catalog.schema.json
A structured, organized collection of control information.
type · thingNIST vocabularystatus · draftv1
{
"Catalog": {
"@type": "Catalog",
"schemaVersion": 1,
"uuid": "String",
"metadata": {
"@type": "Metadata",
"title": "String",
"published": "Datetime",
"last-modified": "Datetime",
"version": "String",
"oscal-version": "String",
"revisions": [
{
"revisions(item)": {
"@type": "Revisions(item)",
"props": [
{
"props(item)": {
"@type": "Props(item)",
"name": "String",
"ns": "URI",
"value": "String",
"class": "String",
"group": "String",
"remarks": "String"
}
}
],
"links": [
{
"links(item)": {
"@type": "Links(item)",
"href": "URI",
"rel": "String",
"media-type": "String",
"resource-fragment": "String",
"text": "String"
}
}
]
}
}
],
"document-ids": [
{
"document-ids(item)": {
"@type": "Document-ids(item)",
"scheme": "URI",
"identifier": "String"
}
}
],
"roles": [
{
"roles(item)": {
"@type": "Roles(item)",
"description": "String",
"id": "String",
"short-name": "String"
}
}
],
"locations": [
{
"locations(item)": {
"@type": "Locations(item)",
"address": {
"@type": "Address",
"type": "String",
"addr-lines": [
{
"addr-lines(item)": "String"
}
],
"city": "String",
"state": "String",
"postal-code": "String",
"country": "String"
},
"email-addresses": [
{
"email-addresses(item)": "String"
}
],
"telephone-numbers": [
{
"telephone-numbers(item)": "TelephoneNumber"
}
],
"urls": [
{
"urls(item)": "URI"
}
]
}
}
],
"parties": [
{
"parties(item)": {
"@type": "Parties(item)",
"external-ids": [
{
"external-ids(item)": {
"@type": "External-ids(item)"
}
}
],
"addresses": [
{
"addresses(item)": {
"@type": "Addresses(item)"
}
}
],
"member-of-organizations": [
{
"member-of-organizations(item)": "String"
}
],
"location-uuids": [
{
"location-uuids(item)": "String"
}
]
}
}
],
"responsible-parties": [
{
"responsible-parties(item)": {
"@type": "Responsible-parties(item)",
"role-id": "String",
"party-uuids": [
{
"party-uuids(item)": "String"
}
]
}
}
],
"actions": [
{
"actions(item)": {
"@type": "Actions(item)",
"date": "Datetime",
"system": "URI"
}
}
]
},
"params": [
{
"params(item)": {
"@type": "Params(item)",
"depends-on": "String",
"label": "String",
"usage": "String",
"constraints": [
{
"constraints(item)": {
"@type": "Constraints(item)",
"tests": [
{
"tests(item)": {
"@type": "Tests(item)",
"expression": "String"
}
}
]
}
}
],
"guidelines": [
{
"guidelines(item)": {
"@type": "Guidelines(item)",
"prose": "String"
}
}
],
"values": [
{
"values(item)": "String"
}
],
"select": {
"@type": "Select",
"how-many": "String",
"choice": [
{
"choice(item)": "String"
}
]
}
}
}
],
"controls": [
{
"controls(item)": {
"@type": "Controls(item)",
"parts": [
{
"parts(item)": {
"@type": "Parts(item)"
}
}
]
}
}
],
"groups": [
{
"groups(item)": {
"@type": "Groups(item)",
"insert-controls": [
{
"insert-controls(item)": {
"@type": "Insert-controls(item)",
"order": "String",
"include-all": "String",
"exclude-controls": [
{
"exclude-controls(item)": {
"@type": "Exclude-controls(item)",
"with-child-controls": "String",
"control-id": "String",
"with-ids": [
{
"with-ids(item)": "String"
}
],
"statement-ids": [
{
"statement-ids(item)": "String"
}
],
"matching": [
{
"matching(item)": {
"@type": "Matching(item)",
"pattern": "String"
}
}
]
}
}
],
"include-controls": [
{
"include-controls(item)": {
"@type": "Include-controls(item)"
}
}
]
}
}
]
}
}
],
"back-matter": {
"@type": "Back-matter",
"resources": [
{
"resources(item)": {
"@type": "Resources(item)",
"citation": {
"@type": "Citation"
},
"rlinks": [
{
"rlinks(item)": {
"@type": "Rlinks(item)",
"hashes": [
{
"hashes(item)": {
"@type": "Hashes(item)",
"algorithm": "String"
}
}
]
}
}
],
"base64": {
"@type": "Base64",
"filename": "String"
}
}
}
]
}
}
}{
"Catalog": {
"@type": "Catalog",
"schemaVersion": 1,
"description": "A structured, organized collection of control information.",
"uuid": {
"description": "Provides a globally unique means to identify a given catalog instance.",
"type": "String"
},
"metadata": {
"@type": "Metadata",
"description": "Provides information about the containing document, and defines concepts that are shared across the document.",
"title": {
"description": "Document title as published, whitespace-normalized and BibTeX-escaped.",
"type": "String"
},
"published": {
"description": "The date and time the document was last made available.",
"nullable": true,
"type": "Datetime"
},
"last-modified": {
"description": "The date and time the document was last stored for later retrieval.",
"type": "Datetime"
},
"version": {
"description": "Version information for an item.",
"type": "String"
},
"oscal-version": {
"description": "The OSCAL model version the document was authored against and will conform to as valid.",
"type": "String"
},
"revisions": [
{
"revisions(item)": {
"@type": "Revisions(item)",
"description": "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).",
"props": [
{
"props(item)": {
"@type": "Props(item)",
"description": "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
"name": {
"description": "The name of the item or record.",
"type": "String"
},
"ns": {
"description": "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.",
"nullable": true,
"type": "URI"
},
"value": {
"description": "Indicates the value of the attribute, characteristic, or quality.",
"type": "String"
},
"class": {
"description": "A textual label that provides a sub-type or characterization of the property's name.",
"nullable": true,
"type": "String"
},
"group": {
"description": "An identifier for relating distinct sets of properties.",
"nullable": true,
"type": "String"
},
"remarks": {
"description": "Additional commentary about the containing object.",
"nullable": true,
"type": "String"
}
}
}
],
"links": [
{
"links(item)": {
"@type": "Links(item)",
"description": "A reference to a local or remote resource, that has a specific relation to the containing object.",
"href": {
"description": "A resolvable URL reference to a resource.",
"type": "URI"
},
"rel": {
"description": "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.",
"nullable": true,
"type": "String"
},
"media-type": {
"description": "A label that indicates the nature of a resource, as a data serialization or format.",
"nullable": true,
"type": "String"
},
"resource-fragment": {
"description": "In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded.",
"nullable": true,
"type": "String"
},
"text": {
"description": "Generic text of any sort.",
"type": "String"
}
}
}
]
}
}
],
"document-ids": [
{
"document-ids(item)": {
"@type": "Document-ids(item)",
"description": "A document identifier qualified by an identifier scheme.",
"scheme": {
"description": "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.",
"nullable": true,
"type": "URI"
},
"identifier": {
"description": "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+",
"type": "String"
}
}
}
],
"roles": [
{
"roles(item)": {
"@type": "Roles(item)",
"description": {
"description": "A summary of the role's purpose and associated responsibilities.",
"nullable": true,
"type": "String"
},
"id": {
"description": "Provenance link to the source corpus document_id.",
"type": "String"
},
"short-name": {
"description": "A short common name, abbreviation, or acronym for the role.",
"nullable": true,
"type": "String"
}
}
}
],
"locations": [
{
"locations(item)": {
"@type": "Locations(item)",
"description": "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.",
"address": {
"@type": "Address",
"description": "A postal address for the location.",
"type": {
"description": "Indicates the type of address.",
"nullable": true,
"type": "String"
},
"addr-lines": [
{
"addr-lines(item)": {
"description": "A single line of an address.",
"type": "String"
}
}
],
"city": {
"description": "City, town or geographical region for the mailing address.",
"nullable": true,
"type": "String"
},
"state": {
"description": "State, province or analogous geographical region for a mailing address.",
"nullable": true,
"type": "String"
},
"postal-code": {
"description": "Postal or ZIP code for mailing address.",
"nullable": true,
"type": "String"
},
"country": {
"description": "The ISO 3166-1 alpha-2 country code for the mailing address.",
"nullable": true,
"type": "String"
}
},
"email-addresses": [
{
"email-addresses(item)": {
"description": "An email address as defined by RFC 5322 Section 3.4.1.",
"type": "String"
}
}
],
"telephone-numbers": [
{
"telephone-numbers(item)": {
"description": "A telephone service number as defined by ITU-T E.164.",
"type": "TelephoneNumber"
}
}
],
"urls": [
{
"urls(item)": {
"description": "The uniform resource locator (URL) for a web site or other resource associated with the location.",
"type": "URI"
}
}
]
}
}
],
"parties": [
{
"parties(item)": {
"@type": "Parties(item)",
"description": "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.",
"external-ids": [
{
"external-ids(item)": {
"@type": "External-ids(item)",
"description": "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)."
}
}
],
"addresses": [
{
"addresses(item)": {
"@type": "Addresses(item)",
"description": "A postal address for the location."
}
}
],
"member-of-organizations": [
{
"member-of-organizations(item)": {
"description": "A reference to another party by UUID, typically an organization, that this subject is associated with.",
"type": "String"
}
}
],
"location-uuids": [
{
"location-uuids(item)": {
"description": "Reference to a location by UUID.",
"type": "String"
}
}
]
}
}
],
"responsible-parties": [
{
"responsible-parties(item)": {
"@type": "Responsible-parties(item)",
"description": "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.",
"role-id": {
"description": "A reference to a role performed by a party.",
"type": "String"
},
"party-uuids": [
{
"party-uuids(item)": {
"description": "Reference to a party by UUID.",
"type": "String"
}
}
]
}
}
],
"actions": [
{
"actions(item)": {
"@type": "Actions(item)",
"description": "An action applied by a role within a given party to the content.",
"date": {
"description": "The date and time when the action occurred.",
"nullable": true,
"type": "Datetime"
},
"system": {
"description": "Specifies the action type system used.",
"type": "URI"
}
}
}
]
},
"params": [
{
"params(item)": {
"@type": "Params(item)",
"description": "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.",
"depends-on": {
"description": "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.",
"nullable": true,
"type": "String"
},
"label": {
"description": "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.",
"nullable": true,
"type": "String"
},
"usage": {
"description": "Describes the purpose and use of a parameter.",
"nullable": true,
"type": "String"
},
"constraints": [
{
"constraints(item)": {
"@type": "Constraints(item)",
"tests": [
{
"tests(item)": {
"@type": "Tests(item)",
"description": "A test expression which is expected to be evaluated by a tool.",
"expression": {
"description": "A formal (executable) expression of a constraint.",
"type": "String"
}
}
}
]
}
}
],
"guidelines": [
{
"guidelines(item)": {
"@type": "Guidelines(item)",
"description": "A prose statement that provides a recommendation for the use of a parameter.",
"prose": {
"description": "Prose permits multiple paragraphs, lists, tables etc.",
"type": "String"
}
}
}
],
"values": [
{
"values(item)": {
"description": "A parameter value or set of values.",
"type": "String"
}
}
],
"select": {
"@type": "Select",
"description": "Presenting a choice among alternatives.",
"how-many": {
"description": "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.",
"nullable": true,
"type": "String"
},
"choice": [
{
"choice(item)": {
"description": "A value selection among several such options.",
"type": "String"
}
}
]
}
}
}
],
"controls": [
{
"controls(item)": {
"@type": "Controls(item)",
"description": "A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information.",
"parts": [
{
"parts(item)": {
"@type": "Parts(item)",
"description": "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part."
}
}
]
}
}
],
"groups": [
{
"groups(item)": {
"@type": "Groups(item)",
"description": "A group of controls, or of groups of controls.",
"insert-controls": [
{
"insert-controls(item)": {
"@type": "Insert-controls(item)",
"description": "Specifies which controls to use in the containing context.",
"order": {
"description": "A designation of how a selection of controls in a profile is to be ordered.",
"nullable": true,
"type": "String"
},
"include-all": {
"description": "Include all controls from the imported catalog or profile resources.",
"type": "String"
},
"exclude-controls": [
{
"exclude-controls(item)": {
"@type": "Exclude-controls(item)",
"description": "Select a control or controls from an imported control set.",
"with-child-controls": {
"description": "When a control is included, whether its child (dependent) controls are also included.",
"nullable": true,
"type": "String"
},
"control-id": {
"description": "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).",
"type": "String"
},
"with-ids": [
{
"with-ids(item)": {
"description": "Selecting a control by its ID given as a literal.",
"type": "String"
}
}
],
"statement-ids": [
{
"statement-ids(item)": {
"description": "Used to constrain the selection to only specificity identified statements.",
"type": "String"
}
}
],
"matching": [
{
"matching(item)": {
"@type": "Matching(item)",
"description": "Selecting a set of controls by matching their IDs with a wildcard pattern.",
"pattern": {
"description": "A glob expression matching the IDs of one or more controls to be selected.",
"nullable": true,
"type": "String"
}
}
}
]
}
}
],
"include-controls": [
{
"include-controls(item)": {
"@type": "Include-controls(item)",
"description": "Select a control or controls from an imported control set."
}
}
]
}
}
]
}
}
],
"back-matter": {
"@type": "Back-matter",
"description": "A collection of resources that may be referenced from within the OSCAL document instance.",
"resources": [
{
"resources(item)": {
"@type": "Resources(item)",
"citation": {
"@type": "Citation",
"description": "An optional citation consisting of end note text using structured markup."
},
"rlinks": [
{
"rlinks(item)": {
"@type": "Rlinks(item)",
"description": "A URL-based pointer to an external resource with an optional hash for verification and change detection.",
"hashes": [
{
"hashes(item)": {
"@type": "Hashes(item)",
"description": "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.",
"algorithm": {
"description": "The digest method by which a hash is derived.",
"type": "String"
}
}
}
]
}
}
],
"base64": {
"@type": "Base64",
"description": "A resource encoded using the Base64 alphabet defined by RFC 2045.",
"filename": {
"description": "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.",
"nullable": true,
"type": "String"
}
}
}
}
]
}
}
}