From d4960148654ac8de119e24f9eb71e89254e9afd2 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Fri, 14 Apr 2023 10:00:18 -0400 Subject: [PATCH 1/2] Datatype regex fixes for #1703 (#1736) * Update metaschema for current datatype regexes for #1703. * Back-port Metaschema XSD relocation. As part of the OSCAL build process, we validate the structure of the metaschema definitions of the OSCAL models themselves against the schema of Metaschema definitions XSD from the metaschema repo. Recently, a path update was fixed in the OSCAL develop branch but not in the release-1.0 branch or main because these changes occurred after 1.0.4 publication. The files were relocated and reorganized. This adjustment must be made to account for that. Pull release/main back into develop should be minor and a rebase may not be necessary. If so, we will adjust accordingly. In develop, see This commit: https://github.com/usnistgov/OSCAL/commit/84d2d4659f2db3948160fb92566e56f79f922b89 * Workaround maven.restlet.org service cert expiry. (#1602) This is pulling over workaround as reported in usnistgov/oscal-content#139 with the WIP workaround submodule. usnistgov/oscal-content@26f0fe1 * Update metaschema submodule again. --- build/ci-cd/validate-metaschema.sh | 2 +- build/metaschema | 2 +- build/pom.xml | 7 ++++++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/build/ci-cd/validate-metaschema.sh b/build/ci-cd/validate-metaschema.sh index 6f3405638e..50a4fbf4dc 100755 --- a/build/ci-cd/validate-metaschema.sh +++ b/build/ci-cd/validate-metaschema.sh @@ -98,7 +98,7 @@ fi metaschema_toolchain="${OSCALDIR}/build/metaschema/toolchains/xslt-M4" schematron="${metaschema_toolchain}/validate/metaschema-composition-check.sch" compiled_schematron="${metaschema_toolchain}/validate/metaschema-composition-check-compiled.xsl" -metaschema_xsd="${metaschema_toolchain}/validate/metaschema.xsd" +metaschema_xsd="${OSCALDIR}/build/metaschema/schema/xml/metaschema.xsd" build_schematron "$schematron" "$compiled_schematron" cmd_exitcode=$? diff --git a/build/metaschema b/build/metaschema index 973790d8c1..cbcab49a52 160000 --- a/build/metaschema +++ b/build/metaschema @@ -1 +1 @@ -Subproject commit 973790d8c197123e5468a87b63f5ecdb3e7e520e +Subproject commit cbcab49a52a22e1d2ad174f07d93b6394807c71a diff --git a/build/pom.xml b/build/pom.xml index c8fa4d1ca1..02f5f0ecb0 100644 --- a/build/pom.xml +++ b/build/pom.xml @@ -16,12 +16,17 @@ the following errors: The following artifacts could not be resolved: org.restlet.jee:org.restlet:jar:2.2.2 ... + + 20221230 Workaround: TLS certificates for the restlet.org maven service + expired, see the following GitHub issue for details and status updates + about workaround alternative service and target or maven.restlet.org + redirect. https://github.com/restlet/restlet-framework-java/issues/1390 --> maven.restlet.org maven.restlet.org - https://maven.restlet.org + https://maven.restlet.talend.com From 85aed08a51d6684c06f4d98c3d04c0242fc90e7e Mon Sep 17 00:00:00 2001 From: aj-stein-nist Date: Fri, 14 Apr 2023 14:06:29 +0000 Subject: [PATCH 2/2] Publishing generated metaschema resources [ci skip] --- ..._assessment-plan_xml-to-json-converter.xsl | 49 +- ...sessment-results_xml-to-json-converter.xsl | 49 +- .../oscal_catalog_xml-to-json-converter.xsl | 49 +- .../oscal_complete_xml-to-json-converter.xsl | 49 +- .../oscal_component_xml-to-json-converter.xsl | 49 +- .../oscal_poam_xml-to-json-converter.xsl | 49 +- .../oscal_profile_xml-to-json-converter.xsl | 49 +- .../oscal_ssp_xml-to-json-converter.xsl | 49 +- json/schema/oscal_assessment-plan_schema.json | 760 +++--- .../oscal_assessment-results_schema.json | 797 +++--- json/schema/oscal_catalog_schema.json | 287 +- json/schema/oscal_complete_schema.json | 1106 ++++---- json/schema/oscal_component_schema.json | 448 ++-- json/schema/oscal_poam_schema.json | 769 +++--- json/schema/oscal_profile_schema.json | 380 +-- json/schema/oscal_ssp_schema.json | 511 ++-- xml/schema/oscal_assessment-plan_schema.xsd | 1412 +++++----- .../oscal_assessment-results_schema.xsd | 1502 +++++------ xml/schema/oscal_catalog_schema.xsd | 728 +++--- xml/schema/oscal_complete_schema.xsd | 2311 ++++++++--------- xml/schema/oscal_component_schema.xsd | 977 +++---- xml/schema/oscal_poam_schema.xsd | 1435 +++++----- xml/schema/oscal_profile_schema.xsd | 815 +++--- xml/schema/oscal_ssp_schema.xsd | 1180 ++++----- 24 files changed, 7252 insertions(+), 8558 deletions(-) diff --git a/json/convert/oscal_assessment-plan_xml-to-json-converter.xsl b/json/convert/oscal_assessment-plan_xml-to-json-converter.xsl index 831a5d2884..4ae3556eab 100644 --- a/json/convert/oscal_assessment-plan_xml-to-json-converter.xsl +++ b/json/convert/oscal_assessment-plan_xml-to-json-converter.xsl @@ -4972,11 +4972,9 @@ @@ -4986,7 +4984,6 @@ @@ -4996,12 +4993,10 @@ @@ -5010,7 +5005,6 @@ @@ -5054,7 +5046,6 @@ @@ -5063,7 +5054,6 @@ @@ -5072,7 +5062,6 @@ @@ -5085,12 +5074,10 @@ --> @@ -5101,7 +5088,6 @@ - + + - + @@ -5155,7 +5138,6 @@ @@ -5163,7 +5145,6 @@ @@ -5173,7 +5154,6 @@ @@ -5185,7 +5165,6 @@ @@ -5195,7 +5174,6 @@ @@ -5206,37 +5184,30 @@ # ## ### #### ##### ###### @@ -5244,7 +5215,6 @@ @@ -5261,7 +5231,6 @@ @@ -5271,7 +5240,6 @@ | ``` @@ -5314,7 +5279,6 @@ @@ -5327,7 +5291,6 @@ @@ -5336,7 +5299,6 @@ ` @@ -5345,7 +5307,6 @@ * @@ -5354,7 +5315,6 @@ ** @@ -5363,7 +5323,6 @@ " @@ -5372,7 +5331,6 @@ }} @@ -5384,7 +5342,6 @@ ) diff --git a/json/convert/oscal_assessment-results_xml-to-json-converter.xsl b/json/convert/oscal_assessment-results_xml-to-json-converter.xsl index dd34bf3353..73b5a09c33 100644 --- a/json/convert/oscal_assessment-results_xml-to-json-converter.xsl +++ b/json/convert/oscal_assessment-results_xml-to-json-converter.xsl @@ -9099,11 +9099,9 @@ @@ -9113,7 +9111,6 @@ @@ -9123,12 +9120,10 @@ @@ -9137,7 +9132,6 @@ @@ -9181,7 +9173,6 @@ @@ -9190,7 +9181,6 @@ @@ -9199,7 +9189,6 @@ @@ -9212,12 +9201,10 @@ --> @@ -9228,7 +9215,6 @@ - + + - + @@ -9282,7 +9265,6 @@ @@ -9290,7 +9272,6 @@ @@ -9300,7 +9281,6 @@ @@ -9312,7 +9292,6 @@ @@ -9322,7 +9301,6 @@ @@ -9333,37 +9311,30 @@ # ## ### #### ##### ###### @@ -9371,7 +9342,6 @@ @@ -9388,7 +9358,6 @@ @@ -9398,7 +9367,6 @@ | ``` @@ -9441,7 +9406,6 @@ @@ -9454,7 +9418,6 @@ @@ -9463,7 +9426,6 @@ ` @@ -9472,7 +9434,6 @@ * @@ -9481,7 +9442,6 @@ ** @@ -9490,7 +9450,6 @@ " @@ -9499,7 +9458,6 @@ }} @@ -9511,7 +9469,6 @@ ) diff --git a/json/convert/oscal_catalog_xml-to-json-converter.xsl b/json/convert/oscal_catalog_xml-to-json-converter.xsl index 79755a4050..201cba3911 100644 --- a/json/convert/oscal_catalog_xml-to-json-converter.xsl +++ b/json/convert/oscal_catalog_xml-to-json-converter.xsl @@ -2727,11 +2727,9 @@ @@ -2741,7 +2739,6 @@ @@ -2751,12 +2748,10 @@ @@ -2765,7 +2760,6 @@ @@ -2809,7 +2801,6 @@ @@ -2818,7 +2809,6 @@ @@ -2827,7 +2817,6 @@ @@ -2840,12 +2829,10 @@ --> @@ -2856,7 +2843,6 @@ - + + - + @@ -2910,7 +2893,6 @@ @@ -2918,7 +2900,6 @@ @@ -2928,7 +2909,6 @@ @@ -2940,7 +2920,6 @@ @@ -2950,7 +2929,6 @@ @@ -2961,37 +2939,30 @@ # ## ### #### ##### ###### @@ -2999,7 +2970,6 @@ @@ -3016,7 +2986,6 @@ @@ -3026,7 +2995,6 @@ | ``` @@ -3069,7 +3034,6 @@ @@ -3082,7 +3046,6 @@ @@ -3091,7 +3054,6 @@ ` @@ -3100,7 +3062,6 @@ * @@ -3109,7 +3070,6 @@ ** @@ -3118,7 +3078,6 @@ " @@ -3127,7 +3086,6 @@ }} @@ -3139,7 +3097,6 @@ ) diff --git a/json/convert/oscal_complete_xml-to-json-converter.xsl b/json/convert/oscal_complete_xml-to-json-converter.xsl index 7e59b556c6..19886a7bf6 100644 --- a/json/convert/oscal_complete_xml-to-json-converter.xsl +++ b/json/convert/oscal_complete_xml-to-json-converter.xsl @@ -26789,11 +26789,9 @@ @@ -26803,7 +26801,6 @@ @@ -26813,12 +26810,10 @@ @@ -26827,7 +26822,6 @@ @@ -26871,7 +26863,6 @@ @@ -26880,7 +26871,6 @@ @@ -26889,7 +26879,6 @@ @@ -26902,12 +26891,10 @@ --> @@ -26918,7 +26905,6 @@ - + + - + @@ -26972,7 +26955,6 @@ @@ -26980,7 +26962,6 @@ @@ -26990,7 +26971,6 @@ @@ -27002,7 +26982,6 @@ @@ -27012,7 +26991,6 @@ @@ -27023,37 +27001,30 @@ # ## ### #### ##### ###### @@ -27061,7 +27032,6 @@ @@ -27078,7 +27048,6 @@ @@ -27088,7 +27057,6 @@ | ``` @@ -27131,7 +27096,6 @@ @@ -27144,7 +27108,6 @@ @@ -27153,7 +27116,6 @@ ` @@ -27162,7 +27124,6 @@ * @@ -27171,7 +27132,6 @@ ** @@ -27180,7 +27140,6 @@ " @@ -27189,7 +27148,6 @@ }} @@ -27201,7 +27159,6 @@ ) diff --git a/json/convert/oscal_component_xml-to-json-converter.xsl b/json/convert/oscal_component_xml-to-json-converter.xsl index 27966749dd..1962ff71b2 100644 --- a/json/convert/oscal_component_xml-to-json-converter.xsl +++ b/json/convert/oscal_component_xml-to-json-converter.xsl @@ -2808,11 +2808,9 @@ @@ -2822,7 +2820,6 @@ @@ -2832,12 +2829,10 @@ @@ -2846,7 +2841,6 @@ @@ -2890,7 +2882,6 @@ @@ -2899,7 +2890,6 @@ @@ -2908,7 +2898,6 @@ @@ -2921,12 +2910,10 @@ --> @@ -2937,7 +2924,6 @@ - + + - + @@ -2991,7 +2974,6 @@ @@ -2999,7 +2981,6 @@ @@ -3009,7 +2990,6 @@ @@ -3021,7 +3001,6 @@ @@ -3031,7 +3010,6 @@ @@ -3042,37 +3020,30 @@ # ## ### #### ##### ###### @@ -3080,7 +3051,6 @@ @@ -3097,7 +3067,6 @@ @@ -3107,7 +3076,6 @@ | ``` @@ -3150,7 +3115,6 @@ @@ -3163,7 +3127,6 @@ @@ -3172,7 +3135,6 @@ ` @@ -3181,7 +3143,6 @@ * @@ -3190,7 +3151,6 @@ ** @@ -3199,7 +3159,6 @@ " @@ -3208,7 +3167,6 @@ }} @@ -3220,7 +3178,6 @@ ) diff --git a/json/convert/oscal_poam_xml-to-json-converter.xsl b/json/convert/oscal_poam_xml-to-json-converter.xsl index 541852ff1b..ee07a12bb5 100644 --- a/json/convert/oscal_poam_xml-to-json-converter.xsl +++ b/json/convert/oscal_poam_xml-to-json-converter.xsl @@ -5755,11 +5755,9 @@ @@ -5769,7 +5767,6 @@ @@ -5779,12 +5776,10 @@ @@ -5793,7 +5788,6 @@ @@ -5837,7 +5829,6 @@ @@ -5846,7 +5837,6 @@ @@ -5855,7 +5845,6 @@ @@ -5868,12 +5857,10 @@ --> @@ -5884,7 +5871,6 @@ - + + - + @@ -5938,7 +5921,6 @@ @@ -5946,7 +5928,6 @@ @@ -5956,7 +5937,6 @@ @@ -5968,7 +5948,6 @@ @@ -5978,7 +5957,6 @@ @@ -5989,37 +5967,30 @@ # ## ### #### ##### ###### @@ -6027,7 +5998,6 @@ @@ -6044,7 +6014,6 @@ @@ -6054,7 +6023,6 @@ | ``` @@ -6097,7 +6062,6 @@ @@ -6110,7 +6074,6 @@ @@ -6119,7 +6082,6 @@ ` @@ -6128,7 +6090,6 @@ * @@ -6137,7 +6098,6 @@ ** @@ -6146,7 +6106,6 @@ " @@ -6155,7 +6114,6 @@ }} @@ -6167,7 +6125,6 @@ ) diff --git a/json/convert/oscal_profile_xml-to-json-converter.xsl b/json/convert/oscal_profile_xml-to-json-converter.xsl index 14278bd995..4ab9cb1e26 100644 --- a/json/convert/oscal_profile_xml-to-json-converter.xsl +++ b/json/convert/oscal_profile_xml-to-json-converter.xsl @@ -3169,11 +3169,9 @@ @@ -3183,7 +3181,6 @@ @@ -3193,12 +3190,10 @@ @@ -3207,7 +3202,6 @@ @@ -3251,7 +3243,6 @@ @@ -3260,7 +3251,6 @@ @@ -3269,7 +3259,6 @@ @@ -3282,12 +3271,10 @@ --> @@ -3298,7 +3285,6 @@ - + + - + @@ -3352,7 +3335,6 @@ @@ -3360,7 +3342,6 @@ @@ -3370,7 +3351,6 @@ @@ -3382,7 +3362,6 @@ @@ -3392,7 +3371,6 @@ @@ -3403,37 +3381,30 @@ # ## ### #### ##### ###### @@ -3441,7 +3412,6 @@ @@ -3458,7 +3428,6 @@ @@ -3468,7 +3437,6 @@ | ``` @@ -3511,7 +3476,6 @@ @@ -3524,7 +3488,6 @@ @@ -3533,7 +3496,6 @@ ` @@ -3542,7 +3504,6 @@ * @@ -3551,7 +3512,6 @@ ** @@ -3560,7 +3520,6 @@ " @@ -3569,7 +3528,6 @@ }} @@ -3581,7 +3539,6 @@ ) diff --git a/json/convert/oscal_ssp_xml-to-json-converter.xsl b/json/convert/oscal_ssp_xml-to-json-converter.xsl index 0bcec4cd57..ac4b971b32 100644 --- a/json/convert/oscal_ssp_xml-to-json-converter.xsl +++ b/json/convert/oscal_ssp_xml-to-json-converter.xsl @@ -5285,11 +5285,9 @@ @@ -5299,7 +5297,6 @@ @@ -5309,12 +5306,10 @@ @@ -5323,7 +5318,6 @@ @@ -5367,7 +5359,6 @@ @@ -5376,7 +5367,6 @@ @@ -5385,7 +5375,6 @@ @@ -5398,12 +5387,10 @@ --> @@ -5414,7 +5401,6 @@ - + + - + @@ -5468,7 +5451,6 @@ @@ -5476,7 +5458,6 @@ @@ -5486,7 +5467,6 @@ @@ -5498,7 +5478,6 @@ @@ -5508,7 +5487,6 @@ @@ -5519,37 +5497,30 @@ # ## ### #### ##### ###### @@ -5557,7 +5528,6 @@ @@ -5574,7 +5544,6 @@ @@ -5584,7 +5553,6 @@ | ``` @@ -5627,7 +5592,6 @@ @@ -5640,7 +5604,6 @@ @@ -5649,7 +5612,6 @@ ` @@ -5658,7 +5620,6 @@ * @@ -5667,7 +5628,6 @@ ** @@ -5676,7 +5636,6 @@ " @@ -5685,7 +5644,6 @@ }} @@ -5697,7 +5655,6 @@ ) diff --git a/json/schema/oscal_assessment-plan_schema.json b/json/schema/oscal_assessment-plan_schema.json index d29edeac84..e2bbf182a9 100644 --- a/json/schema/oscal_assessment-plan_schema.json +++ b/json/schema/oscal_assessment-plan_schema.json @@ -13,8 +13,7 @@ { "uuid" : { "title" : "Assessment Plan Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, "import-ssp" : @@ -193,8 +192,7 @@ { "uuid" : { "title" : "Location Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Location Title", "description" : "A name given to the location, which may be used by a tool for display and navigation.", @@ -217,9 +215,7 @@ "items" : { "title" : "Location URL", "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" } }, + "$ref" : "#/definitions/URIDatatype" } }, "props" : { "type" : "array", "minItems" : 1, @@ -240,8 +236,7 @@ { "title" : "Location Reference", "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_location-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-ap-oscal-metadata:party" : { "title" : "Party (organization or person)", "description" : "A responsible entity which is either a person or an organization.", @@ -251,26 +246,25 @@ { "uuid" : { "title" : "Party Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Party Type", "description" : "A category describing the kind of party the object describes.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "person", - "organization" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, "name" : { "title" : "Party Name", "description" : "The full name of the party. This is typically the legal name associated with the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "short-name" : { "title" : "Party Short Name", "description" : "A short common name, abbreviation, or acronym for the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "external-ids" : { "type" : "array", "minItems" : 1, @@ -282,11 +276,14 @@ { "scheme" : { "title" : "External Identifier Schema", "description" : "Indicates the type of external identifier.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "id", "scheme" ], @@ -327,8 +324,7 @@ "items" : { "title" : "Organizational Affiliation", "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -339,8 +335,7 @@ { "title" : "Party Reference", "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_party-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-ap-oscal-metadata:role" : { "title" : "Role", "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", @@ -350,8 +345,7 @@ { "id" : { "title" : "Role Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Role Title", "description" : "A name given to the role, which may be used by a tool for display and navigation.", @@ -359,8 +353,7 @@ "short-name" : { "title" : "Role Short Name", "description" : "A short common name, abbreviation, or acronym for the role.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "Role Description", "description" : "A summary of the role's purpose and associated responsibilities.", @@ -385,8 +378,7 @@ { "title" : "Role Identifier Reference", "description" : "A human-oriented identifier reference to roles served by the user.", "$id" : "#field_oscal-metadata_role-id", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "oscal-ap-oscal-metadata:back-matter" : { "title" : "Back matter", "description" : "A collection of resources, which may be included directly or by reference.", @@ -404,8 +396,7 @@ { "uuid" : { "title" : "Resource Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", "description" : "A name given to the resource, which may be used by a tool for display and navigation.", @@ -457,13 +448,11 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URI reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", "minItems" : 1, @@ -480,15 +469,13 @@ { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/Base64Datatype" } }, "required" : [ "value" ], "additionalProperties" : false }, @@ -507,29 +494,28 @@ { "name" : { "title" : "Property Name", "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "value" : { "title" : "Property Value", "description" : "Indicates the value of the attribute, characteristic, or quality.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -545,18 +531,20 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URL reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : { "title" : "Relation", "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", @@ -573,8 +561,7 @@ { "role-id" : { "title" : "Responsible Role", "description" : "A human-oriented identifier reference to roles served by the user.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", "minItems" : 1, @@ -605,8 +592,7 @@ { "role-id" : { "title" : "Responsible Role ID", "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -636,10 +622,21 @@ { "algorithm" : { "title" : "Hash algorithm", "description" : "Method by which a hash is derived", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "value", "algorithm" ], @@ -653,35 +650,27 @@ { "title" : "Publication Timestamp", "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_published", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-ap-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_last-modified", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-ap-oscal-metadata:version" : { "title" : "Document Version", "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", "$id" : "#field_oscal-metadata_version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ap-oscal-metadata:oscal-version" : { "title" : "OSCAL version", "description" : "The OSCAL model version the document was authored against.", "$id" : "#field_oscal-metadata_oscal-version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ap-oscal-metadata:email-address" : { "title" : "Email Address", "description" : "An email address as defined by RFC 5322 Section 3.4.1.", "$id" : "#field_oscal-metadata_email-address", - "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" }, + "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-ap-oscal-metadata:telephone-number" : { "title" : "Telephone Number", "description" : "Contact number by telephone.", @@ -691,10 +680,16 @@ { "type" : { "title" : "type flag", "description" : "Indicates the type of phone number.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, "number" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "number" ], "additionalProperties" : false }, @@ -707,8 +702,13 @@ { "type" : { "title" : "Address Type", "description" : "Indicates the type of address.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, "addr-lines" : { "type" : "array", "minItems" : 1, @@ -717,30 +717,25 @@ "city" : { "title" : "City", "description" : "City, town or geographical region for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", "description" : "State, province or analogous geographical region for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", "description" : "Postal or ZIP code for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "additionalProperties" : false }, "oscal-ap-oscal-metadata:addr-line" : { "title" : "Address line", "description" : "A single line of an address.", "$id" : "#field_oscal-metadata_addr-line", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ap-oscal-metadata:document-id" : { "title" : "Document Identifier", "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", @@ -750,11 +745,14 @@ { "scheme" : { "title" : "Document Identification Scheme", "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, "identifier" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "identifier" ], "additionalProperties" : false }, @@ -767,8 +765,7 @@ { "href" : { "title" : "System Security Plan Reference", "description" : "A resolvable URL reference to the system security plan for the system being assessed.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -783,8 +780,7 @@ { "control-id" : { "title" : "Control Identifier Reference", "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "description" : { "title" : "Objective Description", "description" : "A human-readable description of this control objective.", @@ -819,8 +815,7 @@ { "uuid" : { "title" : "Assessment Method Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Assessment Method Description", "description" : "A human-readable description of this assessment method.", @@ -852,8 +847,7 @@ { "uuid" : { "title" : "Assessment Activity Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Included Activity Title", "description" : "The title for this included activity.", @@ -883,8 +877,7 @@ { "uuid" : { "title" : "Step Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Step Title", "description" : "The title for this step.", @@ -938,13 +931,17 @@ { "uuid" : { "title" : "Task Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Task Type", "description" : "The type of task.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "milestone", + "action" ] } ] }, "title" : { "title" : "Task Title", "description" : "The title for this task.", @@ -976,9 +973,7 @@ { "date" : { "title" : "On Date Condition", "description" : "The task must occur on the specified date.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" } }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : [ "date" ], "additionalProperties" : false }, @@ -990,15 +985,11 @@ { "start" : { "title" : "Start Date Condition", "description" : "The task must occur on or after the specified date.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "end" : { "title" : "End Date Condition", "description" : "The task must occur on or before the specified date.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" } }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : [ "start", "end" ], @@ -1011,21 +1002,21 @@ { "period" : { "title" : "Period", "description" : "The task must occur after the specified period has elapsed.", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 1 }, + "$ref" : "#/definitions/PositiveIntegerDatatype" }, "unit" : { "title" : "Time Unit", "description" : "The unit of time for the period.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "seconds", - "minutes", - "hours", - "days", - "months", - "years" ] } }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "seconds", + "minutes", + "hours", + "days", + "months", + "years" ] } ] } }, "required" : [ "period", "unit" ], @@ -1042,8 +1033,7 @@ { "task-uuid" : { "title" : "Task Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique task.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1065,8 +1055,7 @@ { "activity-uuid" : { "title" : "Activity Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to an activity defined in the list of activities.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1218,16 +1207,14 @@ { "control-id" : { "title" : "Control Identifier Reference", "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "statement-ids" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Include Specific Statements", "description" : "Used to constrain the selection to only specificity identified statements.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } } }, + "$ref" : "#/definitions/TokenDatatype" } } }, "required" : [ "control-id" ], "additionalProperties" : false }, @@ -1240,8 +1227,7 @@ { "objective-id" : { "title" : "Objective ID", "description" : "Points to an assessment objective.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "$ref" : "#/definitions/TokenDatatype" } }, "required" : [ "objective-id" ], "additionalProperties" : false }, @@ -1254,8 +1240,7 @@ { "uuid" : { "title" : "Assessment Subject Placeholder Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Assessment Subject Placeholder Description", "description" : "A human-readable description of intent of this assessment subject placeholder.", @@ -1271,8 +1256,7 @@ { "task-uuid" : { "title" : "Task Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "task-uuid" ], "additionalProperties" : false } }, @@ -1301,8 +1285,16 @@ { "type" : { "title" : "Subject Type", "description" : "Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user" ] } ] }, "description" : { "title" : "Include Subjects Description", "description" : "A human-readable description of the collection of subjects being included in this assessment.", @@ -1343,13 +1335,21 @@ { "subject-uuid" : { "title" : "Subject Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Subject Universally Unique Identifier Reference Type", "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, "props" : { "type" : "array", "minItems" : 1, @@ -1375,13 +1375,21 @@ { "subject-uuid" : { "title" : "Subject Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Subject Universally Unique Identifier Reference Type", "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, "title" : { "title" : "Subject Reference Title", "description" : "The title or name for the referenced subject.", @@ -1424,8 +1432,7 @@ { "uuid" : { "title" : "Assessment Platform Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Assessment Platform Title", "description" : "The title or name for the assessment platform.", @@ -1451,8 +1458,7 @@ { "component-uuid" : { "title" : "Component Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1490,16 +1496,17 @@ { "type" : { "title" : "Finding Target Type", "description" : "Identifies the type of the target.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "statement-id", - "objective-id" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "statement-id", + "objective-id" ] } ] }, "target-id" : { "title" : "Finding Target Identifier Reference", "description" : "A machine-oriented identifier reference for a specific target qualified by the type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Objective Status Title", "description" : "The title for this objective status.", @@ -1526,16 +1533,24 @@ { "state" : { "title" : "Objective Status State", "description" : "An indication as to whether the objective is satisfied or not.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "satisfied", - "not-satisfied" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "satisfied", + "not-satisfied" ] } ] }, "reason" : { "title" : "Objective Status Reason", "description" : "The reason the objective was given it's status.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "pass", + "fail", + "other" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1559,8 +1574,7 @@ { "uuid" : { "title" : "Observation Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Observation Title", "description" : "The title for this observation.", @@ -1585,16 +1599,31 @@ "items" : { "title" : "Observation Method", "description" : "Identifies how the observation was made.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "EXAMINE", + "INTERVIEW", + "TEST", + "UNKNOWN" ] } ] } }, "types" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Observation Type", "description" : "Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "ssp-statement-issue", + "control-objective", + "mitigation", + "finding", + "historic" ] } ] } }, "origins" : { "type" : "array", "minItems" : 1, @@ -1616,8 +1645,7 @@ { "href" : { "title" : "Relevant Evidence Reference", "description" : "A resolvable URL reference to relevant evidence.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "description" : { "title" : "Relevant Evidence Description", "description" : "A human-readable description of this evidence.", @@ -1640,15 +1668,11 @@ "collected" : { "title" : "Collected Field", "description" : "Date/time stamp identifying when the finding information was collected.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "expires" : { "title" : "Expires Field", "description" : "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1685,22 +1709,22 @@ { "type" : { "title" : "Actor Type", "description" : "The kind of actor.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "tool", - "assessment-platform", - "party" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "tool", + "assessment-platform", + "party" ] } ] }, "actor-uuid" : { "title" : "Actor Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to the tool or person based on the associated type.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "role-id" : { "title" : "Actor Role", "description" : "For a party, this can optionally be used to specify the role the actor was performing.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1724,8 +1748,7 @@ { "task-uuid" : { "title" : "Task Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique task.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1754,8 +1777,7 @@ { "subject-placeholder-uuid" : { "title" : "Assessment Subject Placeholder Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "subjects" : { "type" : "array", "minItems" : 1, @@ -1779,16 +1801,19 @@ { "system" : { "title" : "Threat Type Identification System", "description" : "Specifies the source of the threat information.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal" ] } ] }, "href" : { "title" : "Threat Information Resource Reference", "description" : "An optional location for the threat data, from which this ID originates.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/URIDatatype" } }, "required" : [ "id", "system" ], @@ -1802,8 +1827,7 @@ { "uuid" : { "title" : "Risk Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Risk Title", "description" : "The title for this risk.", @@ -1854,13 +1878,11 @@ { "uuid" : { "title" : "Mitigating Factor Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "implementation-uuid" : { "title" : "Implementation UUID", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Mitigating Factor Description", "description" : "A human-readable description of this mitigating factor.", @@ -1887,9 +1909,7 @@ "deadline" : { "title" : "Risk Resolution Deadline", "description" : "The date/time by which the risk must be resolved.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "remediations" : { "type" : "array", "minItems" : 1, @@ -1911,8 +1931,7 @@ { "uuid" : { "title" : "Risk Log Entry Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Title", "description" : "The title for this risk log entry.", @@ -1924,15 +1943,11 @@ "start" : { "title" : "Start", "description" : "Identifies the start date and time of the event.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "end" : { "title" : "End", "description" : "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1961,8 +1976,7 @@ { "response-uuid" : { "title" : "Response Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique risk response.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2003,8 +2017,7 @@ { "observation-uuid" : { "title" : "Observation Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "observation-uuid" ], "additionalProperties" : false } } }, @@ -2024,13 +2037,11 @@ { "party-uuid" : { "title" : "Party UUID Reference", "description" : "A machine-oriented identifier reference to the party who is making the log entry.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "role-id" : { "title" : "Actor Role", "description" : "A point to the role-id of the role in which the party is making the log entry.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "$ref" : "#/definitions/TokenDatatype" } }, "required" : [ "party-uuid" ], "additionalProperties" : false }, @@ -2038,8 +2049,17 @@ { "title" : "Risk Status", "description" : "Describes the status of the associated risk.", "$id" : "#field_oscal-assessment-common_risk-status", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "open", + "investigating", + "remediating", + "deviation-requested", + "deviation-approved", + "closed" ] } ] }, "oscal-ap-oscal-assessment-common:characterization" : { "title" : "Characterization", "description" : "A collection of descriptive data about the containing object from a specific origin.", @@ -2069,19 +2089,27 @@ { "name" : { "title" : "Facet Name", "description" : "The name of the risk metric within the specified system.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "system" : { "title" : "Naming System", "description" : "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal/unknown", + "http://cve.mitre.org", + "http://www.first.org/cvss/v2.0", + "http://www.first.org/cvss/v3.0", + "http://www.first.org/cvss/v3.1" ] } ] }, "value" : { "title" : "Facet Value", "description" : "Indicates the value of the facet.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2112,13 +2140,18 @@ { "uuid" : { "title" : "Remediation Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "lifecycle" : { "title" : "Remediation Intent", "description" : "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "recommendation", + "planned", + "completed" ] } ] }, "title" : { "title" : "Response Title", "description" : "The title for this response activity.", @@ -2153,8 +2186,7 @@ { "uuid" : { "title" : "Required Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "subjects" : { "type" : "array", "minItems" : 1, @@ -2206,24 +2238,26 @@ { "uuid" : { "title" : "Part Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "name" : { "title" : "Part Name", "description" : "A textual label that uniquely identifies the part's semantic type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "asset", + "method", + "objective" ] } ] }, "ns" : { "title" : "Part Namespace", "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", "description" : "A name given to the part, which may be used by a tool for display and navigation.", @@ -2259,24 +2293,19 @@ { "id" : { "title" : "Part Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", "description" : "A textual label that uniquely identifies the part's semantic type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", "description" : "A name given to the part, which may be used by a tool for display and navigation.", @@ -2312,18 +2341,15 @@ { "id" : { "title" : "Parameter Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", "description" : "A textual label that provides a characterization of the parameter.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2385,8 +2411,7 @@ { "expression" : { "title" : "Constraint test", "description" : "A formal (executable) expression of a constraint", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -2410,8 +2435,7 @@ { "title" : "Parameter Value", "description" : "A parameter value or set of values.", "$id" : "#field_oscal-catalog-common_parameter-value", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ap-oscal-catalog-common:parameter-selection" : { "title" : "Selection", "description" : "Presenting a choice among alternatives", @@ -2421,11 +2445,13 @@ { "how-many" : { "title" : "Parameter Cardinality", "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "one", - "one-or-more" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, "choice" : { "type" : "array", "minItems" : 1, @@ -2449,13 +2475,29 @@ { "uuid" : { "title" : "Component Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Component Type", "description" : "A category describing the purpose of the component.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "this-system", + "system", + "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation", + "network" ] } ] }, "title" : { "title" : "Component Title", "description" : "A human readable name for the system component.", @@ -2486,13 +2528,15 @@ { "state" : { "title" : "State", "description" : "The operational status.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "under-development", - "operational", - "disposition", - "other" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "under-development", + "operational", + "disposition", + "other" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -2526,13 +2570,11 @@ { "uuid" : { "title" : "Service Protocol Information Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "name" : { "title" : "Protocol Name", "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "title" : { "title" : "Protocol Title", "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", @@ -2554,23 +2596,21 @@ { "start" : { "title" : "Start", "description" : "Indicates the starting port number in a port range", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 0 }, + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, "end" : { "title" : "End", "description" : "Indicates the ending port number in a port range", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 0 }, + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, "transport" : { "title" : "Transport", "description" : "Indicates the transport type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "TCP", - "UDP" ] } }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "TCP", + "UDP" ] } ] } }, "additionalProperties" : false }, "oscal-ap-oscal-implementation-common:implementation-status" : { "title" : "Implementation Status", @@ -2581,8 +2621,16 @@ { "state" : { "title" : "Implementation State", "description" : "Identifies the implementation status of the control or control objective.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "implemented", + "partial", + "planned", + "alternative", + "not-applicable" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -2597,8 +2645,7 @@ { "uuid" : { "title" : "User Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "User Title", "description" : "A name given to the user, which may be used by a tool for display and navigation.", @@ -2606,8 +2653,7 @@ "short-name" : { "title" : "User Short Name", "description" : "A short common name, abbreviation, or acronym for the user.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "User Description", "description" : "A summary of the user's purpose within the system.", @@ -2664,8 +2710,7 @@ { "title" : "Functions Performed", "description" : "Describes a function performed for a given authorized privilege by this user class.", "$id" : "#field_oscal-implementation-common_function-performed", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ap-oscal-implementation-common:inventory-item" : { "title" : "Inventory Item", "description" : "A single managed inventory item within the system.", @@ -2675,8 +2720,7 @@ { "uuid" : { "title" : "Inventory Item Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Inventory Item Description", "description" : "A summary of the inventory item stating its purpose within the system.", @@ -2707,8 +2751,7 @@ { "component-uuid" : { "title" : "Component Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2744,16 +2787,14 @@ { "param-id" : { "title" : "Parameter ID", "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "values" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Parameter Value", "description" : "A parameter value or set of values.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -2769,14 +2810,69 @@ { "identifier-type" : { "title" : "Identification System Type", "description" : "Identifies the identification system from which the provided identifier was assigned.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "https://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "https://ietf.org/rfc/rfc4122", + "http://ietf.org/rfc/rfc4122" ] } ] }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "id" ], - "additionalProperties" : false } }, + "additionalProperties" : false }, + "Base64Datatype" : + { "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "DateTimeWithTimezoneDatatype" : + { "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]*[1-9])?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "IntegerDatatype" : + { "type" : "integer" }, + "NonNegativeIntegerDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 0 } ] }, + "PositiveIntegerDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 1 } ] }, + "StringDatatype" : + { "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "type" : "string", + "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, "properties" : { "assessment-plan" : { "$ref" : "#assembly_oscal-ap_assessment-plan" } }, diff --git a/json/schema/oscal_assessment-results_schema.json b/json/schema/oscal_assessment-results_schema.json index 3de238ca15..42a5791ec7 100644 --- a/json/schema/oscal_assessment-results_schema.json +++ b/json/schema/oscal_assessment-results_schema.json @@ -13,8 +13,7 @@ { "uuid" : { "title" : "Assessment Results Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, "import-ap" : @@ -59,8 +58,7 @@ { "uuid" : { "title" : "Results Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Results Title", "description" : "The title for this set of results.", @@ -72,15 +70,11 @@ "start" : { "title" : "start field", "description" : "Date/time stamp identifying the start of the evidence collection reflected in these results.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "end" : { "title" : "end field", "description" : "Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -158,8 +152,7 @@ { "uuid" : { "title" : "Assessment Log Entry Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Action Title", "description" : "The title for this event.", @@ -171,15 +164,11 @@ "start" : { "title" : "Start", "description" : "Identifies the start date and time of an event.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "end" : { "title" : "End", "description" : "Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -242,8 +231,7 @@ { "uuid" : { "title" : "Finding Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Finding Title", "description" : "The title for this finding.", @@ -272,8 +260,7 @@ "implementation-statement-uuid" : { "title" : "Implementation Statement UUID", "description" : "A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "related-observations" : { "type" : "array", "minItems" : 1, @@ -285,8 +272,7 @@ { "observation-uuid" : { "title" : "Observation Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "observation-uuid" ], "additionalProperties" : false } }, @@ -301,8 +287,7 @@ { "risk-uuid" : { "title" : "Risk Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a risk defined in the list of risks.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "risk-uuid" ], "additionalProperties" : false } }, @@ -323,8 +308,7 @@ { "href" : { "title" : "Assessment Plan Reference", "description" : "A resolvable URL reference to the assessment plan governing the assessment activities.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -438,8 +422,7 @@ { "uuid" : { "title" : "Location Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Location Title", "description" : "A name given to the location, which may be used by a tool for display and navigation.", @@ -462,9 +445,7 @@ "items" : { "title" : "Location URL", "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" } }, + "$ref" : "#/definitions/URIDatatype" } }, "props" : { "type" : "array", "minItems" : 1, @@ -485,8 +466,7 @@ { "title" : "Location Reference", "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_location-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-ar-oscal-metadata:party" : { "title" : "Party (organization or person)", "description" : "A responsible entity which is either a person or an organization.", @@ -496,26 +476,25 @@ { "uuid" : { "title" : "Party Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Party Type", "description" : "A category describing the kind of party the object describes.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "person", - "organization" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, "name" : { "title" : "Party Name", "description" : "The full name of the party. This is typically the legal name associated with the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "short-name" : { "title" : "Party Short Name", "description" : "A short common name, abbreviation, or acronym for the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "external-ids" : { "type" : "array", "minItems" : 1, @@ -527,11 +506,14 @@ { "scheme" : { "title" : "External Identifier Schema", "description" : "Indicates the type of external identifier.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "id", "scheme" ], @@ -572,8 +554,7 @@ "items" : { "title" : "Organizational Affiliation", "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -584,8 +565,7 @@ { "title" : "Party Reference", "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_party-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-ar-oscal-metadata:role" : { "title" : "Role", "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", @@ -595,8 +575,7 @@ { "id" : { "title" : "Role Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Role Title", "description" : "A name given to the role, which may be used by a tool for display and navigation.", @@ -604,8 +583,7 @@ "short-name" : { "title" : "Role Short Name", "description" : "A short common name, abbreviation, or acronym for the role.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "Role Description", "description" : "A summary of the role's purpose and associated responsibilities.", @@ -630,8 +608,7 @@ { "title" : "Role Identifier Reference", "description" : "A human-oriented identifier reference to roles served by the user.", "$id" : "#field_oscal-metadata_role-id", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "oscal-ar-oscal-metadata:back-matter" : { "title" : "Back matter", "description" : "A collection of resources, which may be included directly or by reference.", @@ -649,8 +626,7 @@ { "uuid" : { "title" : "Resource Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", "description" : "A name given to the resource, which may be used by a tool for display and navigation.", @@ -702,13 +678,11 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URI reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", "minItems" : 1, @@ -725,15 +699,13 @@ { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/Base64Datatype" } }, "required" : [ "value" ], "additionalProperties" : false }, @@ -752,29 +724,28 @@ { "name" : { "title" : "Property Name", "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "value" : { "title" : "Property Value", "description" : "Indicates the value of the attribute, characteristic, or quality.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -790,18 +761,20 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URL reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : { "title" : "Relation", "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", @@ -818,8 +791,7 @@ { "role-id" : { "title" : "Responsible Role", "description" : "A human-oriented identifier reference to roles served by the user.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", "minItems" : 1, @@ -850,8 +822,7 @@ { "role-id" : { "title" : "Responsible Role ID", "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -881,10 +852,21 @@ { "algorithm" : { "title" : "Hash algorithm", "description" : "Method by which a hash is derived", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "value", "algorithm" ], @@ -898,35 +880,27 @@ { "title" : "Publication Timestamp", "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_published", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-ar-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_last-modified", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-ar-oscal-metadata:version" : { "title" : "Document Version", "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", "$id" : "#field_oscal-metadata_version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ar-oscal-metadata:oscal-version" : { "title" : "OSCAL version", "description" : "The OSCAL model version the document was authored against.", "$id" : "#field_oscal-metadata_oscal-version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ar-oscal-metadata:email-address" : { "title" : "Email Address", "description" : "An email address as defined by RFC 5322 Section 3.4.1.", "$id" : "#field_oscal-metadata_email-address", - "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" }, + "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-ar-oscal-metadata:telephone-number" : { "title" : "Telephone Number", "description" : "Contact number by telephone.", @@ -936,10 +910,16 @@ { "type" : { "title" : "type flag", "description" : "Indicates the type of phone number.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, "number" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "number" ], "additionalProperties" : false }, @@ -952,8 +932,13 @@ { "type" : { "title" : "Address Type", "description" : "Indicates the type of address.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, "addr-lines" : { "type" : "array", "minItems" : 1, @@ -962,30 +947,25 @@ "city" : { "title" : "City", "description" : "City, town or geographical region for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", "description" : "State, province or analogous geographical region for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", "description" : "Postal or ZIP code for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "additionalProperties" : false }, "oscal-ar-oscal-metadata:addr-line" : { "title" : "Address line", "description" : "A single line of an address.", "$id" : "#field_oscal-metadata_addr-line", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ar-oscal-metadata:document-id" : { "title" : "Document Identifier", "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", @@ -995,11 +975,14 @@ { "scheme" : { "title" : "Document Identification Scheme", "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, "identifier" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "identifier" ], "additionalProperties" : false }, @@ -1012,8 +995,7 @@ { "href" : { "title" : "System Security Plan Reference", "description" : "A resolvable URL reference to the system security plan for the system being assessed.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1028,8 +1010,7 @@ { "control-id" : { "title" : "Control Identifier Reference", "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "description" : { "title" : "Objective Description", "description" : "A human-readable description of this control objective.", @@ -1064,8 +1045,7 @@ { "uuid" : { "title" : "Assessment Method Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Assessment Method Description", "description" : "A human-readable description of this assessment method.", @@ -1097,8 +1077,7 @@ { "uuid" : { "title" : "Assessment Activity Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Included Activity Title", "description" : "The title for this included activity.", @@ -1128,8 +1107,7 @@ { "uuid" : { "title" : "Step Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Step Title", "description" : "The title for this step.", @@ -1183,13 +1161,17 @@ { "uuid" : { "title" : "Task Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Task Type", "description" : "The type of task.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "milestone", + "action" ] } ] }, "title" : { "title" : "Task Title", "description" : "The title for this task.", @@ -1221,9 +1203,7 @@ { "date" : { "title" : "On Date Condition", "description" : "The task must occur on the specified date.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" } }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : [ "date" ], "additionalProperties" : false }, @@ -1235,15 +1215,11 @@ { "start" : { "title" : "Start Date Condition", "description" : "The task must occur on or after the specified date.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "end" : { "title" : "End Date Condition", "description" : "The task must occur on or before the specified date.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" } }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : [ "start", "end" ], @@ -1256,21 +1232,21 @@ { "period" : { "title" : "Period", "description" : "The task must occur after the specified period has elapsed.", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 1 }, + "$ref" : "#/definitions/PositiveIntegerDatatype" }, "unit" : { "title" : "Time Unit", "description" : "The unit of time for the period.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "seconds", - "minutes", - "hours", - "days", - "months", - "years" ] } }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "seconds", + "minutes", + "hours", + "days", + "months", + "years" ] } ] } }, "required" : [ "period", "unit" ], @@ -1287,8 +1263,7 @@ { "task-uuid" : { "title" : "Task Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique task.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1310,8 +1285,7 @@ { "activity-uuid" : { "title" : "Activity Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to an activity defined in the list of activities.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1463,16 +1437,14 @@ { "control-id" : { "title" : "Control Identifier Reference", "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "statement-ids" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Include Specific Statements", "description" : "Used to constrain the selection to only specificity identified statements.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } } }, + "$ref" : "#/definitions/TokenDatatype" } } }, "required" : [ "control-id" ], "additionalProperties" : false }, @@ -1485,8 +1457,7 @@ { "objective-id" : { "title" : "Objective ID", "description" : "Points to an assessment objective.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "$ref" : "#/definitions/TokenDatatype" } }, "required" : [ "objective-id" ], "additionalProperties" : false }, @@ -1499,8 +1470,7 @@ { "uuid" : { "title" : "Assessment Subject Placeholder Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Assessment Subject Placeholder Description", "description" : "A human-readable description of intent of this assessment subject placeholder.", @@ -1516,8 +1486,7 @@ { "task-uuid" : { "title" : "Task Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "task-uuid" ], "additionalProperties" : false } }, @@ -1546,8 +1515,16 @@ { "type" : { "title" : "Subject Type", "description" : "Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user" ] } ] }, "description" : { "title" : "Include Subjects Description", "description" : "A human-readable description of the collection of subjects being included in this assessment.", @@ -1588,13 +1565,21 @@ { "subject-uuid" : { "title" : "Subject Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Subject Universally Unique Identifier Reference Type", "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, "props" : { "type" : "array", "minItems" : 1, @@ -1620,13 +1605,21 @@ { "subject-uuid" : { "title" : "Subject Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Subject Universally Unique Identifier Reference Type", "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, "title" : { "title" : "Subject Reference Title", "description" : "The title or name for the referenced subject.", @@ -1669,8 +1662,7 @@ { "uuid" : { "title" : "Assessment Platform Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Assessment Platform Title", "description" : "The title or name for the assessment platform.", @@ -1696,8 +1688,7 @@ { "component-uuid" : { "title" : "Component Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1735,16 +1726,17 @@ { "type" : { "title" : "Finding Target Type", "description" : "Identifies the type of the target.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "statement-id", - "objective-id" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "statement-id", + "objective-id" ] } ] }, "target-id" : { "title" : "Finding Target Identifier Reference", "description" : "A machine-oriented identifier reference for a specific target qualified by the type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Objective Status Title", "description" : "The title for this objective status.", @@ -1771,16 +1763,24 @@ { "state" : { "title" : "Objective Status State", "description" : "An indication as to whether the objective is satisfied or not.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "satisfied", - "not-satisfied" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "satisfied", + "not-satisfied" ] } ] }, "reason" : { "title" : "Objective Status Reason", "description" : "The reason the objective was given it's status.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "pass", + "fail", + "other" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1804,8 +1804,7 @@ { "uuid" : { "title" : "Observation Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Observation Title", "description" : "The title for this observation.", @@ -1830,16 +1829,31 @@ "items" : { "title" : "Observation Method", "description" : "Identifies how the observation was made.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "EXAMINE", + "INTERVIEW", + "TEST", + "UNKNOWN" ] } ] } }, "types" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Observation Type", "description" : "Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "ssp-statement-issue", + "control-objective", + "mitigation", + "finding", + "historic" ] } ] } }, "origins" : { "type" : "array", "minItems" : 1, @@ -1861,8 +1875,7 @@ { "href" : { "title" : "Relevant Evidence Reference", "description" : "A resolvable URL reference to relevant evidence.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "description" : { "title" : "Relevant Evidence Description", "description" : "A human-readable description of this evidence.", @@ -1885,15 +1898,11 @@ "collected" : { "title" : "Collected Field", "description" : "Date/time stamp identifying when the finding information was collected.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "expires" : { "title" : "Expires Field", "description" : "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1930,22 +1939,22 @@ { "type" : { "title" : "Actor Type", "description" : "The kind of actor.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "tool", - "assessment-platform", - "party" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "tool", + "assessment-platform", + "party" ] } ] }, "actor-uuid" : { "title" : "Actor Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to the tool or person based on the associated type.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "role-id" : { "title" : "Actor Role", "description" : "For a party, this can optionally be used to specify the role the actor was performing.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1969,8 +1978,7 @@ { "task-uuid" : { "title" : "Task Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique task.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1999,8 +2007,7 @@ { "subject-placeholder-uuid" : { "title" : "Assessment Subject Placeholder Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "subjects" : { "type" : "array", "minItems" : 1, @@ -2024,16 +2031,19 @@ { "system" : { "title" : "Threat Type Identification System", "description" : "Specifies the source of the threat information.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal" ] } ] }, "href" : { "title" : "Threat Information Resource Reference", "description" : "An optional location for the threat data, from which this ID originates.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/URIDatatype" } }, "required" : [ "id", "system" ], @@ -2047,8 +2057,7 @@ { "uuid" : { "title" : "Risk Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Risk Title", "description" : "The title for this risk.", @@ -2099,13 +2108,11 @@ { "uuid" : { "title" : "Mitigating Factor Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "implementation-uuid" : { "title" : "Implementation UUID", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Mitigating Factor Description", "description" : "A human-readable description of this mitigating factor.", @@ -2132,9 +2139,7 @@ "deadline" : { "title" : "Risk Resolution Deadline", "description" : "The date/time by which the risk must be resolved.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "remediations" : { "type" : "array", "minItems" : 1, @@ -2156,8 +2161,7 @@ { "uuid" : { "title" : "Risk Log Entry Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Title", "description" : "The title for this risk log entry.", @@ -2169,15 +2173,11 @@ "start" : { "title" : "Start", "description" : "Identifies the start date and time of the event.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "end" : { "title" : "End", "description" : "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2206,8 +2206,7 @@ { "response-uuid" : { "title" : "Response Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique risk response.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2248,8 +2247,7 @@ { "observation-uuid" : { "title" : "Observation Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "observation-uuid" ], "additionalProperties" : false } } }, @@ -2269,13 +2267,11 @@ { "party-uuid" : { "title" : "Party UUID Reference", "description" : "A machine-oriented identifier reference to the party who is making the log entry.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "role-id" : { "title" : "Actor Role", "description" : "A point to the role-id of the role in which the party is making the log entry.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "$ref" : "#/definitions/TokenDatatype" } }, "required" : [ "party-uuid" ], "additionalProperties" : false }, @@ -2283,8 +2279,17 @@ { "title" : "Risk Status", "description" : "Describes the status of the associated risk.", "$id" : "#field_oscal-assessment-common_risk-status", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "open", + "investigating", + "remediating", + "deviation-requested", + "deviation-approved", + "closed" ] } ] }, "oscal-ar-oscal-assessment-common:characterization" : { "title" : "Characterization", "description" : "A collection of descriptive data about the containing object from a specific origin.", @@ -2314,19 +2319,27 @@ { "name" : { "title" : "Facet Name", "description" : "The name of the risk metric within the specified system.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "system" : { "title" : "Naming System", "description" : "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal/unknown", + "http://cve.mitre.org", + "http://www.first.org/cvss/v2.0", + "http://www.first.org/cvss/v3.0", + "http://www.first.org/cvss/v3.1" ] } ] }, "value" : { "title" : "Facet Value", "description" : "Indicates the value of the facet.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2357,13 +2370,18 @@ { "uuid" : { "title" : "Remediation Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "lifecycle" : { "title" : "Remediation Intent", "description" : "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "recommendation", + "planned", + "completed" ] } ] }, "title" : { "title" : "Response Title", "description" : "The title for this response activity.", @@ -2398,8 +2416,7 @@ { "uuid" : { "title" : "Required Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "subjects" : { "type" : "array", "minItems" : 1, @@ -2451,24 +2468,26 @@ { "uuid" : { "title" : "Part Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "name" : { "title" : "Part Name", "description" : "A textual label that uniquely identifies the part's semantic type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "asset", + "method", + "objective" ] } ] }, "ns" : { "title" : "Part Namespace", "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", "description" : "A name given to the part, which may be used by a tool for display and navigation.", @@ -2504,24 +2523,19 @@ { "id" : { "title" : "Part Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", "description" : "A textual label that uniquely identifies the part's semantic type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", "description" : "A name given to the part, which may be used by a tool for display and navigation.", @@ -2557,18 +2571,15 @@ { "id" : { "title" : "Parameter Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", "description" : "A textual label that provides a characterization of the parameter.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2630,8 +2641,7 @@ { "expression" : { "title" : "Constraint test", "description" : "A formal (executable) expression of a constraint", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -2655,8 +2665,7 @@ { "title" : "Parameter Value", "description" : "A parameter value or set of values.", "$id" : "#field_oscal-catalog-common_parameter-value", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ar-oscal-catalog-common:parameter-selection" : { "title" : "Selection", "description" : "Presenting a choice among alternatives", @@ -2666,11 +2675,13 @@ { "how-many" : { "title" : "Parameter Cardinality", "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "one", - "one-or-more" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, "choice" : { "type" : "array", "minItems" : 1, @@ -2694,13 +2705,29 @@ { "uuid" : { "title" : "Component Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Component Type", "description" : "A category describing the purpose of the component.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "this-system", + "system", + "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation", + "network" ] } ] }, "title" : { "title" : "Component Title", "description" : "A human readable name for the system component.", @@ -2731,13 +2758,15 @@ { "state" : { "title" : "State", "description" : "The operational status.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "under-development", - "operational", - "disposition", - "other" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "under-development", + "operational", + "disposition", + "other" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -2771,13 +2800,11 @@ { "uuid" : { "title" : "Service Protocol Information Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "name" : { "title" : "Protocol Name", "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "title" : { "title" : "Protocol Title", "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", @@ -2799,23 +2826,21 @@ { "start" : { "title" : "Start", "description" : "Indicates the starting port number in a port range", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 0 }, + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, "end" : { "title" : "End", "description" : "Indicates the ending port number in a port range", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 0 }, + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, "transport" : { "title" : "Transport", "description" : "Indicates the transport type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "TCP", - "UDP" ] } }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "TCP", + "UDP" ] } ] } }, "additionalProperties" : false }, "oscal-ar-oscal-implementation-common:implementation-status" : { "title" : "Implementation Status", @@ -2826,8 +2851,16 @@ { "state" : { "title" : "Implementation State", "description" : "Identifies the implementation status of the control or control objective.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "implemented", + "partial", + "planned", + "alternative", + "not-applicable" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -2842,8 +2875,7 @@ { "uuid" : { "title" : "User Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "User Title", "description" : "A name given to the user, which may be used by a tool for display and navigation.", @@ -2851,8 +2883,7 @@ "short-name" : { "title" : "User Short Name", "description" : "A short common name, abbreviation, or acronym for the user.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "User Description", "description" : "A summary of the user's purpose within the system.", @@ -2909,8 +2940,7 @@ { "title" : "Functions Performed", "description" : "Describes a function performed for a given authorized privilege by this user class.", "$id" : "#field_oscal-implementation-common_function-performed", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ar-oscal-implementation-common:inventory-item" : { "title" : "Inventory Item", "description" : "A single managed inventory item within the system.", @@ -2920,8 +2950,7 @@ { "uuid" : { "title" : "Inventory Item Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Inventory Item Description", "description" : "A summary of the inventory item stating its purpose within the system.", @@ -2952,8 +2981,7 @@ { "component-uuid" : { "title" : "Component Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2989,16 +3017,14 @@ { "param-id" : { "title" : "Parameter ID", "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "values" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Parameter Value", "description" : "A parameter value or set of values.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -3014,14 +3040,69 @@ { "identifier-type" : { "title" : "Identification System Type", "description" : "Identifies the identification system from which the provided identifier was assigned.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "https://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "https://ietf.org/rfc/rfc4122", + "http://ietf.org/rfc/rfc4122" ] } ] }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "id" ], - "additionalProperties" : false } }, + "additionalProperties" : false }, + "Base64Datatype" : + { "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "DateTimeWithTimezoneDatatype" : + { "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]*[1-9])?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "IntegerDatatype" : + { "type" : "integer" }, + "NonNegativeIntegerDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 0 } ] }, + "PositiveIntegerDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 1 } ] }, + "StringDatatype" : + { "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "type" : "string", + "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, "properties" : { "assessment-results" : { "$ref" : "#assembly_oscal-ar_assessment-results" } }, diff --git a/json/schema/oscal_catalog_schema.json b/json/schema/oscal_catalog_schema.json index d8f414547a..c7606a4106 100644 --- a/json/schema/oscal_catalog_schema.json +++ b/json/schema/oscal_catalog_schema.json @@ -13,8 +13,7 @@ { "uuid" : { "title" : "Catalog Universally Unique Identifier", "description" : "A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, "params" : @@ -47,13 +46,11 @@ { "id" : { "title" : "Group Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Group Class", "description" : "A textual label that provides a sub-type or characterization of the group.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Group Title", "description" : "A name given to the group, which may be used by a tool for display and navigation.", @@ -100,13 +97,11 @@ { "id" : { "title" : "Control Identifier", "description" : "A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Control Class", "description" : "A textual label that provides a sub-type or characterization of the control.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Control Title", "description" : "A name given to the control, which may be used by a tool for display and navigation.", @@ -149,24 +144,19 @@ { "id" : { "title" : "Part Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", "description" : "A textual label that uniquely identifies the part's semantic type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", "description" : "A name given to the part, which may be used by a tool for display and navigation.", @@ -202,18 +192,15 @@ { "id" : { "title" : "Parameter Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", "description" : "A textual label that provides a characterization of the parameter.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -275,8 +262,7 @@ { "expression" : { "title" : "Constraint test", "description" : "A formal (executable) expression of a constraint", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -300,8 +286,7 @@ { "title" : "Parameter Value", "description" : "A parameter value or set of values.", "$id" : "#field_oscal-catalog-common_parameter-value", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-catalog-oscal-catalog-common:parameter-selection" : { "title" : "Selection", "description" : "Presenting a choice among alternatives", @@ -311,11 +296,13 @@ { "how-many" : { "title" : "Parameter Cardinality", "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "one", - "one-or-more" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, "choice" : { "type" : "array", "minItems" : 1, @@ -438,8 +425,7 @@ { "uuid" : { "title" : "Location Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Location Title", "description" : "A name given to the location, which may be used by a tool for display and navigation.", @@ -462,9 +448,7 @@ "items" : { "title" : "Location URL", "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" } }, + "$ref" : "#/definitions/URIDatatype" } }, "props" : { "type" : "array", "minItems" : 1, @@ -485,8 +469,7 @@ { "title" : "Location Reference", "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_location-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-catalog-oscal-metadata:party" : { "title" : "Party (organization or person)", "description" : "A responsible entity which is either a person or an organization.", @@ -496,26 +479,25 @@ { "uuid" : { "title" : "Party Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Party Type", "description" : "A category describing the kind of party the object describes.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "person", - "organization" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, "name" : { "title" : "Party Name", "description" : "The full name of the party. This is typically the legal name associated with the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "short-name" : { "title" : "Party Short Name", "description" : "A short common name, abbreviation, or acronym for the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "external-ids" : { "type" : "array", "minItems" : 1, @@ -527,11 +509,14 @@ { "scheme" : { "title" : "External Identifier Schema", "description" : "Indicates the type of external identifier.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "id", "scheme" ], @@ -572,8 +557,7 @@ "items" : { "title" : "Organizational Affiliation", "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -584,8 +568,7 @@ { "title" : "Party Reference", "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_party-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-catalog-oscal-metadata:role" : { "title" : "Role", "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", @@ -595,8 +578,7 @@ { "id" : { "title" : "Role Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Role Title", "description" : "A name given to the role, which may be used by a tool for display and navigation.", @@ -604,8 +586,7 @@ "short-name" : { "title" : "Role Short Name", "description" : "A short common name, abbreviation, or acronym for the role.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "Role Description", "description" : "A summary of the role's purpose and associated responsibilities.", @@ -630,8 +611,7 @@ { "title" : "Role Identifier Reference", "description" : "A human-oriented identifier reference to roles served by the user.", "$id" : "#field_oscal-metadata_role-id", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "oscal-catalog-oscal-metadata:back-matter" : { "title" : "Back matter", "description" : "A collection of resources, which may be included directly or by reference.", @@ -649,8 +629,7 @@ { "uuid" : { "title" : "Resource Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", "description" : "A name given to the resource, which may be used by a tool for display and navigation.", @@ -702,13 +681,11 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URI reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", "minItems" : 1, @@ -725,15 +702,13 @@ { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/Base64Datatype" } }, "required" : [ "value" ], "additionalProperties" : false }, @@ -752,29 +727,28 @@ { "name" : { "title" : "Property Name", "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "value" : { "title" : "Property Value", "description" : "Indicates the value of the attribute, characteristic, or quality.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -790,18 +764,20 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URL reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : { "title" : "Relation", "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", @@ -818,8 +794,7 @@ { "role-id" : { "title" : "Responsible Role", "description" : "A human-oriented identifier reference to roles served by the user.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", "minItems" : 1, @@ -850,8 +825,7 @@ { "role-id" : { "title" : "Responsible Role ID", "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -881,10 +855,21 @@ { "algorithm" : { "title" : "Hash algorithm", "description" : "Method by which a hash is derived", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "value", "algorithm" ], @@ -898,35 +883,27 @@ { "title" : "Publication Timestamp", "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_published", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-catalog-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_last-modified", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-catalog-oscal-metadata:version" : { "title" : "Document Version", "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", "$id" : "#field_oscal-metadata_version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-catalog-oscal-metadata:oscal-version" : { "title" : "OSCAL version", "description" : "The OSCAL model version the document was authored against.", "$id" : "#field_oscal-metadata_oscal-version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-catalog-oscal-metadata:email-address" : { "title" : "Email Address", "description" : "An email address as defined by RFC 5322 Section 3.4.1.", "$id" : "#field_oscal-metadata_email-address", - "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" }, + "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-catalog-oscal-metadata:telephone-number" : { "title" : "Telephone Number", "description" : "Contact number by telephone.", @@ -936,10 +913,16 @@ { "type" : { "title" : "type flag", "description" : "Indicates the type of phone number.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, "number" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "number" ], "additionalProperties" : false }, @@ -952,8 +935,13 @@ { "type" : { "title" : "Address Type", "description" : "Indicates the type of address.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, "addr-lines" : { "type" : "array", "minItems" : 1, @@ -962,30 +950,25 @@ "city" : { "title" : "City", "description" : "City, town or geographical region for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", "description" : "State, province or analogous geographical region for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", "description" : "Postal or ZIP code for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "additionalProperties" : false }, "oscal-catalog-oscal-metadata:addr-line" : { "title" : "Address line", "description" : "A single line of an address.", "$id" : "#field_oscal-metadata_addr-line", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-catalog-oscal-metadata:document-id" : { "title" : "Document Identifier", "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", @@ -995,14 +978,50 @@ { "scheme" : { "title" : "Document Identification Scheme", "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, "identifier" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "identifier" ], - "additionalProperties" : false } }, + "additionalProperties" : false }, + "Base64Datatype" : + { "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "DateTimeWithTimezoneDatatype" : + { "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]*[1-9])?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "StringDatatype" : + { "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "type" : "string", + "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, "properties" : { "catalog" : { "$ref" : "#assembly_oscal-catalog_catalog" } }, diff --git a/json/schema/oscal_complete_schema.json b/json/schema/oscal_complete_schema.json index a5f15493cb..4f95966b75 100644 --- a/json/schema/oscal_complete_schema.json +++ b/json/schema/oscal_complete_schema.json @@ -13,8 +13,7 @@ { "uuid" : { "title" : "Catalog Universally Unique Identifier", "description" : "A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, "params" : @@ -47,13 +46,11 @@ { "id" : { "title" : "Group Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Group Class", "description" : "A textual label that provides a sub-type or characterization of the group.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Group Title", "description" : "A name given to the group, which may be used by a tool for display and navigation.", @@ -100,13 +97,11 @@ { "id" : { "title" : "Control Identifier", "description" : "A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Control Class", "description" : "A textual label that provides a sub-type or characterization of the control.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Control Title", "description" : "A name given to the control, which may be used by a tool for display and navigation.", @@ -149,24 +144,19 @@ { "id" : { "title" : "Part Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", "description" : "A textual label that uniquely identifies the part's semantic type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", "description" : "A name given to the part, which may be used by a tool for display and navigation.", @@ -202,18 +192,15 @@ { "id" : { "title" : "Parameter Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", "description" : "A textual label that provides a characterization of the parameter.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -275,8 +262,7 @@ { "expression" : { "title" : "Constraint test", "description" : "A formal (executable) expression of a constraint", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -300,8 +286,7 @@ { "title" : "Parameter Value", "description" : "A parameter value or set of values.", "$id" : "#field_oscal-catalog-common_parameter-value", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-complete-oscal-catalog-common:parameter-selection" : { "title" : "Selection", "description" : "Presenting a choice among alternatives", @@ -311,11 +296,13 @@ { "how-many" : { "title" : "Parameter Cardinality", "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "one", - "one-or-more" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, "choice" : { "type" : "array", "minItems" : 1, @@ -438,8 +425,7 @@ { "uuid" : { "title" : "Location Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Location Title", "description" : "A name given to the location, which may be used by a tool for display and navigation.", @@ -462,9 +448,7 @@ "items" : { "title" : "Location URL", "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" } }, + "$ref" : "#/definitions/URIDatatype" } }, "props" : { "type" : "array", "minItems" : 1, @@ -485,8 +469,7 @@ { "title" : "Location Reference", "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_location-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-complete-oscal-metadata:party" : { "title" : "Party (organization or person)", "description" : "A responsible entity which is either a person or an organization.", @@ -496,26 +479,25 @@ { "uuid" : { "title" : "Party Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Party Type", "description" : "A category describing the kind of party the object describes.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "person", - "organization" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, "name" : { "title" : "Party Name", "description" : "The full name of the party. This is typically the legal name associated with the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "short-name" : { "title" : "Party Short Name", "description" : "A short common name, abbreviation, or acronym for the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "external-ids" : { "type" : "array", "minItems" : 1, @@ -527,11 +509,14 @@ { "scheme" : { "title" : "External Identifier Schema", "description" : "Indicates the type of external identifier.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "id", "scheme" ], @@ -572,8 +557,7 @@ "items" : { "title" : "Organizational Affiliation", "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -584,8 +568,7 @@ { "title" : "Party Reference", "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_party-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-complete-oscal-metadata:role" : { "title" : "Role", "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", @@ -595,8 +578,7 @@ { "id" : { "title" : "Role Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Role Title", "description" : "A name given to the role, which may be used by a tool for display and navigation.", @@ -604,8 +586,7 @@ "short-name" : { "title" : "Role Short Name", "description" : "A short common name, abbreviation, or acronym for the role.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "Role Description", "description" : "A summary of the role's purpose and associated responsibilities.", @@ -630,8 +611,7 @@ { "title" : "Role Identifier Reference", "description" : "A human-oriented identifier reference to roles served by the user.", "$id" : "#field_oscal-metadata_role-id", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "oscal-complete-oscal-metadata:back-matter" : { "title" : "Back matter", "description" : "A collection of resources, which may be included directly or by reference.", @@ -649,8 +629,7 @@ { "uuid" : { "title" : "Resource Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", "description" : "A name given to the resource, which may be used by a tool for display and navigation.", @@ -702,13 +681,11 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URI reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", "minItems" : 1, @@ -725,15 +702,13 @@ { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/Base64Datatype" } }, "required" : [ "value" ], "additionalProperties" : false }, @@ -752,29 +727,28 @@ { "name" : { "title" : "Property Name", "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "value" : { "title" : "Property Value", "description" : "Indicates the value of the attribute, characteristic, or quality.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -790,18 +764,20 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URL reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : { "title" : "Relation", "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", @@ -818,8 +794,7 @@ { "role-id" : { "title" : "Responsible Role", "description" : "A human-oriented identifier reference to roles served by the user.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", "minItems" : 1, @@ -850,8 +825,7 @@ { "role-id" : { "title" : "Responsible Role ID", "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -881,10 +855,21 @@ { "algorithm" : { "title" : "Hash algorithm", "description" : "Method by which a hash is derived", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "value", "algorithm" ], @@ -898,35 +883,27 @@ { "title" : "Publication Timestamp", "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_published", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-complete-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_last-modified", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-complete-oscal-metadata:version" : { "title" : "Document Version", "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", "$id" : "#field_oscal-metadata_version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-complete-oscal-metadata:oscal-version" : { "title" : "OSCAL version", "description" : "The OSCAL model version the document was authored against.", "$id" : "#field_oscal-metadata_oscal-version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-complete-oscal-metadata:email-address" : { "title" : "Email Address", "description" : "An email address as defined by RFC 5322 Section 3.4.1.", "$id" : "#field_oscal-metadata_email-address", - "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" }, + "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-complete-oscal-metadata:telephone-number" : { "title" : "Telephone Number", "description" : "Contact number by telephone.", @@ -936,10 +913,16 @@ { "type" : { "title" : "type flag", "description" : "Indicates the type of phone number.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, "number" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "number" ], "additionalProperties" : false }, @@ -952,8 +935,13 @@ { "type" : { "title" : "Address Type", "description" : "Indicates the type of address.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, "addr-lines" : { "type" : "array", "minItems" : 1, @@ -962,30 +950,25 @@ "city" : { "title" : "City", "description" : "City, town or geographical region for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", "description" : "State, province or analogous geographical region for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", "description" : "Postal or ZIP code for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "additionalProperties" : false }, "oscal-complete-oscal-metadata:addr-line" : { "title" : "Address line", "description" : "A single line of an address.", "$id" : "#field_oscal-metadata_addr-line", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-complete-oscal-metadata:document-id" : { "title" : "Document Identifier", "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", @@ -995,11 +978,14 @@ { "scheme" : { "title" : "Document Identification Scheme", "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, "identifier" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "identifier" ], "additionalProperties" : false }, @@ -1012,8 +998,7 @@ { "uuid" : { "title" : "Profile Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, "imports" : @@ -1041,8 +1026,7 @@ { "href" : { "title" : "Catalog or Profile Reference", "description" : "A resolvable URL reference to the base catalog or profile that this profile is tailoring.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "include-all" : { "$ref" : "#assembly_oscal-catalog-common_include-all" }, "include-controls" : @@ -1072,12 +1056,14 @@ { "method" : { "title" : "Combination method", "description" : "How clashing controls should be handled", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "use-first", - "merge", - "keep" ] } }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "use-first", + "merge", + "keep" ] } ] } }, "additionalProperties" : false }, "flat" : { "title" : "Flat", @@ -1087,7 +1073,7 @@ "as-is" : { "title" : "As-Is Structuring Directive", "description" : "An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes.", - "type" : "boolean" }, + "$ref" : "#/definitions/BooleanDatatype" }, "custom" : { "title" : "Custom grouping", "description" : "A Custom element frames a structure for embedding represented controls in resolution.", @@ -1114,13 +1100,11 @@ { "id" : { "title" : "Group Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Group Class", "description" : "A textual label that provides a sub-type or characterization of the group.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Group Title", "description" : "A name given to the group, which may be used by a tool for display and navigation.", @@ -1175,18 +1159,15 @@ { "param-id" : { "title" : "Parameter ID", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", "description" : "A textual label that provides a characterization of the parameter.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1240,12 +1221,14 @@ { "order" : { "title" : "Order", "description" : "A designation of how a selection of controls in a profile is to be ordered.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "keep", - "ascending", - "descending" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "keep", + "ascending", + "descending" ] } ] }, "include-all" : { "$ref" : "#assembly_oscal-catalog-common_include-all" }, "include-controls" : @@ -1268,19 +1251,20 @@ { "with-child-controls" : { "title" : "Include contained controls with control", "description" : "When a control is included, whether its child (dependent) controls are also included.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "yes", - "no" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "yes", + "no" ] } ] }, "with-ids" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Match Controls by Identifier", "description" : "", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "$ref" : "#/definitions/TokenDatatype" } }, "matching" : { "type" : "array", "minItems" : 1, @@ -1292,8 +1276,7 @@ { "pattern" : { "title" : "Pattern", "description" : "A glob expression matching the IDs of one or more controls to be selected.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "additionalProperties" : false } } }, "additionalProperties" : false }, "oscal-complete-oscal-profile:alter" : @@ -1305,8 +1288,7 @@ { "control-id" : { "title" : "Control Identifier Reference", "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "removes" : { "type" : "array", "minItems" : 1, @@ -1329,28 +1311,23 @@ { "by-name" : { "title" : "Reference by (assigned) name", "description" : "Identify items to remove by matching their assigned name", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "by-class" : { "title" : "Reference by class", "description" : "Identify items to remove by matching their class.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "by-id" : { "title" : "Reference by ID", "description" : "Identify items to remove indicated by their id.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "by-item-name" : { "title" : "Item Name Reference", "description" : "Identify items to remove by the name of the item's information element name, e.g. title or prop", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "by-ns" : { "title" : "Item Namespace Reference", "description" : "Identify items to remove by the item's ns, which is the namespace associated with a part, or prop.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "$ref" : "#/definitions/TokenDatatype" } }, "additionalProperties" : false }, "oscal-complete-oscal-profile:add" : { "title" : "Addition", @@ -1361,18 +1338,19 @@ { "position" : { "title" : "Position", "description" : "Where to add the new content with respect to the targeted element (beside it or inside it)", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "before", - "after", - "starting", - "ending" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "before", + "after", + "starting", + "ending" ] } ] }, "by-id" : { "title" : "Reference by ID", "description" : "Target location of the addition.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Title Change", "description" : "A name given to the control, which may be used by a tool for display and navigation.", @@ -1407,8 +1385,7 @@ { "uuid" : { "title" : "Component Definition Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, "import-component-definitions" : @@ -1441,8 +1418,7 @@ { "href" : { "title" : "Hyperlink Reference", "description" : "A link to a resource that defines a set of components and/or capabilities to import into this collection.", - "type" : "string", - "format" : "uri-reference" } }, + "$ref" : "#/definitions/URIReferenceDatatype" } }, "required" : [ "href" ], "additionalProperties" : false }, @@ -1455,13 +1431,26 @@ { "uuid" : { "title" : "Component Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Component Type", "description" : "A category describing the purpose of the component.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation" ] } ] }, "title" : { "title" : "Component Title", "description" : "A human readable name for the component.", @@ -1516,13 +1505,11 @@ { "uuid" : { "title" : "Capability Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "name" : { "title" : "Capability Name", "description" : "The capability's human-readable name.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "Capability Description", "description" : "A summary of the capability.", @@ -1563,8 +1550,7 @@ { "component-uuid" : { "title" : "Component Reference", "description" : "A machine-oriented identifier reference to a component.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Component Description", "description" : "A description of the component, including information about its function.", @@ -1582,13 +1568,11 @@ { "uuid" : { "title" : "Control Implementation Set Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "source" : { "title" : "Source Resource Reference", "description" : "A reference to an OSCAL catalog or profile providing the referenced control or subcontrol definition.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "description" : { "title" : "Control Implementation Description", "description" : "A description of how the specified set of controls are implemented for the containing component or capability.", @@ -1628,13 +1612,11 @@ { "uuid" : { "title" : "Control Implementation Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "control-id" : { "title" : "Control Identifier Reference", "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "description" : { "title" : "Control Implementation Description", "description" : "A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan.", @@ -1680,13 +1662,11 @@ { "statement-id" : { "title" : "Control Statement Reference", "description" : "A human-oriented identifier reference to a control statement.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "uuid" : { "title" : "Control Statement Reference Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Statement Implementation Description", "description" : "A summary of how the containing control statement is implemented by the component or capability.", @@ -1722,13 +1702,29 @@ { "uuid" : { "title" : "Component Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Component Type", "description" : "A category describing the purpose of the component.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "this-system", + "system", + "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation", + "network" ] } ] }, "title" : { "title" : "Component Title", "description" : "A human readable name for the system component.", @@ -1759,13 +1755,15 @@ { "state" : { "title" : "State", "description" : "The operational status.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "under-development", - "operational", - "disposition", - "other" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "under-development", + "operational", + "disposition", + "other" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1799,13 +1797,11 @@ { "uuid" : { "title" : "Service Protocol Information Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "name" : { "title" : "Protocol Name", "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "title" : { "title" : "Protocol Title", "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", @@ -1827,23 +1823,21 @@ { "start" : { "title" : "Start", "description" : "Indicates the starting port number in a port range", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 0 }, + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, "end" : { "title" : "End", "description" : "Indicates the ending port number in a port range", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 0 }, + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, "transport" : { "title" : "Transport", "description" : "Indicates the transport type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "TCP", - "UDP" ] } }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "TCP", + "UDP" ] } ] } }, "additionalProperties" : false }, "oscal-complete-oscal-implementation-common:implementation-status" : { "title" : "Implementation Status", @@ -1854,8 +1848,16 @@ { "state" : { "title" : "Implementation State", "description" : "Identifies the implementation status of the control or control objective.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "implemented", + "partial", + "planned", + "alternative", + "not-applicable" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1870,8 +1872,7 @@ { "uuid" : { "title" : "User Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "User Title", "description" : "A name given to the user, which may be used by a tool for display and navigation.", @@ -1879,8 +1880,7 @@ "short-name" : { "title" : "User Short Name", "description" : "A short common name, abbreviation, or acronym for the user.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "User Description", "description" : "A summary of the user's purpose within the system.", @@ -1937,8 +1937,7 @@ { "title" : "Functions Performed", "description" : "Describes a function performed for a given authorized privilege by this user class.", "$id" : "#field_oscal-implementation-common_function-performed", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-complete-oscal-implementation-common:inventory-item" : { "title" : "Inventory Item", "description" : "A single managed inventory item within the system.", @@ -1948,8 +1947,7 @@ { "uuid" : { "title" : "Inventory Item Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Inventory Item Description", "description" : "A summary of the inventory item stating its purpose within the system.", @@ -1980,8 +1978,7 @@ { "component-uuid" : { "title" : "Component Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2017,16 +2014,14 @@ { "param-id" : { "title" : "Parameter ID", "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "values" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Parameter Value", "description" : "A parameter value or set of values.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -2042,11 +2037,17 @@ { "identifier-type" : { "title" : "Identification System Type", "description" : "Identifies the identification system from which the provided identifier was assigned.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "https://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "https://ietf.org/rfc/rfc4122", + "http://ietf.org/rfc/rfc4122" ] } ] }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "id" ], "additionalProperties" : false }, @@ -2059,8 +2060,7 @@ { "uuid" : { "title" : "System Security Plan Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, "import-profile" : @@ -2090,8 +2090,7 @@ { "href" : { "title" : "Profile Reference", "description" : "A resolvable URL reference to the profile or catalog to use as the system's control baseline.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -2111,13 +2110,11 @@ "system-name" : { "title" : "System Name - Full", "description" : "The full name of the system.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "system-name-short" : { "title" : "System Name - Short", "description" : "A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "System Description", "description" : "A summary of the system.", @@ -2137,8 +2134,7 @@ "security-sensitivity-level" : { "title" : "Security Sensitivity Level", "description" : "The overall information system sensitivity categorization, such as defined by FIPS-199.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "system-information" : { "$ref" : "#assembly_oscal-ssp_system-information" }, "security-impact-level" : @@ -2195,8 +2191,7 @@ { "uuid" : { "title" : "Information Type Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "title field", "description" : "A human readable name for the information type. This title should be meaningful within the context of the system.", @@ -2216,17 +2211,19 @@ { "system" : { "title" : "Information Type Identification System", "description" : "Specifies the information type identification system used.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://doi.org/10.6028/NIST.SP.800-60v2r1" ] } ] }, "information-type-ids" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Information Type Systematized Identifier", "description" : "A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } } }, + "$ref" : "#/definitions/StringDatatype" } } }, "required" : [ "system" ], "additionalProperties" : false } }, @@ -2326,14 +2323,12 @@ { "title" : "Base Level (Confidentiality, Integrity, or Availability)", "description" : "The prescribed base (Confidentiality, Integrity, or Availability) security impact level.", "$id" : "#field_oscal-ssp_base", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-complete-oscal-ssp:selected" : { "title" : "Selected Level (Confidentiality, Integrity, or Availability)", "description" : "The selected (Confidentiality, Integrity, or Availability) security impact level.", "$id" : "#field_oscal-ssp_selected", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-complete-oscal-ssp:adjustment-justification" : { "title" : "Adjustment Justification", "description" : "If the selected security level is different from the base security level, this contains the justification for the change.", @@ -2348,18 +2343,15 @@ { "security-objective-confidentiality" : { "title" : "Security Objective: Confidentiality", "description" : "A target-level of confidentiality for the system, based on the sensitivity of information within the system.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "security-objective-integrity" : { "title" : "Security Objective: Integrity", "description" : "A target-level of integrity for the system, based on the sensitivity of information within the system.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "security-objective-availability" : { "title" : "Security Objective: Availability", "description" : "A target-level of availability for the system, based on the sensitivity of information within the system.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "security-objective-confidentiality", "security-objective-integrity", @@ -2374,14 +2366,16 @@ { "state" : { "title" : "State", "description" : "The current operating status.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "operational", - "under-development", - "under-major-modification", - "disposition", - "other" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "operational", + "under-development", + "under-major-modification", + "disposition", + "other" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -2391,8 +2385,7 @@ { "title" : "System Authorization Date", "description" : "The date the system received its authorization.", "$id" : "#field_oscal-ssp_date-authorized", - "type" : "string", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))(Z|[+-][0-9]{2}:[0-9]{2})?$" }, + "$ref" : "#/definitions/DateDatatype" }, "oscal-complete-oscal-ssp:authorization-boundary" : { "title" : "Authorization Boundary", "description" : "A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.", @@ -2432,8 +2425,7 @@ { "uuid" : { "title" : "Diagram ID", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Diagram Description", "description" : "A summary of the diagram.", @@ -2544,8 +2536,7 @@ { "uuid" : { "title" : "Leveraged Authorization Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "title field", "description" : "A human readable name for the leveraged authorization in the context of the system.", @@ -2563,8 +2554,7 @@ "party-uuid" : { "title" : "party-uuid field", "description" : "A machine-oriented identifier reference to the party that manages the leveraged system.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "date-authorized" : { "$ref" : "#field_oscal-ssp_date-authorized" }, "remarks" : @@ -2629,13 +2619,11 @@ { "uuid" : { "title" : "Control Requirement Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "control-id" : { "title" : "Control Identifier Reference", "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2681,13 +2669,11 @@ { "statement-id" : { "title" : "Control Statement Reference", "description" : "A human-oriented identifier reference to a control statement.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "uuid" : { "title" : "Control Statement Reference Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2723,13 +2709,11 @@ { "component-uuid" : { "title" : "Component Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to the component that is implemeting a given control.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "uuid" : { "title" : "By-Component Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Control Implementation Description", "description" : "An implementation statement that describes how a control or a control statement is implemented within the referenced system component.", @@ -2781,8 +2765,7 @@ { "uuid" : { "title" : "Provided Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Provided Control Implementation Description", "description" : "An implementation statement that describes the aspects of the control or control statement implementation that can be provided to another system leveraging this system.", @@ -2819,13 +2802,11 @@ { "uuid" : { "title" : "Responsibility Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "provided-uuid" : { "title" : "Provided UUID", "description" : "A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Control Implementation Responsibility Description", "description" : "An implementation statement that describes the aspects of the control or control statement implementation that a leveraging system must implement to satisfy the control provided by a leveraged system.", @@ -2865,13 +2846,11 @@ { "uuid" : { "title" : "Inherited Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "provided-uuid" : { "title" : "Provided UUID", "description" : "A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Inherited Control Implementation Description", "description" : "An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is inheriting from a leveraged system.", @@ -2906,13 +2885,11 @@ { "uuid" : { "title" : "Satisfied Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "responsibility-uuid" : { "title" : "Responsibility UUID", "description" : "A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Satisfied Control Implementation Responsibility Description", "description" : "An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is implementing based on a requirement from a leveraged system.", @@ -2959,8 +2936,7 @@ { "uuid" : { "title" : "Assessment Plan Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, "import-ssp" : @@ -3040,8 +3016,7 @@ { "href" : { "title" : "System Security Plan Reference", "description" : "A resolvable URL reference to the system security plan for the system being assessed.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -3056,8 +3031,7 @@ { "control-id" : { "title" : "Control Identifier Reference", "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "description" : { "title" : "Objective Description", "description" : "A human-readable description of this control objective.", @@ -3092,8 +3066,7 @@ { "uuid" : { "title" : "Assessment Method Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Assessment Method Description", "description" : "A human-readable description of this assessment method.", @@ -3125,8 +3098,7 @@ { "uuid" : { "title" : "Assessment Activity Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Included Activity Title", "description" : "The title for this included activity.", @@ -3156,8 +3128,7 @@ { "uuid" : { "title" : "Step Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Step Title", "description" : "The title for this step.", @@ -3211,13 +3182,17 @@ { "uuid" : { "title" : "Task Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Task Type", "description" : "The type of task.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "milestone", + "action" ] } ] }, "title" : { "title" : "Task Title", "description" : "The title for this task.", @@ -3249,9 +3224,7 @@ { "date" : { "title" : "On Date Condition", "description" : "The task must occur on the specified date.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" } }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : [ "date" ], "additionalProperties" : false }, @@ -3263,15 +3236,11 @@ { "start" : { "title" : "Start Date Condition", "description" : "The task must occur on or after the specified date.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "end" : { "title" : "End Date Condition", "description" : "The task must occur on or before the specified date.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" } }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : [ "start", "end" ], @@ -3284,21 +3253,21 @@ { "period" : { "title" : "Period", "description" : "The task must occur after the specified period has elapsed.", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 1 }, + "$ref" : "#/definitions/PositiveIntegerDatatype" }, "unit" : { "title" : "Time Unit", "description" : "The unit of time for the period.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "seconds", - "minutes", - "hours", - "days", - "months", - "years" ] } }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "seconds", + "minutes", + "hours", + "days", + "months", + "years" ] } ] } }, "required" : [ "period", "unit" ], @@ -3315,8 +3284,7 @@ { "task-uuid" : { "title" : "Task Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique task.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -3338,8 +3306,7 @@ { "activity-uuid" : { "title" : "Activity Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to an activity defined in the list of activities.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -3491,16 +3458,14 @@ { "control-id" : { "title" : "Control Identifier Reference", "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "statement-ids" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Include Specific Statements", "description" : "Used to constrain the selection to only specificity identified statements.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } } }, + "$ref" : "#/definitions/TokenDatatype" } } }, "required" : [ "control-id" ], "additionalProperties" : false }, @@ -3513,8 +3478,7 @@ { "objective-id" : { "title" : "Objective ID", "description" : "Points to an assessment objective.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "$ref" : "#/definitions/TokenDatatype" } }, "required" : [ "objective-id" ], "additionalProperties" : false }, @@ -3527,8 +3491,7 @@ { "uuid" : { "title" : "Assessment Subject Placeholder Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Assessment Subject Placeholder Description", "description" : "A human-readable description of intent of this assessment subject placeholder.", @@ -3544,8 +3507,7 @@ { "task-uuid" : { "title" : "Task Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "task-uuid" ], "additionalProperties" : false } }, @@ -3574,8 +3536,16 @@ { "type" : { "title" : "Subject Type", "description" : "Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user" ] } ] }, "description" : { "title" : "Include Subjects Description", "description" : "A human-readable description of the collection of subjects being included in this assessment.", @@ -3616,13 +3586,21 @@ { "subject-uuid" : { "title" : "Subject Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Subject Universally Unique Identifier Reference Type", "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, "props" : { "type" : "array", "minItems" : 1, @@ -3648,13 +3626,21 @@ { "subject-uuid" : { "title" : "Subject Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Subject Universally Unique Identifier Reference Type", "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, "title" : { "title" : "Subject Reference Title", "description" : "The title or name for the referenced subject.", @@ -3697,8 +3683,7 @@ { "uuid" : { "title" : "Assessment Platform Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Assessment Platform Title", "description" : "The title or name for the assessment platform.", @@ -3724,8 +3709,7 @@ { "component-uuid" : { "title" : "Component Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -3763,16 +3747,17 @@ { "type" : { "title" : "Finding Target Type", "description" : "Identifies the type of the target.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "statement-id", - "objective-id" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "statement-id", + "objective-id" ] } ] }, "target-id" : { "title" : "Finding Target Identifier Reference", "description" : "A machine-oriented identifier reference for a specific target qualified by the type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Objective Status Title", "description" : "The title for this objective status.", @@ -3799,16 +3784,24 @@ { "state" : { "title" : "Objective Status State", "description" : "An indication as to whether the objective is satisfied or not.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "satisfied", - "not-satisfied" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "satisfied", + "not-satisfied" ] } ] }, "reason" : { "title" : "Objective Status Reason", "description" : "The reason the objective was given it's status.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "pass", + "fail", + "other" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -3832,8 +3825,7 @@ { "uuid" : { "title" : "Observation Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Observation Title", "description" : "The title for this observation.", @@ -3858,16 +3850,31 @@ "items" : { "title" : "Observation Method", "description" : "Identifies how the observation was made.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "EXAMINE", + "INTERVIEW", + "TEST", + "UNKNOWN" ] } ] } }, "types" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Observation Type", "description" : "Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "ssp-statement-issue", + "control-objective", + "mitigation", + "finding", + "historic" ] } ] } }, "origins" : { "type" : "array", "minItems" : 1, @@ -3889,8 +3896,7 @@ { "href" : { "title" : "Relevant Evidence Reference", "description" : "A resolvable URL reference to relevant evidence.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "description" : { "title" : "Relevant Evidence Description", "description" : "A human-readable description of this evidence.", @@ -3913,15 +3919,11 @@ "collected" : { "title" : "Collected Field", "description" : "Date/time stamp identifying when the finding information was collected.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "expires" : { "title" : "Expires Field", "description" : "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -3958,22 +3960,22 @@ { "type" : { "title" : "Actor Type", "description" : "The kind of actor.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "tool", - "assessment-platform", - "party" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "tool", + "assessment-platform", + "party" ] } ] }, "actor-uuid" : { "title" : "Actor Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to the tool or person based on the associated type.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "role-id" : { "title" : "Actor Role", "description" : "For a party, this can optionally be used to specify the role the actor was performing.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -3997,8 +3999,7 @@ { "task-uuid" : { "title" : "Task Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique task.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -4027,8 +4028,7 @@ { "subject-placeholder-uuid" : { "title" : "Assessment Subject Placeholder Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "subjects" : { "type" : "array", "minItems" : 1, @@ -4052,16 +4052,19 @@ { "system" : { "title" : "Threat Type Identification System", "description" : "Specifies the source of the threat information.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal" ] } ] }, "href" : { "title" : "Threat Information Resource Reference", "description" : "An optional location for the threat data, from which this ID originates.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/URIDatatype" } }, "required" : [ "id", "system" ], @@ -4075,8 +4078,7 @@ { "uuid" : { "title" : "Risk Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Risk Title", "description" : "The title for this risk.", @@ -4127,13 +4129,11 @@ { "uuid" : { "title" : "Mitigating Factor Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "implementation-uuid" : { "title" : "Implementation UUID", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Mitigating Factor Description", "description" : "A human-readable description of this mitigating factor.", @@ -4160,9 +4160,7 @@ "deadline" : { "title" : "Risk Resolution Deadline", "description" : "The date/time by which the risk must be resolved.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "remediations" : { "type" : "array", "minItems" : 1, @@ -4184,8 +4182,7 @@ { "uuid" : { "title" : "Risk Log Entry Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Title", "description" : "The title for this risk log entry.", @@ -4197,15 +4194,11 @@ "start" : { "title" : "Start", "description" : "Identifies the start date and time of the event.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "end" : { "title" : "End", "description" : "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -4234,8 +4227,7 @@ { "response-uuid" : { "title" : "Response Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique risk response.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -4276,8 +4268,7 @@ { "observation-uuid" : { "title" : "Observation Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "observation-uuid" ], "additionalProperties" : false } } }, @@ -4297,13 +4288,11 @@ { "party-uuid" : { "title" : "Party UUID Reference", "description" : "A machine-oriented identifier reference to the party who is making the log entry.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "role-id" : { "title" : "Actor Role", "description" : "A point to the role-id of the role in which the party is making the log entry.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "$ref" : "#/definitions/TokenDatatype" } }, "required" : [ "party-uuid" ], "additionalProperties" : false }, @@ -4311,8 +4300,17 @@ { "title" : "Risk Status", "description" : "Describes the status of the associated risk.", "$id" : "#field_oscal-assessment-common_risk-status", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "open", + "investigating", + "remediating", + "deviation-requested", + "deviation-approved", + "closed" ] } ] }, "oscal-complete-oscal-assessment-common:characterization" : { "title" : "Characterization", "description" : "A collection of descriptive data about the containing object from a specific origin.", @@ -4342,19 +4340,27 @@ { "name" : { "title" : "Facet Name", "description" : "The name of the risk metric within the specified system.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "system" : { "title" : "Naming System", "description" : "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal/unknown", + "http://cve.mitre.org", + "http://www.first.org/cvss/v2.0", + "http://www.first.org/cvss/v3.0", + "http://www.first.org/cvss/v3.1" ] } ] }, "value" : { "title" : "Facet Value", "description" : "Indicates the value of the facet.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -4385,13 +4391,18 @@ { "uuid" : { "title" : "Remediation Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "lifecycle" : { "title" : "Remediation Intent", "description" : "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "recommendation", + "planned", + "completed" ] } ] }, "title" : { "title" : "Response Title", "description" : "The title for this response activity.", @@ -4426,8 +4437,7 @@ { "uuid" : { "title" : "Required Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "subjects" : { "type" : "array", "minItems" : 1, @@ -4479,24 +4489,26 @@ { "uuid" : { "title" : "Part Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "name" : { "title" : "Part Name", "description" : "A textual label that uniquely identifies the part's semantic type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "asset", + "method", + "objective" ] } ] }, "ns" : { "title" : "Part Namespace", "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", "description" : "A name given to the part, which may be used by a tool for display and navigation.", @@ -4532,8 +4544,7 @@ { "uuid" : { "title" : "Assessment Results Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, "import-ap" : @@ -4578,8 +4589,7 @@ { "uuid" : { "title" : "Results Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Results Title", "description" : "The title for this set of results.", @@ -4591,15 +4601,11 @@ "start" : { "title" : "start field", "description" : "Date/time stamp identifying the start of the evidence collection reflected in these results.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "end" : { "title" : "end field", "description" : "Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -4677,8 +4683,7 @@ { "uuid" : { "title" : "Assessment Log Entry Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Action Title", "description" : "The title for this event.", @@ -4690,15 +4695,11 @@ "start" : { "title" : "Start", "description" : "Identifies the start date and time of an event.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "end" : { "title" : "End", "description" : "Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -4761,8 +4762,7 @@ { "uuid" : { "title" : "Finding Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Finding Title", "description" : "The title for this finding.", @@ -4791,8 +4791,7 @@ "implementation-statement-uuid" : { "title" : "Implementation Statement UUID", "description" : "A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "related-observations" : { "type" : "array", "minItems" : 1, @@ -4804,8 +4803,7 @@ { "observation-uuid" : { "title" : "Observation Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "observation-uuid" ], "additionalProperties" : false } }, @@ -4820,8 +4818,7 @@ { "risk-uuid" : { "title" : "Risk Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a risk defined in the list of risks.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "risk-uuid" ], "additionalProperties" : false } }, @@ -4842,8 +4839,7 @@ { "href" : { "title" : "Assessment Plan Reference", "description" : "A resolvable URL reference to the assessment plan governing the assessment activities.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -4858,8 +4854,7 @@ { "uuid" : { "title" : "POA&M Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, "import-ssp" : @@ -4918,8 +4913,7 @@ { "uuid" : { "title" : "POA&M Item Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "POA&M Item Title", "description" : "The title or name for this POA&M item .", @@ -4965,8 +4959,7 @@ { "observation-uuid" : { "title" : "Observation Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "observation-uuid" ], "additionalProperties" : false } }, @@ -4981,8 +4974,7 @@ { "risk-uuid" : { "title" : "Risk Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a risk defined in the list of risks.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "risk-uuid" ], "additionalProperties" : false } }, @@ -4991,7 +4983,61 @@ "required" : [ "title", "description" ], - "additionalProperties" : false } }, + "additionalProperties" : false }, + "Base64Datatype" : + { "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "BooleanDatatype" : + { "type" : "boolean" }, + "DateDatatype" : + { "type" : "string", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))(Z|[+-][0-9]{2}:[0-9]{2})?$" }, + "DateTimeWithTimezoneDatatype" : + { "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]*[1-9])?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "IntegerDatatype" : + { "type" : "integer" }, + "NonNegativeIntegerDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 0 } ] }, + "PositiveIntegerDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 1 } ] }, + "StringDatatype" : + { "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "type" : "string", + "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, "oneOf" : [ { "properties" : diff --git a/json/schema/oscal_component_schema.json b/json/schema/oscal_component_schema.json index 1b44be3eee..b445b9c2de 100644 --- a/json/schema/oscal_component_schema.json +++ b/json/schema/oscal_component_schema.json @@ -13,8 +13,7 @@ { "uuid" : { "title" : "Component Definition Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, "import-component-definitions" : @@ -47,8 +46,7 @@ { "href" : { "title" : "Hyperlink Reference", "description" : "A link to a resource that defines a set of components and/or capabilities to import into this collection.", - "type" : "string", - "format" : "uri-reference" } }, + "$ref" : "#/definitions/URIReferenceDatatype" } }, "required" : [ "href" ], "additionalProperties" : false }, @@ -61,13 +59,26 @@ { "uuid" : { "title" : "Component Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Component Type", "description" : "A category describing the purpose of the component.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation" ] } ] }, "title" : { "title" : "Component Title", "description" : "A human readable name for the component.", @@ -122,13 +133,11 @@ { "uuid" : { "title" : "Capability Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "name" : { "title" : "Capability Name", "description" : "The capability's human-readable name.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "Capability Description", "description" : "A summary of the capability.", @@ -169,8 +178,7 @@ { "component-uuid" : { "title" : "Component Reference", "description" : "A machine-oriented identifier reference to a component.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Component Description", "description" : "A description of the component, including information about its function.", @@ -188,13 +196,11 @@ { "uuid" : { "title" : "Control Implementation Set Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "source" : { "title" : "Source Resource Reference", "description" : "A reference to an OSCAL catalog or profile providing the referenced control or subcontrol definition.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "description" : { "title" : "Control Implementation Description", "description" : "A description of how the specified set of controls are implemented for the containing component or capability.", @@ -234,13 +240,11 @@ { "uuid" : { "title" : "Control Implementation Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "control-id" : { "title" : "Control Identifier Reference", "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "description" : { "title" : "Control Implementation Description", "description" : "A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan.", @@ -286,13 +290,11 @@ { "statement-id" : { "title" : "Control Statement Reference", "description" : "A human-oriented identifier reference to a control statement.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "uuid" : { "title" : "Control Statement Reference Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Statement Implementation Description", "description" : "A summary of how the containing control statement is implemented by the component or capability.", @@ -328,13 +330,29 @@ { "uuid" : { "title" : "Component Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Component Type", "description" : "A category describing the purpose of the component.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "this-system", + "system", + "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation", + "network" ] } ] }, "title" : { "title" : "Component Title", "description" : "A human readable name for the system component.", @@ -365,13 +383,15 @@ { "state" : { "title" : "State", "description" : "The operational status.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "under-development", - "operational", - "disposition", - "other" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "under-development", + "operational", + "disposition", + "other" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -405,13 +425,11 @@ { "uuid" : { "title" : "Service Protocol Information Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "name" : { "title" : "Protocol Name", "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "title" : { "title" : "Protocol Title", "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", @@ -433,23 +451,21 @@ { "start" : { "title" : "Start", "description" : "Indicates the starting port number in a port range", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 0 }, + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, "end" : { "title" : "End", "description" : "Indicates the ending port number in a port range", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 0 }, + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, "transport" : { "title" : "Transport", "description" : "Indicates the transport type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "TCP", - "UDP" ] } }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "TCP", + "UDP" ] } ] } }, "additionalProperties" : false }, "oscal-component-definition-oscal-implementation-common:implementation-status" : { "title" : "Implementation Status", @@ -460,8 +476,16 @@ { "state" : { "title" : "Implementation State", "description" : "Identifies the implementation status of the control or control objective.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "implemented", + "partial", + "planned", + "alternative", + "not-applicable" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -476,8 +500,7 @@ { "uuid" : { "title" : "User Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "User Title", "description" : "A name given to the user, which may be used by a tool for display and navigation.", @@ -485,8 +508,7 @@ "short-name" : { "title" : "User Short Name", "description" : "A short common name, abbreviation, or acronym for the user.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "User Description", "description" : "A summary of the user's purpose within the system.", @@ -543,8 +565,7 @@ { "title" : "Functions Performed", "description" : "Describes a function performed for a given authorized privilege by this user class.", "$id" : "#field_oscal-implementation-common_function-performed", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-component-definition-oscal-implementation-common:inventory-item" : { "title" : "Inventory Item", "description" : "A single managed inventory item within the system.", @@ -554,8 +575,7 @@ { "uuid" : { "title" : "Inventory Item Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Inventory Item Description", "description" : "A summary of the inventory item stating its purpose within the system.", @@ -586,8 +606,7 @@ { "component-uuid" : { "title" : "Component Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -623,16 +642,14 @@ { "param-id" : { "title" : "Parameter ID", "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "values" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Parameter Value", "description" : "A parameter value or set of values.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -648,11 +665,17 @@ { "identifier-type" : { "title" : "Identification System Type", "description" : "Identifies the identification system from which the provided identifier was assigned.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "https://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "https://ietf.org/rfc/rfc4122", + "http://ietf.org/rfc/rfc4122" ] } ] }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "id" ], "additionalProperties" : false }, @@ -764,8 +787,7 @@ { "uuid" : { "title" : "Location Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Location Title", "description" : "A name given to the location, which may be used by a tool for display and navigation.", @@ -788,9 +810,7 @@ "items" : { "title" : "Location URL", "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" } }, + "$ref" : "#/definitions/URIDatatype" } }, "props" : { "type" : "array", "minItems" : 1, @@ -811,8 +831,7 @@ { "title" : "Location Reference", "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_location-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-component-definition-oscal-metadata:party" : { "title" : "Party (organization or person)", "description" : "A responsible entity which is either a person or an organization.", @@ -822,26 +841,25 @@ { "uuid" : { "title" : "Party Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Party Type", "description" : "A category describing the kind of party the object describes.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "person", - "organization" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, "name" : { "title" : "Party Name", "description" : "The full name of the party. This is typically the legal name associated with the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "short-name" : { "title" : "Party Short Name", "description" : "A short common name, abbreviation, or acronym for the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "external-ids" : { "type" : "array", "minItems" : 1, @@ -853,11 +871,14 @@ { "scheme" : { "title" : "External Identifier Schema", "description" : "Indicates the type of external identifier.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "id", "scheme" ], @@ -898,8 +919,7 @@ "items" : { "title" : "Organizational Affiliation", "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -910,8 +930,7 @@ { "title" : "Party Reference", "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_party-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-component-definition-oscal-metadata:role" : { "title" : "Role", "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", @@ -921,8 +940,7 @@ { "id" : { "title" : "Role Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Role Title", "description" : "A name given to the role, which may be used by a tool for display and navigation.", @@ -930,8 +948,7 @@ "short-name" : { "title" : "Role Short Name", "description" : "A short common name, abbreviation, or acronym for the role.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "Role Description", "description" : "A summary of the role's purpose and associated responsibilities.", @@ -956,8 +973,7 @@ { "title" : "Role Identifier Reference", "description" : "A human-oriented identifier reference to roles served by the user.", "$id" : "#field_oscal-metadata_role-id", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "oscal-component-definition-oscal-metadata:back-matter" : { "title" : "Back matter", "description" : "A collection of resources, which may be included directly or by reference.", @@ -975,8 +991,7 @@ { "uuid" : { "title" : "Resource Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", "description" : "A name given to the resource, which may be used by a tool for display and navigation.", @@ -1028,13 +1043,11 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URI reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", "minItems" : 1, @@ -1051,15 +1064,13 @@ { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/Base64Datatype" } }, "required" : [ "value" ], "additionalProperties" : false }, @@ -1078,29 +1089,28 @@ { "name" : { "title" : "Property Name", "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "value" : { "title" : "Property Value", "description" : "Indicates the value of the attribute, characteristic, or quality.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1116,18 +1126,20 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URL reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : { "title" : "Relation", "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", @@ -1144,8 +1156,7 @@ { "role-id" : { "title" : "Responsible Role", "description" : "A human-oriented identifier reference to roles served by the user.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", "minItems" : 1, @@ -1176,8 +1187,7 @@ { "role-id" : { "title" : "Responsible Role ID", "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1207,10 +1217,21 @@ { "algorithm" : { "title" : "Hash algorithm", "description" : "Method by which a hash is derived", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "value", "algorithm" ], @@ -1224,35 +1245,27 @@ { "title" : "Publication Timestamp", "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_published", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-component-definition-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_last-modified", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-component-definition-oscal-metadata:version" : { "title" : "Document Version", "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", "$id" : "#field_oscal-metadata_version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-component-definition-oscal-metadata:oscal-version" : { "title" : "OSCAL version", "description" : "The OSCAL model version the document was authored against.", "$id" : "#field_oscal-metadata_oscal-version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-component-definition-oscal-metadata:email-address" : { "title" : "Email Address", "description" : "An email address as defined by RFC 5322 Section 3.4.1.", "$id" : "#field_oscal-metadata_email-address", - "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" }, + "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-component-definition-oscal-metadata:telephone-number" : { "title" : "Telephone Number", "description" : "Contact number by telephone.", @@ -1262,10 +1275,16 @@ { "type" : { "title" : "type flag", "description" : "Indicates the type of phone number.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, "number" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "number" ], "additionalProperties" : false }, @@ -1278,8 +1297,13 @@ { "type" : { "title" : "Address Type", "description" : "Indicates the type of address.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, "addr-lines" : { "type" : "array", "minItems" : 1, @@ -1288,30 +1312,25 @@ "city" : { "title" : "City", "description" : "City, town or geographical region for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", "description" : "State, province or analogous geographical region for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", "description" : "Postal or ZIP code for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "additionalProperties" : false }, "oscal-component-definition-oscal-metadata:addr-line" : { "title" : "Address line", "description" : "A single line of an address.", "$id" : "#field_oscal-metadata_addr-line", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-component-definition-oscal-metadata:document-id" : { "title" : "Document Identifier", "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", @@ -1321,11 +1340,14 @@ { "scheme" : { "title" : "Document Identification Scheme", "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, "identifier" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "identifier" ], "additionalProperties" : false }, @@ -1338,24 +1360,19 @@ { "id" : { "title" : "Part Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", "description" : "A textual label that uniquely identifies the part's semantic type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", "description" : "A name given to the part, which may be used by a tool for display and navigation.", @@ -1391,18 +1408,15 @@ { "id" : { "title" : "Parameter Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", "description" : "A textual label that provides a characterization of the parameter.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1464,8 +1478,7 @@ { "expression" : { "title" : "Constraint test", "description" : "A formal (executable) expression of a constraint", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1489,8 +1502,7 @@ { "title" : "Parameter Value", "description" : "A parameter value or set of values.", "$id" : "#field_oscal-catalog-common_parameter-value", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-component-definition-oscal-catalog-common:parameter-selection" : { "title" : "Selection", "description" : "Presenting a choice among alternatives", @@ -1500,11 +1512,13 @@ { "how-many" : { "title" : "Parameter Cardinality", "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "one", - "one-or-more" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, "choice" : { "type" : "array", "minItems" : 1, @@ -1518,7 +1532,49 @@ "description" : "Include all controls from the imported catalog or profile resources.", "$id" : "#assembly_oscal-catalog-common_include-all", "type" : "object", - "additionalProperties" : false } }, + "additionalProperties" : false }, + "Base64Datatype" : + { "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "DateTimeWithTimezoneDatatype" : + { "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]*[1-9])?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "IntegerDatatype" : + { "type" : "integer" }, + "NonNegativeIntegerDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 0 } ] }, + "StringDatatype" : + { "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "type" : "string", + "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, "properties" : { "component-definition" : { "$ref" : "#assembly_oscal-component-definition_component-definition" } }, diff --git a/json/schema/oscal_poam_schema.json b/json/schema/oscal_poam_schema.json index 125ed58663..37bb7e8c0c 100644 --- a/json/schema/oscal_poam_schema.json +++ b/json/schema/oscal_poam_schema.json @@ -13,8 +13,7 @@ { "uuid" : { "title" : "POA&M Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, "import-ssp" : @@ -73,8 +72,7 @@ { "uuid" : { "title" : "POA&M Item Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "POA&M Item Title", "description" : "The title or name for this POA&M item .", @@ -120,8 +118,7 @@ { "observation-uuid" : { "title" : "Observation Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "observation-uuid" ], "additionalProperties" : false } }, @@ -136,8 +133,7 @@ { "risk-uuid" : { "title" : "Risk Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a risk defined in the list of risks.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "risk-uuid" ], "additionalProperties" : false } }, @@ -255,8 +251,7 @@ { "uuid" : { "title" : "Location Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Location Title", "description" : "A name given to the location, which may be used by a tool for display and navigation.", @@ -279,9 +274,7 @@ "items" : { "title" : "Location URL", "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" } }, + "$ref" : "#/definitions/URIDatatype" } }, "props" : { "type" : "array", "minItems" : 1, @@ -302,8 +295,7 @@ { "title" : "Location Reference", "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_location-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-poam-oscal-metadata:party" : { "title" : "Party (organization or person)", "description" : "A responsible entity which is either a person or an organization.", @@ -313,26 +305,25 @@ { "uuid" : { "title" : "Party Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Party Type", "description" : "A category describing the kind of party the object describes.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "person", - "organization" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, "name" : { "title" : "Party Name", "description" : "The full name of the party. This is typically the legal name associated with the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "short-name" : { "title" : "Party Short Name", "description" : "A short common name, abbreviation, or acronym for the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "external-ids" : { "type" : "array", "minItems" : 1, @@ -344,11 +335,14 @@ { "scheme" : { "title" : "External Identifier Schema", "description" : "Indicates the type of external identifier.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "id", "scheme" ], @@ -389,8 +383,7 @@ "items" : { "title" : "Organizational Affiliation", "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -401,8 +394,7 @@ { "title" : "Party Reference", "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_party-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-poam-oscal-metadata:role" : { "title" : "Role", "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", @@ -412,8 +404,7 @@ { "id" : { "title" : "Role Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Role Title", "description" : "A name given to the role, which may be used by a tool for display and navigation.", @@ -421,8 +412,7 @@ "short-name" : { "title" : "Role Short Name", "description" : "A short common name, abbreviation, or acronym for the role.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "Role Description", "description" : "A summary of the role's purpose and associated responsibilities.", @@ -447,8 +437,7 @@ { "title" : "Role Identifier Reference", "description" : "A human-oriented identifier reference to roles served by the user.", "$id" : "#field_oscal-metadata_role-id", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "oscal-poam-oscal-metadata:back-matter" : { "title" : "Back matter", "description" : "A collection of resources, which may be included directly or by reference.", @@ -466,8 +455,7 @@ { "uuid" : { "title" : "Resource Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", "description" : "A name given to the resource, which may be used by a tool for display and navigation.", @@ -519,13 +507,11 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URI reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", "minItems" : 1, @@ -542,15 +528,13 @@ { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/Base64Datatype" } }, "required" : [ "value" ], "additionalProperties" : false }, @@ -569,29 +553,28 @@ { "name" : { "title" : "Property Name", "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "value" : { "title" : "Property Value", "description" : "Indicates the value of the attribute, characteristic, or quality.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -607,18 +590,20 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URL reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : { "title" : "Relation", "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", @@ -635,8 +620,7 @@ { "role-id" : { "title" : "Responsible Role", "description" : "A human-oriented identifier reference to roles served by the user.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", "minItems" : 1, @@ -667,8 +651,7 @@ { "role-id" : { "title" : "Responsible Role ID", "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -698,10 +681,21 @@ { "algorithm" : { "title" : "Hash algorithm", "description" : "Method by which a hash is derived", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "value", "algorithm" ], @@ -715,35 +709,27 @@ { "title" : "Publication Timestamp", "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_published", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-poam-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_last-modified", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-poam-oscal-metadata:version" : { "title" : "Document Version", "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", "$id" : "#field_oscal-metadata_version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-poam-oscal-metadata:oscal-version" : { "title" : "OSCAL version", "description" : "The OSCAL model version the document was authored against.", "$id" : "#field_oscal-metadata_oscal-version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-poam-oscal-metadata:email-address" : { "title" : "Email Address", "description" : "An email address as defined by RFC 5322 Section 3.4.1.", "$id" : "#field_oscal-metadata_email-address", - "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" }, + "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-poam-oscal-metadata:telephone-number" : { "title" : "Telephone Number", "description" : "Contact number by telephone.", @@ -753,10 +739,16 @@ { "type" : { "title" : "type flag", "description" : "Indicates the type of phone number.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, "number" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "number" ], "additionalProperties" : false }, @@ -769,8 +761,13 @@ { "type" : { "title" : "Address Type", "description" : "Indicates the type of address.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, "addr-lines" : { "type" : "array", "minItems" : 1, @@ -779,30 +776,25 @@ "city" : { "title" : "City", "description" : "City, town or geographical region for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", "description" : "State, province or analogous geographical region for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", "description" : "Postal or ZIP code for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "additionalProperties" : false }, "oscal-poam-oscal-metadata:addr-line" : { "title" : "Address line", "description" : "A single line of an address.", "$id" : "#field_oscal-metadata_addr-line", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-poam-oscal-metadata:document-id" : { "title" : "Document Identifier", "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", @@ -812,11 +804,14 @@ { "scheme" : { "title" : "Document Identification Scheme", "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, "identifier" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "identifier" ], "additionalProperties" : false }, @@ -829,13 +824,29 @@ { "uuid" : { "title" : "Component Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Component Type", "description" : "A category describing the purpose of the component.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "this-system", + "system", + "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation", + "network" ] } ] }, "title" : { "title" : "Component Title", "description" : "A human readable name for the system component.", @@ -866,13 +877,15 @@ { "state" : { "title" : "State", "description" : "The operational status.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "under-development", - "operational", - "disposition", - "other" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "under-development", + "operational", + "disposition", + "other" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -906,13 +919,11 @@ { "uuid" : { "title" : "Service Protocol Information Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "name" : { "title" : "Protocol Name", "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "title" : { "title" : "Protocol Title", "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", @@ -934,23 +945,21 @@ { "start" : { "title" : "Start", "description" : "Indicates the starting port number in a port range", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 0 }, + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, "end" : { "title" : "End", "description" : "Indicates the ending port number in a port range", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 0 }, + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, "transport" : { "title" : "Transport", "description" : "Indicates the transport type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "TCP", - "UDP" ] } }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "TCP", + "UDP" ] } ] } }, "additionalProperties" : false }, "oscal-poam-oscal-implementation-common:implementation-status" : { "title" : "Implementation Status", @@ -961,8 +970,16 @@ { "state" : { "title" : "Implementation State", "description" : "Identifies the implementation status of the control or control objective.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "implemented", + "partial", + "planned", + "alternative", + "not-applicable" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -977,8 +994,7 @@ { "uuid" : { "title" : "User Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "User Title", "description" : "A name given to the user, which may be used by a tool for display and navigation.", @@ -986,8 +1002,7 @@ "short-name" : { "title" : "User Short Name", "description" : "A short common name, abbreviation, or acronym for the user.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "User Description", "description" : "A summary of the user's purpose within the system.", @@ -1044,8 +1059,7 @@ { "title" : "Functions Performed", "description" : "Describes a function performed for a given authorized privilege by this user class.", "$id" : "#field_oscal-implementation-common_function-performed", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-poam-oscal-implementation-common:inventory-item" : { "title" : "Inventory Item", "description" : "A single managed inventory item within the system.", @@ -1055,8 +1069,7 @@ { "uuid" : { "title" : "Inventory Item Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Inventory Item Description", "description" : "A summary of the inventory item stating its purpose within the system.", @@ -1087,8 +1100,7 @@ { "component-uuid" : { "title" : "Component Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1124,16 +1136,14 @@ { "param-id" : { "title" : "Parameter ID", "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "values" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Parameter Value", "description" : "A parameter value or set of values.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1149,11 +1159,17 @@ { "identifier-type" : { "title" : "Identification System Type", "description" : "Identifies the identification system from which the provided identifier was assigned.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "https://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "https://ietf.org/rfc/rfc4122", + "http://ietf.org/rfc/rfc4122" ] } ] }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "id" ], "additionalProperties" : false }, @@ -1166,24 +1182,19 @@ { "id" : { "title" : "Part Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", "description" : "A textual label that uniquely identifies the part's semantic type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", "description" : "A name given to the part, which may be used by a tool for display and navigation.", @@ -1219,18 +1230,15 @@ { "id" : { "title" : "Parameter Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", "description" : "A textual label that provides a characterization of the parameter.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1292,8 +1300,7 @@ { "expression" : { "title" : "Constraint test", "description" : "A formal (executable) expression of a constraint", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1317,8 +1324,7 @@ { "title" : "Parameter Value", "description" : "A parameter value or set of values.", "$id" : "#field_oscal-catalog-common_parameter-value", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-poam-oscal-catalog-common:parameter-selection" : { "title" : "Selection", "description" : "Presenting a choice among alternatives", @@ -1328,11 +1334,13 @@ { "how-many" : { "title" : "Parameter Cardinality", "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "one", - "one-or-more" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, "choice" : { "type" : "array", "minItems" : 1, @@ -1356,8 +1364,7 @@ { "href" : { "title" : "System Security Plan Reference", "description" : "A resolvable URL reference to the system security plan for the system being assessed.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1372,8 +1379,7 @@ { "control-id" : { "title" : "Control Identifier Reference", "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "description" : { "title" : "Objective Description", "description" : "A human-readable description of this control objective.", @@ -1408,8 +1414,7 @@ { "uuid" : { "title" : "Assessment Method Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Assessment Method Description", "description" : "A human-readable description of this assessment method.", @@ -1441,8 +1446,7 @@ { "uuid" : { "title" : "Assessment Activity Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Included Activity Title", "description" : "The title for this included activity.", @@ -1472,8 +1476,7 @@ { "uuid" : { "title" : "Step Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Step Title", "description" : "The title for this step.", @@ -1527,13 +1530,17 @@ { "uuid" : { "title" : "Task Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Task Type", "description" : "The type of task.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "milestone", + "action" ] } ] }, "title" : { "title" : "Task Title", "description" : "The title for this task.", @@ -1565,9 +1572,7 @@ { "date" : { "title" : "On Date Condition", "description" : "The task must occur on the specified date.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" } }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : [ "date" ], "additionalProperties" : false }, @@ -1579,15 +1584,11 @@ { "start" : { "title" : "Start Date Condition", "description" : "The task must occur on or after the specified date.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "end" : { "title" : "End Date Condition", "description" : "The task must occur on or before the specified date.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" } }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" } }, "required" : [ "start", "end" ], @@ -1600,21 +1601,21 @@ { "period" : { "title" : "Period", "description" : "The task must occur after the specified period has elapsed.", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 1 }, + "$ref" : "#/definitions/PositiveIntegerDatatype" }, "unit" : { "title" : "Time Unit", "description" : "The unit of time for the period.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "seconds", - "minutes", - "hours", - "days", - "months", - "years" ] } }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "seconds", + "minutes", + "hours", + "days", + "months", + "years" ] } ] } }, "required" : [ "period", "unit" ], @@ -1631,8 +1632,7 @@ { "task-uuid" : { "title" : "Task Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique task.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1654,8 +1654,7 @@ { "activity-uuid" : { "title" : "Activity Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to an activity defined in the list of activities.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1807,16 +1806,14 @@ { "control-id" : { "title" : "Control Identifier Reference", "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "statement-ids" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Include Specific Statements", "description" : "Used to constrain the selection to only specificity identified statements.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } } }, + "$ref" : "#/definitions/TokenDatatype" } } }, "required" : [ "control-id" ], "additionalProperties" : false }, @@ -1829,8 +1826,7 @@ { "objective-id" : { "title" : "Objective ID", "description" : "Points to an assessment objective.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "$ref" : "#/definitions/TokenDatatype" } }, "required" : [ "objective-id" ], "additionalProperties" : false }, @@ -1843,8 +1839,7 @@ { "uuid" : { "title" : "Assessment Subject Placeholder Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Assessment Subject Placeholder Description", "description" : "A human-readable description of intent of this assessment subject placeholder.", @@ -1860,8 +1855,7 @@ { "task-uuid" : { "title" : "Task Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "task-uuid" ], "additionalProperties" : false } }, @@ -1890,8 +1884,16 @@ { "type" : { "title" : "Subject Type", "description" : "Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user" ] } ] }, "description" : { "title" : "Include Subjects Description", "description" : "A human-readable description of the collection of subjects being included in this assessment.", @@ -1932,13 +1934,21 @@ { "subject-uuid" : { "title" : "Subject Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Subject Universally Unique Identifier Reference Type", "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, "props" : { "type" : "array", "minItems" : 1, @@ -1964,13 +1974,21 @@ { "subject-uuid" : { "title" : "Subject Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Subject Universally Unique Identifier Reference Type", "description" : "Used to indicate the type of object pointed to by the uuid-ref within a subject.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "component", + "inventory-item", + "location", + "party", + "user", + "resource" ] } ] }, "title" : { "title" : "Subject Reference Title", "description" : "The title or name for the referenced subject.", @@ -2013,8 +2031,7 @@ { "uuid" : { "title" : "Assessment Platform Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Assessment Platform Title", "description" : "The title or name for the assessment platform.", @@ -2040,8 +2057,7 @@ { "component-uuid" : { "title" : "Component Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2079,16 +2095,17 @@ { "type" : { "title" : "Finding Target Type", "description" : "Identifies the type of the target.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "statement-id", - "objective-id" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "statement-id", + "objective-id" ] } ] }, "target-id" : { "title" : "Finding Target Identifier Reference", "description" : "A machine-oriented identifier reference for a specific target qualified by the type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Objective Status Title", "description" : "The title for this objective status.", @@ -2115,16 +2132,24 @@ { "state" : { "title" : "Objective Status State", "description" : "An indication as to whether the objective is satisfied or not.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "satisfied", - "not-satisfied" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "satisfied", + "not-satisfied" ] } ] }, "reason" : { "title" : "Objective Status Reason", "description" : "The reason the objective was given it's status.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "pass", + "fail", + "other" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -2148,8 +2173,7 @@ { "uuid" : { "title" : "Observation Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Observation Title", "description" : "The title for this observation.", @@ -2174,16 +2198,31 @@ "items" : { "title" : "Observation Method", "description" : "Identifies how the observation was made.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "EXAMINE", + "INTERVIEW", + "TEST", + "UNKNOWN" ] } ] } }, "types" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Observation Type", "description" : "Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "ssp-statement-issue", + "control-objective", + "mitigation", + "finding", + "historic" ] } ] } }, "origins" : { "type" : "array", "minItems" : 1, @@ -2205,8 +2244,7 @@ { "href" : { "title" : "Relevant Evidence Reference", "description" : "A resolvable URL reference to relevant evidence.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "description" : { "title" : "Relevant Evidence Description", "description" : "A human-readable description of this evidence.", @@ -2229,15 +2267,11 @@ "collected" : { "title" : "Collected Field", "description" : "Date/time stamp identifying when the finding information was collected.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "expires" : { "title" : "Expires Field", "description" : "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -2274,22 +2308,22 @@ { "type" : { "title" : "Actor Type", "description" : "The kind of actor.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "tool", - "assessment-platform", - "party" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "tool", + "assessment-platform", + "party" ] } ] }, "actor-uuid" : { "title" : "Actor Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to the tool or person based on the associated type.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "role-id" : { "title" : "Actor Role", "description" : "For a party, this can optionally be used to specify the role the actor was performing.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2313,8 +2347,7 @@ { "task-uuid" : { "title" : "Task Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique task.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2343,8 +2376,7 @@ { "subject-placeholder-uuid" : { "title" : "Assessment Subject Placeholder Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "subjects" : { "type" : "array", "minItems" : 1, @@ -2368,16 +2400,19 @@ { "system" : { "title" : "Threat Type Identification System", "description" : "Specifies the source of the threat information.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal" ] } ] }, "href" : { "title" : "Threat Information Resource Reference", "description" : "An optional location for the threat data, from which this ID originates.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/URIDatatype" } }, "required" : [ "id", "system" ], @@ -2391,8 +2426,7 @@ { "uuid" : { "title" : "Risk Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Risk Title", "description" : "The title for this risk.", @@ -2443,13 +2477,11 @@ { "uuid" : { "title" : "Mitigating Factor Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "implementation-uuid" : { "title" : "Implementation UUID", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Mitigating Factor Description", "description" : "A human-readable description of this mitigating factor.", @@ -2476,9 +2508,7 @@ "deadline" : { "title" : "Risk Resolution Deadline", "description" : "The date/time by which the risk must be resolved.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "remediations" : { "type" : "array", "minItems" : 1, @@ -2500,8 +2530,7 @@ { "uuid" : { "title" : "Risk Log Entry Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Title", "description" : "The title for this risk log entry.", @@ -2513,15 +2542,11 @@ "start" : { "title" : "Start", "description" : "Identifies the start date and time of the event.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "end" : { "title" : "End", "description" : "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2550,8 +2575,7 @@ { "response-uuid" : { "title" : "Response Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a unique risk response.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2592,8 +2616,7 @@ { "observation-uuid" : { "title" : "Observation Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to an observation defined in the list of observations.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "required" : [ "observation-uuid" ], "additionalProperties" : false } } }, @@ -2613,13 +2636,11 @@ { "party-uuid" : { "title" : "Party UUID Reference", "description" : "A machine-oriented identifier reference to the party who is making the log entry.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "role-id" : { "title" : "Actor Role", "description" : "A point to the role-id of the role in which the party is making the log entry.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "$ref" : "#/definitions/TokenDatatype" } }, "required" : [ "party-uuid" ], "additionalProperties" : false }, @@ -2627,8 +2648,17 @@ { "title" : "Risk Status", "description" : "Describes the status of the associated risk.", "$id" : "#field_oscal-assessment-common_risk-status", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "open", + "investigating", + "remediating", + "deviation-requested", + "deviation-approved", + "closed" ] } ] }, "oscal-poam-oscal-assessment-common:characterization" : { "title" : "Characterization", "description" : "A collection of descriptive data about the containing object from a specific origin.", @@ -2658,19 +2688,27 @@ { "name" : { "title" : "Facet Name", "description" : "The name of the risk metric within the specified system.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "system" : { "title" : "Naming System", "description" : "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal", + "http://csrc.nist.gov/ns/oscal/unknown", + "http://cve.mitre.org", + "http://www.first.org/cvss/v2.0", + "http://www.first.org/cvss/v3.0", + "http://www.first.org/cvss/v3.1" ] } ] }, "value" : { "title" : "Facet Value", "description" : "Indicates the value of the facet.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2701,13 +2739,18 @@ { "uuid" : { "title" : "Remediation Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "lifecycle" : { "title" : "Remediation Intent", "description" : "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "recommendation", + "planned", + "completed" ] } ] }, "title" : { "title" : "Response Title", "description" : "The title for this response activity.", @@ -2742,8 +2785,7 @@ { "uuid" : { "title" : "Required Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "subjects" : { "type" : "array", "minItems" : 1, @@ -2795,24 +2837,26 @@ { "uuid" : { "title" : "Part Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "name" : { "title" : "Part Name", "description" : "A textual label that uniquely identifies the part's semantic type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "asset", + "method", + "objective" ] } ] }, "ns" : { "title" : "Part Namespace", "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", "description" : "A name given to the part, which may be used by a tool for display and navigation.", @@ -2838,7 +2882,56 @@ { "$ref" : "#assembly_oscal-metadata_link" } } }, "required" : [ "name" ], - "additionalProperties" : false } }, + "additionalProperties" : false }, + "Base64Datatype" : + { "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "DateTimeWithTimezoneDatatype" : + { "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]*[1-9])?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "IntegerDatatype" : + { "type" : "integer" }, + "NonNegativeIntegerDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 0 } ] }, + "PositiveIntegerDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 1 } ] }, + "StringDatatype" : + { "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "type" : "string", + "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, "properties" : { "plan-of-action-and-milestones" : { "$ref" : "#assembly_oscal-poam_plan-of-action-and-milestones" } }, diff --git a/json/schema/oscal_profile_schema.json b/json/schema/oscal_profile_schema.json index 6c9724de11..1c375ead04 100644 --- a/json/schema/oscal_profile_schema.json +++ b/json/schema/oscal_profile_schema.json @@ -13,8 +13,7 @@ { "uuid" : { "title" : "Profile Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, "imports" : @@ -42,8 +41,7 @@ { "href" : { "title" : "Catalog or Profile Reference", "description" : "A resolvable URL reference to the base catalog or profile that this profile is tailoring.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "include-all" : { "$ref" : "#assembly_oscal-catalog-common_include-all" }, "include-controls" : @@ -73,12 +71,14 @@ { "method" : { "title" : "Combination method", "description" : "How clashing controls should be handled", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "use-first", - "merge", - "keep" ] } }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "use-first", + "merge", + "keep" ] } ] } }, "additionalProperties" : false }, "flat" : { "title" : "Flat", @@ -88,7 +88,7 @@ "as-is" : { "title" : "As-Is Structuring Directive", "description" : "An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes.", - "type" : "boolean" }, + "$ref" : "#/definitions/BooleanDatatype" }, "custom" : { "title" : "Custom grouping", "description" : "A Custom element frames a structure for embedding represented controls in resolution.", @@ -115,13 +115,11 @@ { "id" : { "title" : "Group Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Group Class", "description" : "A textual label that provides a sub-type or characterization of the group.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Group Title", "description" : "A name given to the group, which may be used by a tool for display and navigation.", @@ -176,18 +174,15 @@ { "param-id" : { "title" : "Parameter ID", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", "description" : "A textual label that provides a characterization of the parameter.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -241,12 +236,14 @@ { "order" : { "title" : "Order", "description" : "A designation of how a selection of controls in a profile is to be ordered.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "keep", - "ascending", - "descending" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "keep", + "ascending", + "descending" ] } ] }, "include-all" : { "$ref" : "#assembly_oscal-catalog-common_include-all" }, "include-controls" : @@ -269,19 +266,20 @@ { "with-child-controls" : { "title" : "Include contained controls with control", "description" : "When a control is included, whether its child (dependent) controls are also included.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "yes", - "no" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "yes", + "no" ] } ] }, "with-ids" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Match Controls by Identifier", "description" : "", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "$ref" : "#/definitions/TokenDatatype" } }, "matching" : { "type" : "array", "minItems" : 1, @@ -293,8 +291,7 @@ { "pattern" : { "title" : "Pattern", "description" : "A glob expression matching the IDs of one or more controls to be selected.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "additionalProperties" : false } } }, "additionalProperties" : false }, "oscal-profile-oscal-profile:alter" : @@ -306,8 +303,7 @@ { "control-id" : { "title" : "Control Identifier Reference", "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "removes" : { "type" : "array", "minItems" : 1, @@ -330,28 +326,23 @@ { "by-name" : { "title" : "Reference by (assigned) name", "description" : "Identify items to remove by matching their assigned name", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "by-class" : { "title" : "Reference by class", "description" : "Identify items to remove by matching their class.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "by-id" : { "title" : "Reference by ID", "description" : "Identify items to remove indicated by their id.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "by-item-name" : { "title" : "Item Name Reference", "description" : "Identify items to remove by the name of the item's information element name, e.g. title or prop", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "by-ns" : { "title" : "Item Namespace Reference", "description" : "Identify items to remove by the item's ns, which is the namespace associated with a part, or prop.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" } }, + "$ref" : "#/definitions/TokenDatatype" } }, "additionalProperties" : false }, "oscal-profile-oscal-profile:add" : { "title" : "Addition", @@ -362,18 +353,19 @@ { "position" : { "title" : "Position", "description" : "Where to add the new content with respect to the targeted element (beside it or inside it)", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "before", - "after", - "starting", - "ending" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "before", + "after", + "starting", + "ending" ] } ] }, "by-id" : { "title" : "Reference by ID", "description" : "Target location of the addition.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Title Change", "description" : "A name given to the control, which may be used by a tool for display and navigation.", @@ -507,8 +499,7 @@ { "uuid" : { "title" : "Location Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Location Title", "description" : "A name given to the location, which may be used by a tool for display and navigation.", @@ -531,9 +522,7 @@ "items" : { "title" : "Location URL", "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" } }, + "$ref" : "#/definitions/URIDatatype" } }, "props" : { "type" : "array", "minItems" : 1, @@ -554,8 +543,7 @@ { "title" : "Location Reference", "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_location-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-profile-oscal-metadata:party" : { "title" : "Party (organization or person)", "description" : "A responsible entity which is either a person or an organization.", @@ -565,26 +553,25 @@ { "uuid" : { "title" : "Party Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Party Type", "description" : "A category describing the kind of party the object describes.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "person", - "organization" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, "name" : { "title" : "Party Name", "description" : "The full name of the party. This is typically the legal name associated with the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "short-name" : { "title" : "Party Short Name", "description" : "A short common name, abbreviation, or acronym for the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "external-ids" : { "type" : "array", "minItems" : 1, @@ -596,11 +583,14 @@ { "scheme" : { "title" : "External Identifier Schema", "description" : "Indicates the type of external identifier.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "id", "scheme" ], @@ -641,8 +631,7 @@ "items" : { "title" : "Organizational Affiliation", "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -653,8 +642,7 @@ { "title" : "Party Reference", "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_party-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-profile-oscal-metadata:role" : { "title" : "Role", "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", @@ -664,8 +652,7 @@ { "id" : { "title" : "Role Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Role Title", "description" : "A name given to the role, which may be used by a tool for display and navigation.", @@ -673,8 +660,7 @@ "short-name" : { "title" : "Role Short Name", "description" : "A short common name, abbreviation, or acronym for the role.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "Role Description", "description" : "A summary of the role's purpose and associated responsibilities.", @@ -699,8 +685,7 @@ { "title" : "Role Identifier Reference", "description" : "A human-oriented identifier reference to roles served by the user.", "$id" : "#field_oscal-metadata_role-id", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "oscal-profile-oscal-metadata:back-matter" : { "title" : "Back matter", "description" : "A collection of resources, which may be included directly or by reference.", @@ -718,8 +703,7 @@ { "uuid" : { "title" : "Resource Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", "description" : "A name given to the resource, which may be used by a tool for display and navigation.", @@ -771,13 +755,11 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URI reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", "minItems" : 1, @@ -794,15 +776,13 @@ { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/Base64Datatype" } }, "required" : [ "value" ], "additionalProperties" : false }, @@ -821,29 +801,28 @@ { "name" : { "title" : "Property Name", "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "value" : { "title" : "Property Value", "description" : "Indicates the value of the attribute, characteristic, or quality.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -859,18 +838,20 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URL reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : { "title" : "Relation", "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", @@ -887,8 +868,7 @@ { "role-id" : { "title" : "Responsible Role", "description" : "A human-oriented identifier reference to roles served by the user.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", "minItems" : 1, @@ -919,8 +899,7 @@ { "role-id" : { "title" : "Responsible Role ID", "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -950,10 +929,21 @@ { "algorithm" : { "title" : "Hash algorithm", "description" : "Method by which a hash is derived", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "value", "algorithm" ], @@ -967,35 +957,27 @@ { "title" : "Publication Timestamp", "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_published", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-profile-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_last-modified", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-profile-oscal-metadata:version" : { "title" : "Document Version", "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", "$id" : "#field_oscal-metadata_version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-profile-oscal-metadata:oscal-version" : { "title" : "OSCAL version", "description" : "The OSCAL model version the document was authored against.", "$id" : "#field_oscal-metadata_oscal-version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-profile-oscal-metadata:email-address" : { "title" : "Email Address", "description" : "An email address as defined by RFC 5322 Section 3.4.1.", "$id" : "#field_oscal-metadata_email-address", - "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" }, + "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-profile-oscal-metadata:telephone-number" : { "title" : "Telephone Number", "description" : "Contact number by telephone.", @@ -1005,10 +987,16 @@ { "type" : { "title" : "type flag", "description" : "Indicates the type of phone number.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, "number" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "number" ], "additionalProperties" : false }, @@ -1021,8 +1009,13 @@ { "type" : { "title" : "Address Type", "description" : "Indicates the type of address.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, "addr-lines" : { "type" : "array", "minItems" : 1, @@ -1031,30 +1024,25 @@ "city" : { "title" : "City", "description" : "City, town or geographical region for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", "description" : "State, province or analogous geographical region for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", "description" : "Postal or ZIP code for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "additionalProperties" : false }, "oscal-profile-oscal-metadata:addr-line" : { "title" : "Address line", "description" : "A single line of an address.", "$id" : "#field_oscal-metadata_addr-line", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-profile-oscal-metadata:document-id" : { "title" : "Document Identifier", "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", @@ -1064,11 +1052,14 @@ { "scheme" : { "title" : "Document Identification Scheme", "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, "identifier" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "identifier" ], "additionalProperties" : false }, @@ -1081,24 +1072,19 @@ { "id" : { "title" : "Part Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", "description" : "A textual label that uniquely identifies the part's semantic type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", "description" : "A name given to the part, which may be used by a tool for display and navigation.", @@ -1134,18 +1120,15 @@ { "id" : { "title" : "Parameter Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", "description" : "A textual label that provides a characterization of the parameter.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1207,8 +1190,7 @@ { "expression" : { "title" : "Constraint test", "description" : "A formal (executable) expression of a constraint", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1232,8 +1214,7 @@ { "title" : "Parameter Value", "description" : "A parameter value or set of values.", "$id" : "#field_oscal-catalog-common_parameter-value", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-profile-oscal-catalog-common:parameter-selection" : { "title" : "Selection", "description" : "Presenting a choice among alternatives", @@ -1243,11 +1224,13 @@ { "how-many" : { "title" : "Parameter Cardinality", "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "one", - "one-or-more" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, "choice" : { "type" : "array", "minItems" : 1, @@ -1261,7 +1244,42 @@ "description" : "Include all controls from the imported catalog or profile resources.", "$id" : "#assembly_oscal-catalog-common_include-all", "type" : "object", - "additionalProperties" : false } }, + "additionalProperties" : false }, + "Base64Datatype" : + { "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "BooleanDatatype" : + { "type" : "boolean" }, + "DateTimeWithTimezoneDatatype" : + { "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]*[1-9])?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "StringDatatype" : + { "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "type" : "string", + "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, "properties" : { "profile" : { "$ref" : "#assembly_oscal-profile_profile" } }, diff --git a/json/schema/oscal_ssp_schema.json b/json/schema/oscal_ssp_schema.json index d86cfb7d51..006f7a09a9 100644 --- a/json/schema/oscal_ssp_schema.json +++ b/json/schema/oscal_ssp_schema.json @@ -13,8 +13,7 @@ { "uuid" : { "title" : "System Security Plan Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, "import-profile" : @@ -44,8 +43,7 @@ { "href" : { "title" : "Profile Reference", "description" : "A resolvable URL reference to the profile or catalog to use as the system's control baseline.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -65,13 +63,11 @@ "system-name" : { "title" : "System Name - Full", "description" : "The full name of the system.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "system-name-short" : { "title" : "System Name - Short", "description" : "A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "System Description", "description" : "A summary of the system.", @@ -91,8 +87,7 @@ "security-sensitivity-level" : { "title" : "Security Sensitivity Level", "description" : "The overall information system sensitivity categorization, such as defined by FIPS-199.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "system-information" : { "$ref" : "#assembly_oscal-ssp_system-information" }, "security-impact-level" : @@ -149,8 +144,7 @@ { "uuid" : { "title" : "Information Type Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "title field", "description" : "A human readable name for the information type. This title should be meaningful within the context of the system.", @@ -170,17 +164,19 @@ { "system" : { "title" : "Information Type Identification System", "description" : "Specifies the information type identification system used.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://doi.org/10.6028/NIST.SP.800-60v2r1" ] } ] }, "information-type-ids" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Information Type Systematized Identifier", "description" : "A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } } }, + "$ref" : "#/definitions/StringDatatype" } } }, "required" : [ "system" ], "additionalProperties" : false } }, @@ -280,14 +276,12 @@ { "title" : "Base Level (Confidentiality, Integrity, or Availability)", "description" : "The prescribed base (Confidentiality, Integrity, or Availability) security impact level.", "$id" : "#field_oscal-ssp_base", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ssp-oscal-ssp:selected" : { "title" : "Selected Level (Confidentiality, Integrity, or Availability)", "description" : "The selected (Confidentiality, Integrity, or Availability) security impact level.", "$id" : "#field_oscal-ssp_selected", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ssp-oscal-ssp:adjustment-justification" : { "title" : "Adjustment Justification", "description" : "If the selected security level is different from the base security level, this contains the justification for the change.", @@ -302,18 +296,15 @@ { "security-objective-confidentiality" : { "title" : "Security Objective: Confidentiality", "description" : "A target-level of confidentiality for the system, based on the sensitivity of information within the system.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "security-objective-integrity" : { "title" : "Security Objective: Integrity", "description" : "A target-level of integrity for the system, based on the sensitivity of information within the system.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "security-objective-availability" : { "title" : "Security Objective: Availability", "description" : "A target-level of availability for the system, based on the sensitivity of information within the system.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "security-objective-confidentiality", "security-objective-integrity", @@ -328,14 +319,16 @@ { "state" : { "title" : "State", "description" : "The current operating status.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "operational", - "under-development", - "under-major-modification", - "disposition", - "other" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "operational", + "under-development", + "under-major-modification", + "disposition", + "other" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -345,8 +338,7 @@ { "title" : "System Authorization Date", "description" : "The date the system received its authorization.", "$id" : "#field_oscal-ssp_date-authorized", - "type" : "string", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))(Z|[+-][0-9]{2}:[0-9]{2})?$" }, + "$ref" : "#/definitions/DateDatatype" }, "oscal-ssp-oscal-ssp:authorization-boundary" : { "title" : "Authorization Boundary", "description" : "A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.", @@ -386,8 +378,7 @@ { "uuid" : { "title" : "Diagram ID", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Diagram Description", "description" : "A summary of the diagram.", @@ -498,8 +489,7 @@ { "uuid" : { "title" : "Leveraged Authorization Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "title field", "description" : "A human readable name for the leveraged authorization in the context of the system.", @@ -517,8 +507,7 @@ "party-uuid" : { "title" : "party-uuid field", "description" : "A machine-oriented identifier reference to the party that manages the leveraged system.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "date-authorized" : { "$ref" : "#field_oscal-ssp_date-authorized" }, "remarks" : @@ -583,13 +572,11 @@ { "uuid" : { "title" : "Control Requirement Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "control-id" : { "title" : "Control Identifier Reference", "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -635,13 +622,11 @@ { "statement-id" : { "title" : "Control Statement Reference", "description" : "A human-oriented identifier reference to a control statement.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "uuid" : { "title" : "Control Statement Reference Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -677,13 +662,11 @@ { "component-uuid" : { "title" : "Component Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to the component that is implemeting a given control.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "uuid" : { "title" : "By-Component Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Control Implementation Description", "description" : "An implementation statement that describes how a control or a control statement is implemented within the referenced system component.", @@ -735,8 +718,7 @@ { "uuid" : { "title" : "Provided Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Provided Control Implementation Description", "description" : "An implementation statement that describes the aspects of the control or control statement implementation that can be provided to another system leveraging this system.", @@ -773,13 +755,11 @@ { "uuid" : { "title" : "Responsibility Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "provided-uuid" : { "title" : "Provided UUID", "description" : "A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Control Implementation Responsibility Description", "description" : "An implementation statement that describes the aspects of the control or control statement implementation that a leveraging system must implement to satisfy the control provided by a leveraged system.", @@ -819,13 +799,11 @@ { "uuid" : { "title" : "Inherited Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "provided-uuid" : { "title" : "Provided UUID", "description" : "A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Inherited Control Implementation Description", "description" : "An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is inheriting from a leveraged system.", @@ -860,13 +838,11 @@ { "uuid" : { "title" : "Satisfied Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "responsibility-uuid" : { "title" : "Responsibility UUID", "description" : "A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Satisfied Control Implementation Responsibility Description", "description" : "An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is implementing based on a requirement from a leveraged system.", @@ -1012,8 +988,7 @@ { "uuid" : { "title" : "Location Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Location Title", "description" : "A name given to the location, which may be used by a tool for display and navigation.", @@ -1036,9 +1011,7 @@ "items" : { "title" : "Location URL", "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" } }, + "$ref" : "#/definitions/URIDatatype" } }, "props" : { "type" : "array", "minItems" : 1, @@ -1059,8 +1032,7 @@ { "title" : "Location Reference", "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_location-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-ssp-oscal-metadata:party" : { "title" : "Party (organization or person)", "description" : "A responsible entity which is either a person or an organization.", @@ -1070,26 +1042,25 @@ { "uuid" : { "title" : "Party Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Party Type", "description" : "A category describing the kind of party the object describes.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$", - "enum" : - [ "person", - "organization" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, "name" : { "title" : "Party Name", "description" : "The full name of the party. This is typically the legal name associated with the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "short-name" : { "title" : "Party Short Name", "description" : "A short common name, abbreviation, or acronym for the party.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "external-ids" : { "type" : "array", "minItems" : 1, @@ -1101,11 +1072,14 @@ { "scheme" : { "title" : "External Identifier Schema", "description" : "Indicates the type of external identifier.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://orcid.org/" ] } ] }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "id", "scheme" ], @@ -1146,8 +1120,7 @@ "items" : { "title" : "Organizational Affiliation", "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "$ref" : "#/definitions/UUIDDatatype" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1158,8 +1131,7 @@ { "title" : "Party Reference", "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", "$id" : "#field_oscal-metadata_party-uuid", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "oscal-ssp-oscal-metadata:role" : { "title" : "Role", "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", @@ -1169,8 +1141,7 @@ { "id" : { "title" : "Role Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Role Title", "description" : "A name given to the role, which may be used by a tool for display and navigation.", @@ -1178,8 +1149,7 @@ "short-name" : { "title" : "Role Short Name", "description" : "A short common name, abbreviation, or acronym for the role.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "Role Description", "description" : "A summary of the role's purpose and associated responsibilities.", @@ -1204,8 +1174,7 @@ { "title" : "Role Identifier Reference", "description" : "A human-oriented identifier reference to roles served by the user.", "$id" : "#field_oscal-metadata_role-id", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "oscal-ssp-oscal-metadata:back-matter" : { "title" : "Back matter", "description" : "A collection of resources, which may be included directly or by reference.", @@ -1223,8 +1192,7 @@ { "uuid" : { "title" : "Resource Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", "description" : "A name given to the resource, which may be used by a tool for display and navigation.", @@ -1276,13 +1244,11 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URI reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", "minItems" : 1, @@ -1299,15 +1265,13 @@ { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/Base64Datatype" } }, "required" : [ "value" ], "additionalProperties" : false }, @@ -1326,29 +1290,28 @@ { "name" : { "title" : "Property Name", "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "value" : { "title" : "Property Value", "description" : "Indicates the value of the attribute, characteristic, or quality.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1364,18 +1327,20 @@ { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URL reference to a resource.", - "type" : "string", - "format" : "uri-reference" }, + "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : { "title" : "Relation", "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "reference" ] } ] }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", @@ -1392,8 +1357,7 @@ { "role-id" : { "title" : "Responsible Role", "description" : "A human-oriented identifier reference to roles served by the user.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", "minItems" : 1, @@ -1424,8 +1388,7 @@ { "role-id" : { "title" : "Responsible Role ID", "description" : "A human-oriented identifier reference to roles responsible for the business function.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1455,10 +1418,21 @@ { "algorithm" : { "title" : "Hash algorithm", "description" : "Method by which a hash is derived", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" ] } ] }, "value" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "value", "algorithm" ], @@ -1472,35 +1446,27 @@ { "title" : "Publication Timestamp", "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_published", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-ssp-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#field_oscal-metadata_last-modified", - "type" : "string", - "format" : "date-time", - "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-ssp-oscal-metadata:version" : { "title" : "Document Version", "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", "$id" : "#field_oscal-metadata_version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ssp-oscal-metadata:oscal-version" : { "title" : "OSCAL version", "description" : "The OSCAL model version the document was authored against.", "$id" : "#field_oscal-metadata_oscal-version", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ssp-oscal-metadata:email-address" : { "title" : "Email Address", "description" : "An email address as defined by RFC 5322 Section 3.4.1.", "$id" : "#field_oscal-metadata_email-address", - "type" : "string", - "format" : "email", - "pattern" : "^.+@.+$" }, + "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-ssp-oscal-metadata:telephone-number" : { "title" : "Telephone Number", "description" : "Contact number by telephone.", @@ -1510,10 +1476,16 @@ { "type" : { "title" : "type flag", "description" : "Indicates the type of phone number.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "home", + "office", + "mobile" ] } ] }, "number" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "number" ], "additionalProperties" : false }, @@ -1526,8 +1498,13 @@ { "type" : { "title" : "Address Type", "description" : "Indicates the type of address.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "home", + "work" ] } ] }, "addr-lines" : { "type" : "array", "minItems" : 1, @@ -1536,30 +1513,25 @@ "city" : { "title" : "City", "description" : "City, town or geographical region for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", "description" : "State, province or analogous geographical region for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", "description" : "Postal or ZIP code for mailing address", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "additionalProperties" : false }, "oscal-ssp-oscal-metadata:addr-line" : { "title" : "Address line", "description" : "A single line of an address.", "$id" : "#field_oscal-metadata_addr-line", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ssp-oscal-metadata:document-id" : { "title" : "Document Identifier", "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", @@ -1569,11 +1541,14 @@ { "scheme" : { "title" : "Document Identification Scheme", "description" : "Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "http://www.doi.org/" ] } ] }, "identifier" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "identifier" ], "additionalProperties" : false }, @@ -1586,13 +1561,29 @@ { "uuid" : { "title" : "Component Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Component Type", "description" : "A category describing the purpose of the component.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "this-system", + "system", + "interconnection", + "software", + "hardware", + "service", + "policy", + "physical", + "process-procedure", + "plan", + "guidance", + "standard", + "validation", + "network" ] } ] }, "title" : { "title" : "Component Title", "description" : "A human readable name for the system component.", @@ -1623,13 +1614,15 @@ { "state" : { "title" : "State", "description" : "The operational status.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "under-development", - "operational", - "disposition", - "other" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "under-development", + "operational", + "disposition", + "other" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1663,13 +1656,11 @@ { "uuid" : { "title" : "Service Protocol Information Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "name" : { "title" : "Protocol Name", "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "title" : { "title" : "Protocol Title", "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", @@ -1691,23 +1682,21 @@ { "start" : { "title" : "Start", "description" : "Indicates the starting port number in a port range", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 0 }, + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, "end" : { "title" : "End", "description" : "Indicates the ending port number in a port range", - "type" : "integer", - "multipleOf" : 1, - "minimum" : 0 }, + "$ref" : "#/definitions/NonNegativeIntegerDatatype" }, "transport" : { "title" : "Transport", "description" : "Indicates the transport type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "TCP", - "UDP" ] } }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "TCP", + "UDP" ] } ] } }, "additionalProperties" : false }, "oscal-ssp-oscal-implementation-common:implementation-status" : { "title" : "Implementation Status", @@ -1718,8 +1707,16 @@ { "state" : { "title" : "Implementation State", "description" : "Identifies the implementation status of the control or control objective.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "implemented", + "partial", + "planned", + "alternative", + "not-applicable" ] } ] }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1734,8 +1731,7 @@ { "uuid" : { "title" : "User Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "User Title", "description" : "A name given to the user, which may be used by a tool for display and navigation.", @@ -1743,8 +1739,7 @@ "short-name" : { "title" : "User Short Name", "description" : "A short common name, abbreviation, or acronym for the user.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "description" : { "title" : "User Description", "description" : "A summary of the user's purpose within the system.", @@ -1801,8 +1796,7 @@ { "title" : "Functions Performed", "description" : "Describes a function performed for a given authorized privilege by this user class.", "$id" : "#field_oscal-implementation-common_function-performed", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ssp-oscal-implementation-common:inventory-item" : { "title" : "Inventory Item", "description" : "A single managed inventory item within the system.", @@ -1812,8 +1806,7 @@ { "uuid" : { "title" : "Inventory Item Universally Unique Identifier", "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "description" : { "title" : "Inventory Item Description", "description" : "A summary of the inventory item stating its purpose within the system.", @@ -1844,8 +1837,7 @@ { "component-uuid" : { "title" : "Component Universally Unique Identifier Reference", "description" : "A machine-oriented identifier reference to a component that is implemented as part of an inventory item.", - "type" : "string", - "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "$ref" : "#/definitions/UUIDDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -1881,16 +1873,14 @@ { "param-id" : { "title" : "Parameter ID", "description" : "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "values" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Parameter Value", "description" : "A parameter value or set of values.", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" } }, + "$ref" : "#/definitions/StringDatatype" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1906,11 +1896,17 @@ { "identifier-type" : { "title" : "Identification System Type", "description" : "Identifies the identification system from which the provided identifier was assigned.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "allOf" : + [ + { "$ref" : "#/definitions/URIDatatype" }, + + { "enum" : + [ "https://fedramp.gov", + "http://fedramp.gov/ns/oscal", + "https://ietf.org/rfc/rfc4122", + "http://ietf.org/rfc/rfc4122" ] } ] }, "id" : - { "type" : "string" } }, + { "$ref" : "#/definitions/StringDatatype" } }, "required" : [ "id" ], "additionalProperties" : false }, @@ -1923,24 +1919,19 @@ { "id" : { "title" : "Part Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", "description" : "A textual label that uniquely identifies the part's semantic type.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", - "type" : "string", - "format" : "uri", - "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", "description" : "A name given to the part, which may be used by a tool for display and navigation.", @@ -1976,18 +1967,15 @@ { "id" : { "title" : "Parameter Identifier", "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", "description" : "A textual label that provides a characterization of the parameter.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", "minItems" : 1, @@ -2049,8 +2037,7 @@ { "expression" : { "title" : "Constraint test", "description" : "A formal (executable) expression of a constraint", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -2074,8 +2061,7 @@ { "title" : "Parameter Value", "description" : "A parameter value or set of values.", "$id" : "#field_oscal-catalog-common_parameter-value", - "type" : "string", - "pattern" : "^\\S(.*\\S)?$" }, + "$ref" : "#/definitions/StringDatatype" }, "oscal-ssp-oscal-catalog-common:parameter-selection" : { "title" : "Selection", "description" : "Presenting a choice among alternatives", @@ -2085,11 +2071,13 @@ { "how-many" : { "title" : "Parameter Cardinality", "description" : "Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.", - "type" : "string", - "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$", - "enum" : - [ "one", - "one-or-more" ] }, + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "one", + "one-or-more" ] } ] }, "choice" : { "type" : "array", "minItems" : 1, @@ -2103,7 +2091,52 @@ "description" : "Include all controls from the imported catalog or profile resources.", "$id" : "#assembly_oscal-catalog-common_include-all", "type" : "object", - "additionalProperties" : false } }, + "additionalProperties" : false }, + "Base64Datatype" : + { "type" : "string", + "pattern" : "^[0-9A-Za-z+/]+={0,2}$", + "contentEncoding" : "base64" }, + "DateDatatype" : + { "type" : "string", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))(Z|[+-][0-9]{2}:[0-9]{2})?$" }, + "DateTimeWithTimezoneDatatype" : + { "type" : "string", + "format" : "date-time", + "pattern" : "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]*[1-9])?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$" }, + "EmailAddressDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "type" : "string", + "format" : "email", + "pattern" : "^.+@.+$" } ] }, + "IntegerDatatype" : + { "type" : "integer" }, + "NonNegativeIntegerDatatype" : + { "allOf" : + [ + { "$ref" : "#/definitions/IntegerDatatype" }, + + { "type" : "number", + "minimum" : 0 } ] }, + "StringDatatype" : + { "type" : "string", + "pattern" : "^\\S(.*\\S)?$" }, + "TokenDatatype" : + { "type" : "string", + "pattern" : "^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, + "URIDatatype" : + { "type" : "string", + "format" : "uri", + "pattern" : "^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$" }, + "URIReferenceDatatype" : + { "type" : "string", + "format" : "uri-reference" }, + "UUIDDatatype" : + { "type" : "string", + "description" : "A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, "properties" : { "system-security-plan" : { "$ref" : "#assembly_oscal-ssp_system-security-plan" } }, diff --git a/xml/schema/oscal_assessment-plan_schema.xsd b/xml/schema/oscal_assessment-plan_schema.xsd index c6302e48a6..c9aefb7567 100644 --- a/xml/schema/oscal_assessment-plan_schema.xsd +++ b/xml/schema/oscal_assessment-plan_schema.xsd @@ -1,8 +1,8 @@ - @@ -18,8 +18,7 @@ assessment-plan - + @@ -31,11 +30,11 @@ @@ -50,23 +49,23 @@ @@ -79,9 +78,7 @@ Remarks: Additional commentary on the containing object. - + @@ -99,38 +96,38 @@ - + Assessment Plan Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Plan Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -158,62 +155,62 @@ Document Title: A name given to the document, which may be used by a tool for display and navigation. - + @@ -226,9 +223,7 @@ Remarks: Additional commentary on the containing object. - + @@ -254,32 +249,32 @@ Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - + @@ -292,9 +287,7 @@ Remarks: Additional commentary on the containing object. - + @@ -320,20 +313,20 @@ Location Title: A name given to the location, which may be used by a tool for display and navigation. - + @@ -346,15 +339,15 @@ Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - + @@ -367,17 +360,15 @@ Remarks: Additional commentary on the containing object. - + - + Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -388,12 +379,12 @@ Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -415,7 +406,7 @@ Party Name: The full name of the party. This is typically the legal name associated with the party. - + @@ -428,7 +419,7 @@ Party Short Name: A short common name, abbreviation, or acronym for the party. - + @@ -442,8 +433,8 @@ Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) - - + + External Identifier Schema @@ -458,28 +449,28 @@ @@ -488,12 +479,12 @@ Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -506,23 +497,21 @@ Remarks: Additional commentary on the containing object. - + - + Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Party Type @@ -537,12 +526,12 @@ Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -565,7 +554,7 @@ Role Title: A name given to the role, which may be used by a tool for display and navigation. - + @@ -579,7 +568,7 @@ Role Short Name: A short common name, abbreviation, or acronym for the role. - + @@ -593,16 +582,16 @@ Role Description: A summary of the role's purpose and associated responsibilities. - + @@ -615,17 +604,15 @@ Remarks: Additional commentary on the containing object. - + - + Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -636,12 +623,12 @@ Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + A human-oriented identifier reference to roles served by the user. Role Identifier Reference: A human-oriented identifier reference to roles served by the user. - + @@ -675,7 +662,7 @@ Resource Title: A name given to the resource, which may be used by a tool for display and navigation. - + @@ -690,16 +677,16 @@ Resource Description: A short summary of the resource used to indicate the purpose of the resource. - + @@ -724,16 +711,16 @@ Citation Text: A line of citation text. - + @@ -751,11 +738,11 @@ - + Hypertext Reference @@ -765,11 +752,11 @@ Hypertext Reference: A resolvable URI reference to a resource. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -788,22 +775,22 @@ Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. - - + + File Name - Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. + Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. File Name: Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -823,17 +810,15 @@ Remarks: Additional commentary on the containing object. - + - + Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -863,13 +848,11 @@ Remarks: Additional commentary on the containing object. - + - + Property Name @@ -879,17 +862,17 @@ Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - + Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Property Namespace @@ -899,7 +882,7 @@ Property Namespace: A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name. - + Property Value @@ -909,11 +892,11 @@ Property Value: Indicates the value of the attribute, characteristic, or quality. - + Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. @@ -941,12 +924,12 @@ Link Text: A textual label to associate with the link, which may be used for presentation in a tool. - + - + Hypertext Reference @@ -956,7 +939,7 @@ Hypertext Reference: A resolvable URL reference to a resource. - + Relation @@ -966,11 +949,11 @@ Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -988,15 +971,15 @@ @@ -1009,17 +992,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role - A human-oriented identifier reference to roles served by the user. + A human-oriented identifier reference to roles served by the user. Responsible Role: A human-oriented identifier reference to roles served by the user. @@ -1037,15 +1018,15 @@ @@ -1058,17 +1039,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to roles responsible for the business function. Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. @@ -1085,8 +1064,8 @@ Hash: A representation of a cryptographic digest generated over a resource using a specified hash algorithm. - - + + Hash algorithm @@ -1109,30 +1088,30 @@ Remarks: Additional commentary on the containing object. - + Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + @@ -1143,7 +1122,7 @@ Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. - + @@ -1154,18 +1133,18 @@ OSCAL version: The OSCAL model version the document was authored against. - + Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. Email Address: An email address as defined by RFC 5322 Section 3.4.1. - + @@ -1177,8 +1156,8 @@ Telephone Number: Contact number by telephone. - - + + type flag @@ -1202,7 +1181,7 @@ @@ -1215,7 +1194,7 @@ City: City, town or geographical region for the mailing address. - + @@ -1228,7 +1207,7 @@ State: State, province or analogous geographical region for mailing address - + @@ -1241,7 +1220,7 @@ Postal Code: Postal or ZIP code for mailing address - + @@ -1254,11 +1233,11 @@ Country Code: The ISO 3166-1 alpha-2 country code for the mailing address. - + - + Address Type @@ -1278,20 +1257,20 @@ Address line: A single line of an address. - + Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. - - + + Document Identification Scheme @@ -1324,13 +1303,11 @@ Remarks: Additional commentary on the containing object. - + - + System Security Plan Reference @@ -1362,20 +1339,20 @@ Objective Description: A human-readable description of this control objective. - + @@ -1388,17 +1365,15 @@ Remarks: Additional commentary on the containing object. - + - + Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -1426,20 +1401,20 @@ Assessment Method Description: A human-readable description of this assessment method. - + @@ -1452,17 +1427,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Method Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Method Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1490,7 +1463,7 @@ Included Activity Title: The title for this included activity. - + @@ -1505,16 +1478,16 @@ Included Activity Description: A human-readable description of this included activity. - + @@ -1539,7 +1512,7 @@ Step Title: The title for this step. - + @@ -1554,24 +1527,24 @@ Step Description: A human-readable description of this step. - + @@ -1584,17 +1557,15 @@ Remarks: Additional commentary on the containing object. - + - + Step Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Step Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1603,11 +1574,11 @@ @@ -1620,17 +1591,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Activity Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Activity Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1658,7 +1627,7 @@ Task Title: The title for this task. - + @@ -1673,16 +1642,16 @@ Task Description: A human-readable description of this task. - + @@ -1707,7 +1676,7 @@ On Date Condition: The task is intended to occur on the specified date. - + On Date Condition @@ -1729,7 +1698,7 @@ On Date Range Condition: The task is intended to occur within the specified date range. - + Start Date Condition @@ -1739,7 +1708,7 @@ Start Date Condition: The task must occur on or after the specified date. - + End Date Condition @@ -1761,7 +1730,7 @@ Frequency Condition: The task is intended to occur at the specified frequency. - + Period @@ -1771,7 +1740,7 @@ Period: The task must occur after the specified period has elapsed. - + Time Unit @@ -1808,17 +1777,15 @@ Remarks: Additional commentary on the containing object. - + - + Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -1827,7 +1794,7 @@ @@ -1842,19 +1809,19 @@ @@ -1867,17 +1834,15 @@ Remarks: Additional commentary on the containing object. - + - + Activity Universally Unique Identifier Reference - A machine-oriented identifier reference to an activity defined in the list of activities. + A machine-oriented identifier reference to an activity defined in the list of activities. Activity Universally Unique Identifier Reference: A machine-oriented identifier reference to an activity defined in the list of activities. @@ -1886,11 +1851,11 @@ @@ -1903,23 +1868,21 @@ Remarks: Additional commentary on the containing object. - + - + Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Task Type @@ -1951,16 +1914,16 @@ Control Objective Description: A human-readable description of control objectives. - + @@ -1985,30 +1948,30 @@ Assessed Controls Description: A human-readable description of in-scope controls specified for assessment. - + @@ -2021,9 +1984,7 @@ Remarks: Additional commentary on the containing object. - + @@ -2053,30 +2014,30 @@ Control Objectives Description: A human-readable description of this collection of control objectives. - + @@ -2089,9 +2050,7 @@ Remarks: Additional commentary on the containing object. - + @@ -2107,9 +2066,7 @@ Remarks: Additional commentary on the containing object. - + @@ -2134,15 +2091,15 @@ Include Specific Statements: Used to constrain the selection to only specificity identified statements. - + - + Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -2158,7 +2115,7 @@ Select Objective: Used to select a control objective for inclusion/exclusion based on the control objective's identifier. - + Objective ID @@ -2190,7 +2147,7 @@ Assessment Subject Placeholder Description: A human-readable description of intent of this assessment subject placeholder. - + @@ -2204,11 +2161,11 @@ Assessment Subject Source: Assessment subjects will be identified while conducting the referenced activity-instance. - + Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2217,11 +2174,11 @@ @@ -2234,17 +2191,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Subject Placeholder Universally Unique Identifier - A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Subject Placeholder Universally Unique Identifier: A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2272,30 +2227,30 @@ Include Subjects Description: A human-readable description of the collection of subjects being included in this assessment. - + @@ -2308,13 +2263,11 @@ Remarks: Additional commentary on the containing object. - + - + Subject Type @@ -2336,11 +2289,11 @@ @@ -2353,27 +2306,25 @@ Remarks: Additional commentary on the containing object. - + - + Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. - + Subject Universally Unique Identifier Reference Type - Used to indicate the type of object pointed to by the uuid-ref within a subject. + Used to indicate the type of object pointed to by the uuid-ref within a subject. Subject Universally Unique Identifier Reference Type: Used to indicate the type of object pointed to by the uuid-ref within a subject. @@ -2384,7 +2335,7 @@ Identifies the Subject - A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. + A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. Identifies the Subject: A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. @@ -2401,16 +2352,16 @@ Subject Reference Title: The title or name for the referenced subject. - + @@ -2423,27 +2374,25 @@ Remarks: Additional commentary on the containing object. - + - + Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. - + Subject Universally Unique Identifier Reference Type - Used to indicate the type of object pointed to by the uuid-ref within a subject. + Used to indicate the type of object pointed to by the uuid-ref within a subject. Subject Universally Unique Identifier Reference Type: Used to indicate the type of object pointed to by the uuid-ref within a subject. @@ -2461,7 +2410,7 @@ @@ -2486,16 +2435,16 @@ Assessment Platform Title: The title or name for the assessment platform. - + @@ -2510,15 +2459,15 @@ @@ -2531,17 +2480,15 @@ Remarks: Additional commentary on the containing object. - + - + Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -2559,17 +2506,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Platform Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Platform Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2600,7 +2545,7 @@ Objective Status Title: The title for this objective status. - + @@ -2615,16 +2560,16 @@ Objective Status Description: A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied. - + @@ -2648,13 +2593,11 @@ Remarks: Additional commentary on the containing object. - + - + Objective Status State @@ -2664,7 +2607,7 @@ Objective Status State: An indication as to whether the objective is satisfied or not. - + Objective Status Reason @@ -2677,7 +2620,7 @@ @@ -2690,13 +2633,11 @@ Remarks: Additional commentary on the containing object. - + - + Finding Target Type @@ -2706,11 +2647,11 @@ Finding Target Type: Identifies the type of the target. - + Finding Target Identifier Reference - A machine-oriented identifier reference for a specific target qualified by the type. + A machine-oriented identifier reference for a specific target qualified by the type. Finding Target Identifier Reference: A machine-oriented identifier reference for a specific target qualified by the type. @@ -2738,7 +2679,7 @@ Observation Title: The title for this observation. - + @@ -2753,16 +2694,16 @@ Observation Description: A human-readable description of this assessment observation. - + @@ -2775,7 +2716,7 @@ Observation Method: Identifies how the observation was made. - + @@ -2788,15 +2729,15 @@ Observation Type: Identifies the nature of the observation. More than one may be used to further qualify and enable filtering. - + @@ -2821,16 +2762,16 @@ Relevant Evidence Description: A human-readable description of this evidence. - + @@ -2843,13 +2784,11 @@ Remarks: Additional commentary on the containing object. - + - + Relevant Evidence Reference @@ -2871,7 +2810,7 @@ Collected Field: Date/time stamp identifying when the finding information was collected. - + @@ -2884,7 +2823,7 @@ Expires Field: Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios. - + @@ -2897,17 +2836,15 @@ Remarks: Additional commentary on the containing object. - + - + Observation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Observation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2925,11 +2862,11 @@ @@ -2945,15 +2882,15 @@ - + Actor Type @@ -2963,17 +2900,17 @@ Actor Type: The kind of actor. - + Actor Universally Unique Identifier Reference - A machine-oriented identifier reference to the tool or person based on the associated type. + A machine-oriented identifier reference to the tool or person based on the associated type. Actor Universally Unique Identifier Reference: A machine-oriented identifier reference to the tool or person based on the associated type. - + Actor Role @@ -2995,19 +2932,19 @@ @@ -3022,15 +2959,15 @@ - + Assessment Subject Placeholder Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. + A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. Assessment Subject Placeholder Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. @@ -3048,17 +2985,15 @@ Remarks: Additional commentary on the containing object. - + - + Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -3075,8 +3010,8 @@ Threat ID: A pointer, by ID, to an externally-defined threat. - - + + Threat Type Identification System @@ -3086,7 +3021,7 @@ Threat Type Identification System: Specifies the source of the threat information. - + Threat Information Resource Reference @@ -3120,7 +3055,7 @@ Risk Title: The title for this risk. - + @@ -3135,7 +3070,7 @@ Risk Description: A human-readable summary of the identified risk, to include a statement of how the risk impacts the system. - + @@ -3150,32 +3085,32 @@ Risk Statement: An summary of impact for how the risk affects the system. - + @@ -3200,38 +3135,38 @@ Mitigating Factor Description: A human-readable description of this mitigating factor. - + - + Mitigating Factor Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Mitigating Factor Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Implementation UUID - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Implementation UUID: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3249,11 +3184,11 @@ Risk Resolution Deadline: The date/time by which the risk must be resolved. - + @@ -3289,7 +3224,7 @@ Title: The title for this risk log entry. - + @@ -3304,7 +3239,7 @@ Risk Task Description: A human-readable description of what was done regarding the risk. - + @@ -3318,7 +3253,7 @@ Start: Identifies the start date and time of the event. - + @@ -3331,23 +3266,23 @@ End: Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time. - + @@ -3362,15 +3297,15 @@ @@ -3383,17 +3318,15 @@ Remarks: Additional commentary on the containing object. - + - + Response Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique risk response. + A machine-oriented identifier reference to a unique risk response. Response Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique risk response. @@ -3411,17 +3344,15 @@ Remarks: Additional commentary on the containing object. - + - + Risk Log Entry Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Log Entry Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3442,11 +3373,11 @@ Related Observation: Relates the finding to a set of referenced observations that were used to determine the finding. - + Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. + A machine-oriented identifier reference to an observation defined in the list of observations. Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. @@ -3455,11 +3386,11 @@ - + Risk Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3475,17 +3406,17 @@ Logged By: Used to indicate who created a log entry in what role. - + Party UUID Reference - A machine-oriented identifier reference to the party who is making the log entry. + A machine-oriented identifier reference to the party who is making the log entry. Party UUID Reference: A machine-oriented identifier reference to the party who is making the log entry. - + Actor Role @@ -3505,7 +3436,7 @@ Risk Status: Describes the status of the associated risk. - + @@ -3518,15 +3449,15 @@ @@ -3541,11 +3472,11 @@ @@ -3558,13 +3489,11 @@ Remarks: Additional commentary on the containing object. - + - + Facet Name @@ -3574,7 +3503,7 @@ Facet Name: The name of the risk metric within the specified system. - + Naming System @@ -3584,7 +3513,7 @@ Naming System: Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash. - + Facet Value @@ -3619,7 +3548,7 @@ Response Title: The title for this response activity. - + @@ -3634,20 +3563,20 @@ Response Description: A human-readable description of this response plan. - + @@ -3662,7 +3591,7 @@ @@ -3676,7 +3605,7 @@ Title for Required Asset: The title for this required asset. - + @@ -3691,16 +3620,16 @@ Description of Required Asset: A human-readable description of this required asset. - + @@ -3713,17 +3642,15 @@ Remarks: Additional commentary on the containing object. - + - + Required Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Required Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3732,7 +3659,7 @@ @@ -3745,23 +3672,21 @@ Remarks: Additional commentary on the containing object. - + - + Remediation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Remediation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Remediation Intent @@ -3793,37 +3718,35 @@ Part Title: A name given to the part, which may be used by a tool for display and navigation. - + - + - + Part Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Part Name @@ -3833,7 +3756,7 @@ Part Name: A textual label that uniquely identifies the part's semantic type. - + Part Namespace @@ -3843,11 +3766,11 @@ Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - + Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. @@ -3875,37 +3798,35 @@ Part Title: A name given to the part, which may be used by a tool for display and navigation. - + - + - + Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Part Name @@ -3915,7 +3836,7 @@ Part Name: A textual label that uniquely identifies the part's semantic type. - + Part Namespace @@ -3925,11 +3846,11 @@ Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - + Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. @@ -3947,11 +3868,11 @@ @@ -3959,13 +3880,13 @@ Parameter Label - A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. + A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. Parameter Label: A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. - + @@ -3980,25 +3901,25 @@ Parameter Usage Description: Describes the purpose and use of a parameter - + @@ -4012,23 +3933,21 @@ Remarks: Additional commentary on the containing object. - + - + Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Parameter Class @@ -4038,7 +3957,7 @@ Parameter Class: A textual label that provides a characterization of the parameter. - + Depends on @@ -4070,7 +3989,7 @@ Constraint Description: A textual summary of the constraint to be applied. - + @@ -4095,7 +4014,7 @@ Constraint test: A formal (executable) expression of a constraint - + @@ -4108,9 +4027,7 @@ Remarks: Additional commentary on the containing object. - + @@ -4128,9 +4045,7 @@ Guideline: A prose statement that provides a recommendation for the use of a parameter. - + @@ -4142,7 +4057,7 @@ Parameter Value: A parameter value or set of values. - + @@ -4165,12 +4080,12 @@ Choice: A value selection among several such options - + - + Parameter Cardinality @@ -4212,7 +4127,7 @@ Component Title: A human readable name for the system component. - + @@ -4227,7 +4142,7 @@ Component Description: A description of the component, including information about its function. - + @@ -4242,16 +4157,16 @@ Purpose: A summary of the technological or business purpose of the component. - + @@ -4275,13 +4190,11 @@ Remarks: Additional commentary on the containing object. - + - + State @@ -4294,11 +4207,11 @@ @@ -4311,23 +4224,21 @@ Remarks: Additional commentary on the containing object. - + - + Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Component Type @@ -4359,30 +4270,30 @@ Protocol Title: A human readable name for the protocol (e.g., Transport Layer Security). - + - + Service Protocol Information Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Service Protocol Information Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Protocol Name - The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. + The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. Protocol Name: The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. @@ -4398,7 +4309,7 @@ Port Range: Where applicable this is the IPv4 port range on which the service operates. - + Start @@ -4408,7 +4319,7 @@ Start: Indicates the starting port number in a port range - + End @@ -4418,7 +4329,7 @@ End: Indicates the ending port number in a port range - + Transport @@ -4449,13 +4360,11 @@ Remarks: Additional commentary on the containing object. - + - + Implementation State @@ -4487,7 +4396,7 @@ User Title: A name given to the user, which may be used by a tool for display and navigation. - + @@ -4501,7 +4410,7 @@ User Short Name: A short common name, abbreviation, or acronym for the user. - + @@ -4515,24 +4424,24 @@ User Description: A summary of the user's purpose within the system. - + @@ -4545,17 +4454,15 @@ Remarks: Additional commentary on the containing object. - + - + User Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. User Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4583,7 +4490,7 @@ Privilege Title: A human readable name for the privilege. - + @@ -4598,12 +4505,12 @@ Privilege Description: A summary of the privilege's purpose within the system. - + @@ -4617,7 +4524,7 @@ Functions Performed: Describes a function performed for a given authorized privilege by this user class. - + @@ -4640,20 +4547,20 @@ Inventory Item Description: A summary of the inventory item stating its purpose within the system. - + @@ -4668,15 +4575,15 @@ @@ -4689,17 +4596,15 @@ Remarks: Additional commentary on the containing object. - + - + Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -4717,17 +4622,15 @@ Remarks: Additional commentary on the containing object. - + - + Inventory Item Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inventory Item Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4754,7 +4657,7 @@ Parameter Value: A parameter value or set of values. - + @@ -4767,17 +4670,15 @@ Remarks: Additional commentary on the containing object. - + - + Parameter ID - A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. + A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. Parameter ID: A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. @@ -4788,14 +4689,14 @@ System Identification - A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. + A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. System Identification: A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. - - + + Identification System Type @@ -4808,55 +4709,33 @@ - - - - - + + + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + - - - - - - - - - The content model is the same as blockElementType, but line endings need - to be preserved, since this is preformatted. - - - - - + - The content model is the same as blockElementType, but line endings need + The content model is the same as inlineMarkupType, but line endings need to be preserved, since this is preformatted. @@ -4865,34 +4744,39 @@ + - - - + + + - + - - - - + + + + + - + - - + + + + + @@ -4901,49 +4785,49 @@ - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + - + + + + + + + + + + + + + + + + + + + + + + + - + + + - - An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. + An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. @@ -4952,136 +4836,48 @@ - The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. + The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. - - - - - A string, but not empty and not whitespace-only (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) - - - - - - The xs:dateTime with a required timezone. - - - - - - An email address - - - - - - A URI - - - - - - A URI reference, such as a relative URL - - - - - - A Type 4 ('random' or 'pseudorandom' UUID per RFC 4122 - - - - - - A string token following the rules of XML "no colon" names, with no whitespace. (XML names are single alphabetic characters - followed by alphanumeric characters, periods, underscores or dashes.) - - - - - - A trimmed string, at least one character with no - leading or trailing whitespace. - - - - - - - - - - - - The xs:date with a required timezone. - - - + - + The xs:dateTime with a required timezone. - - + + An email address - - + + Need a better pattern. - - - A host name - - - - - - The ip-v4-address type specifies an IPv4 address in - dot decimal notation. - - - - - - - - The ip-v6-address type specifies an IPv6 address - represented in 8 hextets separated by colons. - This is based on the pattern provided here: - https://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses - with some customizations. - - - - + + + + + A trimmed string, at least one character with no + leading or trailing whitespace. + + @@ -5089,7 +4885,7 @@ A trimmed string, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. @@ -5097,18 +4893,38 @@ A string, but not empty and not whitespace-only - (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) + (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) The OSCAL 'string' datatype restricts the XSD type by prohibiting leading - and trailing whitespace, and something (not only whitespace) is required. + and trailing whitespace, and something (not only whitespace) is required. A trimmed string, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. + + + + + + + + A string token following the rules of XML "no + colon" names, with no whitespace. (XML names are single alphabetic + characters followed by alphanumeric characters, periods, underscores or dashes.) + + + + + + + + A single token may not contain whitespace. + @@ -5128,13 +4944,13 @@ A URI reference, such as a relative URL - + A trimmed URI, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. @@ -5142,14 +4958,14 @@ A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC - 4122. + 4122. - + A sequence of 8-4-4-4-12 hex digits, with extra - constraints in the 13th and 17-18th places for version 4 and 5 - + constraints in the 13th and 17-18th places for version 4 and 5 + diff --git a/xml/schema/oscal_assessment-results_schema.xsd b/xml/schema/oscal_assessment-results_schema.xsd index 42c377f09b..1cf4c4a207 100644 --- a/xml/schema/oscal_assessment-results_schema.xsd +++ b/xml/schema/oscal_assessment-results_schema.xsd @@ -1,8 +1,8 @@ - @@ -18,8 +18,7 @@ assessment-results - + @@ -31,11 +30,11 @@ @@ -50,11 +49,11 @@ @@ -67,28 +66,26 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Results Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Results Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -116,7 +113,7 @@ Results Title: The title for this set of results. - + @@ -131,7 +128,7 @@ Results Description: A human-readable description of this set of test results. - + @@ -145,7 +142,7 @@ start field: Date/time stamp identifying the start of the evidence collection reflected in these results. - + @@ -158,15 +155,15 @@ end field: Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate. - + @@ -181,30 +178,30 @@ @@ -219,11 +216,11 @@ @@ -262,7 +259,7 @@ Action Title: The title for this event. - + @@ -277,7 +274,7 @@ Action Description: A human-readable description of this event. - + @@ -291,7 +288,7 @@ Start: Identifies the start date and time of an event. - + @@ -304,23 +301,23 @@ End: Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time. - + @@ -333,17 +330,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Log Entry Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Log Entry Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -355,15 +350,15 @@ @@ -376,17 +371,15 @@ Remarks: Additional commentary on the containing object. - + - + Results Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Results Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -414,7 +407,7 @@ Finding Title: The title for this finding. - + @@ -429,24 +422,24 @@ Finding Description: A human-readable description of this finding. - + @@ -454,12 +447,12 @@ Implementation Statement UUID - A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. + A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. Implementation Statement UUID: A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. - + @@ -472,11 +465,11 @@ Related Observation: Relates the finding to a set of referenced observations that were used to determine the finding. - + Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. + A machine-oriented identifier reference to an observation defined in the list of observations. Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. @@ -494,11 +487,11 @@ Associated Risk: Relates the finding to a set of referenced risks that were used to determine the finding. - + Risk Universally Unique Identifier Reference - A machine-oriented identifier reference to a risk defined in the list of risks. + A machine-oriented identifier reference to a risk defined in the list of risks. Risk Universally Unique Identifier Reference: A machine-oriented identifier reference to a risk defined in the list of risks. @@ -516,17 +509,15 @@ Remarks: Additional commentary on the containing object. - + - + Finding Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Finding Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -553,13 +544,11 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Plan Reference @@ -591,62 +580,62 @@ Document Title: A name given to the document, which may be used by a tool for display and navigation. - + @@ -659,9 +648,7 @@ Remarks: Additional commentary on the containing object. - + @@ -687,32 +674,32 @@ Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - + @@ -725,9 +712,7 @@ Remarks: Additional commentary on the containing object. - + @@ -753,20 +738,20 @@ Location Title: A name given to the location, which may be used by a tool for display and navigation. - + @@ -779,15 +764,15 @@ Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - + @@ -800,17 +785,15 @@ Remarks: Additional commentary on the containing object. - + - + Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -821,12 +804,12 @@ Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -848,7 +831,7 @@ Party Name: The full name of the party. This is typically the legal name associated with the party. - + @@ -861,7 +844,7 @@ Party Short Name: A short common name, abbreviation, or acronym for the party. - + @@ -875,8 +858,8 @@ Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) - - + + External Identifier Schema @@ -891,28 +874,28 @@ @@ -921,12 +904,12 @@ Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -939,23 +922,21 @@ Remarks: Additional commentary on the containing object. - + - + Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Party Type @@ -970,12 +951,12 @@ Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -998,7 +979,7 @@ Role Title: A name given to the role, which may be used by a tool for display and navigation. - + @@ -1012,7 +993,7 @@ Role Short Name: A short common name, abbreviation, or acronym for the role. - + @@ -1026,16 +1007,16 @@ Role Description: A summary of the role's purpose and associated responsibilities. - + @@ -1048,17 +1029,15 @@ Remarks: Additional commentary on the containing object. - + - + Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1069,12 +1048,12 @@ Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + A human-oriented identifier reference to roles served by the user. Role Identifier Reference: A human-oriented identifier reference to roles served by the user. - + @@ -1108,7 +1087,7 @@ Resource Title: A name given to the resource, which may be used by a tool for display and navigation. - + @@ -1123,16 +1102,16 @@ Resource Description: A short summary of the resource used to indicate the purpose of the resource. - + @@ -1157,16 +1136,16 @@ Citation Text: A line of citation text. - + @@ -1184,11 +1163,11 @@ - + Hypertext Reference @@ -1198,11 +1177,11 @@ Hypertext Reference: A resolvable URI reference to a resource. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1221,22 +1200,22 @@ Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. - - + + File Name - Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. + Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. File Name: Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1256,17 +1235,15 @@ Remarks: Additional commentary on the containing object. - + - + Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1296,13 +1273,11 @@ Remarks: Additional commentary on the containing object. - + - + Property Name @@ -1312,17 +1287,17 @@ Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - + Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Property Namespace @@ -1332,7 +1307,7 @@ Property Namespace: A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name. - + Property Value @@ -1342,11 +1317,11 @@ Property Value: Indicates the value of the attribute, characteristic, or quality. - + Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. @@ -1374,12 +1349,12 @@ Link Text: A textual label to associate with the link, which may be used for presentation in a tool. - + - + Hypertext Reference @@ -1389,7 +1364,7 @@ Hypertext Reference: A resolvable URL reference to a resource. - + Relation @@ -1399,11 +1374,11 @@ Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1421,15 +1396,15 @@ @@ -1442,17 +1417,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role - A human-oriented identifier reference to roles served by the user. + A human-oriented identifier reference to roles served by the user. Responsible Role: A human-oriented identifier reference to roles served by the user. @@ -1470,15 +1443,15 @@ @@ -1491,17 +1464,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to roles responsible for the business function. Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. @@ -1518,8 +1489,8 @@ Hash: A representation of a cryptographic digest generated over a resource using a specified hash algorithm. - - + + Hash algorithm @@ -1542,30 +1513,30 @@ Remarks: Additional commentary on the containing object. - + Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + @@ -1576,7 +1547,7 @@ Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. - + @@ -1587,18 +1558,18 @@ OSCAL version: The OSCAL model version the document was authored against. - + Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. Email Address: An email address as defined by RFC 5322 Section 3.4.1. - + @@ -1610,8 +1581,8 @@ Telephone Number: Contact number by telephone. - - + + type flag @@ -1635,7 +1606,7 @@ @@ -1648,7 +1619,7 @@ City: City, town or geographical region for the mailing address. - + @@ -1661,7 +1632,7 @@ State: State, province or analogous geographical region for mailing address - + @@ -1674,7 +1645,7 @@ Postal Code: Postal or ZIP code for mailing address - + @@ -1687,11 +1658,11 @@ Country Code: The ISO 3166-1 alpha-2 country code for the mailing address. - + - + Address Type @@ -1711,20 +1682,20 @@ Address line: A single line of an address. - + Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. - - + + Document Identification Scheme @@ -1757,13 +1728,11 @@ Remarks: Additional commentary on the containing object. - + - + System Security Plan Reference @@ -1795,20 +1764,20 @@ Objective Description: A human-readable description of this control objective. - + @@ -1821,17 +1790,15 @@ Remarks: Additional commentary on the containing object. - + - + Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -1859,20 +1826,20 @@ Assessment Method Description: A human-readable description of this assessment method. - + @@ -1885,17 +1852,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Method Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Method Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1923,7 +1888,7 @@ Included Activity Title: The title for this included activity. - + @@ -1938,16 +1903,16 @@ Included Activity Description: A human-readable description of this included activity. - + @@ -1972,7 +1937,7 @@ Step Title: The title for this step. - + @@ -1987,24 +1952,24 @@ Step Description: A human-readable description of this step. - + @@ -2017,17 +1982,15 @@ Remarks: Additional commentary on the containing object. - + - + Step Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Step Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2036,11 +1999,11 @@ @@ -2053,17 +2016,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Activity Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Activity Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2091,7 +2052,7 @@ Task Title: The title for this task. - + @@ -2106,16 +2067,16 @@ Task Description: A human-readable description of this task. - + @@ -2140,7 +2101,7 @@ On Date Condition: The task is intended to occur on the specified date. - + On Date Condition @@ -2162,7 +2123,7 @@ On Date Range Condition: The task is intended to occur within the specified date range. - + Start Date Condition @@ -2172,7 +2133,7 @@ Start Date Condition: The task must occur on or after the specified date. - + End Date Condition @@ -2194,7 +2155,7 @@ Frequency Condition: The task is intended to occur at the specified frequency. - + Period @@ -2204,7 +2165,7 @@ Period: The task must occur after the specified period has elapsed. - + Time Unit @@ -2241,17 +2202,15 @@ Remarks: Additional commentary on the containing object. - + - + Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -2260,7 +2219,7 @@ @@ -2275,19 +2234,19 @@ @@ -2300,17 +2259,15 @@ Remarks: Additional commentary on the containing object. - + - + Activity Universally Unique Identifier Reference - A machine-oriented identifier reference to an activity defined in the list of activities. + A machine-oriented identifier reference to an activity defined in the list of activities. Activity Universally Unique Identifier Reference: A machine-oriented identifier reference to an activity defined in the list of activities. @@ -2319,11 +2276,11 @@ @@ -2336,23 +2293,21 @@ Remarks: Additional commentary on the containing object. - + - + Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Task Type @@ -2384,16 +2339,16 @@ Control Objective Description: A human-readable description of control objectives. - + @@ -2418,30 +2373,30 @@ Assessed Controls Description: A human-readable description of in-scope controls specified for assessment. - + @@ -2454,9 +2409,7 @@ Remarks: Additional commentary on the containing object. - + @@ -2486,30 +2439,30 @@ Control Objectives Description: A human-readable description of this collection of control objectives. - + @@ -2522,9 +2475,7 @@ Remarks: Additional commentary on the containing object. - + @@ -2540,9 +2491,7 @@ Remarks: Additional commentary on the containing object. - + @@ -2567,15 +2516,15 @@ Include Specific Statements: Used to constrain the selection to only specificity identified statements. - + - + Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -2591,7 +2540,7 @@ Select Objective: Used to select a control objective for inclusion/exclusion based on the control objective's identifier. - + Objective ID @@ -2623,7 +2572,7 @@ Assessment Subject Placeholder Description: A human-readable description of intent of this assessment subject placeholder. - + @@ -2637,11 +2586,11 @@ Assessment Subject Source: Assessment subjects will be identified while conducting the referenced activity-instance. - + Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2650,11 +2599,11 @@ @@ -2667,17 +2616,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Subject Placeholder Universally Unique Identifier - A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Subject Placeholder Universally Unique Identifier: A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2705,30 +2652,30 @@ Include Subjects Description: A human-readable description of the collection of subjects being included in this assessment. - + @@ -2741,13 +2688,11 @@ Remarks: Additional commentary on the containing object. - + - + Subject Type @@ -2769,11 +2714,11 @@ @@ -2786,27 +2731,25 @@ Remarks: Additional commentary on the containing object. - + - + Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. - + Subject Universally Unique Identifier Reference Type - Used to indicate the type of object pointed to by the uuid-ref within a subject. + Used to indicate the type of object pointed to by the uuid-ref within a subject. Subject Universally Unique Identifier Reference Type: Used to indicate the type of object pointed to by the uuid-ref within a subject. @@ -2817,7 +2760,7 @@ Identifies the Subject - A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. + A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. Identifies the Subject: A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. @@ -2834,16 +2777,16 @@ Subject Reference Title: The title or name for the referenced subject. - + @@ -2856,27 +2799,25 @@ Remarks: Additional commentary on the containing object. - + - + Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. - + Subject Universally Unique Identifier Reference Type - Used to indicate the type of object pointed to by the uuid-ref within a subject. + Used to indicate the type of object pointed to by the uuid-ref within a subject. Subject Universally Unique Identifier Reference Type: Used to indicate the type of object pointed to by the uuid-ref within a subject. @@ -2894,7 +2835,7 @@ @@ -2919,16 +2860,16 @@ Assessment Platform Title: The title or name for the assessment platform. - + @@ -2943,15 +2884,15 @@ @@ -2964,17 +2905,15 @@ Remarks: Additional commentary on the containing object. - + - + Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -2992,17 +2931,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Platform Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Platform Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3033,7 +2970,7 @@ Objective Status Title: The title for this objective status. - + @@ -3048,16 +2985,16 @@ Objective Status Description: A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied. - + @@ -3081,13 +3018,11 @@ Remarks: Additional commentary on the containing object. - + - + Objective Status State @@ -3097,7 +3032,7 @@ Objective Status State: An indication as to whether the objective is satisfied or not. - + Objective Status Reason @@ -3110,7 +3045,7 @@ @@ -3123,13 +3058,11 @@ Remarks: Additional commentary on the containing object. - + - + Finding Target Type @@ -3139,11 +3072,11 @@ Finding Target Type: Identifies the type of the target. - + Finding Target Identifier Reference - A machine-oriented identifier reference for a specific target qualified by the type. + A machine-oriented identifier reference for a specific target qualified by the type. Finding Target Identifier Reference: A machine-oriented identifier reference for a specific target qualified by the type. @@ -3171,7 +3104,7 @@ Observation Title: The title for this observation. - + @@ -3186,16 +3119,16 @@ Observation Description: A human-readable description of this assessment observation. - + @@ -3208,7 +3141,7 @@ Observation Method: Identifies how the observation was made. - + @@ -3221,15 +3154,15 @@ Observation Type: Identifies the nature of the observation. More than one may be used to further qualify and enable filtering. - + @@ -3254,16 +3187,16 @@ Relevant Evidence Description: A human-readable description of this evidence. - + @@ -3276,13 +3209,11 @@ Remarks: Additional commentary on the containing object. - + - + Relevant Evidence Reference @@ -3304,7 +3235,7 @@ Collected Field: Date/time stamp identifying when the finding information was collected. - + @@ -3317,7 +3248,7 @@ Expires Field: Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios. - + @@ -3330,17 +3261,15 @@ Remarks: Additional commentary on the containing object. - + - + Observation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Observation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3358,11 +3287,11 @@ @@ -3378,15 +3307,15 @@ - + Actor Type @@ -3396,17 +3325,17 @@ Actor Type: The kind of actor. - + Actor Universally Unique Identifier Reference - A machine-oriented identifier reference to the tool or person based on the associated type. + A machine-oriented identifier reference to the tool or person based on the associated type. Actor Universally Unique Identifier Reference: A machine-oriented identifier reference to the tool or person based on the associated type. - + Actor Role @@ -3428,19 +3357,19 @@ @@ -3455,15 +3384,15 @@ - + Assessment Subject Placeholder Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. + A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. Assessment Subject Placeholder Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. @@ -3481,17 +3410,15 @@ Remarks: Additional commentary on the containing object. - + - + Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -3508,8 +3435,8 @@ Threat ID: A pointer, by ID, to an externally-defined threat. - - + + Threat Type Identification System @@ -3519,7 +3446,7 @@ Threat Type Identification System: Specifies the source of the threat information. - + Threat Information Resource Reference @@ -3553,7 +3480,7 @@ Risk Title: The title for this risk. - + @@ -3568,7 +3495,7 @@ Risk Description: A human-readable summary of the identified risk, to include a statement of how the risk impacts the system. - + @@ -3583,32 +3510,32 @@ Risk Statement: An summary of impact for how the risk affects the system. - + @@ -3633,38 +3560,38 @@ Mitigating Factor Description: A human-readable description of this mitigating factor. - + - + Mitigating Factor Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Mitigating Factor Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Implementation UUID - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Implementation UUID: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3682,11 +3609,11 @@ Risk Resolution Deadline: The date/time by which the risk must be resolved. - + @@ -3722,7 +3649,7 @@ Title: The title for this risk log entry. - + @@ -3737,7 +3664,7 @@ Risk Task Description: A human-readable description of what was done regarding the risk. - + @@ -3751,7 +3678,7 @@ Start: Identifies the start date and time of the event. - + @@ -3764,23 +3691,23 @@ End: Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time. - + @@ -3795,15 +3722,15 @@ @@ -3816,17 +3743,15 @@ Remarks: Additional commentary on the containing object. - + - + Response Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique risk response. + A machine-oriented identifier reference to a unique risk response. Response Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique risk response. @@ -3844,17 +3769,15 @@ Remarks: Additional commentary on the containing object. - + - + Risk Log Entry Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Log Entry Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3875,11 +3798,11 @@ Related Observation: Relates the finding to a set of referenced observations that were used to determine the finding. - + Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. + A machine-oriented identifier reference to an observation defined in the list of observations. Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. @@ -3888,11 +3811,11 @@ - + Risk Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3908,17 +3831,17 @@ Logged By: Used to indicate who created a log entry in what role. - + Party UUID Reference - A machine-oriented identifier reference to the party who is making the log entry. + A machine-oriented identifier reference to the party who is making the log entry. Party UUID Reference: A machine-oriented identifier reference to the party who is making the log entry. - + Actor Role @@ -3938,7 +3861,7 @@ Risk Status: Describes the status of the associated risk. - + @@ -3951,15 +3874,15 @@ @@ -3974,11 +3897,11 @@ @@ -3991,13 +3914,11 @@ Remarks: Additional commentary on the containing object. - + - + Facet Name @@ -4007,7 +3928,7 @@ Facet Name: The name of the risk metric within the specified system. - + Naming System @@ -4017,7 +3938,7 @@ Naming System: Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash. - + Facet Value @@ -4052,7 +3973,7 @@ Response Title: The title for this response activity. - + @@ -4067,20 +3988,20 @@ Response Description: A human-readable description of this response plan. - + @@ -4095,7 +4016,7 @@ @@ -4109,7 +4030,7 @@ Title for Required Asset: The title for this required asset. - + @@ -4124,16 +4045,16 @@ Description of Required Asset: A human-readable description of this required asset. - + @@ -4146,17 +4067,15 @@ Remarks: Additional commentary on the containing object. - + - + Required Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Required Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4165,7 +4084,7 @@ @@ -4178,23 +4097,21 @@ Remarks: Additional commentary on the containing object. - + - + Remediation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Remediation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Remediation Intent @@ -4226,37 +4143,35 @@ Part Title: A name given to the part, which may be used by a tool for display and navigation. - + - + - + Part Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Part Name @@ -4266,7 +4181,7 @@ Part Name: A textual label that uniquely identifies the part's semantic type. - + Part Namespace @@ -4276,11 +4191,11 @@ Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - + Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. @@ -4308,37 +4223,35 @@ Part Title: A name given to the part, which may be used by a tool for display and navigation. - + - + - + Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Part Name @@ -4348,7 +4261,7 @@ Part Name: A textual label that uniquely identifies the part's semantic type. - + Part Namespace @@ -4358,11 +4271,11 @@ Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - + Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. @@ -4380,11 +4293,11 @@ @@ -4392,13 +4305,13 @@ Parameter Label - A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. + A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. Parameter Label: A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. - + @@ -4413,25 +4326,25 @@ Parameter Usage Description: Describes the purpose and use of a parameter - + @@ -4445,23 +4358,21 @@ Remarks: Additional commentary on the containing object. - + - + Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Parameter Class @@ -4471,7 +4382,7 @@ Parameter Class: A textual label that provides a characterization of the parameter. - + Depends on @@ -4503,7 +4414,7 @@ Constraint Description: A textual summary of the constraint to be applied. - + @@ -4528,7 +4439,7 @@ Constraint test: A formal (executable) expression of a constraint - + @@ -4541,9 +4452,7 @@ Remarks: Additional commentary on the containing object. - + @@ -4561,9 +4470,7 @@ Guideline: A prose statement that provides a recommendation for the use of a parameter. - + @@ -4575,7 +4482,7 @@ Parameter Value: A parameter value or set of values. - + @@ -4598,12 +4505,12 @@ Choice: A value selection among several such options - + - + Parameter Cardinality @@ -4645,7 +4552,7 @@ Component Title: A human readable name for the system component. - + @@ -4660,7 +4567,7 @@ Component Description: A description of the component, including information about its function. - + @@ -4675,16 +4582,16 @@ Purpose: A summary of the technological or business purpose of the component. - + @@ -4708,13 +4615,11 @@ Remarks: Additional commentary on the containing object. - + - + State @@ -4727,11 +4632,11 @@ @@ -4744,23 +4649,21 @@ Remarks: Additional commentary on the containing object. - + - + Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Component Type @@ -4792,30 +4695,30 @@ Protocol Title: A human readable name for the protocol (e.g., Transport Layer Security). - + - + Service Protocol Information Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Service Protocol Information Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Protocol Name - The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. + The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. Protocol Name: The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. @@ -4831,7 +4734,7 @@ Port Range: Where applicable this is the IPv4 port range on which the service operates. - + Start @@ -4841,7 +4744,7 @@ Start: Indicates the starting port number in a port range - + End @@ -4851,7 +4754,7 @@ End: Indicates the ending port number in a port range - + Transport @@ -4882,13 +4785,11 @@ Remarks: Additional commentary on the containing object. - + - + Implementation State @@ -4920,7 +4821,7 @@ User Title: A name given to the user, which may be used by a tool for display and navigation. - + @@ -4934,7 +4835,7 @@ User Short Name: A short common name, abbreviation, or acronym for the user. - + @@ -4948,24 +4849,24 @@ User Description: A summary of the user's purpose within the system. - + @@ -4978,17 +4879,15 @@ Remarks: Additional commentary on the containing object. - + - + User Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. User Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -5016,7 +4915,7 @@ Privilege Title: A human readable name for the privilege. - + @@ -5031,12 +4930,12 @@ Privilege Description: A summary of the privilege's purpose within the system. - + @@ -5050,7 +4949,7 @@ Functions Performed: Describes a function performed for a given authorized privilege by this user class. - + @@ -5073,20 +4972,20 @@ Inventory Item Description: A summary of the inventory item stating its purpose within the system. - + @@ -5101,15 +5000,15 @@ @@ -5122,17 +5021,15 @@ Remarks: Additional commentary on the containing object. - + - + Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -5150,17 +5047,15 @@ Remarks: Additional commentary on the containing object. - + - + Inventory Item Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inventory Item Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -5187,7 +5082,7 @@ Parameter Value: A parameter value or set of values. - + @@ -5200,17 +5095,15 @@ Remarks: Additional commentary on the containing object. - + - + Parameter ID - A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. + A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. Parameter ID: A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. @@ -5221,14 +5114,14 @@ System Identification - A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. + A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. System Identification: A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. - - + + Identification System Type @@ -5241,55 +5134,33 @@ - - - - - + + + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + - - - - - - - - - The content model is the same as blockElementType, but line endings need - to be preserved, since this is preformatted. - - - - - + - The content model is the same as blockElementType, but line endings need + The content model is the same as inlineMarkupType, but line endings need to be preserved, since this is preformatted. @@ -5298,34 +5169,39 @@ + - - - + + + - + - - - - + + + + + - + - - + + + + + @@ -5334,49 +5210,49 @@ - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + - + + + + + + + + + + + + + + + + + + + + + + + - + + + - - An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. + An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. @@ -5385,136 +5261,48 @@ - The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. + The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. - - - - - A string, but not empty and not whitespace-only (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) - - - - - - The xs:dateTime with a required timezone. - - - - - - An email address - - - - - - A URI - - - - - - A URI reference, such as a relative URL - - - - - - A Type 4 ('random' or 'pseudorandom' UUID per RFC 4122 - - - - - - A string token following the rules of XML "no colon" names, with no whitespace. (XML names are single alphabetic characters - followed by alphanumeric characters, periods, underscores or dashes.) - - - - - - A trimmed string, at least one character with no - leading or trailing whitespace. - - - - - - - - - - - - The xs:date with a required timezone. - - - + - + The xs:dateTime with a required timezone. - - + + An email address - - + + Need a better pattern. - - - A host name - - - - - - The ip-v4-address type specifies an IPv4 address in - dot decimal notation. - - - - - - - - The ip-v6-address type specifies an IPv6 address - represented in 8 hextets separated by colons. - This is based on the pattern provided here: - https://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses - with some customizations. - - - - + + + + + A trimmed string, at least one character with no + leading or trailing whitespace. + + @@ -5522,7 +5310,7 @@ A trimmed string, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. @@ -5530,18 +5318,38 @@ A string, but not empty and not whitespace-only - (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) + (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) The OSCAL 'string' datatype restricts the XSD type by prohibiting leading - and trailing whitespace, and something (not only whitespace) is required. + and trailing whitespace, and something (not only whitespace) is required. A trimmed string, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. + + + + + + + + A string token following the rules of XML "no + colon" names, with no whitespace. (XML names are single alphabetic + characters followed by alphanumeric characters, periods, underscores or dashes.) + + + + + + + + A single token may not contain whitespace. + @@ -5561,13 +5369,13 @@ A URI reference, such as a relative URL - + A trimmed URI, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. @@ -5575,14 +5383,14 @@ A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC - 4122. + 4122. - + A sequence of 8-4-4-4-12 hex digits, with extra - constraints in the 13th and 17-18th places for version 4 and 5 - + constraints in the 13th and 17-18th places for version 4 and 5 + diff --git a/xml/schema/oscal_catalog_schema.xsd b/xml/schema/oscal_catalog_schema.xsd index 538504cc75..3b5fb5a484 100644 --- a/xml/schema/oscal_catalog_schema.xsd +++ b/xml/schema/oscal_catalog_schema.xsd @@ -1,8 +1,8 @@ - @@ -17,7 +17,7 @@ catalog - + @@ -29,27 +29,27 @@ - + Catalog Universally Unique Identifier @@ -81,48 +81,48 @@ Group Title: A name given to the group, which may be used by a tool for display and navigation. - + - + Group Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. Group Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. - + Group Class @@ -154,42 +154,42 @@ Control Title: A name given to the control, which may be used by a tool for display and navigation. - + - + Control Identifier - A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document. + A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document. Control Identifier: A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document. - + Control Class @@ -221,37 +221,35 @@ Part Title: A name given to the part, which may be used by a tool for display and navigation. - + - + - + Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Part Name @@ -261,7 +259,7 @@ Part Name: A textual label that uniquely identifies the part's semantic type. - + Part Namespace @@ -271,11 +269,11 @@ Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - + Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. @@ -293,11 +291,11 @@ @@ -305,13 +303,13 @@ Parameter Label - A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. + A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. Parameter Label: A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. - + @@ -326,25 +324,25 @@ Parameter Usage Description: Describes the purpose and use of a parameter - + @@ -358,23 +356,21 @@ Remarks: Additional commentary on the containing object. - + - + Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Parameter Class @@ -384,7 +380,7 @@ Parameter Class: A textual label that provides a characterization of the parameter. - + Depends on @@ -416,7 +412,7 @@ Constraint Description: A textual summary of the constraint to be applied. - + @@ -441,7 +437,7 @@ Constraint test: A formal (executable) expression of a constraint - + @@ -454,9 +450,7 @@ Remarks: Additional commentary on the containing object. - + @@ -474,9 +468,7 @@ Guideline: A prose statement that provides a recommendation for the use of a parameter. - + @@ -488,7 +480,7 @@ Parameter Value: A parameter value or set of values. - + @@ -511,12 +503,12 @@ Choice: A value selection among several such options - + - + Parameter Cardinality @@ -558,62 +550,62 @@ Document Title: A name given to the document, which may be used by a tool for display and navigation. - + @@ -626,9 +618,7 @@ Remarks: Additional commentary on the containing object. - + @@ -654,32 +644,32 @@ Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - + @@ -692,9 +682,7 @@ Remarks: Additional commentary on the containing object. - + @@ -720,20 +708,20 @@ Location Title: A name given to the location, which may be used by a tool for display and navigation. - + @@ -746,15 +734,15 @@ Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - + @@ -767,17 +755,15 @@ Remarks: Additional commentary on the containing object. - + - + Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -788,12 +774,12 @@ Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -815,7 +801,7 @@ Party Name: The full name of the party. This is typically the legal name associated with the party. - + @@ -828,7 +814,7 @@ Party Short Name: A short common name, abbreviation, or acronym for the party. - + @@ -842,8 +828,8 @@ Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) - - + + External Identifier Schema @@ -858,28 +844,28 @@ @@ -888,12 +874,12 @@ Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -906,23 +892,21 @@ Remarks: Additional commentary on the containing object. - + - + Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Party Type @@ -937,12 +921,12 @@ Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -965,7 +949,7 @@ Role Title: A name given to the role, which may be used by a tool for display and navigation. - + @@ -979,7 +963,7 @@ Role Short Name: A short common name, abbreviation, or acronym for the role. - + @@ -993,16 +977,16 @@ Role Description: A summary of the role's purpose and associated responsibilities. - + @@ -1015,23 +999,32 @@ Remarks: Additional commentary on the containing object. - + - + Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + + + + Role Identifier Reference + A human-oriented identifier reference to roles served by the user. + + + Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + + + @@ -1064,7 +1057,7 @@ Resource Title: A name given to the resource, which may be used by a tool for display and navigation. - + @@ -1079,16 +1072,16 @@ Resource Description: A short summary of the resource used to indicate the purpose of the resource. - + @@ -1113,16 +1106,16 @@ Citation Text: A line of citation text. - + @@ -1140,11 +1133,11 @@ - + Hypertext Reference @@ -1154,11 +1147,11 @@ Hypertext Reference: A resolvable URI reference to a resource. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1177,22 +1170,22 @@ Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. - - + + File Name - Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. + Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. File Name: Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1212,17 +1205,15 @@ Remarks: Additional commentary on the containing object. - + - + Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1252,13 +1243,11 @@ Remarks: Additional commentary on the containing object. - + - + Property Name @@ -1268,17 +1257,17 @@ Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - + Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Property Namespace @@ -1288,7 +1277,7 @@ Property Namespace: A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name. - + Property Value @@ -1298,11 +1287,11 @@ Property Value: Indicates the value of the attribute, characteristic, or quality. - + Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. @@ -1330,12 +1319,12 @@ Link Text: A textual label to associate with the link, which may be used for presentation in a tool. - + - + Hypertext Reference @@ -1345,7 +1334,7 @@ Hypertext Reference: A resolvable URL reference to a resource. - + Relation @@ -1355,11 +1344,11 @@ Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1377,15 +1366,15 @@ @@ -1398,17 +1387,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role - A human-oriented identifier reference to roles served by the user. + A human-oriented identifier reference to roles served by the user. Responsible Role: A human-oriented identifier reference to roles served by the user. @@ -1426,15 +1413,15 @@ @@ -1447,17 +1434,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to roles responsible for the business function. Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. @@ -1474,8 +1459,8 @@ Hash: A representation of a cryptographic digest generated over a resource using a specified hash algorithm. - - + + Hash algorithm @@ -1498,30 +1483,30 @@ Remarks: Additional commentary on the containing object. - + Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + @@ -1532,7 +1517,7 @@ Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. - + @@ -1543,18 +1528,18 @@ OSCAL version: The OSCAL model version the document was authored against. - + Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. Email Address: An email address as defined by RFC 5322 Section 3.4.1. - + @@ -1566,8 +1551,8 @@ Telephone Number: Contact number by telephone. - - + + type flag @@ -1591,7 +1576,7 @@ @@ -1604,7 +1589,7 @@ City: City, town or geographical region for the mailing address. - + @@ -1617,7 +1602,7 @@ State: State, province or analogous geographical region for mailing address - + @@ -1630,7 +1615,7 @@ Postal Code: Postal or ZIP code for mailing address - + @@ -1643,11 +1628,11 @@ Country Code: The ISO 3166-1 alpha-2 country code for the mailing address. - + - + Address Type @@ -1667,20 +1652,20 @@ Address line: A single line of an address. - + Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. - - + + Document Identification Scheme @@ -1693,55 +1678,33 @@ - - - - - + + + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + - - - - - - - - - The content model is the same as blockElementType, but line endings need - to be preserved, since this is preformatted. - - - - - + - The content model is the same as blockElementType, but line endings need + The content model is the same as inlineMarkupType, but line endings need to be preserved, since this is preformatted. @@ -1750,34 +1713,39 @@ + - - - + + + - + - - - - + + + + + - + - - + + + + + @@ -1786,49 +1754,49 @@ - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + - + + + + + + + + + + + + + + + + + + + + + + + - + + + - - An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. + An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. @@ -1837,163 +1805,75 @@ - The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. + The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. - - - - - A string, but not empty and not whitespace-only (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) - - - - - - The xs:dateTime with a required timezone. - - - - - - An email address - - - - - - A URI - - - - - - A URI reference, such as a relative URL - - - - - - A Type 4 ('random' or 'pseudorandom' UUID per RFC 4122 - - - - - - A string token following the rules of XML "no colon" names, with no whitespace. (XML names are single alphabetic characters - followed by alphanumeric characters, periods, underscores or dashes.) - - - - - - A trimmed string, at least one character with no - leading or trailing whitespace. - - - - - - - - - - - - The xs:date with a required timezone. - - - + - + The xs:dateTime with a required timezone. - - + + An email address - - + + Need a better pattern. - - - A host name - - - - - - The ip-v4-address type specifies an IPv4 address in - dot decimal notation. - - - - - - + - The ip-v6-address type specifies an IPv6 address - represented in 8 hextets separated by colons. - This is based on the pattern provided here: - https://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses - with some customizations. + A string, but not empty and not whitespace-only + (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) - - - - - - + + The OSCAL 'string' datatype restricts the XSD type by prohibiting leading + and trailing whitespace, and something (not only whitespace) is required. + + A trimmed string, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. - + - A string, but not empty and not whitespace-only - (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) + + A string token following the rules of XML "no + colon" names, with no whitespace. (XML names are single alphabetic + characters followed by alphanumeric characters, periods, underscores or dashes.) + - - - The OSCAL 'string' datatype restricts the XSD type by prohibiting leading - and trailing whitespace, and something (not only whitespace) is required. - - - + + + - A trimmed string, at least one character with no - leading or trailing whitespace. + + A single token may not contain whitespace. + @@ -2013,13 +1893,13 @@ A URI reference, such as a relative URL - + A trimmed URI, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. @@ -2027,14 +1907,14 @@ A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC - 4122. + 4122. - + A sequence of 8-4-4-4-12 hex digits, with extra - constraints in the 13th and 17-18th places for version 4 and 5 - + constraints in the 13th and 17-18th places for version 4 and 5 + diff --git a/xml/schema/oscal_complete_schema.xsd b/xml/schema/oscal_complete_schema.xsd index 0ed7f73115..a80f2a6ce6 100644 --- a/xml/schema/oscal_complete_schema.xsd +++ b/xml/schema/oscal_complete_schema.xsd @@ -1,8 +1,8 @@ - @@ -23,7 +23,7 @@ plan-of-action-and-milestones - + @@ -35,27 +35,27 @@ - + Catalog Universally Unique Identifier @@ -87,48 +87,48 @@ Group Title: A name given to the group, which may be used by a tool for display and navigation. - + - + Group Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. Group Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. - + Group Class @@ -160,42 +160,42 @@ Control Title: A name given to the control, which may be used by a tool for display and navigation. - + - + Control Identifier - A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document. + A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document. Control Identifier: A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document. - + Control Class @@ -227,37 +227,35 @@ Part Title: A name given to the part, which may be used by a tool for display and navigation. - + - + - + Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Part Name @@ -267,7 +265,7 @@ Part Name: A textual label that uniquely identifies the part's semantic type. - + Part Namespace @@ -277,11 +275,11 @@ Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - + Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. @@ -299,11 +297,11 @@ @@ -311,13 +309,13 @@ Parameter Label - A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. + A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. Parameter Label: A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. - + @@ -332,25 +330,25 @@ Parameter Usage Description: Describes the purpose and use of a parameter - + @@ -364,23 +362,21 @@ Remarks: Additional commentary on the containing object. - + - + Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Parameter Class @@ -390,7 +386,7 @@ Parameter Class: A textual label that provides a characterization of the parameter. - + Depends on @@ -422,7 +418,7 @@ Constraint Description: A textual summary of the constraint to be applied. - + @@ -447,7 +443,7 @@ Constraint test: A formal (executable) expression of a constraint - + @@ -460,9 +456,7 @@ Remarks: Additional commentary on the containing object. - + @@ -480,9 +474,7 @@ Guideline: A prose statement that provides a recommendation for the use of a parameter. - + @@ -494,7 +486,7 @@ Parameter Value: A parameter value or set of values. - + @@ -517,12 +509,12 @@ Choice: A value selection among several such options - + - + Parameter Cardinality @@ -564,62 +556,62 @@ Document Title: A name given to the document, which may be used by a tool for display and navigation. - + @@ -632,9 +624,7 @@ Remarks: Additional commentary on the containing object. - + @@ -660,32 +650,32 @@ Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - + @@ -698,9 +688,7 @@ Remarks: Additional commentary on the containing object. - + @@ -726,20 +714,20 @@ Location Title: A name given to the location, which may be used by a tool for display and navigation. - + @@ -752,15 +740,15 @@ Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - + @@ -773,17 +761,15 @@ Remarks: Additional commentary on the containing object. - + - + Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -794,12 +780,12 @@ Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -821,7 +807,7 @@ Party Name: The full name of the party. This is typically the legal name associated with the party. - + @@ -834,7 +820,7 @@ Party Short Name: A short common name, abbreviation, or acronym for the party. - + @@ -848,8 +834,8 @@ Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) - - + + External Identifier Schema @@ -864,28 +850,28 @@ @@ -894,12 +880,12 @@ Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -912,23 +898,21 @@ Remarks: Additional commentary on the containing object. - + - + Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Party Type @@ -943,12 +927,12 @@ Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -971,7 +955,7 @@ Role Title: A name given to the role, which may be used by a tool for display and navigation. - + @@ -985,7 +969,7 @@ Role Short Name: A short common name, abbreviation, or acronym for the role. - + @@ -999,16 +983,16 @@ Role Description: A summary of the role's purpose and associated responsibilities. - + @@ -1021,17 +1005,15 @@ Remarks: Additional commentary on the containing object. - + - + Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1042,12 +1024,12 @@ Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + A human-oriented identifier reference to roles served by the user. Role Identifier Reference: A human-oriented identifier reference to roles served by the user. - + @@ -1081,7 +1063,7 @@ Resource Title: A name given to the resource, which may be used by a tool for display and navigation. - + @@ -1096,16 +1078,16 @@ Resource Description: A short summary of the resource used to indicate the purpose of the resource. - + @@ -1130,16 +1112,16 @@ Citation Text: A line of citation text. - + @@ -1157,11 +1139,11 @@ - + Hypertext Reference @@ -1171,11 +1153,11 @@ Hypertext Reference: A resolvable URI reference to a resource. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1194,22 +1176,22 @@ Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. - - + + File Name - Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. + Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. File Name: Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1229,17 +1211,15 @@ Remarks: Additional commentary on the containing object. - + - + Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1269,13 +1249,11 @@ Remarks: Additional commentary on the containing object. - + - + Property Name @@ -1285,17 +1263,17 @@ Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - + Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Property Namespace @@ -1305,7 +1283,7 @@ Property Namespace: A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name. - + Property Value @@ -1315,11 +1293,11 @@ Property Value: Indicates the value of the attribute, characteristic, or quality. - + Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. @@ -1347,12 +1325,12 @@ Link Text: A textual label to associate with the link, which may be used for presentation in a tool. - + - + Hypertext Reference @@ -1362,7 +1340,7 @@ Hypertext Reference: A resolvable URL reference to a resource. - + Relation @@ -1372,11 +1350,11 @@ Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1394,15 +1372,15 @@ @@ -1415,17 +1393,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role - A human-oriented identifier reference to roles served by the user. + A human-oriented identifier reference to roles served by the user. Responsible Role: A human-oriented identifier reference to roles served by the user. @@ -1443,15 +1419,15 @@ @@ -1464,17 +1440,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to roles responsible for the business function. Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. @@ -1491,8 +1465,8 @@ Hash: A representation of a cryptographic digest generated over a resource using a specified hash algorithm. - - + + Hash algorithm @@ -1515,30 +1489,30 @@ Remarks: Additional commentary on the containing object. - + Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + @@ -1549,7 +1523,7 @@ Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. - + @@ -1560,18 +1534,18 @@ OSCAL version: The OSCAL model version the document was authored against. - + Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. Email Address: An email address as defined by RFC 5322 Section 3.4.1. - + @@ -1583,8 +1557,8 @@ Telephone Number: Contact number by telephone. - - + + type flag @@ -1608,7 +1582,7 @@ @@ -1621,7 +1595,7 @@ City: City, town or geographical region for the mailing address. - + @@ -1634,7 +1608,7 @@ State: State, province or analogous geographical region for mailing address - + @@ -1647,7 +1621,7 @@ Postal Code: Postal or ZIP code for mailing address - + @@ -1660,11 +1634,11 @@ Country Code: The ISO 3166-1 alpha-2 country code for the mailing address. - + - + Address Type @@ -1684,20 +1658,20 @@ Address line: A single line of an address. - + Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. - - + + Document Identification Scheme @@ -1710,7 +1684,7 @@ - + @@ -1722,31 +1696,31 @@ - + Profile Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document. Profile Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document. @@ -1757,7 +1731,7 @@ Import resource - The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives. + The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives. Import resource: The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives. @@ -1765,20 +1739,20 @@ - + Catalog or Profile Reference @@ -1809,7 +1783,7 @@ Combination rule: A Combine element defines how to combine multiple (competing) versions of the same control. - + Combination method @@ -1844,7 +1818,7 @@ As-Is Structuring Directive: An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes. - + @@ -1859,11 +1833,11 @@ @@ -1893,48 +1867,48 @@ Group Title: A name given to the group, which may be used by a tool for display and navigation. - + - + Group Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. Group Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. - + Group Class @@ -1967,11 +1941,11 @@ @@ -1979,13 +1953,13 @@ Parameter Label - A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. + A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. Parameter Label: A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. - + @@ -2000,40 +1974,40 @@ Parameter Usage Description: Describes the purpose and use of a parameter - + - + Parameter ID - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Parameter ID: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Parameter Class @@ -2043,7 +2017,7 @@ Parameter Class: A textual label that provides a characterization of the parameter. - + Depends on @@ -2056,7 +2030,7 @@ @@ -2073,20 +2047,20 @@ - + Order @@ -2117,7 +2091,7 @@ Match Controls by Identifier: - + @@ -2130,11 +2104,11 @@ Match Controls by Pattern: Select controls by (regular expression) match on ID - + Pattern - A glob expression matching the IDs of one or more controls to be selected. + A glob expression matching the IDs of one or more controls to be selected. Pattern: A glob expression matching the IDs of one or more controls to be selected. @@ -2143,7 +2117,7 @@ - + Include contained controls with control @@ -2165,19 +2139,19 @@ - + Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -2193,7 +2167,7 @@ Removal: Specifies objects to be removed from a control based on specific aspects of the object that must all match. - + Reference by (assigned) name @@ -2203,42 +2177,42 @@ Reference by (assigned) name: Identify items to remove by matching their assigned name - + Reference by class - Identify items to remove by matching their class. + Identify items to remove by matching their class. Reference by class: Identify items to remove by matching their class. - + Reference by ID - Identify items to remove indicated by their id. + Identify items to remove indicated by their id. Reference by ID: Identify items to remove indicated by their id. - + Item Name Reference - Identify items to remove by the name of the item's information element name, e.g. title or prop + Identify items to remove by the name of the item's information element name, e.g. title or prop Item Name Reference: Identify items to remove by the name of the item's information element name, e.g. title or prop - + Item Namespace Reference - Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. + Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. Item Namespace Reference: Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. @@ -2266,28 +2240,28 @@ Title Change: A name given to the control, which may be used by a tool for display and navigation. - + - + Position @@ -2297,7 +2271,7 @@ Position: Where to add the new content with respect to the targeted element (beside it or inside it) - + Reference by ID @@ -2309,7 +2283,7 @@ + type="oscal-component-definition-component-definition-ASSEMBLY"/> @@ -2321,31 +2295,31 @@ - + Component Definition Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Definition Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2361,7 +2335,7 @@ Import Component Definition: Loads a component definition from another resource. - + Hyperlink Reference @@ -2393,7 +2367,7 @@ Component Title: A human readable name for the component. - + @@ -2408,7 +2382,7 @@ Component Description: A description of the component, including information about its function. - + @@ -2423,28 +2397,28 @@ Purpose: A summary of the technological or business purpose of the component. - + @@ -2457,23 +2431,21 @@ Remarks: Additional commentary on the containing object. - + - + Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Component Type @@ -2505,24 +2477,24 @@ Capability Description: A summary of the capability. - + @@ -2535,23 +2507,21 @@ Remarks: Additional commentary on the containing object. - + - + Capability Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Capability Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Capability Name @@ -2583,16 +2553,16 @@ Component Description: A description of the component, including information about its function. - + - + Component Reference - A machine-oriented identifier reference to a component. + A machine-oriented identifier reference to a component. Component Reference: A machine-oriented identifier reference to a component. @@ -2620,38 +2590,38 @@ Control Implementation Description: A description of how the specified set of controls are implemented for the containing component or capability. - + - + Control Implementation Set Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Control Implementation Set Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Source Resource Reference @@ -2683,28 +2653,28 @@ Control Implementation Description: A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. - + @@ -2717,27 +2687,25 @@ Remarks: Additional commentary on the containing object. - + - + Control Implementation Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Control Implementation Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -2765,20 +2733,20 @@ Statement Implementation Description: A summary of how the containing control statement is implemented by the component or capability. - + @@ -2791,27 +2759,25 @@ Remarks: Additional commentary on the containing object. - + - + Control Statement Reference - A human-oriented identifier reference to a control statement. + A human-oriented identifier reference to a control statement. Control Statement Reference: A human-oriented identifier reference to a control statement. - + Control Statement Reference Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Control Statement Reference Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). @@ -2839,7 +2805,7 @@ Component Title: A human readable name for the system component. - + @@ -2854,7 +2820,7 @@ Component Description: A description of the component, including information about its function. - + @@ -2869,16 +2835,16 @@ Purpose: A summary of the technological or business purpose of the component. - + @@ -2902,13 +2868,11 @@ Remarks: Additional commentary on the containing object. - + - + State @@ -2921,11 +2885,11 @@ @@ -2938,23 +2902,21 @@ Remarks: Additional commentary on the containing object. - + - + Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Component Type @@ -2986,30 +2948,30 @@ Protocol Title: A human readable name for the protocol (e.g., Transport Layer Security). - + - + Service Protocol Information Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Service Protocol Information Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Protocol Name - The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. + The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. Protocol Name: The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. @@ -3025,7 +2987,7 @@ Port Range: Where applicable this is the IPv4 port range on which the service operates. - + Start @@ -3035,7 +2997,7 @@ Start: Indicates the starting port number in a port range - + End @@ -3045,7 +3007,7 @@ End: Indicates the ending port number in a port range - + Transport @@ -3076,13 +3038,11 @@ Remarks: Additional commentary on the containing object. - + - + Implementation State @@ -3114,7 +3074,7 @@ User Title: A name given to the user, which may be used by a tool for display and navigation. - + @@ -3128,7 +3088,7 @@ User Short Name: A short common name, abbreviation, or acronym for the user. - + @@ -3142,24 +3102,24 @@ User Description: A summary of the user's purpose within the system. - + @@ -3172,17 +3132,15 @@ Remarks: Additional commentary on the containing object. - + - + User Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. User Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3210,7 +3168,7 @@ Privilege Title: A human readable name for the privilege. - + @@ -3225,12 +3183,12 @@ Privilege Description: A summary of the privilege's purpose within the system. - + @@ -3244,7 +3202,7 @@ Functions Performed: Describes a function performed for a given authorized privilege by this user class. - + @@ -3267,20 +3225,20 @@ Inventory Item Description: A summary of the inventory item stating its purpose within the system. - + @@ -3295,15 +3253,15 @@ @@ -3316,17 +3274,15 @@ Remarks: Additional commentary on the containing object. - + - + Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -3344,17 +3300,15 @@ Remarks: Additional commentary on the containing object. - + - + Inventory Item Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inventory Item Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3381,7 +3335,7 @@ Parameter Value: A parameter value or set of values. - + @@ -3394,17 +3348,15 @@ Remarks: Additional commentary on the containing object. - + - + Parameter ID - A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. + A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. Parameter ID: A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. @@ -3415,14 +3367,14 @@ System Identification - A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. + A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. System Identification: A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. - - + + Identification System Type @@ -3436,7 +3388,7 @@ + type="oscal-ssp-system-security-plan-ASSEMBLY"/> @@ -3448,35 +3400,35 @@ - + System Security Plan Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. System Security Plan Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3503,13 +3455,11 @@ Remarks: Additional commentary on the containing object. - + - + Profile Reference @@ -3531,7 +3481,7 @@ @@ -3544,7 +3494,7 @@ System Name - Full: The full name of the system. - + @@ -3557,7 +3507,7 @@ System Name - Short: A short name for the system, such as an acronym, that is suitable for display in a data table or summary list. - + @@ -3571,20 +3521,20 @@ System Description: A summary of the system. - + @@ -3592,40 +3542,40 @@ Security Sensitivity Level - The overall information system sensitivity categorization, such as defined by FIPS-199. + The overall information system sensitivity categorization, such as defined by FIPS-199. Security Sensitivity Level: The overall information system sensitivity categorization, such as defined by FIPS-199. - + @@ -3638,9 +3588,7 @@ Remarks: Additional commentary on the containing object. - + @@ -3649,18 +3597,18 @@ System Information - Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. + Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. System Information: Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. @@ -3668,7 +3616,7 @@ Information Type - Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. + Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. Information Type: Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. @@ -3685,7 +3633,7 @@ title field: A human readable name for the information type. This title should be meaningful within the context of the system. - + @@ -3700,7 +3648,7 @@ Information Type Description: A summary of how this information type is used within the system. - + @@ -3709,7 +3657,7 @@ Information Type Categorization - A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60. + A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60. Information Type Categorization: A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60. @@ -3720,16 +3668,16 @@ Information Type Systematized Identifier - A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Information Type Systematized Identifier: A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + - + Information Type Identification System @@ -3742,11 +3690,11 @@ @@ -3761,19 +3709,19 @@ @@ -3786,9 +3734,7 @@ Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. - + @@ -3806,19 +3752,19 @@ @@ -3831,9 +3777,7 @@ Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. - + @@ -3851,19 +3795,19 @@ @@ -3876,20 +3820,18 @@ Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. - + - + Information Type Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Information Type Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3908,7 +3850,7 @@ Base Level (Confidentiality, Integrity, or Availability): The prescribed base (Confidentiality, Integrity, or Availability) security impact level. - + @@ -3919,7 +3861,7 @@ Selected Level (Confidentiality, Integrity, or Availability): The selected (Confidentiality, Integrity, or Availability) security impact level. - + @@ -3931,7 +3873,7 @@ Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. - + @@ -3956,7 +3898,7 @@ Security Objective: Confidentiality: A target-level of confidentiality for the system, based on the sensitivity of information within the system. - + @@ -3969,7 +3911,7 @@ Security Objective: Integrity: A target-level of integrity for the system, based on the sensitivity of information within the system. - + @@ -3982,7 +3924,7 @@ Security Objective: Availability: A target-level of availability for the system, based on the sensitivity of information within the system. - + @@ -4007,13 +3949,11 @@ Remarks: Additional commentary on the containing object. - + - + State @@ -4033,7 +3973,7 @@ System Authorization Date: The date the system received its authorization. - + @@ -4056,20 +3996,20 @@ Authorization Boundary Description: A summary of the system's authorization boundary. - + @@ -4082,9 +4022,7 @@ Remarks: Additional commentary on the containing object. - + @@ -4110,16 +4048,16 @@ Diagram Description: A summary of the diagram. - + @@ -4133,7 +4071,7 @@ Caption: A brief caption to annotate the diagram. - + @@ -4147,17 +4085,15 @@ Remarks: Additional commentary on the containing object. - + - + Diagram ID - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Diagram ID: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4185,20 +4121,20 @@ Network Architecture Description: A summary of the system's network architecture. - + @@ -4211,9 +4147,7 @@ Remarks: Additional commentary on the containing object. - + @@ -4239,20 +4173,20 @@ Data Flow Description: A summary of the system's data flow. - + @@ -4265,9 +4199,7 @@ Remarks: Additional commentary on the containing object. - + @@ -4283,11 +4215,11 @@ @@ -4295,7 +4227,7 @@ Leveraged Authorization - A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider. + A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider. Leveraged Authorization: A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider. @@ -4312,16 +4244,16 @@ title field: A human readable name for the leveraged authorization in the context of the system. - + @@ -4329,16 +4261,16 @@ party-uuid field - A machine-oriented identifier reference to the party that manages the leveraged system. + A machine-oriented identifier reference to the party that manages the leveraged system. party-uuid field: A machine-oriented identifier reference to the party that manages the leveraged system. - + @@ -4351,17 +4283,15 @@ Remarks: Additional commentary on the containing object. - + - + Leveraged Authorization Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Leveraged Authorization Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4370,15 +4300,15 @@ @@ -4391,9 +4321,7 @@ Remarks: Additional commentary on the containing object. - + @@ -4419,16 +4347,16 @@ Control Implementation Description: A statement describing important things to know about how this set of control satisfaction documentation is approached. - + @@ -4444,27 +4372,27 @@ @@ -4477,27 +4405,25 @@ Remarks: Additional commentary on the containing object. - + - + Control Requirement Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Control Requirement Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -4515,19 +4441,19 @@ @@ -4540,27 +4466,25 @@ Remarks: Additional commentary on the containing object. - + - + Control Statement Reference - A human-oriented identifier reference to a control statement. + A human-oriented identifier reference to a control statement. Control Statement Reference: A human-oriented identifier reference to a control statement. - + Control Statement Reference Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Control Statement Reference Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). @@ -4588,24 +4512,24 @@ Control Implementation Description: An implementation statement that describes how a control or a control statement is implemented within the referenced system component. - + @@ -4630,16 +4554,16 @@ Control Implementation Export Description: An implementation statement that describes the aspects of the control or control statement implementation that can be available to another system leveraging this system. - + @@ -4664,20 +4588,20 @@ Provided Control Implementation Description: An implementation statement that describes the aspects of the control or control statement implementation that can be provided to another system leveraging this system. - + @@ -4690,17 +4614,15 @@ Remarks: Additional commentary on the containing object. - + - + Provided Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Provided Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4730,20 +4652,20 @@ Control Implementation Responsibility Description: An implementation statement that describes the aspects of the control or control statement implementation that a leveraging system must implement to satisfy the control provided by a leveraged system. - + @@ -4756,27 +4678,25 @@ Remarks: Additional commentary on the containing object. - + - + Responsibility Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Responsibility Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Provided UUID - A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. + A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. Provided UUID: A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. @@ -4794,9 +4714,7 @@ Remarks: Additional commentary on the containing object. - + @@ -4824,38 +4742,38 @@ Inherited Control Implementation Description: An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is inheriting from a leveraged system. - + - + Inherited Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inherited Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Provided UUID - A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. + A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. Provided UUID: A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. @@ -4885,20 +4803,20 @@ Satisfied Control Implementation Responsibility Description: An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is implementing based on a requirement from a leveraged system. - + @@ -4911,27 +4829,25 @@ Remarks: Additional commentary on the containing object. - + - + Satisfied Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Satisfied Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Responsibility UUID - A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system. + A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system. Responsibility UUID: A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system. @@ -4940,7 +4856,7 @@ @@ -4953,35 +4869,32 @@ Remarks: Additional commentary on the containing object. - + - + Component Universally Unique Identifier Reference - A machine-oriented identifier reference to the component that is implemeting a given control. + A machine-oriented identifier reference to the component that is implemeting a given control. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to the component that is implemeting a given control. - + By-Component Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. By-Component Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + @@ -4993,11 +4906,11 @@ @@ -5012,23 +4925,23 @@ @@ -5041,9 +4954,7 @@ Remarks: Additional commentary on the containing object. - + @@ -5061,38 +4972,38 @@ - + Assessment Plan Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Plan Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment plan in this or other OSCAL instances. The locally defined UUID of the assessment plan can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -5119,13 +5030,11 @@ Remarks: Additional commentary on the containing object. - + - + System Security Plan Reference @@ -5157,20 +5066,20 @@ Objective Description: A human-readable description of this control objective. - + @@ -5183,17 +5092,15 @@ Remarks: Additional commentary on the containing object. - + - + Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -5221,20 +5128,20 @@ Assessment Method Description: A human-readable description of this assessment method. - + @@ -5247,17 +5154,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Method Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Method Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -5285,7 +5190,7 @@ Included Activity Title: The title for this included activity. - + @@ -5300,16 +5205,16 @@ Included Activity Description: A human-readable description of this included activity. - + @@ -5334,7 +5239,7 @@ Step Title: The title for this step. - + @@ -5349,24 +5254,24 @@ Step Description: A human-readable description of this step. - + @@ -5379,17 +5284,15 @@ Remarks: Additional commentary on the containing object. - + - + Step Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Step Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -5398,11 +5301,11 @@ @@ -5415,17 +5318,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Activity Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Activity Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -5453,7 +5354,7 @@ Task Title: The title for this task. - + @@ -5468,16 +5369,16 @@ Task Description: A human-readable description of this task. - + @@ -5502,9 +5403,7 @@ On Date Condition: The task is intended to occur on the specified date. - + On Date Condition @@ -5526,9 +5425,7 @@ On Date Range Condition: The task is intended to occur within the specified date range. - + Start Date Condition @@ -5538,9 +5435,7 @@ Start Date Condition: The task must occur on or after the specified date. - + End Date Condition @@ -5562,7 +5457,7 @@ Frequency Condition: The task is intended to occur at the specified frequency. - + Period @@ -5572,7 +5467,7 @@ Period: The task must occur after the specified period has elapsed. - + Time Unit @@ -5609,17 +5504,15 @@ Remarks: Additional commentary on the containing object. - + - + Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -5628,7 +5521,7 @@ @@ -5643,19 +5536,19 @@ @@ -5668,17 +5561,15 @@ Remarks: Additional commentary on the containing object. - + - + Activity Universally Unique Identifier Reference - A machine-oriented identifier reference to an activity defined in the list of activities. + A machine-oriented identifier reference to an activity defined in the list of activities. Activity Universally Unique Identifier Reference: A machine-oriented identifier reference to an activity defined in the list of activities. @@ -5687,11 +5578,11 @@ @@ -5704,23 +5595,21 @@ Remarks: Additional commentary on the containing object. - + - + Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Task Type @@ -5752,16 +5641,16 @@ Control Objective Description: A human-readable description of control objectives. - + @@ -5786,30 +5675,30 @@ Assessed Controls Description: A human-readable description of in-scope controls specified for assessment. - + @@ -5822,9 +5711,7 @@ Remarks: Additional commentary on the containing object. - + @@ -5854,30 +5741,30 @@ Control Objectives Description: A human-readable description of this collection of control objectives. - + @@ -5890,9 +5777,7 @@ Remarks: Additional commentary on the containing object. - + @@ -5908,9 +5793,7 @@ Remarks: Additional commentary on the containing object. - + @@ -5935,15 +5818,15 @@ Include Specific Statements: Used to constrain the selection to only specificity identified statements. - + - + Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -5959,7 +5842,7 @@ Select Objective: Used to select a control objective for inclusion/exclusion based on the control objective's identifier. - + Objective ID @@ -5991,7 +5874,7 @@ Assessment Subject Placeholder Description: A human-readable description of intent of this assessment subject placeholder. - + @@ -6005,11 +5888,11 @@ Assessment Subject Source: Assessment subjects will be identified while conducting the referenced activity-instance. - + Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -6018,11 +5901,11 @@ @@ -6035,17 +5918,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Subject Placeholder Universally Unique Identifier - A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Subject Placeholder Universally Unique Identifier: A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -6073,30 +5954,30 @@ Include Subjects Description: A human-readable description of the collection of subjects being included in this assessment. - + @@ -6109,13 +5990,11 @@ Remarks: Additional commentary on the containing object. - + - + Subject Type @@ -6137,11 +6016,11 @@ @@ -6154,27 +6033,25 @@ Remarks: Additional commentary on the containing object. - + - + Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. - + Subject Universally Unique Identifier Reference Type - Used to indicate the type of object pointed to by the uuid-ref within a subject. + Used to indicate the type of object pointed to by the uuid-ref within a subject. Subject Universally Unique Identifier Reference Type: Used to indicate the type of object pointed to by the uuid-ref within a subject. @@ -6185,7 +6062,7 @@ Identifies the Subject - A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. + A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. Identifies the Subject: A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. @@ -6202,16 +6079,16 @@ Subject Reference Title: The title or name for the referenced subject. - + @@ -6224,27 +6101,25 @@ Remarks: Additional commentary on the containing object. - + - + Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. - + Subject Universally Unique Identifier Reference Type - Used to indicate the type of object pointed to by the uuid-ref within a subject. + Used to indicate the type of object pointed to by the uuid-ref within a subject. Subject Universally Unique Identifier Reference Type: Used to indicate the type of object pointed to by the uuid-ref within a subject. @@ -6262,7 +6137,7 @@ @@ -6287,16 +6162,16 @@ Assessment Platform Title: The title or name for the assessment platform. - + @@ -6311,15 +6186,15 @@ @@ -6332,17 +6207,15 @@ Remarks: Additional commentary on the containing object. - + - + Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -6360,17 +6233,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Platform Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Platform Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -6401,7 +6272,7 @@ Objective Status Title: The title for this objective status. - + @@ -6416,16 +6287,16 @@ Objective Status Description: A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied. - + @@ -6449,13 +6320,11 @@ Remarks: Additional commentary on the containing object. - + - + Objective Status State @@ -6465,7 +6334,7 @@ Objective Status State: An indication as to whether the objective is satisfied or not. - + Objective Status Reason @@ -6478,7 +6347,7 @@ @@ -6491,13 +6360,11 @@ Remarks: Additional commentary on the containing object. - + - + Finding Target Type @@ -6507,11 +6374,11 @@ Finding Target Type: Identifies the type of the target. - + Finding Target Identifier Reference - A machine-oriented identifier reference for a specific target qualified by the type. + A machine-oriented identifier reference for a specific target qualified by the type. Finding Target Identifier Reference: A machine-oriented identifier reference for a specific target qualified by the type. @@ -6539,7 +6406,7 @@ Observation Title: The title for this observation. - + @@ -6554,16 +6421,16 @@ Observation Description: A human-readable description of this assessment observation. - + @@ -6576,7 +6443,7 @@ Observation Method: Identifies how the observation was made. - + @@ -6589,15 +6456,15 @@ Observation Type: Identifies the nature of the observation. More than one may be used to further qualify and enable filtering. - + @@ -6622,16 +6489,16 @@ Relevant Evidence Description: A human-readable description of this evidence. - + @@ -6644,13 +6511,11 @@ Remarks: Additional commentary on the containing object. - + - + Relevant Evidence Reference @@ -6672,7 +6537,7 @@ Collected Field: Date/time stamp identifying when the finding information was collected. - + @@ -6685,7 +6550,7 @@ Expires Field: Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios. - + @@ -6698,17 +6563,15 @@ Remarks: Additional commentary on the containing object. - + - + Observation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Observation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -6726,11 +6589,11 @@ @@ -6746,15 +6609,15 @@ - + Actor Type @@ -6764,17 +6627,17 @@ Actor Type: The kind of actor. - + Actor Universally Unique Identifier Reference - A machine-oriented identifier reference to the tool or person based on the associated type. + A machine-oriented identifier reference to the tool or person based on the associated type. Actor Universally Unique Identifier Reference: A machine-oriented identifier reference to the tool or person based on the associated type. - + Actor Role @@ -6796,19 +6659,19 @@ @@ -6823,17 +6686,15 @@ - + Assessment Subject Placeholder Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. + A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. Assessment Subject Placeholder Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. @@ -6851,17 +6712,15 @@ Remarks: Additional commentary on the containing object. - + - + Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -6878,8 +6737,8 @@ Threat ID: A pointer, by ID, to an externally-defined threat. - - + + Threat Type Identification System @@ -6889,7 +6748,7 @@ Threat Type Identification System: Specifies the source of the threat information. - + Threat Information Resource Reference @@ -6923,7 +6782,7 @@ Risk Title: The title for this risk. - + @@ -6938,7 +6797,7 @@ Risk Description: A human-readable summary of the identified risk, to include a statement of how the risk impacts the system. - + @@ -6953,32 +6812,32 @@ Risk Statement: An summary of impact for how the risk affects the system. - + @@ -7003,38 +6862,38 @@ Mitigating Factor Description: A human-readable description of this mitigating factor. - + - + Mitigating Factor Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Mitigating Factor Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Implementation UUID - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Implementation UUID: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -7052,11 +6911,11 @@ Risk Resolution Deadline: The date/time by which the risk must be resolved. - + @@ -7092,7 +6951,7 @@ Title: The title for this risk log entry. - + @@ -7107,7 +6966,7 @@ Risk Task Description: A human-readable description of what was done regarding the risk. - + @@ -7121,7 +6980,7 @@ Start: Identifies the start date and time of the event. - + @@ -7134,23 +6993,23 @@ End: Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time. - + @@ -7165,15 +7024,15 @@ @@ -7186,17 +7045,15 @@ Remarks: Additional commentary on the containing object. - + - + Response Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique risk response. + A machine-oriented identifier reference to a unique risk response. Response Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique risk response. @@ -7214,17 +7071,15 @@ Remarks: Additional commentary on the containing object. - + - + Risk Log Entry Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Log Entry Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -7245,11 +7100,11 @@ Related Observation: Relates the finding to a set of referenced observations that were used to determine the finding. - + Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. + A machine-oriented identifier reference to an observation defined in the list of observations. Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. @@ -7258,11 +7113,11 @@ - + Risk Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -7278,17 +7133,17 @@ Logged By: Used to indicate who created a log entry in what role. - + Party UUID Reference - A machine-oriented identifier reference to the party who is making the log entry. + A machine-oriented identifier reference to the party who is making the log entry. Party UUID Reference: A machine-oriented identifier reference to the party who is making the log entry. - + Actor Role @@ -7308,7 +7163,7 @@ Risk Status: Describes the status of the associated risk. - + @@ -7321,15 +7176,15 @@ @@ -7344,11 +7199,11 @@ @@ -7361,13 +7216,11 @@ Remarks: Additional commentary on the containing object. - + - + Facet Name @@ -7377,7 +7230,7 @@ Facet Name: The name of the risk metric within the specified system. - + Naming System @@ -7387,7 +7240,7 @@ Naming System: Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash. - + Facet Value @@ -7422,7 +7275,7 @@ Response Title: The title for this response activity. - + @@ -7437,20 +7290,20 @@ Response Description: A human-readable description of this response plan. - + @@ -7465,7 +7318,7 @@ @@ -7479,7 +7332,7 @@ Title for Required Asset: The title for this required asset. - + @@ -7494,16 +7347,16 @@ Description of Required Asset: A human-readable description of this required asset. - + @@ -7516,17 +7369,15 @@ Remarks: Additional commentary on the containing object. - + - + Required Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Required Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -7535,7 +7386,7 @@ @@ -7548,23 +7399,21 @@ Remarks: Additional commentary on the containing object. - + - + Remediation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Remediation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Remediation Intent @@ -7596,37 +7445,35 @@ Part Title: A name given to the part, which may be used by a tool for display and navigation. - + - + - + Part Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Part Name @@ -7636,7 +7483,7 @@ Part Name: A textual label that uniquely identifies the part's semantic type. - + Part Namespace @@ -7646,19 +7493,18 @@ Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - + Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. - + @@ -7670,11 +7516,11 @@ @@ -7689,11 +7535,11 @@ @@ -7706,28 +7552,26 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Results Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Results Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -7755,7 +7599,7 @@ Results Title: The title for this set of results. - + @@ -7770,7 +7614,7 @@ Results Description: A human-readable description of this set of test results. - + @@ -7784,7 +7628,7 @@ start field: Date/time stamp identifying the start of the evidence collection reflected in these results. - + @@ -7797,15 +7641,15 @@ end field: Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate. - + @@ -7820,30 +7664,30 @@ @@ -7858,11 +7702,11 @@ @@ -7901,7 +7745,7 @@ Action Title: The title for this event. - + @@ -7916,7 +7760,7 @@ Action Description: A human-readable description of this event. - + @@ -7930,7 +7774,7 @@ Start: Identifies the start date and time of an event. - + @@ -7943,23 +7787,23 @@ End: Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time. - + @@ -7972,17 +7816,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Log Entry Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Log Entry Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -7994,15 +7836,15 @@ @@ -8015,17 +7857,15 @@ Remarks: Additional commentary on the containing object. - + - + Results Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Results Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -8053,7 +7893,7 @@ Finding Title: The title for this finding. - + @@ -8068,24 +7908,24 @@ Finding Description: A human-readable description of this finding. - + @@ -8093,12 +7933,12 @@ Implementation Statement UUID - A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. + A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. Implementation Statement UUID: A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related. - + @@ -8111,11 +7951,11 @@ Related Observation: Relates the finding to a set of referenced observations that were used to determine the finding. - + Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. + A machine-oriented identifier reference to an observation defined in the list of observations. Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. @@ -8133,11 +7973,11 @@ Associated Risk: Relates the finding to a set of referenced risks that were used to determine the finding. - + Risk Universally Unique Identifier Reference - A machine-oriented identifier reference to a risk defined in the list of risks. + A machine-oriented identifier reference to a risk defined in the list of risks. Risk Universally Unique Identifier Reference: A machine-oriented identifier reference to a risk defined in the list of risks. @@ -8155,17 +7995,15 @@ Remarks: Additional commentary on the containing object. - + - + Finding Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Finding Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -8192,13 +8030,11 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Plan Reference @@ -8210,7 +8046,7 @@ + type="oscal-poam-plan-of-action-and-milestones-ASSEMBLY"/> @@ -8222,43 +8058,43 @@ - + POA&M Universally Unique Identifier - A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. POA&M Universally Unique Identifier: A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -8276,11 +8112,11 @@ @@ -8293,9 +8129,7 @@ Remarks: Additional commentary on the containing object. - + @@ -8321,7 +8155,7 @@ POA&M Item Title: The title or name for this POA&M item . - + @@ -8336,16 +8170,16 @@ POA&M Item Description: A human-readable description of POA&M item. - + @@ -8360,7 +8194,7 @@ @@ -8376,11 +8210,11 @@ Related Observation: Relates the poam-item to a set of referenced observations that were used to determine the finding. - + Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. + A machine-oriented identifier reference to an observation defined in the list of observations. Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. @@ -8398,11 +8232,11 @@ Associated Risk: Relates the finding to a set of referenced risks that were used to determine the finding. - + Risk Universally Unique Identifier Reference - A machine-oriented identifier reference to a risk defined in the list of risks. + A machine-oriented identifier reference to a risk defined in the list of risks. Risk Universally Unique Identifier Reference: A machine-oriented identifier reference to a risk defined in the list of risks. @@ -8420,72 +8254,48 @@ Remarks: Additional commentary on the containing object. - + - + POA&M Item Universally Unique Identifier - A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. POA&M Item Universally Unique Identifier: A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - + + + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + - - - - - - - - - The content model is the same as blockElementType, but line endings need - to be preserved, since this is preformatted. - - - - - + - The content model is the same as blockElementType, but line endings need + The content model is the same as inlineMarkupType, but line endings need to be preserved, since this is preformatted. @@ -8494,34 +8304,39 @@ + - - - + + + - + - - - - + + + + + - + - - + + + + + @@ -8530,49 +8345,49 @@ - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + - + + + + + + + + + + + + + + + + + + + + + + + - + + + - - An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. + An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. @@ -8581,70 +8396,18 @@ - The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. + The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. - - - - - A string, but not empty and not whitespace-only (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) - - - - - - The xs:dateTime with a required timezone. - - - - - - An email address - - - - - - A URI - - - - - - A URI reference, such as a relative URL - - - - - - A Type 4 ('random' or 'pseudorandom' UUID per RFC 4122 - - - - - - A string token following the rules of XML "no colon" names, with no whitespace. (XML names are single alphabetic characters - followed by alphanumeric characters, periods, underscores or dashes.) - - - - - - A trimmed string, at least one character with no - leading or trailing whitespace. - - + + + + + + @@ -8652,65 +8415,39 @@ - - - The xs:date with a required timezone. - - - - - - + The xs:dateTime with a required timezone. - - + + An email address - - + + Need a better pattern. - - - A host name - - - - - - The ip-v4-address type specifies an IPv4 address in - dot decimal notation. - - - - - - - - The ip-v6-address type specifies an IPv6 address - represented in 8 hextets separated by colons. - This is based on the pattern provided here: - https://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses - with some customizations. - - - - + + + + + A trimmed string, at least one character with no + leading or trailing whitespace. + + @@ -8718,7 +8455,7 @@ A trimmed string, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. @@ -8726,18 +8463,38 @@ A string, but not empty and not whitespace-only - (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) + (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) The OSCAL 'string' datatype restricts the XSD type by prohibiting leading - and trailing whitespace, and something (not only whitespace) is required. + and trailing whitespace, and something (not only whitespace) is required. A trimmed string, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. + + + + + + + + A string token following the rules of XML "no + colon" names, with no whitespace. (XML names are single alphabetic + characters followed by alphanumeric characters, periods, underscores or dashes.) + + + + + + + + A single token may not contain whitespace. + @@ -8757,13 +8514,13 @@ A URI reference, such as a relative URL - + A trimmed URI, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. @@ -8771,14 +8528,14 @@ A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC - 4122. + 4122. - + A sequence of 8-4-4-4-12 hex digits, with extra - constraints in the 13th and 17-18th places for version 4 and 5 - + constraints in the 13th and 17-18th places for version 4 and 5 + diff --git a/xml/schema/oscal_component_schema.xsd b/xml/schema/oscal_component_schema.xsd index e5c9cbc334..412034523e 100644 --- a/xml/schema/oscal_component_schema.xsd +++ b/xml/schema/oscal_component_schema.xsd @@ -1,8 +1,8 @@ - @@ -20,7 +20,7 @@ + type="oscal-component-definition-component-definition-ASSEMBLY"/> @@ -32,31 +32,31 @@ - + Component Definition Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Definition Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -72,9 +72,7 @@ Import Component Definition: Loads a component definition from another resource. - + Hyperlink Reference @@ -106,7 +104,7 @@ Component Title: A human readable name for the component. - + @@ -121,7 +119,7 @@ Component Description: A description of the component, including information about its function. - + @@ -136,28 +134,28 @@ Purpose: A summary of the technological or business purpose of the component. - + @@ -170,23 +168,21 @@ Remarks: Additional commentary on the containing object. - + - + Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Component Type @@ -218,24 +214,24 @@ Capability Description: A summary of the capability. - + @@ -248,23 +244,21 @@ Remarks: Additional commentary on the containing object. - + - + Capability Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Capability Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Capability Name @@ -296,18 +290,16 @@ Component Description: A description of the component, including information about its function. - + - + Component Reference - A machine-oriented identifier reference to a component. + A machine-oriented identifier reference to a component. Component Reference: A machine-oriented identifier reference to a component. @@ -335,40 +327,38 @@ Control Implementation Description: A description of how the specified set of controls are implemented for the containing component or capability. - + - + Control Implementation Set Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Control Implementation Set Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Source Resource Reference @@ -400,28 +390,28 @@ Control Implementation Description: A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. - + @@ -434,29 +424,25 @@ Remarks: Additional commentary on the containing object. - + - + Control Implementation Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Control Implementation Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -484,20 +470,20 @@ Statement Implementation Description: A summary of how the containing control statement is implemented by the component or capability. - + @@ -510,29 +496,25 @@ Remarks: Additional commentary on the containing object. - + - + Control Statement Reference - A human-oriented identifier reference to a control statement. + A human-oriented identifier reference to a control statement. Control Statement Reference: A human-oriented identifier reference to a control statement. - + Control Statement Reference Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Control Statement Reference Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). @@ -560,7 +542,7 @@ Component Title: A human readable name for the system component. - + @@ -575,7 +557,7 @@ Component Description: A description of the component, including information about its function. - + @@ -590,16 +572,16 @@ Purpose: A summary of the technological or business purpose of the component. - + @@ -623,13 +605,11 @@ Remarks: Additional commentary on the containing object. - + - + State @@ -642,11 +622,11 @@ @@ -659,23 +639,21 @@ Remarks: Additional commentary on the containing object. - + - + Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Component Type @@ -707,30 +685,30 @@ Protocol Title: A human readable name for the protocol (e.g., Transport Layer Security). - + - + Service Protocol Information Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Service Protocol Information Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Protocol Name - The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. + The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. Protocol Name: The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. @@ -746,7 +724,7 @@ Port Range: Where applicable this is the IPv4 port range on which the service operates. - + Start @@ -756,7 +734,7 @@ Start: Indicates the starting port number in a port range - + End @@ -766,7 +744,7 @@ End: Indicates the ending port number in a port range - + Transport @@ -797,13 +775,11 @@ Remarks: Additional commentary on the containing object. - + - + Implementation State @@ -835,7 +811,7 @@ User Title: A name given to the user, which may be used by a tool for display and navigation. - + @@ -849,7 +825,7 @@ User Short Name: A short common name, abbreviation, or acronym for the user. - + @@ -863,24 +839,24 @@ User Description: A summary of the user's purpose within the system. - + @@ -893,17 +869,15 @@ Remarks: Additional commentary on the containing object. - + - + User Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. User Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -931,7 +905,7 @@ Privilege Title: A human readable name for the privilege. - + @@ -946,12 +920,12 @@ Privilege Description: A summary of the privilege's purpose within the system. - + @@ -965,7 +939,7 @@ Functions Performed: Describes a function performed for a given authorized privilege by this user class. - + @@ -988,20 +962,20 @@ Inventory Item Description: A summary of the inventory item stating its purpose within the system. - + @@ -1016,15 +990,15 @@ @@ -1037,19 +1011,15 @@ Remarks: Additional commentary on the containing object. - + - + Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -1067,17 +1037,15 @@ Remarks: Additional commentary on the containing object. - + - + Inventory Item Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inventory Item Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1104,7 +1072,7 @@ Parameter Value: A parameter value or set of values. - + @@ -1117,19 +1085,15 @@ Remarks: Additional commentary on the containing object. - + - + Parameter ID - A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. + A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. Parameter ID: A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. @@ -1140,14 +1104,14 @@ System Identification - A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. + A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. System Identification: A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. - - + + Identification System Type @@ -1181,62 +1145,62 @@ Document Title: A name given to the document, which may be used by a tool for display and navigation. - + @@ -1249,9 +1213,7 @@ Remarks: Additional commentary on the containing object. - + @@ -1277,32 +1239,32 @@ Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - + @@ -1315,9 +1277,7 @@ Remarks: Additional commentary on the containing object. - + @@ -1343,20 +1303,20 @@ Location Title: A name given to the location, which may be used by a tool for display and navigation. - + @@ -1369,15 +1329,15 @@ Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - + @@ -1390,17 +1350,15 @@ Remarks: Additional commentary on the containing object. - + - + Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1411,12 +1369,12 @@ Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -1438,7 +1396,7 @@ Party Name: The full name of the party. This is typically the legal name associated with the party. - + @@ -1451,7 +1409,7 @@ Party Short Name: A short common name, abbreviation, or acronym for the party. - + @@ -1465,8 +1423,8 @@ Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) - - + + External Identifier Schema @@ -1481,28 +1439,28 @@ @@ -1511,12 +1469,12 @@ Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -1529,23 +1487,21 @@ Remarks: Additional commentary on the containing object. - + - + Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Party Type @@ -1560,12 +1516,12 @@ Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -1588,7 +1544,7 @@ Role Title: A name given to the role, which may be used by a tool for display and navigation. - + @@ -1602,7 +1558,7 @@ Role Short Name: A short common name, abbreviation, or acronym for the role. - + @@ -1616,16 +1572,16 @@ Role Description: A summary of the role's purpose and associated responsibilities. - + @@ -1638,17 +1594,15 @@ Remarks: Additional commentary on the containing object. - + - + Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1659,12 +1613,12 @@ Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + A human-oriented identifier reference to roles served by the user. Role Identifier Reference: A human-oriented identifier reference to roles served by the user. - + @@ -1698,7 +1652,7 @@ Resource Title: A name given to the resource, which may be used by a tool for display and navigation. - + @@ -1713,16 +1667,16 @@ Resource Description: A short summary of the resource used to indicate the purpose of the resource. - + @@ -1747,16 +1701,16 @@ Citation Text: A line of citation text. - + @@ -1774,13 +1728,11 @@ - + Hypertext Reference @@ -1790,11 +1742,11 @@ Hypertext Reference: A resolvable URI reference to a resource. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1813,22 +1765,22 @@ Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. - - + + File Name - Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. + Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. File Name: Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1848,17 +1800,15 @@ Remarks: Additional commentary on the containing object. - + - + Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1888,13 +1838,11 @@ Remarks: Additional commentary on the containing object. - + - + Property Name @@ -1904,17 +1852,17 @@ Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - + Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Property Namespace @@ -1924,9 +1872,7 @@ Property Namespace: A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name. - + Property Value @@ -1936,11 +1882,11 @@ Property Value: Indicates the value of the attribute, characteristic, or quality. - + Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. @@ -1968,14 +1914,12 @@ Link Text: A textual label to associate with the link, which may be used for presentation in a tool. - + - + Hypertext Reference @@ -1985,7 +1929,7 @@ Hypertext Reference: A resolvable URL reference to a resource. - + Relation @@ -1995,11 +1939,11 @@ Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -2017,15 +1961,15 @@ @@ -2038,19 +1982,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role - A human-oriented identifier reference to roles served by the user. + A human-oriented identifier reference to roles served by the user. Responsible Role: A human-oriented identifier reference to roles served by the user. @@ -2068,15 +2008,15 @@ @@ -2089,19 +2029,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to roles responsible for the business function. Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. @@ -2118,10 +2054,8 @@ Hash: A representation of a cryptographic digest generated over a resource using a specified hash algorithm. - - + + Hash algorithm @@ -2144,30 +2078,30 @@ Remarks: Additional commentary on the containing object. - + Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + @@ -2178,7 +2112,7 @@ Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. - + @@ -2189,18 +2123,18 @@ OSCAL version: The OSCAL model version the document was authored against. - + Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. Email Address: An email address as defined by RFC 5322 Section 3.4.1. - + @@ -2212,8 +2146,8 @@ Telephone Number: Contact number by telephone. - - + + type flag @@ -2237,7 +2171,7 @@ @@ -2250,7 +2184,7 @@ City: City, town or geographical region for the mailing address. - + @@ -2263,7 +2197,7 @@ State: State, province or analogous geographical region for mailing address - + @@ -2276,7 +2210,7 @@ Postal Code: Postal or ZIP code for mailing address - + @@ -2289,11 +2223,11 @@ Country Code: The ISO 3166-1 alpha-2 country code for the mailing address. - + - + Address Type @@ -2313,20 +2247,20 @@ Address line: A single line of an address. - + Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. - - + + Document Identification Scheme @@ -2360,37 +2294,35 @@ Part Title: A name given to the part, which may be used by a tool for display and navigation. - + - + - + Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Part Name @@ -2400,7 +2332,7 @@ Part Name: A textual label that uniquely identifies the part's semantic type. - + Part Namespace @@ -2410,11 +2342,11 @@ Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - + Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. @@ -2432,11 +2364,11 @@ @@ -2444,13 +2376,13 @@ Parameter Label - A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. + A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. Parameter Label: A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. - + @@ -2465,25 +2397,25 @@ Parameter Usage Description: Describes the purpose and use of a parameter - + @@ -2497,23 +2429,21 @@ Remarks: Additional commentary on the containing object. - + - + Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Parameter Class @@ -2523,7 +2453,7 @@ Parameter Class: A textual label that provides a characterization of the parameter. - + Depends on @@ -2555,7 +2485,7 @@ Constraint Description: A textual summary of the constraint to be applied. - + @@ -2580,7 +2510,7 @@ Constraint test: A formal (executable) expression of a constraint - + @@ -2593,9 +2523,7 @@ Remarks: Additional commentary on the containing object. - + @@ -2613,9 +2541,7 @@ Guideline: A prose statement that provides a recommendation for the use of a parameter. - + @@ -2627,7 +2553,7 @@ Parameter Value: A parameter value or set of values. - + @@ -2650,12 +2576,12 @@ Choice: A value selection among several such options - + - + Parameter Cardinality @@ -2676,55 +2602,33 @@ Include All: Include all controls from the imported catalog or profile resources. - - - - - + + + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + - - - - - - - - - The content model is the same as blockElementType, but line endings need - to be preserved, since this is preformatted. - - - - - + - The content model is the same as blockElementType, but line endings need + The content model is the same as inlineMarkupType, but line endings need to be preserved, since this is preformatted. @@ -2733,42 +2637,39 @@ + - - - + + + - + - - - - + + + + + - + - - + + + + + @@ -2777,65 +2678,49 @@ - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + - + + + + + + + + + + + + + + + + + + + + + + + - + + + - - An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. + An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. @@ -2844,144 +2729,46 @@ - The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. + The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. - - - - - A string, but not empty and not whitespace-only (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) - - - - - - The xs:dateTime with a required timezone. - - - - - - An email address - - - - - - A URI - - - - - - A URI reference, such as a relative URL - - - - - - A Type 4 ('random' or 'pseudorandom' UUID per RFC 4122 - - - - - - A string token following the rules of XML "no colon" names, with no whitespace. (XML names are single alphabetic characters - followed by alphanumeric characters, periods, underscores or dashes.) - - - - - - A trimmed string, at least one character with no - leading or trailing whitespace. - - - - - - - - - - - - The xs:date with a required timezone. - - - + - + The xs:dateTime with a required timezone. - - + + An email address - - + + Need a better pattern. - - - A host name - - - - - - The ip-v4-address type specifies an IPv4 address in - dot decimal notation. - - - - - - - - The ip-v6-address type specifies an IPv6 address - represented in 8 hextets separated by colons. - This is based on the pattern provided here: - https://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses - with some customizations. - - - - - - - - + + A trimmed string, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. @@ -2989,18 +2776,38 @@ A string, but not empty and not whitespace-only - (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) + (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) The OSCAL 'string' datatype restricts the XSD type by prohibiting leading - and trailing whitespace, and something (not only whitespace) is required. + and trailing whitespace, and something (not only whitespace) is required. A trimmed string, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. + + + + + + + + A string token following the rules of XML "no + colon" names, with no whitespace. (XML names are single alphabetic + characters followed by alphanumeric characters, periods, underscores or dashes.) + + + + + + + + A single token may not contain whitespace. + @@ -3020,13 +2827,13 @@ A URI reference, such as a relative URL - + A trimmed URI, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. @@ -3034,14 +2841,14 @@ A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC - 4122. + 4122. - + A sequence of 8-4-4-4-12 hex digits, with extra - constraints in the 13th and 17-18th places for version 4 and 5 - + constraints in the 13th and 17-18th places for version 4 and 5 + diff --git a/xml/schema/oscal_poam_schema.xsd b/xml/schema/oscal_poam_schema.xsd index f774b7a8a4..e5887f3aa6 100644 --- a/xml/schema/oscal_poam_schema.xsd +++ b/xml/schema/oscal_poam_schema.xsd @@ -1,8 +1,8 @@ - @@ -19,7 +19,7 @@ + type="oscal-poam-plan-of-action-and-milestones-ASSEMBLY"/> @@ -31,43 +31,43 @@ - + POA&M Universally Unique Identifier - A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. POA&M Universally Unique Identifier: A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -85,11 +85,11 @@ @@ -102,9 +102,7 @@ Remarks: Additional commentary on the containing object. - + @@ -130,7 +128,7 @@ POA&M Item Title: The title or name for this POA&M item . - + @@ -145,16 +143,16 @@ POA&M Item Description: A human-readable description of POA&M item. - + @@ -169,7 +167,7 @@ @@ -185,11 +183,11 @@ Related Observation: Relates the poam-item to a set of referenced observations that were used to determine the finding. - + Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. + A machine-oriented identifier reference to an observation defined in the list of observations. Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. @@ -207,11 +205,11 @@ Associated Risk: Relates the finding to a set of referenced risks that were used to determine the finding. - + Risk Universally Unique Identifier Reference - A machine-oriented identifier reference to a risk defined in the list of risks. + A machine-oriented identifier reference to a risk defined in the list of risks. Risk Universally Unique Identifier Reference: A machine-oriented identifier reference to a risk defined in the list of risks. @@ -229,17 +227,15 @@ Remarks: Additional commentary on the containing object. - + - + POA&M Item Universally Unique Identifier - A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. POA&M Item Universally Unique Identifier: A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -267,62 +263,62 @@ Document Title: A name given to the document, which may be used by a tool for display and navigation. - + @@ -335,9 +331,7 @@ Remarks: Additional commentary on the containing object. - + @@ -363,32 +357,32 @@ Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - + @@ -401,9 +395,7 @@ Remarks: Additional commentary on the containing object. - + @@ -429,20 +421,20 @@ Location Title: A name given to the location, which may be used by a tool for display and navigation. - + @@ -455,15 +447,15 @@ Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - + @@ -476,17 +468,15 @@ Remarks: Additional commentary on the containing object. - + - + Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -497,12 +487,12 @@ Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -524,7 +514,7 @@ Party Name: The full name of the party. This is typically the legal name associated with the party. - + @@ -537,7 +527,7 @@ Party Short Name: A short common name, abbreviation, or acronym for the party. - + @@ -551,8 +541,8 @@ Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) - - + + External Identifier Schema @@ -567,28 +557,28 @@ @@ -597,12 +587,12 @@ Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -615,23 +605,21 @@ Remarks: Additional commentary on the containing object. - + - + Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Party Type @@ -646,12 +634,12 @@ Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -674,7 +662,7 @@ Role Title: A name given to the role, which may be used by a tool for display and navigation. - + @@ -688,7 +676,7 @@ Role Short Name: A short common name, abbreviation, or acronym for the role. - + @@ -702,16 +690,16 @@ Role Description: A summary of the role's purpose and associated responsibilities. - + @@ -724,17 +712,15 @@ Remarks: Additional commentary on the containing object. - + - + Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -745,12 +731,12 @@ Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + A human-oriented identifier reference to roles served by the user. Role Identifier Reference: A human-oriented identifier reference to roles served by the user. - + @@ -784,7 +770,7 @@ Resource Title: A name given to the resource, which may be used by a tool for display and navigation. - + @@ -799,16 +785,16 @@ Resource Description: A short summary of the resource used to indicate the purpose of the resource. - + @@ -833,16 +819,16 @@ Citation Text: A line of citation text. - + @@ -860,11 +846,11 @@ - + Hypertext Reference @@ -874,11 +860,11 @@ Hypertext Reference: A resolvable URI reference to a resource. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -897,22 +883,22 @@ Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. - - + + File Name - Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. + Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. File Name: Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -932,17 +918,15 @@ Remarks: Additional commentary on the containing object. - + - + Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -972,13 +956,11 @@ Remarks: Additional commentary on the containing object. - + - + Property Name @@ -988,17 +970,17 @@ Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - + Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Property Namespace @@ -1008,7 +990,7 @@ Property Namespace: A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name. - + Property Value @@ -1018,11 +1000,11 @@ Property Value: Indicates the value of the attribute, characteristic, or quality. - + Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. @@ -1050,12 +1032,12 @@ Link Text: A textual label to associate with the link, which may be used for presentation in a tool. - + - + Hypertext Reference @@ -1065,7 +1047,7 @@ Hypertext Reference: A resolvable URL reference to a resource. - + Relation @@ -1075,11 +1057,11 @@ Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1097,15 +1079,15 @@ @@ -1118,17 +1100,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role - A human-oriented identifier reference to roles served by the user. + A human-oriented identifier reference to roles served by the user. Responsible Role: A human-oriented identifier reference to roles served by the user. @@ -1146,15 +1126,15 @@ @@ -1167,17 +1147,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to roles responsible for the business function. Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. @@ -1194,8 +1172,8 @@ Hash: A representation of a cryptographic digest generated over a resource using a specified hash algorithm. - - + + Hash algorithm @@ -1218,30 +1196,30 @@ Remarks: Additional commentary on the containing object. - + Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + @@ -1252,7 +1230,7 @@ Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. - + @@ -1263,18 +1241,18 @@ OSCAL version: The OSCAL model version the document was authored against. - + Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. Email Address: An email address as defined by RFC 5322 Section 3.4.1. - + @@ -1286,8 +1264,8 @@ Telephone Number: Contact number by telephone. - - + + type flag @@ -1311,7 +1289,7 @@ @@ -1324,7 +1302,7 @@ City: City, town or geographical region for the mailing address. - + @@ -1337,7 +1315,7 @@ State: State, province or analogous geographical region for mailing address - + @@ -1350,7 +1328,7 @@ Postal Code: Postal or ZIP code for mailing address - + @@ -1363,11 +1341,11 @@ Country Code: The ISO 3166-1 alpha-2 country code for the mailing address. - + - + Address Type @@ -1387,20 +1365,20 @@ Address line: A single line of an address. - + Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. - - + + Document Identification Scheme @@ -1434,7 +1412,7 @@ Component Title: A human readable name for the system component. - + @@ -1449,7 +1427,7 @@ Component Description: A description of the component, including information about its function. - + @@ -1464,16 +1442,16 @@ Purpose: A summary of the technological or business purpose of the component. - + @@ -1497,13 +1475,11 @@ Remarks: Additional commentary on the containing object. - + - + State @@ -1516,11 +1492,11 @@ @@ -1533,23 +1509,21 @@ Remarks: Additional commentary on the containing object. - + - + Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Component Type @@ -1581,30 +1555,30 @@ Protocol Title: A human readable name for the protocol (e.g., Transport Layer Security). - + - + Service Protocol Information Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Service Protocol Information Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Protocol Name - The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. + The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. Protocol Name: The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. @@ -1620,7 +1594,7 @@ Port Range: Where applicable this is the IPv4 port range on which the service operates. - + Start @@ -1630,7 +1604,7 @@ Start: Indicates the starting port number in a port range - + End @@ -1640,7 +1614,7 @@ End: Indicates the ending port number in a port range - + Transport @@ -1671,13 +1645,11 @@ Remarks: Additional commentary on the containing object. - + - + Implementation State @@ -1709,7 +1681,7 @@ User Title: A name given to the user, which may be used by a tool for display and navigation. - + @@ -1723,7 +1695,7 @@ User Short Name: A short common name, abbreviation, or acronym for the user. - + @@ -1737,24 +1709,24 @@ User Description: A summary of the user's purpose within the system. - + @@ -1767,17 +1739,15 @@ Remarks: Additional commentary on the containing object. - + - + User Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. User Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1805,7 +1775,7 @@ Privilege Title: A human readable name for the privilege. - + @@ -1820,12 +1790,12 @@ Privilege Description: A summary of the privilege's purpose within the system. - + @@ -1839,7 +1809,7 @@ Functions Performed: Describes a function performed for a given authorized privilege by this user class. - + @@ -1862,20 +1832,20 @@ Inventory Item Description: A summary of the inventory item stating its purpose within the system. - + @@ -1890,15 +1860,15 @@ @@ -1911,17 +1881,15 @@ Remarks: Additional commentary on the containing object. - + - + Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -1939,17 +1907,15 @@ Remarks: Additional commentary on the containing object. - + - + Inventory Item Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inventory Item Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1976,7 +1942,7 @@ Parameter Value: A parameter value or set of values. - + @@ -1989,17 +1955,15 @@ Remarks: Additional commentary on the containing object. - + - + Parameter ID - A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. + A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. Parameter ID: A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. @@ -2010,14 +1974,14 @@ System Identification - A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. + A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. System Identification: A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. - - + + Identification System Type @@ -2051,37 +2015,35 @@ Part Title: A name given to the part, which may be used by a tool for display and navigation. - + - + - + Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Part Name @@ -2091,7 +2053,7 @@ Part Name: A textual label that uniquely identifies the part's semantic type. - + Part Namespace @@ -2101,11 +2063,11 @@ Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - + Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. @@ -2123,11 +2085,11 @@ @@ -2135,13 +2097,13 @@ Parameter Label - A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. + A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. Parameter Label: A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. - + @@ -2156,25 +2118,25 @@ Parameter Usage Description: Describes the purpose and use of a parameter - + @@ -2188,23 +2150,21 @@ Remarks: Additional commentary on the containing object. - + - + Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Parameter Class @@ -2214,7 +2174,7 @@ Parameter Class: A textual label that provides a characterization of the parameter. - + Depends on @@ -2246,7 +2206,7 @@ Constraint Description: A textual summary of the constraint to be applied. - + @@ -2271,7 +2231,7 @@ Constraint test: A formal (executable) expression of a constraint - + @@ -2284,9 +2244,7 @@ Remarks: Additional commentary on the containing object. - + @@ -2304,9 +2262,7 @@ Guideline: A prose statement that provides a recommendation for the use of a parameter. - + @@ -2318,7 +2274,7 @@ Parameter Value: A parameter value or set of values. - + @@ -2341,12 +2297,12 @@ Choice: A value selection among several such options - + - + Parameter Cardinality @@ -2387,13 +2343,11 @@ Remarks: Additional commentary on the containing object. - + - + System Security Plan Reference @@ -2425,20 +2379,20 @@ Objective Description: A human-readable description of this control objective. - + @@ -2451,17 +2405,15 @@ Remarks: Additional commentary on the containing object. - + - + Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -2489,20 +2441,20 @@ Assessment Method Description: A human-readable description of this assessment method. - + @@ -2515,17 +2467,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Method Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Method Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment method elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment method can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2553,7 +2503,7 @@ Included Activity Title: The title for this included activity. - + @@ -2568,16 +2518,16 @@ Included Activity Description: A human-readable description of this included activity. - + @@ -2602,7 +2552,7 @@ Step Title: The title for this step. - + @@ -2617,24 +2567,24 @@ Step Description: A human-readable description of this step. - + @@ -2647,17 +2597,15 @@ Remarks: Additional commentary on the containing object. - + - + Step Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Step Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2666,11 +2614,11 @@ @@ -2683,17 +2631,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Activity Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Activity Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2721,7 +2667,7 @@ Task Title: The title for this task. - + @@ -2736,16 +2682,16 @@ Task Description: A human-readable description of this task. - + @@ -2770,7 +2716,7 @@ On Date Condition: The task is intended to occur on the specified date. - + On Date Condition @@ -2792,9 +2738,7 @@ On Date Range Condition: The task is intended to occur within the specified date range. - + Start Date Condition @@ -2804,7 +2748,7 @@ Start Date Condition: The task must occur on or after the specified date. - + End Date Condition @@ -2826,7 +2770,7 @@ Frequency Condition: The task is intended to occur at the specified frequency. - + Period @@ -2836,7 +2780,7 @@ Period: The task must occur after the specified period has elapsed. - + Time Unit @@ -2873,17 +2817,15 @@ Remarks: Additional commentary on the containing object. - + - + Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -2892,7 +2834,7 @@ @@ -2907,19 +2849,19 @@ @@ -2932,17 +2874,15 @@ Remarks: Additional commentary on the containing object. - + - + Activity Universally Unique Identifier Reference - A machine-oriented identifier reference to an activity defined in the list of activities. + A machine-oriented identifier reference to an activity defined in the list of activities. Activity Universally Unique Identifier Reference: A machine-oriented identifier reference to an activity defined in the list of activities. @@ -2951,11 +2891,11 @@ @@ -2968,23 +2908,21 @@ Remarks: Additional commentary on the containing object. - + - + Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this task elsewhere in this or other OSCAL instances. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Task Type @@ -3016,16 +2954,16 @@ Control Objective Description: A human-readable description of control objectives. - + @@ -3050,30 +2988,30 @@ Assessed Controls Description: A human-readable description of in-scope controls specified for assessment. - + @@ -3086,9 +3024,7 @@ Remarks: Additional commentary on the containing object. - + @@ -3118,30 +3054,30 @@ Control Objectives Description: A human-readable description of this collection of control objectives. - + @@ -3154,9 +3090,7 @@ Remarks: Additional commentary on the containing object. - + @@ -3172,9 +3106,7 @@ Remarks: Additional commentary on the containing object. - + @@ -3199,15 +3131,15 @@ Include Specific Statements: Used to constrain the selection to only specificity identified statements. - + - + Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -3223,7 +3155,7 @@ Select Objective: Used to select a control objective for inclusion/exclusion based on the control objective's identifier. - + Objective ID @@ -3255,7 +3187,7 @@ Assessment Subject Placeholder Description: A human-readable description of intent of this assessment subject placeholder. - + @@ -3269,11 +3201,11 @@ Assessment Subject Source: Assessment subjects will be identified while conducting the referenced activity-instance. - + Task Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Task Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference (in this or other OSCAL instances) an assessment activity to be performed as part of the event. The locally defined UUID of the task can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3282,11 +3214,11 @@ @@ -3299,17 +3231,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Subject Placeholder Universally Unique Identifier - A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Subject Placeholder Universally Unique Identifier: A machine-oriented, globally unique identifier for a set of assessment subjects that will be identified by a task or an activity that is part of a task. The locally defined UUID of the assessment subject placeholder can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3337,30 +3267,30 @@ Include Subjects Description: A human-readable description of the collection of subjects being included in this assessment. - + @@ -3373,13 +3303,11 @@ Remarks: Additional commentary on the containing object. - + - + Subject Type @@ -3401,11 +3329,11 @@ @@ -3418,27 +3346,25 @@ Remarks: Additional commentary on the containing object. - + - + Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. - + Subject Universally Unique Identifier Reference Type - Used to indicate the type of object pointed to by the uuid-ref within a subject. + Used to indicate the type of object pointed to by the uuid-ref within a subject. Subject Universally Unique Identifier Reference Type: Used to indicate the type of object pointed to by the uuid-ref within a subject. @@ -3449,7 +3375,7 @@ Identifies the Subject - A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. + A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. Identifies the Subject: A human-oriented identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else. @@ -3466,16 +3392,16 @@ Subject Reference Title: The title or name for the referenced subject. - + @@ -3488,27 +3414,25 @@ Remarks: Additional commentary on the containing object. - + - + Subject Universally Unique Identifier Reference - A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. + A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. Subject Universally Unique Identifier Reference: A machine-oriented identifier reference to a component, inventory-item, location, party, user, or resource using it's UUID. - + Subject Universally Unique Identifier Reference Type - Used to indicate the type of object pointed to by the uuid-ref within a subject. + Used to indicate the type of object pointed to by the uuid-ref within a subject. Subject Universally Unique Identifier Reference Type: Used to indicate the type of object pointed to by the uuid-ref within a subject. @@ -3526,7 +3450,7 @@ @@ -3551,16 +3475,16 @@ Assessment Platform Title: The title or name for the assessment platform. - + @@ -3575,15 +3499,15 @@ @@ -3596,17 +3520,15 @@ Remarks: Additional commentary on the containing object. - + - + Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -3624,17 +3546,15 @@ Remarks: Additional commentary on the containing object. - + - + Assessment Platform Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Assessment Platform Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment platform elsewhere in this or other OSCAL instances. The locally defined UUID of the assessment platform can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3665,7 +3585,7 @@ Objective Status Title: The title for this objective status. - + @@ -3680,16 +3600,16 @@ Objective Status Description: A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied. - + @@ -3713,13 +3633,11 @@ Remarks: Additional commentary on the containing object. - + - + Objective Status State @@ -3729,7 +3647,7 @@ Objective Status State: An indication as to whether the objective is satisfied or not. - + Objective Status Reason @@ -3742,7 +3660,7 @@ @@ -3755,13 +3673,11 @@ Remarks: Additional commentary on the containing object. - + - + Finding Target Type @@ -3771,11 +3687,11 @@ Finding Target Type: Identifies the type of the target. - + Finding Target Identifier Reference - A machine-oriented identifier reference for a specific target qualified by the type. + A machine-oriented identifier reference for a specific target qualified by the type. Finding Target Identifier Reference: A machine-oriented identifier reference for a specific target qualified by the type. @@ -3803,7 +3719,7 @@ Observation Title: The title for this observation. - + @@ -3818,16 +3734,16 @@ Observation Description: A human-readable description of this assessment observation. - + @@ -3840,7 +3756,7 @@ Observation Method: Identifies how the observation was made. - + @@ -3853,15 +3769,15 @@ Observation Type: Identifies the nature of the observation. More than one may be used to further qualify and enable filtering. - + @@ -3886,16 +3802,16 @@ Relevant Evidence Description: A human-readable description of this evidence. - + @@ -3908,13 +3824,11 @@ Remarks: Additional commentary on the containing object. - + - + Relevant Evidence Reference @@ -3936,7 +3850,7 @@ Collected Field: Date/time stamp identifying when the finding information was collected. - + @@ -3949,7 +3863,7 @@ Expires Field: Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios. - + @@ -3962,17 +3876,15 @@ Remarks: Additional commentary on the containing object. - + - + Observation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Observation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3990,11 +3902,11 @@ @@ -4010,15 +3922,15 @@ - + Actor Type @@ -4028,17 +3940,17 @@ Actor Type: The kind of actor. - + Actor Universally Unique Identifier Reference - A machine-oriented identifier reference to the tool or person based on the associated type. + A machine-oriented identifier reference to the tool or person based on the associated type. Actor Universally Unique Identifier Reference: A machine-oriented identifier reference to the tool or person based on the associated type. - + Actor Role @@ -4060,19 +3972,19 @@ @@ -4087,17 +3999,15 @@ - + Assessment Subject Placeholder Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. + A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. Assessment Subject Placeholder Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique assessment subject placeholder defined by this task. @@ -4115,17 +4025,15 @@ Remarks: Additional commentary on the containing object. - + - + Task Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique task. + A machine-oriented identifier reference to a unique task. Task Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique task. @@ -4142,8 +4050,8 @@ Threat ID: A pointer, by ID, to an externally-defined threat. - - + + Threat Type Identification System @@ -4153,7 +4061,7 @@ Threat Type Identification System: Specifies the source of the threat information. - + Threat Information Resource Reference @@ -4187,7 +4095,7 @@ Risk Title: The title for this risk. - + @@ -4202,7 +4110,7 @@ Risk Description: A human-readable summary of the identified risk, to include a statement of how the risk impacts the system. - + @@ -4217,32 +4125,32 @@ Risk Statement: An summary of impact for how the risk affects the system. - + @@ -4267,38 +4175,38 @@ Mitigating Factor Description: A human-readable description of this mitigating factor. - + - + Mitigating Factor Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Mitigating Factor Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this mitigating factor elsewhere in this or other OSCAL instances. The locally defined UUID of the mitigating factor can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Implementation UUID - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Implementation UUID: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this implementation statement elsewhere in this or other OSCAL instancess. The locally defined UUID of the implementation statement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4316,11 +4224,11 @@ Risk Resolution Deadline: The date/time by which the risk must be resolved. - + @@ -4356,7 +4264,7 @@ Title: The title for this risk log entry. - + @@ -4371,7 +4279,7 @@ Risk Task Description: A human-readable description of what was done regarding the risk. - + @@ -4385,7 +4293,7 @@ Start: Identifies the start date and time of the event. - + @@ -4398,23 +4306,23 @@ End: Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time. - + @@ -4429,15 +4337,15 @@ @@ -4450,17 +4358,15 @@ Remarks: Additional commentary on the containing object. - + - + Response Universally Unique Identifier Reference - A machine-oriented identifier reference to a unique risk response. + A machine-oriented identifier reference to a unique risk response. Response Universally Unique Identifier Reference: A machine-oriented identifier reference to a unique risk response. @@ -4478,17 +4384,15 @@ Remarks: Additional commentary on the containing object. - + - + Risk Log Entry Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Log Entry Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4509,11 +4413,11 @@ Related Observation: Relates the finding to a set of referenced observations that were used to determine the finding. - + Observation Universally Unique Identifier Reference - A machine-oriented identifier reference to an observation defined in the list of observations. + A machine-oriented identifier reference to an observation defined in the list of observations. Observation Universally Unique Identifier Reference: A machine-oriented identifier reference to an observation defined in the list of observations. @@ -4522,11 +4426,11 @@ - + Risk Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Risk Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4542,17 +4446,17 @@ Logged By: Used to indicate who created a log entry in what role. - + Party UUID Reference - A machine-oriented identifier reference to the party who is making the log entry. + A machine-oriented identifier reference to the party who is making the log entry. Party UUID Reference: A machine-oriented identifier reference to the party who is making the log entry. - + Actor Role @@ -4572,7 +4476,7 @@ Risk Status: Describes the status of the associated risk. - + @@ -4585,15 +4489,15 @@ @@ -4608,11 +4512,11 @@ @@ -4625,13 +4529,11 @@ Remarks: Additional commentary on the containing object. - + - + Facet Name @@ -4641,7 +4543,7 @@ Facet Name: The name of the risk metric within the specified system. - + Naming System @@ -4651,7 +4553,7 @@ Naming System: Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash. - + Facet Value @@ -4686,7 +4588,7 @@ Response Title: The title for this response activity. - + @@ -4701,20 +4603,20 @@ Response Description: A human-readable description of this response plan. - + @@ -4729,7 +4631,7 @@ @@ -4743,7 +4645,7 @@ Title for Required Asset: The title for this required asset. - + @@ -4758,16 +4660,16 @@ Description of Required Asset: A human-readable description of this required asset. - + @@ -4780,17 +4682,15 @@ Remarks: Additional commentary on the containing object. - + - + Required Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Required Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this required asset elsewhere in this or other OSCAL instances. The locally defined UUID of the asset can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -4799,7 +4699,7 @@ @@ -4812,23 +4712,21 @@ Remarks: Additional commentary on the containing object. - + - + Remediation Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Remediation Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Remediation Intent @@ -4860,37 +4758,35 @@ Part Title: A name given to the part, which may be used by a tool for display and navigation. - + - + - + Part Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this part elsewhere in this or other OSCAL instances. The locally defined UUID of the part can be used to reference the data item locally or globally (e.g., in an ported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Part Name @@ -4900,7 +4796,7 @@ Part Name: A textual label that uniquely identifies the part's semantic type. - + Part Namespace @@ -4910,66 +4806,44 @@ Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - + Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. - - - - - + + + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + - - - - - - - - - The content model is the same as blockElementType, but line endings need - to be preserved, since this is preformatted. - - - - - + - The content model is the same as blockElementType, but line endings need + The content model is the same as inlineMarkupType, but line endings need to be preserved, since this is preformatted. @@ -4978,34 +4852,39 @@ + - - - + + + - + - - - - + + + + + - + - - + + + + + @@ -5014,49 +4893,49 @@ - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + - + + + + + + + + + + + + + + + + + + + + + + + - + + + - - An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. + An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. @@ -5065,136 +4944,48 @@ - The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. + The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. - - - - - A string, but not empty and not whitespace-only (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) - - - - - - The xs:dateTime with a required timezone. - - - - - - An email address - - - - - - A URI - - - - - - A URI reference, such as a relative URL - - - - - - A Type 4 ('random' or 'pseudorandom' UUID per RFC 4122 - - - - - - A string token following the rules of XML "no colon" names, with no whitespace. (XML names are single alphabetic characters - followed by alphanumeric characters, periods, underscores or dashes.) - - - - - - A trimmed string, at least one character with no - leading or trailing whitespace. - - - - - - - - - - - - The xs:date with a required timezone. - - - + - + The xs:dateTime with a required timezone. - - + + An email address - - + + Need a better pattern. - - - A host name - - - - - - The ip-v4-address type specifies an IPv4 address in - dot decimal notation. - - - - - - - - The ip-v6-address type specifies an IPv6 address - represented in 8 hextets separated by colons. - This is based on the pattern provided here: - https://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses - with some customizations. - - - - + + + + + A trimmed string, at least one character with no + leading or trailing whitespace. + + @@ -5202,7 +4993,7 @@ A trimmed string, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. @@ -5210,18 +5001,38 @@ A string, but not empty and not whitespace-only - (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) + (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) The OSCAL 'string' datatype restricts the XSD type by prohibiting leading - and trailing whitespace, and something (not only whitespace) is required. + and trailing whitespace, and something (not only whitespace) is required. A trimmed string, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. + + + + + + + + A string token following the rules of XML "no + colon" names, with no whitespace. (XML names are single alphabetic + characters followed by alphanumeric characters, periods, underscores or dashes.) + + + + + + + + A single token may not contain whitespace. + @@ -5241,13 +5052,13 @@ A URI reference, such as a relative URL - + A trimmed URI, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. @@ -5255,14 +5066,14 @@ A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC - 4122. + 4122. - + A sequence of 8-4-4-4-12 hex digits, with extra - constraints in the 13th and 17-18th places for version 4 and 5 - + constraints in the 13th and 17-18th places for version 4 and 5 + diff --git a/xml/schema/oscal_profile_schema.xsd b/xml/schema/oscal_profile_schema.xsd index e27d43d1e0..191b0e58f7 100644 --- a/xml/schema/oscal_profile_schema.xsd +++ b/xml/schema/oscal_profile_schema.xsd @@ -1,8 +1,8 @@ - @@ -17,7 +17,7 @@ profile - + @@ -29,31 +29,31 @@ - + Profile Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document. Profile Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document. @@ -64,7 +64,7 @@ Import resource - The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives. + The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives. Import resource: The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives. @@ -72,20 +72,20 @@ - + Catalog or Profile Reference @@ -116,7 +116,7 @@ Combination rule: A Combine element defines how to combine multiple (competing) versions of the same control. - + Combination method @@ -151,7 +151,7 @@ As-Is Structuring Directive: An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes. - + @@ -166,11 +166,11 @@ @@ -200,48 +200,48 @@ Group Title: A name given to the group, which may be used by a tool for display and navigation. - + - + Group Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. Group Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. - + Group Class @@ -274,11 +274,11 @@ @@ -286,13 +286,13 @@ Parameter Label - A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. + A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. Parameter Label: A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. - + @@ -307,40 +307,40 @@ Parameter Usage Description: Describes the purpose and use of a parameter - + - + Parameter ID - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Parameter ID: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Parameter Class @@ -350,7 +350,7 @@ Parameter Class: A textual label that provides a characterization of the parameter. - + Depends on @@ -363,7 +363,7 @@ @@ -380,20 +380,20 @@ - + Order @@ -424,7 +424,7 @@ Match Controls by Identifier: - + @@ -437,11 +437,11 @@ Match Controls by Pattern: Select controls by (regular expression) match on ID - + Pattern - A glob expression matching the IDs of one or more controls to be selected. + A glob expression matching the IDs of one or more controls to be selected. Pattern: A glob expression matching the IDs of one or more controls to be selected. @@ -450,7 +450,7 @@ - + Include contained controls with control @@ -472,19 +472,19 @@ - + Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -500,7 +500,7 @@ Removal: Specifies objects to be removed from a control based on specific aspects of the object that must all match. - + Reference by (assigned) name @@ -510,42 +510,42 @@ Reference by (assigned) name: Identify items to remove by matching their assigned name - + Reference by class - Identify items to remove by matching their class. + Identify items to remove by matching their class. Reference by class: Identify items to remove by matching their class. - + Reference by ID - Identify items to remove indicated by their id. + Identify items to remove indicated by their id. Reference by ID: Identify items to remove indicated by their id. - + Item Name Reference - Identify items to remove by the name of the item's information element name, e.g. title or prop + Identify items to remove by the name of the item's information element name, e.g. title or prop Item Name Reference: Identify items to remove by the name of the item's information element name, e.g. title or prop - + Item Namespace Reference - Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. + Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. Item Namespace Reference: Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. @@ -573,28 +573,28 @@ Title Change: A name given to the control, which may be used by a tool for display and navigation. - + - + Position @@ -604,7 +604,7 @@ Position: Where to add the new content with respect to the targeted element (beside it or inside it) - + Reference by ID @@ -636,62 +636,62 @@ Document Title: A name given to the document, which may be used by a tool for display and navigation. - + @@ -704,9 +704,7 @@ Remarks: Additional commentary on the containing object. - + @@ -732,32 +730,32 @@ Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - + @@ -770,9 +768,7 @@ Remarks: Additional commentary on the containing object. - + @@ -798,20 +794,20 @@ Location Title: A name given to the location, which may be used by a tool for display and navigation. - + @@ -824,15 +820,15 @@ Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - + @@ -845,17 +841,15 @@ Remarks: Additional commentary on the containing object. - + - + Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -866,12 +860,12 @@ Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -893,7 +887,7 @@ Party Name: The full name of the party. This is typically the legal name associated with the party. - + @@ -906,7 +900,7 @@ Party Short Name: A short common name, abbreviation, or acronym for the party. - + @@ -920,8 +914,8 @@ Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) - - + + External Identifier Schema @@ -936,28 +930,28 @@ @@ -966,12 +960,12 @@ Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -984,23 +978,21 @@ Remarks: Additional commentary on the containing object. - + - + Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Party Type @@ -1015,12 +1007,12 @@ Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -1043,7 +1035,7 @@ Role Title: A name given to the role, which may be used by a tool for display and navigation. - + @@ -1057,7 +1049,7 @@ Role Short Name: A short common name, abbreviation, or acronym for the role. - + @@ -1071,16 +1063,16 @@ Role Description: A summary of the role's purpose and associated responsibilities. - + @@ -1093,23 +1085,32 @@ Remarks: Additional commentary on the containing object. - + - + Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + + + + Role Identifier Reference + A human-oriented identifier reference to roles served by the user. + + + Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + + + @@ -1142,7 +1143,7 @@ Resource Title: A name given to the resource, which may be used by a tool for display and navigation. - + @@ -1157,16 +1158,16 @@ Resource Description: A short summary of the resource used to indicate the purpose of the resource. - + @@ -1191,16 +1192,16 @@ Citation Text: A line of citation text. - + @@ -1218,11 +1219,11 @@ - + Hypertext Reference @@ -1232,11 +1233,11 @@ Hypertext Reference: A resolvable URI reference to a resource. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1255,22 +1256,22 @@ Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. - - + + File Name - Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. + Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. File Name: Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1290,17 +1291,15 @@ Remarks: Additional commentary on the containing object. - + - + Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1330,13 +1329,11 @@ Remarks: Additional commentary on the containing object. - + - + Property Name @@ -1346,17 +1343,17 @@ Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - + Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Property Namespace @@ -1366,7 +1363,7 @@ Property Namespace: A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name. - + Property Value @@ -1376,11 +1373,11 @@ Property Value: Indicates the value of the attribute, characteristic, or quality. - + Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. @@ -1408,12 +1405,12 @@ Link Text: A textual label to associate with the link, which may be used for presentation in a tool. - + - + Hypertext Reference @@ -1423,7 +1420,7 @@ Hypertext Reference: A resolvable URL reference to a resource. - + Relation @@ -1433,11 +1430,11 @@ Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -1455,15 +1452,15 @@ @@ -1476,17 +1473,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role - A human-oriented identifier reference to roles served by the user. + A human-oriented identifier reference to roles served by the user. Responsible Role: A human-oriented identifier reference to roles served by the user. @@ -1504,15 +1499,15 @@ @@ -1525,17 +1520,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to roles responsible for the business function. Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. @@ -1552,8 +1545,8 @@ Hash: A representation of a cryptographic digest generated over a resource using a specified hash algorithm. - - + + Hash algorithm @@ -1576,30 +1569,30 @@ Remarks: Additional commentary on the containing object. - + Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + @@ -1610,7 +1603,7 @@ Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. - + @@ -1621,18 +1614,18 @@ OSCAL version: The OSCAL model version the document was authored against. - + Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. Email Address: An email address as defined by RFC 5322 Section 3.4.1. - + @@ -1644,8 +1637,8 @@ Telephone Number: Contact number by telephone. - - + + type flag @@ -1669,7 +1662,7 @@ @@ -1682,7 +1675,7 @@ City: City, town or geographical region for the mailing address. - + @@ -1695,7 +1688,7 @@ State: State, province or analogous geographical region for mailing address - + @@ -1708,7 +1701,7 @@ Postal Code: Postal or ZIP code for mailing address - + @@ -1721,11 +1714,11 @@ Country Code: The ISO 3166-1 alpha-2 country code for the mailing address. - + - + Address Type @@ -1745,20 +1738,20 @@ Address line: A single line of an address. - + Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. - - + + Document Identification Scheme @@ -1792,37 +1785,35 @@ Part Title: A name given to the part, which may be used by a tool for display and navigation. - + - + - + Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Part Name @@ -1832,7 +1823,7 @@ Part Name: A textual label that uniquely identifies the part's semantic type. - + Part Namespace @@ -1842,11 +1833,11 @@ Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - + Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. @@ -1864,11 +1855,11 @@ @@ -1876,13 +1867,13 @@ Parameter Label - A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. + A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. Parameter Label: A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. - + @@ -1897,25 +1888,25 @@ Parameter Usage Description: Describes the purpose and use of a parameter - + @@ -1929,23 +1920,21 @@ Remarks: Additional commentary on the containing object. - + - + Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Parameter Class @@ -1955,7 +1944,7 @@ Parameter Class: A textual label that provides a characterization of the parameter. - + Depends on @@ -1987,7 +1976,7 @@ Constraint Description: A textual summary of the constraint to be applied. - + @@ -2012,7 +2001,7 @@ Constraint test: A formal (executable) expression of a constraint - + @@ -2025,9 +2014,7 @@ Remarks: Additional commentary on the containing object. - + @@ -2045,9 +2032,7 @@ Guideline: A prose statement that provides a recommendation for the use of a parameter. - + @@ -2059,7 +2044,7 @@ Parameter Value: A parameter value or set of values. - + @@ -2082,12 +2067,12 @@ Choice: A value selection among several such options - + - + Parameter Cardinality @@ -2108,55 +2093,33 @@ Include All: Include all controls from the imported catalog or profile resources. - - - - - + + + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + - - - - - - - - - The content model is the same as blockElementType, but line endings need - to be preserved, since this is preformatted. - - - - - + - The content model is the same as blockElementType, but line endings need + The content model is the same as inlineMarkupType, but line endings need to be preserved, since this is preformatted. @@ -2165,34 +2128,39 @@ + - - - + + + - + - - - - + + + + + - + - - + + + + + @@ -2201,49 +2169,49 @@ - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + - + + + + + + + + + + + + + + + + + + + + + + + - + + + - - An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. + An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. @@ -2252,163 +2220,80 @@ - The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. + The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. - - - - - A string, but not empty and not whitespace-only (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) - - - - - - The xs:dateTime with a required timezone. - - - - - - An email address - - - - - - A URI - - - - - - A URI reference, such as a relative URL - - - - - - A Type 4 ('random' or 'pseudorandom' UUID per RFC 4122 - - - - - - A string token following the rules of XML "no colon" names, with no whitespace. (XML names are single alphabetic characters - followed by alphanumeric characters, periods, underscores or dashes.) - - - - - - A trimmed string, at least one character with no - leading or trailing whitespace. - - - - - - - + - - - The xs:date with a required timezone. - - - + + + - + The xs:dateTime with a required timezone. - - + + An email address - - + + Need a better pattern. - - - A host name - - - - - - The ip-v4-address type specifies an IPv4 address in - dot decimal notation. - - - - - - + - The ip-v6-address type specifies an IPv6 address - represented in 8 hextets separated by colons. - This is based on the pattern provided here: - https://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses - with some customizations. + A string, but not empty and not whitespace-only + (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) - - - - - - + + The OSCAL 'string' datatype restricts the XSD type by prohibiting leading + and trailing whitespace, and something (not only whitespace) is required. + + A trimmed string, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. - + - A string, but not empty and not whitespace-only - (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) + + A string token following the rules of XML "no + colon" names, with no whitespace. (XML names are single alphabetic + characters followed by alphanumeric characters, periods, underscores or dashes.) + - - - The OSCAL 'string' datatype restricts the XSD type by prohibiting leading - and trailing whitespace, and something (not only whitespace) is required. - - - + + + - A trimmed string, at least one character with no - leading or trailing whitespace. + + A single token may not contain whitespace. + @@ -2428,13 +2313,13 @@ A URI reference, such as a relative URL - + A trimmed URI, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. @@ -2442,14 +2327,14 @@ A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC - 4122. + 4122. - + A sequence of 8-4-4-4-12 hex digits, with extra - constraints in the 13th and 17-18th places for version 4 and 5 - + constraints in the 13th and 17-18th places for version 4 and 5 + diff --git a/xml/schema/oscal_ssp_schema.xsd b/xml/schema/oscal_ssp_schema.xsd index 05ea0adf8d..1fb7672793 100644 --- a/xml/schema/oscal_ssp_schema.xsd +++ b/xml/schema/oscal_ssp_schema.xsd @@ -1,8 +1,8 @@ - @@ -19,7 +19,7 @@ + type="oscal-ssp-system-security-plan-ASSEMBLY"/> @@ -31,35 +31,35 @@ - + System Security Plan Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. System Security Plan Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -86,13 +86,11 @@ Remarks: Additional commentary on the containing object. - + - + Profile Reference @@ -114,7 +112,7 @@ @@ -127,7 +125,7 @@ System Name - Full: The full name of the system. - + @@ -140,7 +138,7 @@ System Name - Short: A short name for the system, such as an acronym, that is suitable for display in a data table or summary list. - + @@ -154,20 +152,20 @@ System Description: A summary of the system. - + @@ -175,40 +173,40 @@ Security Sensitivity Level - The overall information system sensitivity categorization, such as defined by FIPS-199. + The overall information system sensitivity categorization, such as defined by FIPS-199. Security Sensitivity Level: The overall information system sensitivity categorization, such as defined by FIPS-199. - + @@ -221,9 +219,7 @@ Remarks: Additional commentary on the containing object. - + @@ -232,18 +228,18 @@ System Information - Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. + Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. System Information: Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. @@ -251,7 +247,7 @@ Information Type - Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. + Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. Information Type: Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60. @@ -268,7 +264,7 @@ title field: A human readable name for the information type. This title should be meaningful within the context of the system. - + @@ -283,7 +279,7 @@ Information Type Description: A summary of how this information type is used within the system. - + @@ -292,7 +288,7 @@ Information Type Categorization - A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60. + A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60. Information Type Categorization: A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60. @@ -303,16 +299,16 @@ Information Type Systematized Identifier - A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Information Type Systematized Identifier: A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + - + Information Type Identification System @@ -325,11 +321,11 @@ @@ -344,19 +340,19 @@ @@ -369,9 +365,7 @@ Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. - + @@ -389,19 +383,19 @@ @@ -414,9 +408,7 @@ Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. - + @@ -434,19 +426,19 @@ @@ -459,20 +451,18 @@ Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. - + - + Information Type Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Information Type Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -491,7 +481,7 @@ Base Level (Confidentiality, Integrity, or Availability): The prescribed base (Confidentiality, Integrity, or Availability) security impact level. - + @@ -502,7 +492,7 @@ Selected Level (Confidentiality, Integrity, or Availability): The selected (Confidentiality, Integrity, or Availability) security impact level. - + @@ -514,7 +504,7 @@ Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change. - + @@ -539,7 +529,7 @@ Security Objective: Confidentiality: A target-level of confidentiality for the system, based on the sensitivity of information within the system. - + @@ -552,7 +542,7 @@ Security Objective: Integrity: A target-level of integrity for the system, based on the sensitivity of information within the system. - + @@ -565,7 +555,7 @@ Security Objective: Availability: A target-level of availability for the system, based on the sensitivity of information within the system. - + @@ -590,13 +580,11 @@ Remarks: Additional commentary on the containing object. - + - + State @@ -616,7 +604,7 @@ System Authorization Date: The date the system received its authorization. - + @@ -639,20 +627,20 @@ Authorization Boundary Description: A summary of the system's authorization boundary. - + @@ -665,9 +653,7 @@ Remarks: Additional commentary on the containing object. - + @@ -693,16 +679,16 @@ Diagram Description: A summary of the diagram. - + @@ -716,7 +702,7 @@ Caption: A brief caption to annotate the diagram. - + @@ -730,17 +716,15 @@ Remarks: Additional commentary on the containing object. - + - + Diagram ID - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Diagram ID: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -768,20 +752,20 @@ Network Architecture Description: A summary of the system's network architecture. - + @@ -794,9 +778,7 @@ Remarks: Additional commentary on the containing object. - + @@ -822,20 +804,20 @@ Data Flow Description: A summary of the system's data flow. - + @@ -848,9 +830,7 @@ Remarks: Additional commentary on the containing object. - + @@ -866,11 +846,11 @@ @@ -878,7 +858,7 @@ Leveraged Authorization - A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider. + A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider. Leveraged Authorization: A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider. @@ -895,16 +875,16 @@ title field: A human readable name for the leveraged authorization in the context of the system. - + @@ -912,16 +892,16 @@ party-uuid field - A machine-oriented identifier reference to the party that manages the leveraged system. + A machine-oriented identifier reference to the party that manages the leveraged system. party-uuid field: A machine-oriented identifier reference to the party that manages the leveraged system. - + @@ -934,17 +914,15 @@ Remarks: Additional commentary on the containing object. - + - + Leveraged Authorization Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Leveraged Authorization Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -953,15 +931,15 @@ @@ -974,9 +952,7 @@ Remarks: Additional commentary on the containing object. - + @@ -1002,16 +978,16 @@ Control Implementation Description: A statement describing important things to know about how this set of control satisfaction documentation is approached. - + @@ -1027,27 +1003,27 @@ @@ -1060,27 +1036,25 @@ Remarks: Additional commentary on the containing object. - + - + Control Requirement Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Control Requirement Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -1098,19 +1072,19 @@ @@ -1123,27 +1097,25 @@ Remarks: Additional commentary on the containing object. - + - + Control Statement Reference - A human-oriented identifier reference to a control statement. + A human-oriented identifier reference to a control statement. Control Statement Reference: A human-oriented identifier reference to a control statement. - + Control Statement Reference Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Control Statement Reference Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). @@ -1171,24 +1143,24 @@ Control Implementation Description: An implementation statement that describes how a control or a control statement is implemented within the referenced system component. - + @@ -1213,16 +1185,16 @@ Control Implementation Export Description: An implementation statement that describes the aspects of the control or control statement implementation that can be available to another system leveraging this system. - + @@ -1247,20 +1219,20 @@ Provided Control Implementation Description: An implementation statement that describes the aspects of the control or control statement implementation that can be provided to another system leveraging this system. - + @@ -1273,17 +1245,15 @@ Remarks: Additional commentary on the containing object. - + - + Provided Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Provided Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1313,20 +1283,20 @@ Control Implementation Responsibility Description: An implementation statement that describes the aspects of the control or control statement implementation that a leveraging system must implement to satisfy the control provided by a leveraged system. - + @@ -1339,27 +1309,25 @@ Remarks: Additional commentary on the containing object. - + - + Responsibility Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Responsibility Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Provided UUID - A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. + A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. Provided UUID: A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. @@ -1377,9 +1345,7 @@ Remarks: Additional commentary on the containing object. - + @@ -1407,38 +1373,38 @@ Inherited Control Implementation Description: An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is inheriting from a leveraged system. - + - + Inherited Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inherited Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Provided UUID - A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. + A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. Provided UUID: A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system. @@ -1468,20 +1434,20 @@ Satisfied Control Implementation Responsibility Description: An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is implementing based on a requirement from a leveraged system. - + @@ -1494,27 +1460,25 @@ Remarks: Additional commentary on the containing object. - + - + Satisfied Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Satisfied Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Responsibility UUID - A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system. + A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system. Responsibility UUID: A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system. @@ -1523,7 +1487,7 @@ @@ -1536,27 +1500,25 @@ Remarks: Additional commentary on the containing object. - + - + Component Universally Unique Identifier Reference - A machine-oriented identifier reference to the component that is implemeting a given control. + A machine-oriented identifier reference to the component that is implemeting a given control. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to the component that is implemeting a given control. - + By-Component Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. By-Component Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1584,62 +1546,62 @@ Document Title: A name given to the document, which may be used by a tool for display and navigation. - + @@ -1652,9 +1614,7 @@ Remarks: Additional commentary on the containing object. - + @@ -1680,32 +1640,32 @@ Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - + @@ -1718,9 +1678,7 @@ Remarks: Additional commentary on the containing object. - + @@ -1746,20 +1704,20 @@ Location Title: A name given to the location, which may be used by a tool for display and navigation. - + @@ -1772,15 +1730,15 @@ Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - + @@ -1793,17 +1751,15 @@ Remarks: Additional commentary on the containing object. - + - + Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -1814,12 +1770,12 @@ Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -1841,7 +1797,7 @@ Party Name: The full name of the party. This is typically the legal name associated with the party. - + @@ -1854,7 +1810,7 @@ Party Short Name: A short common name, abbreviation, or acronym for the party. - + @@ -1868,8 +1824,8 @@ Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) - - + + External Identifier Schema @@ -1884,28 +1840,28 @@ @@ -1914,12 +1870,12 @@ Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -1932,23 +1888,21 @@ Remarks: Additional commentary on the containing object. - + - + Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Party Type @@ -1963,12 +1917,12 @@ Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - + @@ -1991,7 +1945,7 @@ Role Title: A name given to the role, which may be used by a tool for display and navigation. - + @@ -2005,7 +1959,7 @@ Role Short Name: A short common name, abbreviation, or acronym for the role. - + @@ -2019,16 +1973,16 @@ Role Description: A summary of the role's purpose and associated responsibilities. - + @@ -2041,17 +1995,15 @@ Remarks: Additional commentary on the containing object. - + - + Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2062,12 +2014,12 @@ Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + A human-oriented identifier reference to roles served by the user. Role Identifier Reference: A human-oriented identifier reference to roles served by the user. - + @@ -2101,7 +2053,7 @@ Resource Title: A name given to the resource, which may be used by a tool for display and navigation. - + @@ -2116,16 +2068,16 @@ Resource Description: A short summary of the resource used to indicate the purpose of the resource. - + @@ -2150,16 +2102,16 @@ Citation Text: A line of citation text. - + @@ -2177,11 +2129,11 @@ - + Hypertext Reference @@ -2191,11 +2143,11 @@ Hypertext Reference: A resolvable URI reference to a resource. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -2214,22 +2166,22 @@ Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. - - + + File Name - Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. + Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. File Name: Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -2249,17 +2201,15 @@ Remarks: Additional commentary on the containing object. - + - + Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -2289,13 +2239,11 @@ Remarks: Additional commentary on the containing object. - + - + Property Name @@ -2305,17 +2253,17 @@ Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - + Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Property Namespace @@ -2325,7 +2273,7 @@ Property Namespace: A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name. - + Property Value @@ -2335,11 +2283,11 @@ Property Value: Indicates the value of the attribute, characteristic, or quality. - + Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. @@ -2367,12 +2315,12 @@ Link Text: A textual label to associate with the link, which may be used for presentation in a tool. - + - + Hypertext Reference @@ -2382,7 +2330,7 @@ Hypertext Reference: A resolvable URL reference to a resource. - + Relation @@ -2392,11 +2340,11 @@ Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. - + Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. @@ -2414,15 +2362,15 @@ @@ -2435,17 +2383,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role - A human-oriented identifier reference to roles served by the user. + A human-oriented identifier reference to roles served by the user. Responsible Role: A human-oriented identifier reference to roles served by the user. @@ -2463,15 +2409,15 @@ @@ -2484,17 +2430,15 @@ Remarks: Additional commentary on the containing object. - + - + Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to roles responsible for the business function. Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. @@ -2511,8 +2455,8 @@ Hash: A representation of a cryptographic digest generated over a resource using a specified hash algorithm. - - + + Hash algorithm @@ -2535,30 +2479,30 @@ Remarks: Additional commentary on the containing object. - + Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. - + @@ -2569,7 +2513,7 @@ Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. - + @@ -2580,18 +2524,18 @@ OSCAL version: The OSCAL model version the document was authored against. - + Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. Email Address: An email address as defined by RFC 5322 Section 3.4.1. - + @@ -2603,8 +2547,8 @@ Telephone Number: Contact number by telephone. - - + + type flag @@ -2628,7 +2572,7 @@ @@ -2641,7 +2585,7 @@ City: City, town or geographical region for the mailing address. - + @@ -2654,7 +2598,7 @@ State: State, province or analogous geographical region for mailing address - + @@ -2667,7 +2611,7 @@ Postal Code: Postal or ZIP code for mailing address - + @@ -2680,11 +2624,11 @@ Country Code: The ISO 3166-1 alpha-2 country code for the mailing address. - + - + Address Type @@ -2704,20 +2648,20 @@ Address line: A single line of an address. - + Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. - - + + Document Identification Scheme @@ -2751,7 +2695,7 @@ Component Title: A human readable name for the system component. - + @@ -2766,7 +2710,7 @@ Component Description: A description of the component, including information about its function. - + @@ -2781,16 +2725,16 @@ Purpose: A summary of the technological or business purpose of the component. - + @@ -2814,13 +2758,11 @@ Remarks: Additional commentary on the containing object. - + - + State @@ -2833,11 +2775,11 @@ @@ -2850,23 +2792,21 @@ Remarks: Additional commentary on the containing object. - + - + Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Component Type @@ -2898,30 +2838,30 @@ Protocol Title: A human readable name for the protocol (e.g., Transport Layer Security). - + - + Service Protocol Information Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Service Protocol Information Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Protocol Name - The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. + The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. Protocol Name: The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry. @@ -2937,7 +2877,7 @@ Port Range: Where applicable this is the IPv4 port range on which the service operates. - + Start @@ -2947,7 +2887,7 @@ Start: Indicates the starting port number in a port range - + End @@ -2957,7 +2897,7 @@ End: Indicates the ending port number in a port range - + Transport @@ -2988,13 +2928,11 @@ Remarks: Additional commentary on the containing object. - + - + Implementation State @@ -3026,7 +2964,7 @@ User Title: A name given to the user, which may be used by a tool for display and navigation. - + @@ -3040,7 +2978,7 @@ User Short Name: A short common name, abbreviation, or acronym for the user. - + @@ -3054,24 +2992,24 @@ User Description: A summary of the user's purpose within the system. - + @@ -3084,17 +3022,15 @@ Remarks: Additional commentary on the containing object. - + - + User Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. User Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3122,7 +3058,7 @@ Privilege Title: A human readable name for the privilege. - + @@ -3137,12 +3073,12 @@ Privilege Description: A summary of the privilege's purpose within the system. - + @@ -3156,7 +3092,7 @@ Functions Performed: Describes a function performed for a given authorized privilege by this user class. - + @@ -3179,20 +3115,20 @@ Inventory Item Description: A summary of the inventory item stating its purpose within the system. - + @@ -3207,15 +3143,15 @@ @@ -3228,17 +3164,15 @@ Remarks: Additional commentary on the containing object. - + - + Component Universally Unique Identifier Reference - A machine-oriented identifier reference to a component that is implemented as part of an inventory item. + A machine-oriented identifier reference to a component that is implemented as part of an inventory item. Component Universally Unique Identifier Reference: A machine-oriented identifier reference to a component that is implemented as part of an inventory item. @@ -3256,17 +3190,15 @@ Remarks: Additional commentary on the containing object. - + - + Inventory Item Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Inventory Item Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. @@ -3293,7 +3225,7 @@ Parameter Value: A parameter value or set of values. - + @@ -3306,17 +3238,15 @@ Remarks: Additional commentary on the containing object. - + - + Parameter ID - A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. + A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. Parameter ID: A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context. @@ -3327,14 +3257,14 @@ System Identification - A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. + A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. System Identification: A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document. - - + + Identification System Type @@ -3368,37 +3298,35 @@ Part Title: A name given to the part, which may be used by a tool for display and navigation. - + - + - + Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Part Name @@ -3408,7 +3336,7 @@ Part Name: A textual label that uniquely identifies the part's semantic type. - + Part Namespace @@ -3418,11 +3346,11 @@ Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - + Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. @@ -3440,11 +3368,11 @@ @@ -3452,13 +3380,13 @@ Parameter Label - A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. + A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. Parameter Label: A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned. - + @@ -3473,25 +3401,25 @@ Parameter Usage Description: Describes the purpose and use of a parameter - + @@ -3505,23 +3433,21 @@ Remarks: Additional commentary on the containing object. - + - + Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - + Parameter Class @@ -3531,7 +3457,7 @@ Parameter Class: A textual label that provides a characterization of the parameter. - + Depends on @@ -3563,7 +3489,7 @@ Constraint Description: A textual summary of the constraint to be applied. - + @@ -3588,7 +3514,7 @@ Constraint test: A formal (executable) expression of a constraint - + @@ -3601,9 +3527,7 @@ Remarks: Additional commentary on the containing object. - + @@ -3621,9 +3545,7 @@ Guideline: A prose statement that provides a recommendation for the use of a parameter. - + @@ -3635,7 +3557,7 @@ Parameter Value: A parameter value or set of values. - + @@ -3658,12 +3580,12 @@ Choice: A value selection among several such options - + - + Parameter Cardinality @@ -3684,55 +3606,33 @@ Include All: Include all controls from the imported catalog or profile resources. - - - - - + + + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + - - - - - - - - - The content model is the same as blockElementType, but line endings need - to be preserved, since this is preformatted. - - - - - + - The content model is the same as blockElementType, but line endings need + The content model is the same as inlineMarkupType, but line endings need to be preserved, since this is preformatted. @@ -3741,34 +3641,39 @@ + - - - + + + - + - - - - + + + + + - + - - + + + + + @@ -3777,49 +3682,49 @@ - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + - + + + + + + + + + + + + + + + + + + + + + + + - + + + - - An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. + An insert can be used to identify a placeholder for dynamically inserting text related to a specific object, which is referenced by the object's identifier using an id-ref. This insert mechanism allows the selection of which text value from the object to dynamically include based on the application's display requirements. @@ -3828,70 +3733,13 @@ - The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. + The identity of the object to insert a value for. The identity will be selected from the index of objects of the specified type. The specific value to include is based on the application's display requirements, which will likely use a specific data element associated with the type (e.g., title, identifier, value, etc.) that is appropriate for the application. - - - - - A string, but not empty and not whitespace-only (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) - - - - - - The xs:dateTime with a required timezone. - - - - - - An email address - - - - - - A URI - - - - - - A URI reference, such as a relative URL - - - - - - A Type 4 ('random' or 'pseudorandom' UUID per RFC 4122 - - - - - - A string token following the rules of XML "no colon" names, with no whitespace. (XML names are single alphabetic characters - followed by alphanumeric characters, periods, underscores or dashes.) - - - - - - A trimmed string, at least one character with no - leading or trailing whitespace. - - + @@ -3899,73 +3747,37 @@ - - - The xs:date with a required timezone. - - - - - - + The xs:dateTime with a required timezone. - - + + An email address - - + + Need a better pattern. - - - A host name - - - - - - The ip-v4-address type specifies an IPv4 address in - dot decimal notation. - - - - - - - - The ip-v6-address type specifies an IPv6 address - represented in 8 hextets separated by colons. - This is based on the pattern provided here: - https://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses - with some customizations. - - - - - - - - + + A trimmed string, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. @@ -3973,18 +3785,38 @@ A string, but not empty and not whitespace-only - (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) + (whitespace is U+9, U+10, U+32 or [ \n\t]+ ) The OSCAL 'string' datatype restricts the XSD type by prohibiting leading - and trailing whitespace, and something (not only whitespace) is required. + and trailing whitespace, and something (not only whitespace) is required. A trimmed string, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. + + + + + + + + A string token following the rules of XML "no + colon" names, with no whitespace. (XML names are single alphabetic + characters followed by alphanumeric characters, periods, underscores or dashes.) + + + + + + + + A single token may not contain whitespace. + @@ -4004,13 +3836,13 @@ A URI reference, such as a relative URL - + A trimmed URI, at least one character with no - leading or trailing whitespace. + leading or trailing whitespace. @@ -4018,14 +3850,14 @@ A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC - 4122. + 4122. - + A sequence of 8-4-4-4-12 hex digits, with extra - constraints in the 13th and 17-18th places for version 4 and 5 - + constraints in the 13th and 17-18th places for version 4 and 5 +