assessmentPlan.schema.json
An assessment plan, such as those provided by a FedRAMP assessor.
type · thingNIST vocabularystatus · draftv1
{
"AssessmentPlan": {
"@type": "AssessmentPlan",
"schemaVersion": 1,
"uuid": "String",
"metadata": {
"@type": "Metadata",
"title": "String",
"published": "Datetime",
"last-modified": "Datetime",
"version": "String",
"oscal-version": "String",
"revisions": [
{
"revisions(item)": {
"@type": "Revisions(item)",
"props": [
{
"props(item)": {
"@type": "Props(item)",
"name": "String",
"ns": "URI",
"value": "String",
"class": "String",
"group": "String",
"remarks": "String"
}
}
],
"links": [
{
"links(item)": {
"@type": "Links(item)",
"href": "URI",
"rel": "String",
"media-type": "String",
"resource-fragment": "String",
"text": "String"
}
}
]
}
}
],
"document-ids": [
{
"document-ids(item)": {
"@type": "Document-ids(item)",
"scheme": "URI",
"identifier": "String"
}
}
],
"roles": [
{
"roles(item)": {
"@type": "Roles(item)",
"description": "String",
"id": "String",
"short-name": "String"
}
}
],
"locations": [
{
"locations(item)": {
"@type": "Locations(item)",
"address": {
"@type": "Address",
"type": "String",
"addr-lines": [
{
"addr-lines(item)": "String"
}
],
"city": "String",
"state": "String",
"postal-code": "String",
"country": "String"
},
"email-addresses": [
{
"email-addresses(item)": "String"
}
],
"telephone-numbers": [
{
"telephone-numbers(item)": "TelephoneNumber"
}
],
"urls": [
{
"urls(item)": "URI"
}
]
}
}
],
"parties": [
{
"parties(item)": {
"@type": "Parties(item)",
"external-ids": [
{
"external-ids(item)": {
"@type": "External-ids(item)"
}
}
],
"addresses": [
{
"addresses(item)": {
"@type": "Addresses(item)"
}
}
],
"member-of-organizations": [
{
"member-of-organizations(item)": "String"
}
],
"location-uuids": [
{
"location-uuids(item)": "String"
}
]
}
}
],
"responsible-parties": [
{
"responsible-parties(item)": {
"@type": "Responsible-parties(item)",
"role-id": "String",
"party-uuids": [
{
"party-uuids(item)": "String"
}
]
}
}
],
"actions": [
{
"actions(item)": {
"@type": "Actions(item)",
"date": "Datetime",
"system": "URI"
}
}
]
},
"import-ssp": {
"@type": "Import-ssp"
},
"local-definitions": {
"@type": "Local-definitions",
"components": [
{
"components(item)": {
"@type": "Components(item)",
"purpose": "String",
"responsible-roles": [
{
"responsible-roles(item)": {
"@type": "Responsible-roles(item)"
}
}
],
"status": "String",
"protocols": [
{
"protocols(item)": {
"@type": "Protocols(item)",
"port-ranges": [
{
"port-ranges(item)": {
"@type": "Port-ranges(item)",
"start": "Integer",
"end": "Integer",
"transport": "String"
}
}
]
}
}
],
"control-implementations": [
{
"control-implementations(item)": {
"@type": "Control-implementations(item)",
"source": "URI",
"set-parameters": [
{
"set-parameters(item)": {
"@type": "Set-parameters(item)",
"param-id": "String",
"depends-on": "String",
"label": "String",
"usage": "String",
"constraints": [
{
"constraints(item)": {
"@type": "Constraints(item)",
"tests": [
{
"tests(item)": {
"@type": "Tests(item)",
"expression": "String"
}
}
]
}
}
],
"guidelines": [
{
"guidelines(item)": {
"@type": "Guidelines(item)",
"prose": "String"
}
}
],
"values": [
{
"values(item)": "String"
}
],
"select": {
"@type": "Select",
"how-many": "String",
"choice": [
{
"choice(item)": "String"
}
]
}
}
}
],
"implemented-requirements": [
{
"implemented-requirements(item)": {
"@type": "Implemented-requirements(item)",
"control-id": "String",
"statements": [
{
"statements(item)": {
"@type": "Statements(item)",
"statement-id": "String",
"by-components": [
{
"by-components(item)": {
"@type": "By-components(item)",
"component-uuid": "String",
"implementation-status": {
"@type": "Implementation-status"
},
"export": {
"@type": "Export",
"provided": [
{
"provided(item)": {
"@type": "Provided(item)"
}
}
],
"responsibilities": [
{
"responsibilities(item)": {
"@type": "Responsibilities(item)",
"provided-uuid": "String"
}
}
]
},
"inherited": [
{
"inherited(item)": {
"@type": "Inherited(item)"
}
}
],
"satisfied": [
{
"satisfied(item)": {
"@type": "Satisfied(item)",
"responsibility-uuid": "String"
}
}
]
}
}
]
}
}
]
}
}
]
}
}
]
}
}
],
"inventory-items": [
{
"inventory-items(item)": {
"@type": "Inventory-items(item)",
"implemented-components": [
{
"implemented-components(item)": {
"@type": "Implemented-components(item)"
}
}
]
}
}
],
"users": [
{
"users(item)": {
"@type": "Users(item)",
"role-ids": [
{
"role-ids(item)": "String"
}
],
"authorized-privileges": [
{
"authorized-privileges(item)": {
"@type": "Authorized-privileges(item)",
"functions-performed": [
{
"functions-performed(item)": "String"
}
]
}
}
]
}
}
],
"assessment-assets": {
"@type": "Assessment-assets",
"assessment-platforms": [
{
"assessment-platforms(item)": {
"@type": "Assessment-platforms(item)",
"uses-components": [
{
"uses-components(item)": {
"@type": "Uses-components(item)"
}
}
]
}
}
]
},
"objectives-and-methods": [
{
"objectives-and-methods(item)": {
"@type": "Objectives-and-methods(item)",
"parts": [
{
"parts(item)": {
"@type": "Parts(item)"
}
}
]
}
}
],
"activities": [
{
"activities(item)": {
"@type": "Activities(item)",
"steps": [
{
"steps(item)": {
"@type": "Steps(item)",
"reviewed-controls": {
"@type": "Reviewed-controls",
"control-selections": [
{
"control-selections(item)": {
"@type": "Control-selections(item)",
"include-all": "String",
"exclude-controls": [
{
"exclude-controls(item)": {
"@type": "Exclude-controls(item)",
"with-child-controls": "String",
"with-ids": [
{
"with-ids(item)": "String"
}
],
"statement-ids": [
{
"statement-ids(item)": "String"
}
],
"matching": [
{
"matching(item)": {
"@type": "Matching(item)",
"pattern": "String"
}
}
]
}
}
],
"include-controls": [
{
"include-controls(item)": {
"@type": "Include-controls(item)"
}
}
]
}
}
],
"control-objective-selections": [
{
"control-objective-selections(item)": {
"@type": "Control-objective-selections(item)",
"exclude-objectives": [
{
"exclude-objectives(item)": {
"@type": "Exclude-objectives(item)",
"objective-id": "String"
}
}
],
"include-objectives": [
{
"include-objectives(item)": {
"@type": "Include-objectives(item)"
}
}
]
}
}
]
}
}
}
],
"related-controls": {
"@type": "Related-controls"
}
}
}
]
},
"terms-and-conditions": {
"@type": "Terms-and-conditions"
},
"assessment-subjects": [
{
"assessment-subjects(item)": {
"@type": "Assessment-subjects(item)",
"exclude-subjects": [
{
"exclude-subjects(item)": {
"@type": "Exclude-subjects(item)",
"subject-uuid": "String"
}
}
],
"include-subjects": [
{
"include-subjects(item)": {
"@type": "Include-subjects(item)"
}
}
]
}
}
],
"tasks": [
{
"tasks(item)": {
"@type": "Tasks(item)",
"timing": {
"@type": "Timing",
"on-date": {
"@type": "On-date"
},
"within-date-range": {
"@type": "Within-date-range"
},
"at-frequency": {
"@type": "At-frequency",
"period": "Integer",
"unit": "String"
}
},
"dependencies": [
{
"dependencies(item)": {
"@type": "Dependencies(item)",
"task-uuid": "String"
}
}
],
"associated-activities": [
{
"associated-activities(item)": {
"@type": "Associated-activities(item)",
"activity-uuid": "String",
"subjects": [
{
"subjects(item)": {
"@type": "Subjects(item)"
}
}
]
}
}
]
}
}
],
"back-matter": {
"@type": "Back-matter",
"resources": [
{
"resources(item)": {
"@type": "Resources(item)",
"citation": {
"@type": "Citation"
},
"rlinks": [
{
"rlinks(item)": {
"@type": "Rlinks(item)",
"hashes": [
{
"hashes(item)": {
"@type": "Hashes(item)",
"algorithm": "String"
}
}
]
}
}
],
"base64": {
"@type": "Base64",
"filename": "String"
}
}
}
]
}
}
}{
"AssessmentPlan": {
"@type": "AssessmentPlan",
"schemaVersion": 1,
"description": "An assessment plan, such as those provided by a FedRAMP assessor.",
"uuid": {
"description": "Provides a globally unique means to identify a given catalog instance.",
"type": "String"
},
"metadata": {
"@type": "Metadata",
"description": "Provides information about the containing document, and defines concepts that are shared across the document.",
"title": {
"description": "Document title as published, whitespace-normalized and BibTeX-escaped.",
"type": "String"
},
"published": {
"description": "The date and time the document was last made available.",
"nullable": true,
"type": "Datetime"
},
"last-modified": {
"description": "The date and time the document was last stored for later retrieval.",
"type": "Datetime"
},
"version": {
"description": "Version information for an item.",
"type": "String"
},
"oscal-version": {
"description": "The OSCAL model version the document was authored against and will conform to as valid.",
"type": "String"
},
"revisions": [
{
"revisions(item)": {
"@type": "Revisions(item)",
"description": "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).",
"props": [
{
"props(item)": {
"@type": "Props(item)",
"description": "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
"name": {
"description": "The name of the item or record.",
"type": "String"
},
"ns": {
"description": "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.",
"nullable": true,
"type": "URI"
},
"value": {
"description": "Indicates the value of the attribute, characteristic, or quality.",
"type": "String"
},
"class": {
"description": "A textual label that provides a sub-type or characterization of the property's name.",
"nullable": true,
"type": "String"
},
"group": {
"description": "An identifier for relating distinct sets of properties.",
"nullable": true,
"type": "String"
},
"remarks": {
"description": "Additional commentary about the containing object.",
"nullable": true,
"type": "String"
}
}
}
],
"links": [
{
"links(item)": {
"@type": "Links(item)",
"description": "A reference to a local or remote resource, that has a specific relation to the containing object.",
"href": {
"description": "A resolvable URL reference to a resource.",
"type": "URI"
},
"rel": {
"description": "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.",
"nullable": true,
"type": "String"
},
"media-type": {
"description": "A label that indicates the nature of a resource, as a data serialization or format.",
"nullable": true,
"type": "String"
},
"resource-fragment": {
"description": "In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded.",
"nullable": true,
"type": "String"
},
"text": {
"description": "Generic text of any sort.",
"type": "String"
}
}
}
]
}
}
],
"document-ids": [
{
"document-ids(item)": {
"@type": "Document-ids(item)",
"description": "A document identifier qualified by an identifier scheme.",
"scheme": {
"description": "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.",
"nullable": true,
"type": "URI"
},
"identifier": {
"description": "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+",
"type": "String"
}
}
}
],
"roles": [
{
"roles(item)": {
"@type": "Roles(item)",
"description": {
"description": "A summary of the role's purpose and associated responsibilities.",
"nullable": true,
"type": "String"
},
"id": {
"description": "Provenance link to the source corpus document_id.",
"type": "String"
},
"short-name": {
"description": "A short common name, abbreviation, or acronym for the role.",
"nullable": true,
"type": "String"
}
}
}
],
"locations": [
{
"locations(item)": {
"@type": "Locations(item)",
"description": "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.",
"address": {
"@type": "Address",
"description": "A postal address for the location.",
"type": {
"description": "Indicates the type of address.",
"nullable": true,
"type": "String"
},
"addr-lines": [
{
"addr-lines(item)": {
"description": "A single line of an address.",
"type": "String"
}
}
],
"city": {
"description": "City, town or geographical region for the mailing address.",
"nullable": true,
"type": "String"
},
"state": {
"description": "State, province or analogous geographical region for a mailing address.",
"nullable": true,
"type": "String"
},
"postal-code": {
"description": "Postal or ZIP code for mailing address.",
"nullable": true,
"type": "String"
},
"country": {
"description": "The ISO 3166-1 alpha-2 country code for the mailing address.",
"nullable": true,
"type": "String"
}
},
"email-addresses": [
{
"email-addresses(item)": {
"description": "An email address as defined by RFC 5322 Section 3.4.1.",
"type": "String"
}
}
],
"telephone-numbers": [
{
"telephone-numbers(item)": {
"description": "A telephone service number as defined by ITU-T E.164.",
"type": "TelephoneNumber"
}
}
],
"urls": [
{
"urls(item)": {
"description": "The uniform resource locator (URL) for a web site or other resource associated with the location.",
"type": "URI"
}
}
]
}
}
],
"parties": [
{
"parties(item)": {
"@type": "Parties(item)",
"description": "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.",
"external-ids": [
{
"external-ids(item)": {
"@type": "External-ids(item)",
"description": "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)."
}
}
],
"addresses": [
{
"addresses(item)": {
"@type": "Addresses(item)",
"description": "A postal address for the location."
}
}
],
"member-of-organizations": [
{
"member-of-organizations(item)": {
"description": "A reference to another party by UUID, typically an organization, that this subject is associated with.",
"type": "String"
}
}
],
"location-uuids": [
{
"location-uuids(item)": {
"description": "Reference to a location by UUID.",
"type": "String"
}
}
]
}
}
],
"responsible-parties": [
{
"responsible-parties(item)": {
"@type": "Responsible-parties(item)",
"description": "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.",
"role-id": {
"description": "A reference to a role performed by a party.",
"type": "String"
},
"party-uuids": [
{
"party-uuids(item)": {
"description": "Reference to a party by UUID.",
"type": "String"
}
}
]
}
}
],
"actions": [
{
"actions(item)": {
"@type": "Actions(item)",
"description": "An action applied by a role within a given party to the content.",
"date": {
"description": "The date and time when the action occurred.",
"nullable": true,
"type": "Datetime"
},
"system": {
"description": "Specifies the action type system used.",
"type": "URI"
}
}
}
]
},
"import-ssp": {
"@type": "Import-ssp",
"description": "Used by the assessment plan and POA&M to import information about the system."
},
"local-definitions": {
"@type": "Local-definitions",
"description": "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.",
"components": [
{
"components(item)": {
"@type": "Components(item)",
"purpose": {
"description": "A summary of the technological or business purpose of the component.",
"nullable": true,
"type": "String"
},
"responsible-roles": [
{
"responsible-roles(item)": {
"@type": "Responsible-roles(item)",
"description": "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role."
}
}
],
"status": {
"description": "Release status: Released, In Review, or On Hold.",
"type": "String"
},
"protocols": [
{
"protocols(item)": {
"@type": "Protocols(item)",
"description": "Information about the protocol used to provide a service.",
"port-ranges": [
{
"port-ranges(item)": {
"@type": "Port-ranges(item)",
"description": "Where applicable this is the transport layer protocol port range an IPv4-based or IPv6-based service uses.",
"start": {
"description": "Indicates the starting port number in a port range for a transport layer protocol",
"nullable": true,
"type": "Integer"
},
"end": {
"description": "Indicates the ending port number in a port range for a transport layer protocol",
"nullable": true,
"type": "Integer"
},
"transport": {
"description": "Indicates the transport type.",
"nullable": true,
"type": "String"
}
}
}
]
}
}
],
"control-implementations": [
{
"control-implementations(item)": {
"@type": "Control-implementations(item)",
"source": {
"description": "A reference to an OSCAL catalog or profile providing the referenced control or subcontrol definition.",
"type": "URI"
},
"set-parameters": [
{
"set-parameters(item)": {
"@type": "Set-parameters(item)",
"description": "A parameter setting, to be propagated to points of insertion.",
"param-id": {
"description": "An identifier for the parameter.",
"nullable": true,
"type": "String"
},
"depends-on": {
"description": "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.",
"nullable": true,
"type": "String"
},
"label": {
"description": "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.",
"nullable": true,
"type": "String"
},
"usage": {
"description": "Describes the purpose and use of a parameter.",
"nullable": true,
"type": "String"
},
"constraints": [
{
"constraints(item)": {
"@type": "Constraints(item)",
"tests": [
{
"tests(item)": {
"@type": "Tests(item)",
"description": "A test expression which is expected to be evaluated by a tool.",
"expression": {
"description": "A formal (executable) expression of a constraint.",
"type": "String"
}
}
}
]
}
}
],
"guidelines": [
{
"guidelines(item)": {
"@type": "Guidelines(item)",
"description": "A prose statement that provides a recommendation for the use of a parameter.",
"prose": {
"description": "Prose permits multiple paragraphs, lists, tables etc.",
"type": "String"
}
}
}
],
"values": [
{
"values(item)": {
"description": "A parameter value or set of values.",
"type": "String"
}
}
],
"select": {
"@type": "Select",
"description": "Presenting a choice among alternatives.",
"how-many": {
"description": "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.",
"nullable": true,
"type": "String"
},
"choice": [
{
"choice(item)": {
"description": "A value selection among several such options.",
"type": "String"
}
}
]
}
}
}
],
"implemented-requirements": [
{
"implemented-requirements(item)": {
"@type": "Implemented-requirements(item)",
"control-id": {
"description": "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).",
"type": "String"
},
"statements": [
{
"statements(item)": {
"@type": "Statements(item)",
"statement-id": {
"description": "A human-oriented identifier reference to a control statement.",
"type": "String"
},
"by-components": [
{
"by-components(item)": {
"@type": "By-components(item)",
"component-uuid": {
"description": "A machine-oriented identifier reference to a component.",
"type": "String"
},
"implementation-status": {
"@type": "Implementation-status",
"description": "Indicates the degree to which the a given control is implemented."
},
"export": {
"@type": "Export",
"provided": [
{
"provided(item)": {
"@type": "Provided(item)"
}
}
],
"responsibilities": [
{
"responsibilities(item)": {
"@type": "Responsibilities(item)",
"provided-uuid": {
"description": "A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.",
"nullable": true,
"type": "String"
}
}
}
]
},
"inherited": [
{
"inherited(item)": {
"@type": "Inherited(item)"
}
}
],
"satisfied": [
{
"satisfied(item)": {
"@type": "Satisfied(item)",
"responsibility-uuid": {
"description": "A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system.",
"nullable": true,
"type": "String"
}
}
}
]
}
}
]
}
}
]
}
}
]
}
}
]
}
}
],
"inventory-items": [
{
"inventory-items(item)": {
"@type": "Inventory-items(item)",
"implemented-components": [
{
"implemented-components(item)": {
"@type": "Implemented-components(item)",
"description": "The set of components that are implemented in a given system inventory item."
}
}
]
}
}
],
"users": [
{
"users(item)": {
"@type": "Users(item)",
"role-ids": [
{
"role-ids(item)": {
"description": "Reference to a role by UUID.",
"type": "String"
}
}
],
"authorized-privileges": [
{
"authorized-privileges(item)": {
"@type": "Authorized-privileges(item)",
"functions-performed": [
{
"functions-performed(item)": {
"description": "Describes a function performed for a given authorized privilege by this user class.",
"type": "String"
}
}
]
}
}
]
}
}
],
"assessment-assets": {
"@type": "Assessment-assets",
"description": "Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.",
"assessment-platforms": [
{
"assessment-platforms(item)": {
"@type": "Assessment-platforms(item)",
"description": "Used to represent the toolset used to perform aspects of the assessment.",
"uses-components": [
{
"uses-components(item)": {
"@type": "Uses-components(item)",
"description": "The set of components that are used by the assessment platform."
}
}
]
}
}
]
},
"objectives-and-methods": [
{
"objectives-and-methods(item)": {
"@type": "Objectives-and-methods(item)",
"parts": [
{
"parts(item)": {
"@type": "Parts(item)",
"description": "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part."
}
}
]
}
}
],
"activities": [
{
"activities(item)": {
"@type": "Activities(item)",
"steps": [
{
"steps(item)": {
"@type": "Steps(item)",
"reviewed-controls": {
"@type": "Reviewed-controls",
"control-selections": [
{
"control-selections(item)": {
"@type": "Control-selections(item)",
"include-all": {
"description": "Include all controls from the imported catalog or profile resources.",
"type": "String"
},
"exclude-controls": [
{
"exclude-controls(item)": {
"@type": "Exclude-controls(item)",
"description": "Select a control or controls from an imported control set.",
"with-child-controls": {
"description": "When a control is included, whether its child (dependent) controls are also included.",
"nullable": true,
"type": "String"
},
"with-ids": [
{
"with-ids(item)": {
"description": "Selecting a control by its ID given as a literal.",
"type": "String"
}
}
],
"statement-ids": [
{
"statement-ids(item)": {
"description": "Used to constrain the selection to only specificity identified statements.",
"type": "String"
}
}
],
"matching": [
{
"matching(item)": {
"@type": "Matching(item)",
"description": "Selecting a set of controls by matching their IDs with a wildcard pattern.",
"pattern": {
"description": "A glob expression matching the IDs of one or more controls to be selected.",
"nullable": true,
"type": "String"
}
}
}
]
}
}
],
"include-controls": [
{
"include-controls(item)": {
"@type": "Include-controls(item)",
"description": "Select a control or controls from an imported control set."
}
}
]
}
}
],
"control-objective-selections": [
{
"control-objective-selections(item)": {
"@type": "Control-objective-selections(item)",
"exclude-objectives": [
{
"exclude-objectives(item)": {
"@type": "Exclude-objectives(item)",
"description": "Used to select a control objective for inclusion/exclusion based on the control objective's identifier.",
"objective-id": {
"description": "Points to an assessment objective.",
"type": "String"
}
}
}
],
"include-objectives": [
{
"include-objectives(item)": {
"@type": "Include-objectives(item)",
"description": "Used to select a control objective for inclusion/exclusion based on the control objective's identifier."
}
}
]
}
}
]
}
}
}
],
"related-controls": {
"@type": "Related-controls",
"description": "Identifies the controls being assessed and their control objectives."
}
}
}
]
},
"terms-and-conditions": {
"@type": "Terms-and-conditions",
"description": "Used to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition."
},
"assessment-subjects": [
{
"assessment-subjects(item)": {
"@type": "Assessment-subjects(item)",
"exclude-subjects": [
{
"exclude-subjects(item)": {
"@type": "Exclude-subjects(item)",
"description": "Identifies a set of assessment subjects to include/exclude by UUID.",
"subject-uuid": {
"description": "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.",
"type": "String"
}
}
}
],
"include-subjects": [
{
"include-subjects(item)": {
"@type": "Include-subjects(item)",
"description": "Identifies a set of assessment subjects to include/exclude by UUID."
}
}
]
}
}
],
"tasks": [
{
"tasks(item)": {
"@type": "Tasks(item)",
"timing": {
"@type": "Timing",
"description": "The timing under which the task is intended to occur.",
"on-date": {
"@type": "On-date",
"description": "The task is intended to occur on the specified date."
},
"within-date-range": {
"@type": "Within-date-range",
"description": "The task is intended to occur within the specified date range."
},
"at-frequency": {
"@type": "At-frequency",
"description": "The task is intended to occur at the specified frequency.",
"period": {
"description": "The task must occur after the specified period has elapsed.",
"type": "Integer"
},
"unit": {
"description": "The unit of time for the period.",
"type": "String"
}
}
},
"dependencies": [
{
"dependencies(item)": {
"@type": "Dependencies(item)",
"description": "Used to indicate that a task is dependent on another task.",
"task-uuid": {
"description": "A machine-oriented identifier reference to a unique task.",
"type": "String"
}
}
}
],
"associated-activities": [
{
"associated-activities(item)": {
"@type": "Associated-activities(item)",
"description": "Identifies an individual activity to be performed as part of a task.",
"activity-uuid": {
"description": "A machine-oriented identifier reference to an activity defined in the list of activities.",
"type": "String"
},
"subjects": [
{
"subjects(item)": {
"@type": "Subjects(item)",
"description": "Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope."
}
}
]
}
}
]
}
}
],
"back-matter": {
"@type": "Back-matter",
"description": "A collection of resources that may be referenced from within the OSCAL document instance.",
"resources": [
{
"resources(item)": {
"@type": "Resources(item)",
"citation": {
"@type": "Citation",
"description": "An optional citation consisting of end note text using structured markup."
},
"rlinks": [
{
"rlinks(item)": {
"@type": "Rlinks(item)",
"description": "A URL-based pointer to an external resource with an optional hash for verification and change detection.",
"hashes": [
{
"hashes(item)": {
"@type": "Hashes(item)",
"description": "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.",
"algorithm": {
"description": "The digest method by which a hash is derived.",
"type": "String"
}
}
}
]
}
}
],
"base64": {
"@type": "Base64",
"description": "A resource encoded using the Base64 alphabet defined by RFC 2045.",
"filename": {
"description": "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.",
"nullable": true,
"type": "String"
}
}
}
}
]
}
}
}