" : { "title" : "Class", "description" : "Indicating the type or classification of the containing object", "type" : "string" }, "title" : { "$ref" : "#/definitions/title" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "prose" : { "$ref" : "#/definitions/prose" }, "parts" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/part" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } } }, "required" : [ "name" ], "additionalProperties" : false }, "prose" : { "title" : "Prose", "description" : "Prose permits multiple paragraphs, lists, tables etc.", "$id" : "#/definitions/prose", "type" : "string" }, "metadata" : { "title" : "Publication metadata", "description" : "Provides information about the publication and availability of the containing document.", "$id" : "#/definitions/metadata", "type" : "object", "properties" : { "title" : { "$ref" : "#/definitions/title" }, "published" : { "$ref" : "#/definitions/published" }, "last-modified" : { "$ref" : "#/definitions/last-modified" }, "version" : { "$ref" : "#/definitions/version" }, "oscal-version" : { "$ref" : "#/definitions/oscal-version" }, "revision-history" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/revision" } }, "document-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/doc-id" } }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "roles" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/role" } }, "locations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/location" } }, "parties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/party" } }, "responsible-parties" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/responsible-party" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "title", "last-modified", "version", "oscal-version" ], "additionalProperties" : false }, "back-matter" : { "title" : "Back matter", "description" : "A collection of citations and resource references.", "$id" : "#/definitions/back-matter", "type" : "object", "properties" : { "resources" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/resource" } } }, "additionalProperties" : false }, "revision" : { "title" : "Revision History Entry", "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", "$id" : "#/definitions/revision", "type" : "object", "properties" : { "title" : { "$ref" : "#/definitions/title" }, "published" : { "$ref" : "#/definitions/published" }, "last-modified" : { "$ref" : "#/definitions/last-modified" }, "version" : { "$ref" : "#/definitions/version" }, "oscal-version" : { "$ref" : "#/definitions/oscal-version" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false }, "link" : { "title" : "Link", "description" : "A reference to a local or remote resource", "$id" : "#/definitions/link", "type" : "object", "properties" : { "href" : { "title" : "hypertext reference", "description" : "A link to a document or document fragment (actual, nominal or projected)", "type" : "string", "format" : "uri-reference" }, "rel" : { "title" : "Relation", "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", "type" : "string" }, "media-type" : { "title" : "Media type", "description" : "Describes the media type of the linked resource", "type" : "string" }, "text" : { "type" : "string" } }, "required" : [ "text", "href" ], "additionalProperties" : false }, "published" : { "title" : "Publication Timestamp", "description" : "The date and time this document was published.", "$id" : "#/definitions/published", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, "last-modified" : { "title" : "Last modified timestamp", "description" : "Date and time of last modification.", "$id" : "#/definitions/last-modified", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, "version" : { "title" : "Document version", "description" : "The version of the document content.", "$id" : "#/definitions/version", "type" : "string" }, "oscal-version" : { "title" : "OSCAL version", "description" : "OSCAL model version.", "$id" : "#/definitions/oscal-version", "type" : "string" }, "doc-id" : { "title" : "Document Identifier", "description" : "A document identifier qualified by an identifier type.", "$id" : "#/definitions/doc-id", "type" : "object", "properties" : { "type" : { "description" : "Qualifies the kind of document identifier.", "type" : "string" }, "identifier" : { "type" : "string" } }, "required" : [ "identifier", "type" ], "additionalProperties" : false }, "prop" : { "title" : "Property", "description" : "A value with a name, attributed to the containing control, part, or group.", "$id" : "#/definitions/prop", "type" : "object", "properties" : { "name" : { "title" : "Name", "description" : "Identifying the purpose and intended use of the property, part or other object.", "type" : "string" }, "id" : { "title" : "Identifier", "description" : "Unique identifier of the containing object", "type" : "string" }, "ns" : { "title" : "Namespace", "description" : "A namespace qualifying the name.", "type" : "string" }, "class" : { "title" : "Class", "description" : "Indicating the type or classification of the containing object", "type" : "string" }, "value" : { "type" : "string" } }, "required" : [ "value", "name" ], "additionalProperties" : false }, "annotation" : { "title" : "Annotation", "description" : "A name/value pair with optional explanatory remarks.", "$id" : "#/definitions/annotation", "type" : "object", "properties" : { "name" : { "title" : "Name", "description" : "Identifying the purpose and intended use of the property, part or other object.", "type" : "string" }, "id" : { "title" : "Identifier", "description" : "Unique identifier of the containing object", "type" : "string" }, "ns" : { "title" : "Namespace", "description" : "A namespace qualifying the name.", "type" : "string" }, "value" : { "title" : "Value", "description" : "Indicates the value of the characteristic.", "type" : "string" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "name" ], "additionalProperties" : false }, "location" : { "title" : "Location", "description" : "A location, with associated metadata that can be referenced.", "$id" : "#/definitions/location", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title" : { "$ref" : "#/definitions/title" }, "address" : { "$ref" : "#/definitions/address" }, "email-addresses" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/email" } }, "telephone-numbers" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/phone" } }, "URLs" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/url" } }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "address" ], "additionalProperties" : false }, "location-uuid" : { "title" : "Location Reference", "description" : "References a location defined in metadata.", "$id" : "#/definitions/location-uuid", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "party" : { "title" : "Party (organization or person)", "description" : "A responsible entity, either singular (an organization or person) or collective (multiple persons)", "$id" : "#/definitions/party", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "type" : { "title" : "Party Type", "description" : "A category describing the kind of party the object describes.", "type" : "string", "enum" : [ "person", "organization" ] }, "party-name" : { "$ref" : "#/definitions/party-name" }, "short-name" : { "$ref" : "#/definitions/short-name" }, "external-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/external-id" } }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "addresses" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/address" } }, "email-addresses" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/email" } }, "telephone-numbers" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/phone" } }, "member-of-organizations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/member-of-organization" } }, "location-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/location-uuid" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "type", "party-name" ], "additionalProperties" : false }, "party-uuid" : { "title" : "Party Reference", "description" : "References a party defined in metadata.", "$id" : "#/definitions/party-uuid", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "external-id" : { "title" : "Personal Identifier", "description" : "An identifier for a person (such as an ORCID) using a designated scheme.", "$id" : "#/definitions/external-id", "type" : "object", "properties" : { "type" : { "title" : "Type", "description" : "Indicating the type of identifier, address, email or other data item.", "type" : "string" }, "id" : { "type" : "string" } }, "required" : [ "id", "type" ], "additionalProperties" : false }, "member-of-organization" : { "title" : "Organizational Affiliation", "description" : "Identifies that the containing object is a member of the organization associated with the provided UUID.", "$id" : "#/definitions/member-of-organization", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "rlink" : { "title" : "Resource link", "description" : "A pointer to an external copy of a document with optional hash for verification", "$id" : "#/definitions/rlink", "type" : "object", "properties" : { "href" : { "title" : "hypertext reference", "description" : "A link to a document or document fragment (actual, nominal or projected)", "type" : "string", "format" : "uri-reference" }, "media-type" : { "title" : "Media type", "description" : "Describes the media type of the linked resource", "type" : "string" }, "hashes" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/hash" } } }, "required" : [ "href" ], "additionalProperties" : false }, "party-name" : { "title" : "Party Name", "description" : "The full (legal) name of the party.", "$id" : "#/definitions/party-name", "type" : "string" }, "short-name" : { "title" : "short-name", "description" : "A common name, short name or acronym", "$id" : "#/definitions/short-name", "type" : "string" }, "address" : { "title" : "Address", "description" : "A postal address.", "$id" : "#/definitions/address", "type" : "object", "properties" : { "type" : { "description" : "Indicates the type of address.", "type" : "string" }, "postal-address" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/addr-line" } }, "city" : { "$ref" : "#/definitions/city" }, "state" : { "$ref" : "#/definitions/state" }, "postal-code" : { "$ref" : "#/definitions/postal-code" }, "country" : { "$ref" : "#/definitions/country" } }, "additionalProperties" : false }, "addr-line" : { "title" : "Address line", "description" : "A single line of an address.", "$id" : "#/definitions/addr-line", "type" : "string" }, "city" : { "title" : "City", "description" : "City, town or geographical region for mailing address", "$id" : "#/definitions/city", "type" : "string" }, "state" : { "title" : "State", "description" : "State, province or analogous geographical region for mailing address", "$id" : "#/definitions/state", "type" : "string" }, "postal-code" : { "title" : "Postal Code", "description" : "Postal or ZIP code for mailing address", "$id" : "#/definitions/postal-code", "type" : "string" }, "country" : { "title" : "Country", "description" : "Country for mailing address", "$id" : "#/definitions/country", "type" : "string" }, "email" : { "title" : "Email", "description" : "Email address", "$id" : "#/definitions/email", "type" : "string", "format" : "email", "pattern" : "^.+@.+" }, "phone" : { "title" : "Telephone", "description" : "Contact number by telephone", "$id" : "#/definitions/phone", "type" : "object", "properties" : { "type" : { "description" : "Indicates the type of phone number.", "type" : "string" }, "number" : { "type" : "string" } }, "required" : [ "number" ], "additionalProperties" : false }, "url" : { "title" : "URL", "description" : "URL for web site or Internet presence", "$id" : "#/definitions/url", "type" : "string", "format" : "uri" }, "desc" : { "title" : "Description", "description" : "A short textual description", "$id" : "#/definitions/desc", "type" : "string" }, "text" : { "title" : "Text", "description" : "A line of textual content whose semantic is determined by the context of use.", "$id" : "#/definitions/text", "type" : "string" }, "biblio" : { "title" : "Bibliographic Definition", "description" : "A container in which a set of bibliographic information can included. The model of this information is undefined by OSCAL.", "$id" : "#/definitions/biblio", "type" : "object", "additionalProperties" : false }, "resource" : { "title" : "Resource", "description" : "A resource associated with the present document, which may be a pointer to other data or a citation.", "$id" : "#/definitions/resource", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title" : { "$ref" : "#/definitions/title" }, "desc" : { "$ref" : "#/definitions/desc" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "document-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/doc-id" } }, "citation" : { "$ref" : "#/definitions/citation" }, "rlinks" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/rlink" } }, "attachments" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/base64" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid" ], "additionalProperties" : false }, "citation" : { "title" : "Citation", "description" : "A citation consisting of end note text and optional structured bibliographic data.", "$id" : "#/definitions/citation", "type" : "object", "properties" : { "text" : { "$ref" : "#/definitions/text" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "biblio" : { "$ref" : "#/definitions/biblio" } }, "required" : [ "text" ], "additionalProperties" : false }, "hash" : { "title" : "Hash", "description" : "A representation of a cryptographic digest generated over a resource using a hash algorithm.", "$id" : "#/definitions/hash", "type" : "object", "properties" : { "algorithm" : { "title" : "Hash algorithm", "description" : "Method by which a hash is derived", "type" : "string" }, "value" : { "type" : "string" } }, "required" : [ "value", "algorithm" ], "additionalProperties" : false }, "role" : { "title" : "Role", "description" : "Defining a role to be assigned to a party", "$id" : "#/definitions/role", "type" : "object", "properties" : { "id" : { "title" : "Identifier", "description" : "Unique identifier of the containing object", "type" : "string" }, "title" : { "$ref" : "#/definitions/title" }, "short-name" : { "$ref" : "#/definitions/short-name" }, "desc" : { "$ref" : "#/definitions/desc" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "id", "title" ], "additionalProperties" : false }, "responsible-party" : { "title" : "Responsible Party", "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role relative to the parent context.", "$id" : "#/definitions/responsible-party", "type" : "object", "properties" : { "party-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/party-uuid" } }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "party-uuids" ], "additionalProperties" : false }, "title" : { "title" : "Title", "description" : "A title for display and navigation", "$id" : "#/definitions/title", "type" : "string" }, "base64" : { "title" : "Base64", "description" : "", "$id" : "#/definitions/base64", "type" : "object", "properties" : { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", "type" : "string", "format" : "uri-reference" }, "media-type" : { "title" : "Media type", "description" : "Describes the media type of the linked resource", "type" : "string" }, "value" : { "type" : "string" } }, "required" : [ "value" ], "additionalProperties" : false }, "description" : { "title" : "Description", "description" : "A description supporting the parent item.", "$id" : "#/definitions/description", "type" : "string" }, "remarks" : { "title" : "Remarks", "description" : "Additional commentary on the parent item.", "$id" : "#/definitions/remarks", "type" : "string" }, "responsible-role" : { "title" : "Responsible Role", "description" : "A reference to one or more roles with responsibility for performing a function relative to the control.", "$id" : "#/definitions/responsible-role", "type" : "object", "properties" : { "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "party-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/party-uuid" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false }, "status" : { "title" : "Status", "description" : "Describes the operational status of the system.", "$id" : "#/definitions/status", "type" : "object", "properties" : { "state" : { "title" : "State", "description" : "The current operating status.", "type" : "string", "enum" : [ "operational", "under-development", "under-major-modification", "disposition", "other" ] }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "state" ], "additionalProperties" : false }, "user" : { "title" : "System User Class", "description" : "A type of user that interacts with the system based on an associated role.", "$id" : "#/definitions/user", "type" : "object", "properties" : { "title" : { "$ref" : "#/definitions/title" }, "short-name" : { "$ref" : "#/definitions/short-name" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "role-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/role-id" } }, "authorized-privileges" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/authorized-privilege" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "role-ids" ], "additionalProperties" : false }, "role-id" : { "title" : "Role Identifier Reference", "description" : "A reference to the roles served by the user.", "$id" : "#/definitions/role-id", "type" : "string" }, "authorized-privilege" : { "title" : "Privilege", "description" : "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", "$id" : "#/definitions/authorized-privilege", "type" : "object", "properties" : { "title" : { "$ref" : "#/definitions/title" }, "description" : { "$ref" : "#/definitions/description" }, "functions-performed" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/function-performed" } } }, "required" : [ "title", "functions-performed" ], "additionalProperties" : false }, "function-performed" : { "title" : "Functions Performed", "description" : "Describes a function performed for a given authorized privilege by this user class.", "$id" : "#/definitions/function-performed", "type" : "string" }, "component" : { "title" : "Component", "description" : "A defined component that can be part of an implemented system.", "$id" : "#/definitions/component", "type" : "object", "properties" : { "component-type" : { "title" : "Component Type", "description" : "A category describing the purpose of the component.", "type" : "string" }, "title" : { "$ref" : "#/definitions/title" }, "description" : { "$ref" : "#/definitions/description" }, "purpose" : { "$ref" : "#/definitions/purpose" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "status" : { "$ref" : "#/definitions/status" }, "responsible-roles" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/responsible-role" }, { "not" : { "type" : "string" } } ] } }, "protocols" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/protocol" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "component-type", "title", "description", "status" ], "additionalProperties" : false }, "protocol" : { "title" : "Protocol", "description" : "Information about the protocol used to provide a service.", "$id" : "#/definitions/protocol", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "name" : { "description" : "The short name of the protocol (e.g., TLS).", "type" : "string" }, "title" : { "$ref" : "#/definitions/title" }, "port-ranges" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/port-range" } } }, "required" : [ "name" ], "additionalProperties" : false }, "port-range" : { "title" : "Port Range", "description" : "Where applicable this is the IPv4 port range on which the service operates.", "$id" : "#/definitions/port-range", "type" : "object", "properties" : { "start" : { "title" : "Start", "description" : "Indicates the starting port number in a port range", "type" : "integer", "multipleOf" : 1, "minimum" : 0 }, "end" : { "title" : "End", "description" : "Indicates the ending port number in a port range", "type" : "integer", "multipleOf" : 1, "minimum" : 0 }, "transport" : { "title" : "Transport", "description" : "Indicates the transport type.", "type" : "string", "enum" : [ "TCP", "UDP" ] } }, "additionalProperties" : false }, "purpose" : { "title" : "Purpose", "description" : "Describes the purpose for the service within the system.", "$id" : "#/definitions/purpose", "type" : "string" }, "inventory-item" : { "title" : "Inventory Item", "description" : "A single managed inventory item within the system.", "$id" : "#/definitions/inventory-item", "type" : "object", "properties" : { "asset-id" : { "title" : "Asset Identifier", "description" : "Organizational asset identifier that is unique in the context of the system. This may be a reference to the identifier used in an asset tracking system or a vulnerability scanning tool.", "type" : "string" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "responsible-parties" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/responsible-party" }, { "not" : { "type" : "string" } } ] } }, "implemented-components" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/implemented-component" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "asset-id", "description" ], "additionalProperties" : false }, "implemented-component" : { "title" : "Implemented Component", "description" : "The set of componenets that are implemented in a given system inventory item.", "$id" : "#/definitions/implemented-component", "type" : "object", "properties" : { "use" : { "title" : "Implementation Use Type", "description" : "The type of implementation", "type" : "string" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "responsible-parties" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/responsible-party" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false }, "import-ssp" : { "title" : "Import System Security Plan", "description" : "Used by the assessment plan and POA&M to import information about the system.", "$id" : "#/definitions/import-ssp", "type" : "object", "properties" : { "href" : { "title" : "hypertext reference", "description" : "A link to a document or document fragment (actual, nominal or projected)", "type" : "string", "format" : "uri-reference" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "href" ], "additionalProperties" : false }, "objectives" : { "title" : "Objectives of Assessment", "description" : "Identifies the controls and control being assessed and their control objectives. In the assessment plans, these are the planned controls and objectives. In the assessment results, these are the actual controls and objectives, and reflects any changes from the plan.", "$id" : "#/definitions/objectives", "type" : "object", "properties" : { "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "control-group" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/controls" } }, "control-objective-group" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/control-objectives" } }, "objective" : { "$ref" : "#/definitions/objective" }, "method-definitions" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/method" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "control-group" ], "additionalProperties" : false }, "controls" : { "title" : "Assessed Controls", "description" : "Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.", "$id" : "#/definitions/controls", "type" : "object", "properties" : { "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "all" : { "$ref" : "#/definitions/all" }, "include-controls" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/include-control" } }, "exclude-controls" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/exclude-control" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false }, "control-objectives" : { "title" : "Control Objectives", "description" : "Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the actual objectives, and reflects any changes from the plan.", "$id" : "#/definitions/control-objectives", "type" : "object", "properties" : { "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "all" : { "$ref" : "#/definitions/all" }, "include-objectives" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/include-objective" } }, "exclude-objectives" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/exclude-objective" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false }, "include-control" : { "title" : "Include Control", "description" : "Identifies an individual control to include.", "$id" : "#/definitions/include-control", "type" : "object", "properties" : { "control-id" : { "title" : "Control Identifier Reference", "description" : "A reference to a control identifier.", "type" : "string" }, "STRVALUE" : { "type" : "string" } }, "required" : [ "STRVALUE", "control-id" ], "additionalProperties" : false }, "exclude-control" : { "title" : "Exclude Control", "description" : "Identifies an individual control to exclude.", "$id" : "#/definitions/exclude-control", "type" : "object", "properties" : { "control-id" : { "title" : "Control Identifier Reference", "description" : "A reference to a control identifier.", "type" : "string" }, "STRVALUE" : { "type" : "string" } }, "required" : [ "STRVALUE", "control-id" ], "additionalProperties" : false }, "include-objective" : { "title" : "Include Objective", "description" : "Identifies an individual control objective to include.", "$id" : "#/definitions/include-objective", "type" : "object", "properties" : { "objective-id" : { "title" : "Objective ID", "description" : "Points to an assessment objective.", "type" : "string" }, "STRVALUE" : { "type" : "string" } }, "required" : [ "STRVALUE", "objective-id" ], "additionalProperties" : false }, "exclude-objective" : { "title" : "Exclude Objective", "description" : "Identifies an individual control objective to exclude.", "$id" : "#/definitions/exclude-objective", "type" : "object", "properties" : { "objective-id" : { "title" : "Objective ID", "description" : "Points to an assessment objective.", "type" : "string" }, "STRVALUE" : { "type" : "string" } }, "required" : [ "STRVALUE", "objective-id" ], "additionalProperties" : false }, "objective" : { "title" : "Control Objective", "description" : "A local definition of a control objective. Uses catalog syntax for control objective and assessment actions.", "$id" : "#/definitions/objective", "type" : "object", "properties" : { "id" : { "title" : "Identifier", "description" : "Unique identifier of the containing object", "type" : "string" }, "control-id" : { "title" : "Control Identifier Reference", "description" : "A reference to a control identifier.", "type" : "string" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "part" : { "$ref" : "#/definitions/part" }, "methods" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/assessment-method" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "id", "control-id", "part" ], "additionalProperties" : false }, "assessment-method" : { "title" : "Assessment Method", "description" : "Identifies a method for assessing the satisfaction of this objective.", "$id" : "#/definitions/assessment-method", "type" : "object", "properties" : { "method-uuid" : { "title" : "Method ID", "description" : "Identifies the assessment method.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "STRVALUE" : { "type" : "string" } }, "required" : [ "STRVALUE", "method-uuid" ], "additionalProperties" : false }, "method" : { "title" : "Assessment Method", "description" : "A local definition of a control objective. Uses catalog syntax for control objective and assessment actions.", "$id" : "#/definitions/method", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "part" : { "$ref" : "#/definitions/part" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "part" ], "additionalProperties" : false }, "include-subject" : { "title" : "Included Assessment Subject", "description" : "Identifies exactly what will be the focus of this assessment. Anything not explicitly defined is out-of-scope.", "$id" : "#/definitions/include-subject", "type" : "object", "properties" : { "name" : { "title" : "Name", "description" : "Identifying the purpose and intended use of the property, part or other object.", "type" : "string" }, "class" : { "title" : "Class", "description" : "Indicating the type or classification of the containing object", "type" : "string" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "all" : { "$ref" : "#/definitions/all" }, "subject-references" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/subject-reference" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "name", "description" ], "additionalProperties" : false }, "exclude-subject" : { "title" : "Excluded Assessment Subject", "description" : "Identifies what is explicitly excluded from this assessment. Used to remove a subset of items from groups of explicitly included items. Also used to explicitly clarify off-limit items, such as hosts to avoid scanning.", "$id" : "#/definitions/exclude-subject", "type" : "object", "properties" : { "name" : { "title" : "Name", "description" : "Identifying the purpose and intended use of the property, part or other object.", "type" : "string" }, "class" : { "title" : "Class", "description" : "Indicating the type or classification of the containing object", "type" : "string" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "all" : { "$ref" : "#/definitions/all" }, "subject-references" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/subject-reference" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "name", "description" ], "additionalProperties" : false }, "subject-reference" : { "title" : "Identifies the Subject", "description" : "A pointer to a resource based on its ID. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.", "$id" : "#/definitions/subject-reference", "type" : "object", "properties" : { "uuid-ref" : { "title" : "UUID Reference", "description" : "A pointer to a component, inventory-item, location, party, user, or resource using it's UUID.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "type" : { "title" : "Type", "description" : "Indicating the type of identifier, address, email or other data item.", "type" : "string" }, "title" : { "$ref" : "#/definitions/title" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } } }, "required" : [ "uuid-ref", "type" ], "additionalProperties" : false }, "all" : { "title" : "All", "description" : "A key word to indicate all", "$id" : "#/definitions/all", "type" : "string" }, "assets" : { "title" : "Assessment Assets", "description" : "Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.", "$id" : "#/definitions/assets", "type" : "object", "properties" : { "tools" : { "$ref" : "#/definitions/tools" }, "origination" : { "$ref" : "#/definitions/origination" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "parts" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/part" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false }, "tools" : { "title" : "Assessment Assets", "description" : "The technology tools used by the assessor to perform the assessment, such as vulnerability scanners. In the assessment plan these are the intended tools. In the assessment results, these are the actual tools used, including any differences from the assessment plan.", "$id" : "#/definitions/tools", "type" : "object", "properties" : { "components" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/component" }, { "not" : { "type" : "string" } } ] } } }, "additionalProperties" : false }, "origination" : { "title" : "Assessment Origination", "description" : "Identifies the origination of network-based assessment activities, such as the IP address of the tool performing assessment scans.", "$id" : "#/definitions/origination", "type" : "object", "properties" : { "title" : { "$ref" : "#/definitions/title" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } } }, "required" : [ "title" ], "additionalProperties" : false }, "assessment-activities" : { "title" : "Assessment Activities", "description" : "Identifies the assessment activities and schedule. In the assessment plan, these are planned activities. In the assessment results, these are the actual activities performed.", "$id" : "#/definitions/assessment-activities", "type" : "object", "properties" : { "test-methods" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/test-method" } }, "schedule" : { "$ref" : "#/definitions/schedule" }, "include-activities" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/include-activity" } }, "exclude-activities" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/exclude-activity" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false }, "test-method" : { "title" : "Test Method", "description" : "Identifies an individual test method.", "$id" : "#/definitions/test-method", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title" : { "$ref" : "#/definitions/title" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "test-steps" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/test-step" } }, "compare-to" : { "$ref" : "#/definitions/compare-to" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid" ], "additionalProperties" : false }, "compare-to" : { "title" : "Compare To", "description" : "Typically used in when copying content from the assessment plan to the assessment results. The uuid should be changed in the assessment results file, and the compare-to field should be set to the original assessment plan uuid value. This enables the plan and results to be compared later to identify what changed between the two.", "$id" : "#/definitions/compare-to", "type" : "string" }, "test-step" : { "title" : "Test Steps", "description" : "Identifies an individual test step.", "$id" : "#/definitions/test-step", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "sequence" : { "$ref" : "#/definitions/sequence" }, "description" : { "$ref" : "#/definitions/description" }, "role-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/role-id" } }, "party-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/party-uuid" } }, "compare-to" : { "$ref" : "#/definitions/compare-to" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "description" ], "additionalProperties" : false }, "sequence" : { "title" : "Sequence Number", "description" : "Identifies the sequence number for the test step.", "$id" : "#/definitions/sequence", "type" : "integer" }, "schedule" : { "title" : "Schedule", "description" : "Identifies the schedule for the assessment activities.", "$id" : "#/definitions/schedule", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "tasks" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/task" } } }, "required" : [ "tasks" ], "additionalProperties" : false }, "task" : { "title" : "Task", "description" : "Identifies an individual task.", "$id" : "#/definitions/task", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title" : { "$ref" : "#/definitions/title" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "start" : { "$ref" : "#/definitions/start" }, "end" : { "$ref" : "#/definitions/end" }, "activity-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/activity-uuid" } }, "role-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/role-id" } }, "party-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/party-uuid" } }, "location-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/location-uuid" } }, "compare-to" : { "$ref" : "#/definitions/compare-to" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid" ], "additionalProperties" : false }, "start" : { "title" : "Start", "description" : "Identifies the start of a task.", "$id" : "#/definitions/start", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, "end" : { "title" : "End", "description" : "Identifies the end of a task.", "$id" : "#/definitions/end", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, "activity-uuid" : { "title" : "Activity ID", "description" : "Links the task to a defined activity.", "$id" : "#/definitions/activity-uuid", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "include-activity" : { "title" : "Included Activity", "description" : "Identifies an assessment activity. In the assessment plan, this is an intended/in-scope activity. In the assessment results, this identifies an activity that was actually performed.", "$id" : "#/definitions/include-activity", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title" : { "$ref" : "#/definitions/title" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "role-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/role-id" } }, "party-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/party-uuid" } }, "location-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/location-uuid" } }, "compare-to" : { "$ref" : "#/definitions/compare-to" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "description" ], "additionalProperties" : false }, "exclude-activity" : { "title" : "Included Activity", "description" : "Identifies an activity explicitly excluded from the assessment. In the assessment plan, this clarifies activities that are out-of-scope or prohibited. In the assessment results, this could be used to explicitly identify an activity that was planned, but not performed.", "$id" : "#/definitions/exclude-activity", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title" : { "$ref" : "#/definitions/title" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "role-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/role-id" } }, "party-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/party-uuid" } }, "location-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/location-uuid" } }, "compare-to" : { "$ref" : "#/definitions/compare-to" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "description" ], "additionalProperties" : false }, "assessment-plan" : { "title" : "Security Assessment Plan (SAP)", "description" : "An assessment plan, such as those provided by a FedRAMP assessor.", "$id" : "#/definitions/assessment-plan", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "metadata" : { "$ref" : "#/definitions/metadata" }, "import-ssp" : { "$ref" : "#/definitions/import-ssp" }, "objectives" : { "$ref" : "#/definitions/objectives" }, "assessment-subjects" : { "$ref" : "#/definitions/assessment-subjects" }, "assets" : { "$ref" : "#/definitions/assets" }, "assessment-activities" : { "$ref" : "#/definitions/assessment-activities" }, "back-matter" : { "$ref" : "#/definitions/back-matter" } }, "required" : [ "uuid", "metadata", "import-ssp", "objectives" ], "additionalProperties" : false }, "assessment-subjects" : { "title" : "Subject of Assessment", "description" : "Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies the planned assessment subject. In the assessment results this is the actual assessment subject, and reflects any changes from the plan.", "$id" : "#/definitions/assessment-subjects", "type" : "object", "properties" : { "includes" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/include-subject" } }, "excludes" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/exclude-subject" } }, "local-definitions" : { "$ref" : "#/definitions/local-definitions" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "includes" ], "additionalProperties" : false }, "local-definitions" : { "title" : "Local Definitions", "description" : "Allows control objectives, users, components, and inventory-items to be defined within the assessment plan or assessment results for circumstances where they are not appropriately defined in the SSP. NOTE: Use the assessment plan or assessment results metadata to define additional locations if needed.", "$id" : "#/definitions/local-definitions", "type" : "object", "properties" : { "components" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/component" }, { "not" : { "type" : "string" } } ] } }, "inventory-items" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/inventory-item" }, { "not" : { "type" : "string" } } ] } }, "users" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/user" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false } }, "properties" : { "assessment-plan" : { "$ref" : "#/definitions/assessment-plan" } }, "required" : [ "assessment-plan" ] }