profile.schema.json
Each OSCAL profile is defined by a profile element.
type · thingNIST vocabularystatus · draftv1
{
"Profile": {
"@type": "Profile",
"schemaVersion": 1,
"uuid": "String",
"metadata": {
"@type": "Metadata",
"title": "String",
"published": "Datetime",
"last-modified": "Datetime",
"version": "String",
"oscal-version": "String",
"revisions": [
{
"revisions(item)": {
"@type": "Revisions(item)",
"props": [
{
"props(item)": {
"@type": "Props(item)",
"name": "String",
"ns": "URI",
"value": "String",
"class": "String",
"group": "String",
"remarks": "String"
}
}
],
"links": [
{
"links(item)": {
"@type": "Links(item)",
"href": "URI",
"rel": "String",
"media-type": "String",
"resource-fragment": "String",
"text": "String"
}
}
]
}
}
],
"document-ids": [
{
"document-ids(item)": {
"@type": "Document-ids(item)",
"scheme": "URI",
"identifier": "String"
}
}
],
"roles": [
{
"roles(item)": {
"@type": "Roles(item)",
"description": "String",
"id": "String",
"short-name": "String"
}
}
],
"locations": [
{
"locations(item)": {
"@type": "Locations(item)",
"address": {
"@type": "Address",
"type": "String",
"addr-lines": [
{
"addr-lines(item)": "String"
}
],
"city": "String",
"state": "String",
"postal-code": "String",
"country": "String"
},
"email-addresses": [
{
"email-addresses(item)": "String"
}
],
"telephone-numbers": [
{
"telephone-numbers(item)": "TelephoneNumber"
}
],
"urls": [
{
"urls(item)": "URI"
}
]
}
}
],
"parties": [
{
"parties(item)": {
"@type": "Parties(item)",
"external-ids": [
{
"external-ids(item)": {
"@type": "External-ids(item)"
}
}
],
"addresses": [
{
"addresses(item)": {
"@type": "Addresses(item)"
}
}
],
"member-of-organizations": [
{
"member-of-organizations(item)": "String"
}
],
"location-uuids": [
{
"location-uuids(item)": "String"
}
]
}
}
],
"responsible-parties": [
{
"responsible-parties(item)": {
"@type": "Responsible-parties(item)",
"role-id": "String",
"party-uuids": [
{
"party-uuids(item)": "String"
}
]
}
}
],
"actions": [
{
"actions(item)": {
"@type": "Actions(item)",
"date": "Datetime",
"system": "URI"
}
}
]
},
"imports": [
{
"imports(item)": {
"@type": "Imports(item)",
"include-all": "String",
"exclude-controls": [
{
"exclude-controls(item)": {
"@type": "Exclude-controls(item)",
"with-child-controls": "String",
"control-id": "String",
"with-ids": [
{
"with-ids(item)": "String"
}
],
"statement-ids": [
{
"statement-ids(item)": "String"
}
],
"matching": [
{
"matching(item)": {
"@type": "Matching(item)",
"pattern": "String"
}
}
]
}
}
],
"include-controls": [
{
"include-controls(item)": {
"@type": "Include-controls(item)"
}
}
]
}
}
],
"merge": {
"@type": "Merge",
"combine": {
"@type": "Combine"
},
"flat": {
"@type": "Flat"
},
"as-is": "Boolean",
"custom": {
"@type": "Custom",
"groups": [
{
"groups(item)": {
"@type": "Groups(item)",
"params": [
{
"params(item)": {
"@type": "Params(item)",
"depends-on": "String",
"label": "String",
"usage": "String",
"constraints": [
{
"constraints(item)": {
"@type": "Constraints(item)",
"tests": [
{
"tests(item)": {
"@type": "Tests(item)",
"expression": "String"
}
}
]
}
}
],
"guidelines": [
{
"guidelines(item)": {
"@type": "Guidelines(item)",
"prose": "String"
}
}
],
"values": [
{
"values(item)": "String"
}
],
"select": {
"@type": "Select",
"how-many": "String",
"choice": [
{
"choice(item)": "String"
}
]
}
}
}
],
"parts": [
{
"parts(item)": {
"@type": "Parts(item)"
}
}
],
"controls": [
{
"controls(item)": {
"@type": "Controls(item)"
}
}
],
"insert-controls": [
{
"insert-controls(item)": {
"@type": "Insert-controls(item)",
"order": "String"
}
}
]
}
}
]
}
},
"modify": {
"@type": "Modify",
"set-parameters": [
{
"set-parameters(item)": {
"@type": "Set-parameters(item)",
"param-id": "String"
}
}
],
"alters": [
{
"alters(item)": {
"@type": "Alters(item)",
"removes": [
{
"removes(item)": {
"@type": "Removes(item)",
"by-name": "String",
"by-class": "String",
"by-id": "String",
"by-item-name": "String",
"by-ns": "URI"
}
}
],
"adds": [
{
"adds(item)": {
"@type": "Adds(item)",
"position": "String"
}
}
]
}
}
]
},
"back-matter": {
"@type": "Back-matter",
"resources": [
{
"resources(item)": {
"@type": "Resources(item)",
"citation": {
"@type": "Citation"
},
"rlinks": [
{
"rlinks(item)": {
"@type": "Rlinks(item)",
"hashes": [
{
"hashes(item)": {
"@type": "Hashes(item)",
"algorithm": "String"
}
}
]
}
}
],
"base64": {
"@type": "Base64",
"filename": "String"
}
}
}
]
}
}
}{
"Profile": {
"@type": "Profile",
"schemaVersion": 1,
"description": "Each OSCAL profile is defined by a profile element.",
"uuid": {
"description": "Provides a globally unique means to identify a given catalog instance.",
"type": "String"
},
"metadata": {
"@type": "Metadata",
"description": "Provides information about the containing document, and defines concepts that are shared across the document.",
"title": {
"description": "Document title as published, whitespace-normalized and BibTeX-escaped.",
"type": "String"
},
"published": {
"description": "The date and time the document was last made available.",
"nullable": true,
"type": "Datetime"
},
"last-modified": {
"description": "The date and time the document was last stored for later retrieval.",
"type": "Datetime"
},
"version": {
"description": "Version information for an item.",
"type": "String"
},
"oscal-version": {
"description": "The OSCAL model version the document was authored against and will conform to as valid.",
"type": "String"
},
"revisions": [
{
"revisions(item)": {
"@type": "Revisions(item)",
"description": "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).",
"props": [
{
"props(item)": {
"@type": "Props(item)",
"description": "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
"name": {
"description": "The name of the item or record.",
"type": "String"
},
"ns": {
"description": "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.",
"nullable": true,
"type": "URI"
},
"value": {
"description": "Indicates the value of the attribute, characteristic, or quality.",
"type": "String"
},
"class": {
"description": "A textual label that provides a sub-type or characterization of the property's name.",
"nullable": true,
"type": "String"
},
"group": {
"description": "An identifier for relating distinct sets of properties.",
"nullable": true,
"type": "String"
},
"remarks": {
"description": "Additional commentary about the containing object.",
"nullable": true,
"type": "String"
}
}
}
],
"links": [
{
"links(item)": {
"@type": "Links(item)",
"description": "A reference to a local or remote resource, that has a specific relation to the containing object.",
"href": {
"description": "A resolvable URL reference to a resource.",
"type": "URI"
},
"rel": {
"description": "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.",
"nullable": true,
"type": "String"
},
"media-type": {
"description": "A label that indicates the nature of a resource, as a data serialization or format.",
"nullable": true,
"type": "String"
},
"resource-fragment": {
"description": "In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded.",
"nullable": true,
"type": "String"
},
"text": {
"description": "Generic text of any sort.",
"type": "String"
}
}
}
]
}
}
],
"document-ids": [
{
"document-ids(item)": {
"@type": "Document-ids(item)",
"description": "A document identifier qualified by an identifier scheme.",
"scheme": {
"description": "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.",
"nullable": true,
"type": "URI"
},
"identifier": {
"description": "A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+",
"type": "String"
}
}
}
],
"roles": [
{
"roles(item)": {
"@type": "Roles(item)",
"description": {
"description": "A summary of the role's purpose and associated responsibilities.",
"nullable": true,
"type": "String"
},
"id": {
"description": "Provenance link to the source corpus document_id.",
"type": "String"
},
"short-name": {
"description": "A short common name, abbreviation, or acronym for the role.",
"nullable": true,
"type": "String"
}
}
}
],
"locations": [
{
"locations(item)": {
"@type": "Locations(item)",
"description": "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.",
"address": {
"@type": "Address",
"description": "A postal address for the location.",
"type": {
"description": "Indicates the type of address.",
"nullable": true,
"type": "String"
},
"addr-lines": [
{
"addr-lines(item)": {
"description": "A single line of an address.",
"type": "String"
}
}
],
"city": {
"description": "City, town or geographical region for the mailing address.",
"nullable": true,
"type": "String"
},
"state": {
"description": "State, province or analogous geographical region for a mailing address.",
"nullable": true,
"type": "String"
},
"postal-code": {
"description": "Postal or ZIP code for mailing address.",
"nullable": true,
"type": "String"
},
"country": {
"description": "The ISO 3166-1 alpha-2 country code for the mailing address.",
"nullable": true,
"type": "String"
}
},
"email-addresses": [
{
"email-addresses(item)": {
"description": "An email address as defined by RFC 5322 Section 3.4.1.",
"type": "String"
}
}
],
"telephone-numbers": [
{
"telephone-numbers(item)": {
"description": "A telephone service number as defined by ITU-T E.164.",
"type": "TelephoneNumber"
}
}
],
"urls": [
{
"urls(item)": {
"description": "The uniform resource locator (URL) for a web site or other resource associated with the location.",
"type": "URI"
}
}
]
}
}
],
"parties": [
{
"parties(item)": {
"@type": "Parties(item)",
"description": "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.",
"external-ids": [
{
"external-ids(item)": {
"@type": "External-ids(item)",
"description": "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)."
}
}
],
"addresses": [
{
"addresses(item)": {
"@type": "Addresses(item)",
"description": "A postal address for the location."
}
}
],
"member-of-organizations": [
{
"member-of-organizations(item)": {
"description": "A reference to another party by UUID, typically an organization, that this subject is associated with.",
"type": "String"
}
}
],
"location-uuids": [
{
"location-uuids(item)": {
"description": "Reference to a location by UUID.",
"type": "String"
}
}
]
}
}
],
"responsible-parties": [
{
"responsible-parties(item)": {
"@type": "Responsible-parties(item)",
"description": "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.",
"role-id": {
"description": "A reference to a role performed by a party.",
"type": "String"
},
"party-uuids": [
{
"party-uuids(item)": {
"description": "Reference to a party by UUID.",
"type": "String"
}
}
]
}
}
],
"actions": [
{
"actions(item)": {
"@type": "Actions(item)",
"description": "An action applied by a role within a given party to the content.",
"date": {
"description": "The date and time when the action occurred.",
"nullable": true,
"type": "Datetime"
},
"system": {
"description": "Specifies the action type system used.",
"type": "URI"
}
}
}
]
},
"imports": [
{
"imports(item)": {
"@type": "Imports(item)",
"description": "Designates a referenced source catalog or profile that provides a source of control information for use in creating a new overlay or baseline.",
"include-all": {
"description": "Include all controls from the imported catalog or profile resources.",
"type": "String"
},
"exclude-controls": [
{
"exclude-controls(item)": {
"@type": "Exclude-controls(item)",
"description": "Select a control or controls from an imported control set.",
"with-child-controls": {
"description": "When a control is included, whether its child (dependent) controls are also included.",
"nullable": true,
"type": "String"
},
"control-id": {
"description": "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).",
"type": "String"
},
"with-ids": [
{
"with-ids(item)": {
"description": "Selecting a control by its ID given as a literal.",
"type": "String"
}
}
],
"statement-ids": [
{
"statement-ids(item)": {
"description": "Used to constrain the selection to only specificity identified statements.",
"type": "String"
}
}
],
"matching": [
{
"matching(item)": {
"@type": "Matching(item)",
"description": "Selecting a set of controls by matching their IDs with a wildcard pattern.",
"pattern": {
"description": "A glob expression matching the IDs of one or more controls to be selected.",
"nullable": true,
"type": "String"
}
}
}
]
}
}
],
"include-controls": [
{
"include-controls(item)": {
"@type": "Include-controls(item)",
"description": "Select a control or controls from an imported control set."
}
}
]
}
}
],
"merge": {
"@type": "Merge",
"description": "Provides structuring directives that instruct how controls are organized after profile resolution.",
"combine": {
"@type": "Combine",
"description": "A Combine element defines how to resolve duplicate instances of the same control (e.g., controls with the same ID)."
},
"flat": {
"@type": "Flat",
"description": "Directs that controls appear without any grouping structure."
},
"as-is": {
"description": "Indicates that the controls selected should retain their original grouping as defined in the import source.",
"type": "Boolean"
},
"custom": {
"@type": "Custom",
"description": "Provides an alternate grouping structure that selected controls will be placed in.",
"groups": [
{
"groups(item)": {
"@type": "Groups(item)",
"description": "A group of controls, or of groups of controls.",
"params": [
{
"params(item)": {
"@type": "Params(item)",
"description": "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.",
"depends-on": {
"description": "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.",
"nullable": true,
"type": "String"
},
"label": {
"description": "A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.",
"nullable": true,
"type": "String"
},
"usage": {
"description": "Describes the purpose and use of a parameter.",
"nullable": true,
"type": "String"
},
"constraints": [
{
"constraints(item)": {
"@type": "Constraints(item)",
"tests": [
{
"tests(item)": {
"@type": "Tests(item)",
"description": "A test expression which is expected to be evaluated by a tool.",
"expression": {
"description": "A formal (executable) expression of a constraint.",
"type": "String"
}
}
}
]
}
}
],
"guidelines": [
{
"guidelines(item)": {
"@type": "Guidelines(item)",
"description": "A prose statement that provides a recommendation for the use of a parameter.",
"prose": {
"description": "Prose permits multiple paragraphs, lists, tables etc.",
"type": "String"
}
}
}
],
"values": [
{
"values(item)": {
"description": "A parameter value or set of values.",
"type": "String"
}
}
],
"select": {
"@type": "Select",
"description": "Presenting a choice among alternatives.",
"how-many": {
"description": "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.",
"nullable": true,
"type": "String"
},
"choice": [
{
"choice(item)": {
"description": "A value selection among several such options.",
"type": "String"
}
}
]
}
}
}
],
"parts": [
{
"parts(item)": {
"@type": "Parts(item)",
"description": "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part."
}
}
],
"controls": [
{
"controls(item)": {
"@type": "Controls(item)",
"description": "A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information."
}
}
],
"insert-controls": [
{
"insert-controls(item)": {
"@type": "Insert-controls(item)",
"description": "Specifies which controls to use in the containing context.",
"order": {
"description": "A designation of how a selection of controls in a profile is to be ordered.",
"nullable": true,
"type": "String"
}
}
}
]
}
}
]
}
},
"modify": {
"@type": "Modify",
"description": "Set parameters or amend controls in resolution.",
"set-parameters": [
{
"set-parameters(item)": {
"@type": "Set-parameters(item)",
"description": "A parameter setting, to be propagated to points of insertion.",
"param-id": {
"description": "An identifier for the parameter.",
"nullable": true,
"type": "String"
}
}
}
],
"alters": [
{
"alters(item)": {
"@type": "Alters(item)",
"description": "Specifies changes to be made to an included control when a profile is resolved.",
"removes": [
{
"removes(item)": {
"@type": "Removes(item)",
"description": "Specifies objects to be removed from a control based on specific aspects of the object that must all match.",
"by-name": {
"description": "Identify items remove by matching their assigned name.",
"nullable": true,
"type": "String"
},
"by-class": {
"description": "Identify items to remove by matching their class.",
"nullable": true,
"type": "String"
},
"by-id": {
"description": "Identify items to remove indicated by their id.",
"nullable": true,
"type": "String"
},
"by-item-name": {
"description": "Identify items to remove by the name of the item's information object name, e.g. title or prop.",
"nullable": true,
"type": "String"
},
"by-ns": {
"description": "Identify items to remove by the item's ns, which is the namespace associated with a part, or prop.",
"nullable": true,
"type": "URI"
}
}
}
],
"adds": [
{
"adds(item)": {
"@type": "Adds(item)",
"description": "Specifies contents to be added into controls, in resolution.",
"position": {
"description": "Where to add the new content with respect to the targeted element (beside it or inside it).",
"nullable": true,
"type": "String"
}
}
}
]
}
}
]
},
"back-matter": {
"@type": "Back-matter",
"description": "A collection of resources that may be referenced from within the OSCAL document instance.",
"resources": [
{
"resources(item)": {
"@type": "Resources(item)",
"citation": {
"@type": "Citation",
"description": "An optional citation consisting of end note text using structured markup."
},
"rlinks": [
{
"rlinks(item)": {
"@type": "Rlinks(item)",
"description": "A URL-based pointer to an external resource with an optional hash for verification and change detection.",
"hashes": [
{
"hashes(item)": {
"@type": "Hashes(item)",
"description": "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.",
"algorithm": {
"description": "The digest method by which a hash is derived.",
"type": "String"
}
}
}
]
}
}
],
"base64": {
"@type": "Base64",
"description": "A resource encoded using the Base64 alphabet defined by RFC 2045.",
"filename": {
"description": "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.",
"nullable": true,
"type": "String"
}
}
}
}
]
}
}
}