JSON Schema Viewer

{ "$schema" : "http://json-schema.org/draft-07/schema#", "$id" : "http://csrc.nist.gov/ns/oscal/1.0-schema.json", "$comment" : "OSCAL System Security Plan (SSP) Format: JSON Schema", "type" : "object", "definitions" : { "metadata" : { "title" : "Publication metadata", "description" : "Provides information about the publication and availability of the containing document.", "$id" : "#/definitions/metadata", "type" : "object", "properties" : { "title" : { "$ref" : "#/definitions/title" }, "published" : { "$ref" : "#/definitions/published" }, "last-modified" : { "$ref" : "#/definitions/last-modified" }, "version" : { "$ref" : "#/definitions/version" }, "oscal-version" : { "$ref" : "#/definitions/oscal-version" }, "revision-history" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/revision" } }, "document-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/doc-id" } }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "roles" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/role" } }, "locations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/location" } }, "parties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/party" } }, "responsible-parties" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/responsible-party" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "title", "last-modified", "version", "oscal-version" ], "additionalProperties" : false }, "back-matter" : { "title" : "Back matter", "description" : "A collection of citations and resource references.", "$id" : "#/definitions/back-matter", "type" : "object", "properties" : { "resources" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/resource" } } }, "additionalProperties" : false }, "revision" : { "title" : "Revision History Entry", "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", "$id" : "#/definitions/revision", "type" : "object", "properties" : { "title" : { "$ref" : "#/definitions/title" }, "published" : { "$ref" : "#/definitions/published" }, "last-modified" : { "$ref" : "#/definitions/last-modified" }, "version" : { "$ref" : "#/definitions/version" }, "oscal-version" : { "$ref" : "#/definitions/oscal-version" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false }, "link" : { "title" : "Link", "description" : "A reference to a local or remote resource", "$id" : "#/definitions/link", "type" : "object", "properties" : { "href" : { "title" : "hypertext reference", "description" : "A link to a document or document fragment (actual, nominal or projected)", "type" : "string", "format" : "uri-reference" }, "rel" : { "title" : "Relation", "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", "type" : "string" }, "media-type" : { "title" : "Media type", "description" : "Describes the media type of the linked resource", "type" : "string" }, "text" : { "type" : "string" } }, "required" : [ "text", "href" ], "additionalProperties" : false }, "published" : { "title" : "Publication Timestamp", "description" : "The date and time this document was published.", "$id" : "#/definitions/published", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, "last-modified" : { "title" : "Last modified timestamp", "description" : "Date and time of last modification.", "$id" : "#/definitions/last-modified", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, "version" : { "title" : "Document version", "description" : "The version of the document content.", "$id" : "#/definitions/version", "type" : "string" }, "oscal-version" : { "title" : "OSCAL version", "description" : "OSCAL model version.", "$id" : "#/definitions/oscal-version", "type" : "string" }, "doc-id" : { "title" : "Document Identifier", "description" : "A document identifier qualified by an identifier type.", "$id" : "#/definitions/doc-id", "type" : "object", "properties" : { "type" : { "description" : "Qualifies the kind of document identifier.", "type" : "string" }, "identifier" : { "type" : "string" } }, "required" : [ "identifier", "type" ], "additionalProperties" : false }, "prop" : { "title" : "Property", "description" : "A value with a name, attributed to the containing control, part, or group.", "$id" : "#/definitions/prop", "type" : "object", "properties" : { "name" : { "title" : "Name", "description" : "Identifying the purpose and intended use of the property, part or other object.", "type" : "string" }, "id" : { "title" : "Identifier", "description" : "Unique identifier of the containing object", "type" : "string" }, "ns" : { "title" : "Namespace", "description" : "A namespace qualifying the name.", "type" : "string" }, "class" : { "title" : "Class", "description" : "Indicating the type or classification of the containing object", "type" : "string" }, "value" : { "type" : "string" } }, "required" : [ "value", "name" ], "additionalProperties" : false }, "annotation" : { "title" : "Annotation", "description" : "A name/value pair with optional explanatory remarks.", "$id" : "#/definitions/annotation", "type" : "object", "properties" : { "name" : { "title" : "Name", "description" : "Identifying the purpose and intended use of the property, part or other object.", "type" : "string" }, "id" : { "title" : "Identifier", "description" : "Unique identifier of the containing object", "type" : "string" }, "ns" : { "title" : "Namespace", "description" : "A namespace qualifying the name.", "type" : "string" }, "value" : { "title" : "Value", "description" : "Indicates the value of the characteristic.", "type" : "string" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "name" ], "additionalProperties" : false }, "location" : { "title" : "Location", "description" : "A location, with associated metadata that can be referenced.", "$id" : "#/definitions/location", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title" : { "$ref" : "#/definitions/title" }, "address" : { "$ref" : "#/definitions/address" }, "email-addresses" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/email" } }, "telephone-numbers" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/phone" } }, "URLs" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/url" } }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "address" ], "additionalProperties" : false }, "location-uuid" : { "title" : "Location Reference", "description" : "References a location defined in metadata.", "$id" : "#/definitions/location-uuid", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "party" : { "title" : "Party (organization or person)", "description" : "A responsible entity, either singular (an organization or person) or collective (multiple persons)", "$id" : "#/definitions/party", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "type" : { "title" : "Party Type", "description" : "A category describing the kind of party the object describes.", "type" : "string", "enum" : [ "person", "organization" ] }, "party-name" : { "$ref" : "#/definitions/party-name" }, "short-name" : { "$ref" : "#/definitions/short-name" }, "external-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/external-id" } }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "addresses" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/address" } }, "email-addresses" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/email" } }, "telephone-numbers" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/phone" } }, "member-of-organizations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/member-of-organization" } }, "location-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/location-uuid" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "type", "party-name" ], "additionalProperties" : false }, "party-uuid" : { "title" : "Party Reference", "description" : "References a party defined in metadata.", "$id" : "#/definitions/party-uuid", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "external-id" : { "title" : "Personal Identifier", "description" : "An identifier for a person (such as an ORCID) using a designated scheme.", "$id" : "#/definitions/external-id", "type" : "object", "properties" : { "type" : { "title" : "Type", "description" : "Indicating the type of identifier, address, email or other data item.", "type" : "string" }, "id" : { "type" : "string" } }, "required" : [ "id", "type" ], "additionalProperties" : false }, "member-of-organization" : { "title" : "Organizational Affiliation", "description" : "Identifies that the containing object is a member of the organization associated with the provided UUID.", "$id" : "#/definitions/member-of-organization", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "rlink" : { "title" : "Resource link", "description" : "A pointer to an external copy of a document with optional hash for verification", "$id" : "#/definitions/rlink", "type" : "object", "properties" : { "href" : { "title" : "hypertext reference", "description" : "A link to a document or document fragment (actual, nominal or projected)", "type" : "string", "format" : "uri-reference" }, "media-type" : { "title" : "Media type", "description" : "Describes the media type of the linked resource", "type" : "string" }, "hashes" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/hash" } } }, "required" : [ "href" ], "additionalProperties" : false }, "party-name" : { "title" : "Party Name", "description" : "The full (legal) name of the party.", "$id" : "#/definitions/party-name", "type" : "string" }, "short-name" : { "title" : "short-name", "description" : "A common name, short name or acronym", "$id" : "#/definitions/short-name", "type" : "string" }, "address" : { "title" : "Address", "description" : "A postal address.", "$id" : "#/definitions/address", "type" : "object", "properties" : { "type" : { "description" : "Indicates the type of address.", "type" : "string" }, "postal-address" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/addr-line" } }, "city" : { "$ref" : "#/definitions/city" }, "state" : { "$ref" : "#/definitions/state" }, "postal-code" : { "$ref" : "#/definitions/postal-code" }, "country" : { "$ref" : "#/definitions/country" } }, "additionalProperties" : false }, "addr-line" : { "title" : "Address line", "description" : "A single line of an address.", "$id" : "#/definitions/addr-line", "type" : "string" }, "city" : { "title" : "City", "description" : "City, town or geographical region for mailing address", "$id" : "#/definitions/city", "type" : "string" }, "state" : { "title" : "State", "description" : "State, province or analogous geographical region for mailing address", "$id" : "#/definitions/state", "type" : "string" }, "postal-code" : { "title" : "Postal Code", "description" : "Postal or ZIP code for mailing address", "$id" : "#/definitions/postal-code", "type" : "string" }, "country" : { "title" : "Country", "description" : "Country for mailing address", "$id" : "#/definitions/country", "type" : "string" }, "email" : { "title" : "Email", "description" : "Email address", "$id" : "#/definitions/email", "type" : "string", "format" : "email", "pattern" : "^.+@.+" }, "phone" : { "title" : "Telephone", "description" : "Contact number by telephone", "$id" : "#/definitions/phone", "type" : "object", "properties" : { "type" : { "description" : "Indicates the type of phone number.", "type" : "string" }, "number" : { "type" : "string" } }, "required" : [ "number" ], "additionalProperties" : false }, "url" : { "title" : "URL", "description" : "URL for web site or Internet presence", "$id" : "#/definitions/url", "type" : "string", "format" : "uri" }, "desc" : { "title" : "Description", "description" : "A short textual description", "$id" : "#/definitions/desc", "type" : "string" }, "text" : { "title" : "Text", "description" : "A line of textual content whose semantic is determined by the context of use.", "$id" : "#/definitions/text", "type" : "string" }, "biblio" : { "title" : "Bibliographic Definition", "description" : "A container in which a set of bibliographic information can included. The model of this information is undefined by OSCAL.", "$id" : "#/definitions/biblio", "type" : "object", "additionalProperties" : false }, "resource" : { "title" : "Resource", "description" : "A resource associated with the present document, which may be a pointer to other data or a citation.", "$id" : "#/definitions/resource", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title" : { "$ref" : "#/definitions/title" }, "desc" : { "$ref" : "#/definitions/desc" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "document-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/doc-id" } }, "citation" : { "$ref" : "#/definitions/citation" }, "rlinks" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/rlink" } }, "attachments" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/base64" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid" ], "additionalProperties" : false }, "citation" : { "title" : "Citation", "description" : "A citation consisting of end note text and optional structured bibliographic data.", "$id" : "#/definitions/citation", "type" : "object", "properties" : { "text" : { "$ref" : "#/definitions/text" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "biblio" : { "$ref" : "#/definitions/biblio" } }, "required" : [ "text" ], "additionalProperties" : false }, "hash" : { "title" : "Hash", "description" : "A representation of a cryptographic digest generated over a resource using a hash algorithm.", "$id" : "#/definitions/hash", "type" : "object", "properties" : { "algorithm" : { "title" : "Hash algorithm", "description" : "Method by which a hash is derived", "type" : "string" }, "value" : { "type" : "string" } }, "required" : [ "value", "algorithm" ], "additionalProperties" : false }, "role" : { "title" : "Role", "description" : "Defining a role to be assigned to a party", "$id" : "#/definitions/role", "type" : "object", "properties" : { "id" : { "title" : "Identifier", "description" : "Unique identifier of the containing object", "type" : "string" }, "title" : { "$ref" : "#/definitions/title" }, "short-name" : { "$ref" : "#/definitions/short-name" }, "desc" : { "$ref" : "#/definitions/desc" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "id", "title" ], "additionalProperties" : false }, "responsible-party" : { "title" : "Responsible Party", "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role relative to the parent context.", "$id" : "#/definitions/responsible-party", "type" : "object", "properties" : { "party-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/party-uuid" } }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "party-uuids" ], "additionalProperties" : false }, "title" : { "title" : "Title", "description" : "A title for display and navigation", "$id" : "#/definitions/title", "type" : "string" }, "base64" : { "title" : "Base64", "description" : "", "$id" : "#/definitions/base64", "type" : "object", "properties" : { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", "type" : "string", "format" : "uri-reference" }, "media-type" : { "title" : "Media type", "description" : "Describes the media type of the linked resource", "type" : "string" }, "value" : { "type" : "string" } }, "required" : [ "value" ], "additionalProperties" : false }, "description" : { "title" : "Description", "description" : "A description supporting the parent item.", "$id" : "#/definitions/description", "type" : "string" }, "remarks" : { "title" : "Remarks", "description" : "Additional commentary on the parent item.", "$id" : "#/definitions/remarks", "type" : "string" }, "responsible-role" : { "title" : "Responsible Role", "description" : "A reference to one or more roles with responsibility for performing a function relative to the control.", "$id" : "#/definitions/responsible-role", "type" : "object", "properties" : { "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "party-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/party-uuid" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false }, "set-parameter" : { "title" : "Set Parameter Value", "description" : "Identifies the parameter that will be filled in by the enclosed value element.", "$id" : "#/definitions/set-parameter", "type" : "object", "properties" : { "value" : { "$ref" : "#/definitions/value" } }, "required" : [ "value" ], "additionalProperties" : false }, "value" : { "title" : "Value", "description" : "The phrase or string that fills-in the parameter and completes the requirement statement.", "$id" : "#/definitions/value", "type" : "string" }, "system-security-plan" : { "title" : "System Security Plan (SSP)", "description" : "A system security plan, such as those described in NIST SP 800-18", "$id" : "#/definitions/system-security-plan", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "metadata" : { "$ref" : "#/definitions/metadata" }, "import-profile" : { "$ref" : "#/definitions/import-profile" }, "system-characteristics" : { "$ref" : "#/definitions/system-characteristics" }, "system-implementation" : { "$ref" : "#/definitions/system-implementation" }, "control-implementation" : { "$ref" : "#/definitions/control-implementation" }, "back-matter" : { "$ref" : "#/definitions/back-matter" } }, "required" : [ "uuid", "metadata", "import-profile", "system-characteristics", "system-implementation", "control-implementation" ], "additionalProperties" : false }, "import-profile" : { "title" : "Import Profile", "description" : "Used to import the OSCAL profile representing the system's control baseline.", "$id" : "#/definitions/import-profile", "type" : "object", "properties" : { "href" : { "title" : "hypertext reference", "description" : "A link to a document or document fragment (actual, nominal or projected)", "type" : "string", "format" : "uri-reference" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "href" ], "additionalProperties" : false }, "system-characteristics" : { "title" : "System Characteristics", "description" : "Contains the characteristics of the system, such as its name, purpose, and security impact level.", "$id" : "#/definitions/system-characteristics", "type" : "object", "properties" : { "system-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/system-id" } }, "system-name" : { "$ref" : "#/definitions/system-name" }, "system-name-short" : { "$ref" : "#/definitions/system-name-short" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "date-authorized" : { "$ref" : "#/definitions/date-authorized" }, "security-sensitivity-level" : { "$ref" : "#/definitions/security-sensitivity-level" }, "system-information" : { "$ref" : "#/definitions/system-information" }, "security-impact-level" : { "$ref" : "#/definitions/security-impact-level" }, "status" : { "$ref" : "#/definitions/status" }, "authorization-boundary" : { "$ref" : "#/definitions/authorization-boundary" }, "network-architecture" : { "$ref" : "#/definitions/network-architecture" }, "data-flow" : { "$ref" : "#/definitions/data-flow" }, "responsible-parties" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/responsible-party" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "system-ids", "system-name", "description", "security-sensitivity-level", "system-information", "security-impact-level", "status", "authorization-boundary" ], "additionalProperties" : false }, "system-id" : { "title" : "System Identification", "description" : "A unique identifier for the system described by this system security plan.", "$id" : "#/definitions/system-id", "type" : "object", "properties" : { "identifier-type" : { "title" : "Identification System Type", "description" : "Identifies the identification system from which the provided identifier was assigned.", "type" : "string", "format" : "uri" }, "id" : { "type" : "string" } }, "required" : [ "id" ], "additionalProperties" : false }, "system-name" : { "title" : "System Name (Full)", "description" : "The full name of the system.", "$id" : "#/definitions/system-name", "type" : "string" }, "system-name-short" : { "title" : "System Name (Short)", "description" : "A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.", "$id" : "#/definitions/system-name-short", "type" : "string" }, "security-sensitivity-level" : { "title" : "Security Sensitivity Level", "description" : "The overall information system sensitivity categorization, such as defined by FIPS-199.", "$id" : "#/definitions/security-sensitivity-level", "type" : "string", "enum" : [ "low", "moderate", "high" ] }, "system-information" : { "title" : "System Information", "description" : "Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.", "$id" : "#/definitions/system-information", "type" : "object", "properties" : { "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "information-types" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/information-type" } } }, "required" : [ "information-types" ], "additionalProperties" : false }, "information-type" : { "title" : "Information Type", "description" : "Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.", "$id" : "#/definitions/information-type", "type" : "object", "properties" : { "id" : { "title" : "Identifier", "description" : "Unique identifier of the containing object", "type" : "string" }, "title" : { "$ref" : "#/definitions/title" }, "description" : { "$ref" : "#/definitions/description" }, "information-type-ids" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/information-type-id" }, { "not" : { "type" : "string" } } ] } }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "confidentiality-impact" : { "$ref" : "#/definitions/confidentiality-impact" }, "integrity-impact" : { "$ref" : "#/definitions/integrity-impact" }, "availability-impact" : { "$ref" : "#/definitions/availability-impact" } }, "required" : [ "title", "description", "confidentiality-impact", "integrity-impact", "availability-impact" ], "additionalProperties" : false }, "information-type-id" : { "title" : "Information Type Identifier", "description" : "An identifier qualified by the given identification system used, such as NIST SP 800-60.", "$id" : "#/definitions/information-type-id", "type" : "object", "properties" : { "id" : { "type" : "string" } }, "required" : [ "id" ], "additionalProperties" : false }, "confidentiality-impact" : { "title" : "Confidentiality Impact Level", "description" : "The expected level of impact resulting from the unauthorized disclosure of information.", "$id" : "#/definitions/confidentiality-impact", "type" : "object", "properties" : { "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "base" : { "$ref" : "#/definitions/base" }, "selected" : { "$ref" : "#/definitions/selected" }, "adjustment-justification" : { "$ref" : "#/definitions/adjustment-justification" } }, "required" : [ "base" ], "additionalProperties" : false }, "integrity-impact" : { "title" : "Integrity Impact Level", "description" : "The expected level of impact resulting from the unauthorized modification of information.", "$id" : "#/definitions/integrity-impact", "type" : "object", "properties" : { "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "base" : { "$ref" : "#/definitions/base" }, "selected" : { "$ref" : "#/definitions/selected" }, "adjustment-justification" : { "$ref" : "#/definitions/adjustment-justification" } }, "required" : [ "base" ], "additionalProperties" : false }, "availability-impact" : { "title" : "Availability Impact Level", "description" : "The expected level of impact resulting from the disruption of access to or use of information or the information system.", "$id" : "#/definitions/availability-impact", "type" : "object", "properties" : { "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "base" : { "$ref" : "#/definitions/base" }, "selected" : { "$ref" : "#/definitions/selected" }, "adjustment-justification" : { "$ref" : "#/definitions/adjustment-justification" } }, "required" : [ "base" ], "additionalProperties" : false }, "base" : { "title" : "Base Level (Confidentiality, Integrity, or Availability)", "description" : "The prescribed base (Confidentiality, Integrity, or Availability) security impact level.", "$id" : "#/definitions/base", "type" : "string", "enum" : [ "fips-199-low", "fips-199-moderate", "fips-199-high" ] }, "selected" : { "title" : "Selected Level (Confidentiality, Integrity, or Availability)", "description" : "The selected (Confidentiality, Integrity, or Availability) security impact level.", "$id" : "#/definitions/selected", "type" : "string", "enum" : [ "fips-199-low", "fips-199-moderate", "fips-199-high" ] }, "adjustment-justification" : { "title" : "Adjustment Justification", "description" : "If the selected security level is different from the base security level, this contains the justification for the change.", "$id" : "#/definitions/adjustment-justification", "type" : "string" }, "security-impact-level" : { "title" : "Security Impact Level", "description" : "The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.", "$id" : "#/definitions/security-impact-level", "type" : "object", "properties" : { "security-objective-confidentiality" : { "$ref" : "#/definitions/security-objective-confidentiality" }, "security-objective-integrity" : { "$ref" : "#/definitions/security-objective-integrity" }, "security-objective-availability" : { "$ref" : "#/definitions/security-objective-availability" } }, "additionalProperties" : false }, "security-objective-confidentiality" : { "title" : "Security Objective: Confidentiality", "description" : "A target-level of confidentiality for the system, based on the sensitivity of information within the system.", "$id" : "#/definitions/security-objective-confidentiality", "type" : "string", "enum" : [ "fips-199-low", "fips-199-moderate", "fips-199-high" ] }, "security-objective-integrity" : { "title" : "Security Objective: Integrity", "description" : "A target-level of integrity for the system, based on the sensitivity of information within the system.", "$id" : "#/definitions/security-objective-integrity", "type" : "string", "enum" : [ "fips-199-low", "fips-199-moderate", "fips-199-high" ] }, "security-objective-availability" : { "title" : "Security Objective: Availability", "description" : "A target-level of availability for the system, based on the sensitivity of information within the system.", "$id" : "#/definitions/security-objective-availability", "type" : "string", "enum" : [ "fips-199-low", "fips-199-moderate", "fips-199-high" ] }, "status" : { "title" : "Status", "description" : "Describes the operational status of the system.", "$id" : "#/definitions/status", "type" : "object", "properties" : { "state" : { "title" : "State", "description" : "The current operating status.", "type" : "string", "enum" : [ "operational", "under-development", "under-major-modification", "disposition", "other" ] }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "state" ], "additionalProperties" : false }, "leveraged-authorization" : { "title" : "Leveraged Authorization", "description" : "A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider.", "$id" : "#/definitions/leveraged-authorization", "type" : "object", "properties" : { "id" : { "title" : "Identifier", "description" : "Unique identifier of the containing object", "type" : "string" }, "title" : { "$ref" : "#/definitions/title" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "party-uuid" : { "$ref" : "#/definitions/party-uuid" }, "date-authorized" : { "$ref" : "#/definitions/date-authorized" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "title", "party-uuid", "date-authorized" ], "additionalProperties" : false }, "date-authorized" : { "title" : "System Authorization Date", "description" : "The date this system received its authorization.", "$id" : "#/definitions/date-authorized", "type" : "string", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))(Z|[+-][0-9]{2}:[0-9]{2})?$" }, "authorization-boundary" : { "title" : "Authorization Boundary", "description" : "A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.", "$id" : "#/definitions/authorization-boundary", "type" : "object", "properties" : { "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "diagrams" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/diagram" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "description" ], "additionalProperties" : false }, "diagram" : { "title" : "Diagram", "description" : "A graphic that provides a visual representation the system, or some aspect of it.", "$id" : "#/definitions/diagram", "type" : "object", "properties" : { "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "caption" : { "$ref" : "#/definitions/caption" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false }, "caption" : { "title" : "Caption", "description" : "A brief caption to annotate the diagram.", "$id" : "#/definitions/caption", "type" : "string" }, "network-architecture" : { "title" : "Network Architecture", "description" : "A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.", "$id" : "#/definitions/network-architecture", "type" : "object", "properties" : { "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "diagrams" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/diagram" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "description" ], "additionalProperties" : false }, "data-flow" : { "title" : "Data Flow", "description" : "A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.", "$id" : "#/definitions/data-flow", "type" : "object", "properties" : { "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "diagrams" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/diagram" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "description" ], "additionalProperties" : false }, "system-implementation" : { "title" : "System Implementation", "description" : "Provides information as to how the system is implemented.", "$id" : "#/definitions/system-implementation", "type" : "object", "properties" : { "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "leveraged-authorizations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/leveraged-authorization" } }, "users" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/user" }, { "not" : { "type" : "string" } } ] } }, "components" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/component" }, { "not" : { "type" : "string" } } ] } }, "system-inventory" : { "$ref" : "#/definitions/system-inventory" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "users" ], "additionalProperties" : false }, "user" : { "title" : "System User Class", "description" : "A type of user that interacts with the system based on an associated role.", "$id" : "#/definitions/user", "type" : "object", "properties" : { "title" : { "$ref" : "#/definitions/title" }, "short-name" : { "$ref" : "#/definitions/short-name" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "role-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/role-id" } }, "authorized-privileges" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/authorized-privilege" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "role-ids" ], "additionalProperties" : false }, "role-id" : { "title" : "Role Identifier Reference", "description" : "A reference to the roles served by the user.", "$id" : "#/definitions/role-id", "type" : "string" }, "authorized-privilege" : { "title" : "Privilege", "description" : "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", "$id" : "#/definitions/authorized-privilege", "type" : "object", "properties" : { "title" : { "$ref" : "#/definitions/title" }, "description" : { "$ref" : "#/definitions/description" }, "functions-performed" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/function-performed" } } }, "required" : [ "title", "functions-performed" ], "additionalProperties" : false }, "function-performed" : { "title" : "Functions Performed", "description" : "Describes a function performed for a given authorized privilege by this user class.", "$id" : "#/definitions/function-performed", "type" : "string" }, "component" : { "title" : "Component", "description" : "A defined component that can be part of an implemented system.", "$id" : "#/definitions/component", "type" : "object", "properties" : { "component-type" : { "title" : "Component Type", "description" : "A category describing the purpose of the component.", "type" : "string" }, "title" : { "$ref" : "#/definitions/title" }, "description" : { "$ref" : "#/definitions/description" }, "purpose" : { "$ref" : "#/definitions/purpose" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "status" : { "$ref" : "#/definitions/status" }, "responsible-roles" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/responsible-role" }, { "not" : { "type" : "string" } } ] } }, "protocols" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/protocol" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "component-type", "title", "description", "status" ], "additionalProperties" : false }, "protocol" : { "title" : "Protocol", "description" : "Information about the protocol used to provide a service.", "$id" : "#/definitions/protocol", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "name" : { "description" : "The short name of the protocol (e.g., TLS).", "type" : "string" }, "title" : { "$ref" : "#/definitions/title" }, "port-ranges" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/port-range" } } }, "required" : [ "name" ], "additionalProperties" : false }, "port-range" : { "title" : "Port Range", "description" : "Where applicable this is the IPv4 port range on which the service operates.", "$id" : "#/definitions/port-range", "type" : "object", "properties" : { "start" : { "title" : "Start", "description" : "Indicates the starting port number in a port range", "type" : "integer", "multipleOf" : 1, "minimum" : 0 }, "end" : { "title" : "End", "description" : "Indicates the ending port number in a port range", "type" : "integer", "multipleOf" : 1, "minimum" : 0 }, "transport" : { "title" : "Transport", "description" : "Indicates the transport type.", "type" : "string", "enum" : [ "TCP", "UDP" ] } }, "additionalProperties" : false }, "purpose" : { "title" : "Purpose", "description" : "Describes the purpose for the service within the system.", "$id" : "#/definitions/purpose", "type" : "string" }, "system-inventory" : { "title" : "System Inventory", "description" : "A set of inventory-item entries that represent the managed inventory instances of the system.", "$id" : "#/definitions/system-inventory", "type" : "object", "properties" : { "inventory-items" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/inventory-item" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "inventory-items" ], "additionalProperties" : false }, "inventory-item" : { "title" : "Inventory Item", "description" : "A single managed inventory item within the system.", "$id" : "#/definitions/inventory-item", "type" : "object", "properties" : { "asset-id" : { "title" : "Asset Identifier", "description" : "Organizational asset identifier that is unique in the context of the system. This may be a reference to the identifier used in an asset tracking system or a vulnerability scanning tool.", "type" : "string" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "responsible-parties" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/responsible-party" }, { "not" : { "type" : "string" } } ] } }, "implemented-components" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/implemented-component" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "asset-id", "description" ], "additionalProperties" : false }, "implemented-component" : { "title" : "Implemented Component", "description" : "The set of componenets that are implemented in a given system inventory item.", "$id" : "#/definitions/implemented-component", "type" : "object", "properties" : { "use" : { "title" : "Implementation Use Type", "description" : "The type of implementation", "type" : "string" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "responsible-parties" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/responsible-party" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false }, "control-implementation" : { "title" : "Control Implementation", "description" : "Describes how the system satisfies a set of controls.", "$id" : "#/definitions/control-implementation", "type" : "object", "properties" : { "description" : { "$ref" : "#/definitions/description" }, "implemented-requirements" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/implemented-requirement" } } }, "required" : [ "description", "implemented-requirements" ], "additionalProperties" : false }, "implemented-requirement" : { "title" : "Control-based Requirement", "description" : "Describes how the system satisfies an individual control.", "$id" : "#/definitions/implemented-requirement", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "control-id" : { "title" : "Control Identifier Reference", "description" : "A reference to a control identifier.", "type" : "string" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "by-components" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/by-component" }, { "not" : { "type" : "string" } } ] } }, "responsible-roles" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/responsible-role" }, { "not" : { "type" : "string" } } ] } }, "parameter-settings" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/set-parameter" }, { "not" : { "type" : "string" } } ] } }, "statements" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/statement" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "control-id" ], "additionalProperties" : false }, "statement" : { "title" : "Specific Statement", "description" : "Identifies which statements within a control are addressed.", "$id" : "#/definitions/statement", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "anyOf" : [ { "$ref" : "#/definitions/annotation" }, { "type" : "array", "items" : { "$ref" : "#/definitions/annotation" }, "minItems" : 2 } ] }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "responsible-roles" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/responsible-role" }, { "not" : { "type" : "string" } } ] } }, "by-components" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/by-component" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid" ], "additionalProperties" : false }, "by-component" : { "title" : "Component Control Implementation", "description" : "Defines how the referenced component implements a set of controls.", "$id" : "#/definitions/by-component", "type" : "object", "properties" : { "uuid" : { "title" : "Universally Unique Identifier", "description" : "A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "description" : { "$ref" : "#/definitions/description" }, "properties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/prop" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "responsible-roles" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/responsible-role" }, { "not" : { "type" : "string" } } ] } }, "parameter-settings" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "type" : "object", "$ref" : "#/definitions/set-parameter" }, { "not" : { "type" : "string" } } ] } } }, "required" : [ "uuid", "description" ], "additionalProperties" : false } }, "properties" : { "system-security-plan" : { "$ref" : "#/definitions/system-security-plan" } }, "required" : [ "system-security-plan" ] }