System Security Plan Model v1.1.1 XML Format Index
The following is a reference for the XML element and attribute types derived from the metaschema for this model.
Short name oscal-ssp
XML namespace http://csrc.nist.gov/ns/oscal/1.0
Remarks
The OSCAL Control SSP format can be used to describe the information typically specified in a system security plan, such as those defined in NIST SP 800-18.
The root of the OSCAL System Security Plan (SSP) format is system-security-plan.
description An action applied by a role within a given party to the content.
Constraints (4)
index has key for responsible-partythis value must correspond to a listing in the index index-metadata-role-id using a key constructed of key field(s) @role-id
index has key for responsible-partythis value must correspond to a listing in the index index-metadata-party-uuid using a key constructed of key field(s) party-uuid
allowed value for ./system/@value
The value may be locally defined, or the following:
- http://csrc.nist.gov/ns/oscal: This value identifies action types defined in the NIST OSCAL namespace.
allowed values for ./type[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@value
The value must be one of the following:
- approval: An approval of a document instance's content.
- request-changes: A request from the responisble party or parties to change the content.
Attributes (4):
description A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document.
description The date and time when the action occurred.
description The type of action documented by the assembly, such as an approval.
description Specifies the action type system used.
Remarks
Provides a means to segment the value space for the type, so that different organizations and individuals can assert control over the allowed
action's type. This allows the semantics associated with a given type to be defined on an organization-by-organization basis.
An organization MUST use a URI that they have control over. e.g., a domain registered to the organization in a URI, a registered uniform resource names (URN) namespace.
Elements (4):
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
A responsible-party requires one or more party-uuid references creating a strong relationship arc between the referenced role-id and the reference parties. This differs in semantics from responsible-role which doesn't require that a party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description A single line of an address.
description A postal address for the location.
Attribute (1):
use name type
Elements (5):
description City, town or geographical region for the mailing address.
description State, province or analogous geographical region for a mailing address.
description Postal or ZIP code for mailing address.
description The ISO 3166-1 alpha-2 country code for the mailing address.
Constraint (1)
matches: a target (value) must match the regular expression '[A-Z]{2}'.
description If the selected security level is different from the base security level, this contains the justification for the change.
description A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.
Constraint (1)
is unique for diagram: any target value must be unique (i.e., occur only once)
Elements (5):
description A summary of the system's authorization boundary.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
A diagram must include a link with a rel value of "diagram", who's href references a remote URI or an internal
reference within this document containing the diagram.
A visual depiction of the system's authorization boundary.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.
Elements (3):
description A human readable name for the privilege.
description A summary of the privilege's purpose within the system.
description A collection of resources that may be referenced from within the OSCAL document instance.
Remarks
Provides a collection of identified resource objects that can be referenced by a link with a rel value of "reference" and an href value that is a fragment "#" followed by a reference to a reference's uuid. Other specialized link "rel" values also use this pattern when indicated in that
context of use.
Constraint (1)
index for resource an index index-back-matter-resource shall list values returned by targets resource using keys constructed of key field(s) @uuid
Elements (1):
description A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.
Remarks
A resource can be used in two ways. 1) it may point to an specific retrievable network
resource using a rlink, or 2) it may be included as an attachment using a base64. A resource may contain multiple rlink and base64 entries that represent alternative download locations (rlink) and attachments (base64)
for the same resource.
Both rlink and base64 allow for a media-type to be specified, which is used to distinguish between different representations of
the same resource (e.g., Microsoft Word, PDF). When multiple rlink and base64 items are included for a given resource, all items must contain equivalent information.
This allows the document consumer to choose a preferred item to process based on a
the selected item's media-type. This is extremely important when the items represent OSCAL content that is represented
in alternate formats (i.e., XML, JSON, YAML), allowing the same OSCAL data to be processed
from any of the available formats indicated by the items.
When a resource includes a citation, then the title and citation properties must both be included.
Constraints (6)
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- type: Identifies the type of resource represented. The most specific appropriate type value SHOULD be used.
- version: For resources representing a published document, this represents the version number of that document.
- published: For resources representing a published document, this represents the publication date of that document.
matches for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='published']/@value: the target value must match the lexical form of the 'dateTime-with-timezone' data
type.
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='type']/@value
The value must be one of the following:
- logo: Indicates the resource is an organization's logo.
- image: Indicates the resource represents an image.
- screen-shot: Indicates the resource represents an image of screen content.
- law: Indicates the resource represents an applicable law.
- regulation: Indicates the resource represents an applicable regulation.
- standard: Indicates the resource represents an applicable standard.
- external-guidance: Indicates the resource represents applicable guidance.
- acronyms: Indicates the resource provides a list of relevant acronyms.
- citation: Indicates the resource cites relevant information.
- policy: Indicates the resource is a policy.
- procedure: Indicates the resource is a procedure.
- system-guide: Indicates the resource is guidance document related to the subject system of an SSP.
- users-guide: Indicates the resource is guidance document a user's guide or administrator's guide.
- administrators-guide: Indicates the resource is guidance document a administrator's guide.
- rules-of-behavior: Indicates the resource represents rules of behavior content.
- plan: Indicates the resource represents a plan.
- artifact: Indicates the resource represents an artifact, such as may be reviewed by an assessor.
- evidence: Indicates the resource represents evidence, such as to support an assessment finding.
- tool-output: Indicates the resource represents output from a tool.
- raw-data: Indicates the resource represents machine data, which may require a tool or analysis for interpretation or presentation.
- interview-notes: Indicates the resource represents notes from an interview, such as may be collected during an assessment.
- questionnaire: Indicates the resource is a set of questions, possibly with responses.
- report: Indicates the resource is a report.
- agreement: Indicates the resource is a formal agreement between two or more parties.
has cardinality for rlink|base64 the cardinality of rlink|base64 is constrained: 1; maximum unbounded.
is unique for rlink: any target value must be unique (i.e., occur only once)
is unique for base64: any target value must be unique (i.e., occur only once)
Attribute (1):
description A unique identifier for a resource.
Elements (8):
description An optional name given to the resource, which may be used by a tool for display and navigation.
description An optional short summary of the resource used to indicate the purpose of the resource.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions, representations or digital surrogates of the same document.
A document identifier provides an additional data point for identifying a document that can be assigned by a publisher or organization for purposes in a wider system, such as a digital object identifier (DOI) or a local content management system identifier.
Use of a document identifier allows for document creators to associate sets of documents
that are related in some way by the same document-id.
An OSCAL document always has an implicit document identifier provided by the document's
UUID, defined by the uuid on the top-level object. Having a default UUID-based identifier ensures all documents
can be minimally identified when other document identifiers are not provided.
description An optional citation consisting of end note text using structured markup.
Elements (3):
description A line of citation text.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
description A URL-based pointer to an external resource with an optional hash for verification and change detection.
Remarks
Multiple rlink objects can be included for a resource. In such a case, all provided rlink items are intended to be equivalent in content, but may differ in structure or format.
A media-type is used to identify the format of a given rlink, and can be used to differentiate
items in a collection of rlinks. The media-type provides a hint to the OSCAL document consumer about the structure of the resource
referenced by the rlink.
Attributes (2):
description A resolvable URL pointing to the referenced resource.
Remarks
This value may be either:
- an absolute URI that points to a network resolvable resource,
- a relative reference pointing to a network resolvable resource whose base URI is the URI of the containing document, or
Remarks
The Internet Assigned Numbers Authority (IANA) Media Types Registry defines a standardized set of media types, which may be used here.
The application/oscal+xml, application/oscal+json or application/oscal+yaml media types SHOULD be used when referencing OSCAL XML, JSON, or YAML resources respectively.
**Note: There is no official media type for YAML at this time.** OSCAL documents should
specify application/yaml for general YAML content, or application/oscal+yaml for YAML-based OSCAL content. This approach aligns with use of a structured name
suffix, per RFC 6838 Section 4.2.8.
Some earlier OSCAL content incorporated the model into the media type. For example:
application/oscal.catalog+xml. This practice SHOULD be avoided, since the OSCAL model can be detected by parsing
the initial content of the referenced resource.
Elements (1):
description A hash of the resource identified by href, which can be used to verify the resource was not changed since it was hashed.
Remarks
The hash value can be used to confirm that the resource referenced by the href is the same resources that was hashed by retrieving the resource, calculating a hash,
and comparing the result to this value.
description A resource encoded using the Base64 alphabet defined by RFC 2045.
Attributes (2):
description Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.
Remarks
The Internet Assigned Numbers Authority (IANA) Media Types Registry defines a standardized set of media types, which may be used here.
The application/oscal+xml, application/oscal+json or application/oscal+yaml media types SHOULD be used when referencing OSCAL XML, JSON, or YAML resources respectively.
**Note: There is no official media type for YAML at this time.** OSCAL documents should
specify application/yaml for general YAML content, or application/oscal+yaml for YAML-based OSCAL content. This approach aligns with use of a structured name
suffix, per RFC 6838 Section 4.2.8.
Some earlier OSCAL content incorporated the model into the media type. For example:
application/oscal.catalog+xml. This practice SHOULD be avoided, since the OSCAL model can be detected by parsing
the initial content of the referenced resource.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description The prescribed base (Confidentiality, Integrity, or Availability) security impact level.
description Defines how the referenced component implements a set of controls.
Remarks
Use of set-parameter in this context, sets the parameter for the control referenced in the containing
implemented-requirement applied to the referenced component. If the by-component is used as a child of a statement, then the parameter value also applies only in the context of the referenced statement.
If the same parameter is also set in the control-implementation or a specific implemented-requirement, then this by-component/set-parameter value will override the other value(s) in the context of the referenced component,
control, and statement (if parent).
Constraints (5)
allowed value for link/@rel
The value may be locally defined, or the following:
- imported-from: The hyperlink identifies a URI pointing to the component in a component-definition that originally described the component this component was based on.
allowed values for .//responsible-role/@role-id
The value may be locally defined, or one of the following:
- asset-owner: Accountable for ensuring the asset is managed in accordance with organizational policies and procedures.
- asset-administrator: Responsible for administering a set of assets.
- security-operations: Members of the security operations center (SOC).
- network-operations: Members of the network operations center (NOC).
- incident-response: Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions.
- help-desk: Responsible for providing information and support to users.
- configuration-management: Responsible for the configuration management processes governing changes to the asset.
- maintainer: Responsible for the creation and maintenance of a component.
- provider: Organization responsible for providing the component, if this is different from the "maintainer" (e.g., a reseller).
is unique for set-parameter: any target value must be unique (i.e., occur only once)
allowed value for link/@rel
The value may be locally defined, or the following:
- provided-by: A reference to the UUID of a control or statement by-component object that is used as evidence of implementation.
index has key for link[@rel='provided-by']this value must correspond to a listing in the index by-component-uuid using a key constructed of key field(s) @href
Attributes (2):
description A machine-oriented identifier reference to the component that is implemeting a given control.
description A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported
OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
Elements (10):
description An implementation statement that describes how a control or a control statement is implemented within the referenced system component.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
The implementation-status is used to qualify the status value to indicate the degree to which the control is implemented.
description Identifies content intended for external consumption, such as with leveraged organizations.
Constraints (2)
has cardinality for provided|responsibility the cardinality of provided|responsibility is constrained: 1; maximum unbounded.
index has key for responsibilitythis value must correspond to a listing in the index by-component-export-provided-uuid using a key constructed of key field(s) @provided-uuid
Elements (6):
description An implementation statement that describes the aspects of the control or control statement implementation that can be available to another system leveraging this system.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
description Describes a capability which may be inherited by a leveraging system.
Constraint (1)
is unique for responsible-role: any target value must be unique (i.e., occur only once)
Attribute (1):
description A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported
OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
Elements (5):
description An implementation statement that describes the aspects of the control or control statement implementation that can be provided to another system leveraging this system.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
A responsible-role allows zero or more party-uuid references, each of which creates a relationship arc between the referenced role-id and the referenced party. This differs in semantics from responsible-party, which requires that at least one party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description Describes a control implementation responsibility imposed on a leveraging system.
Constraint (1)
is unique for responsible-role: any target value must be unique (i.e., occur only once)
Attributes (2):
description A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported
OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
Elements (5):
description An implementation statement that describes the aspects of the control or control statement implementation that a leveraging system must implement to satisfy the control provided by a leveraged system.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
A responsible-role allows zero or more party-uuid references, each of which creates a relationship arc between the referenced role-id and the referenced party. This differs in semantics from responsible-party, which requires that at least one party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
A role defined at the by-component level takes precedence over the same role defined on the parent implemented-requirement or on the referenced component.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description Describes a control implementation inherited by a leveraging system.
Constraint (1)
is unique for responsible-role: any target value must be unique (i.e., occur only once)
Attributes (2):
description A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported
OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
Elements (4):
description An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is inheriting from a leveraged system.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
A responsible-role allows zero or more party-uuid references, each of which creates a relationship arc between the referenced role-id and the referenced party. This differs in semantics from responsible-party, which requires that at least one party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
description Describes how this system satisfies a responsibility imposed by a leveraged system.
Constraint (1)
is unique for responsible-role: any target value must be unique (i.e., occur only once)
Attributes (2):
description A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere
in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported
OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
Elements (5):
description
[1]
Satisfied Control Implementation Responsibility Description
description An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is implementing based on a requirement from a leveraged system.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
A responsible-role allows zero or more party-uuid references, each of which creates a relationship arc between the referenced role-id and the referenced party. This differs in semantics from responsible-party, which requires that at least one party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
Remarks
A responsible-role allows zero or more party-uuid references, each of which creates a relationship arc between the referenced role-id and the referenced party. This differs in semantics from responsible-party, which requires that at least one party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).
description Describes how the system satisfies a set of controls.
Remarks
Use of set-parameter in this context, sets the parameter for all controls referenced by any implemented-requirement contained in this context. Any set-parameter defined in a child context will override this value. If not overridden by a child,
this value applies in the child context.
Constraints (2)
is unique for set-parameter: any target value must be unique (i.e., occur only once)
index for implemented-requirement//by-component/export/provided an index by-component-export-provided-uuid shall list values returned by targets implemented-requirement//by-component/export/provided using keys constructed of key field(s) @uuid
Elements (3):
description A statement describing important things to know about how this set of control satisfaction documentation is approached.
Remarks
Use of set-parameter in this context, sets the parameter for the referenced control. Any set-parameter defined in a child context will override this value. If not overridden by a child,
this value applies in the child context.
description A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.
Constraint (1)
is unique for diagram: any target value must be unique (i.e., occur only once)
Elements (5):
description A summary of the system's data flow.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
A diagram must include a link with a rel value of "diagram", who's href references a remote URI or an internal
reference within this document containing the diagram.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description The date the system received its authorization.
description A graphic that provides a visual representation the system, or some aspect of it.
Remarks
A diagram must include a link with a rel value of "diagram", who's href references a remote URI or an internal
reference within this document containing the diagram.
Constraints (4)
allowed value for link/@rel
The value may be locally defined, or the following:
- diagram: A reference to the diagram image.
matches for link[@rel='diagram']/@href[starts-with(.,'#')]: the target value must match the lexical form of the 'uri-reference' data type.
index has key for link[@rel='diagram' and starts-with(@href,'#')]this value must correspond to a listing in the index index-back-matter-resource using a key constructed of key field(s) @href
matches for link[@rel='diagram']/@href[not(starts-with(.,'#'))]: the target value must match the lexical form of the 'uri' data type.
Attribute (1):
description A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported
OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
Elements (5):
description A summary of the diagram.
Remarks
This description is intended to be used as alternate text to support compliance with requirements from Section 508 of the United States Workforce Rehabilitation Act of 1973.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
description A brief caption to annotate the diagram.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description A document identifier qualified by an identifier scheme.
Remarks
A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions, representations or digital surrogates of the same document.
A document identifier provides an additional data point for identifying a document that can be assigned by a publisher or organization for purposes in a wider system, such as a digital object identifier (DOI) or a local content management system identifier.
Use of a document identifier allows for document creators to associate sets of documents
that are related in some way by the same document-id.
An OSCAL document always has an implicit document identifier provided by the document's
UUID, defined by the uuid on the top-level object. Having a default UUID-based identifier ensures all documents
can be minimally identified when other document identifiers are not provided.
Attribute (1):
description Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.
Remarks
This value must be an absolute URI that serves as a naming system identifier.
Constraint (1)
allowed value
The value may be locally defined, or the following:
- http://www.doi.org/: A Digital Object Identifier (DOI); use is preferred, since this allows for retrieval of a full bibliographic record.
description An email address as defined by RFC 5322 Section 3.4.1.
description Describes a function performed for a given authorized privilege by this user class.
description A representation of a cryptographic digest generated over a resource using a specified hash algorithm.
Constraints (4)
matches for .[@algorithm=('SHA-224','SHA3-224')]: a target (value) must match the regular expression '^[0-9a-fA-F]{28}$'.
matches for .[@algorithm=('SHA-256','SHA3-256')]: a target (value) must match the regular expression '^[0-9a-fA-F]{32}$'.
matches for .[@algorithm=('SHA-384','SHA3-384')]: a target (value) must match the regular expression '^[0-9a-fA-F]{48}$'.
matches for .[@algorithm=('SHA-512','SHA3-512')]: a target (value) must match the regular expression '^[0-9a-fA-F]{64}$'.
Attribute (1):
description The digest method by which a hash is derived.
Remarks
Any other value used MUST be a value defined in the W3C XML Security Algorithm Cross-Reference Digest Methods (W3C, April 2013) or RFC 6931 Section 2.1.5 New SHA Functions.
Constraint (1)
allowed values
The value may be locally defined, or one of the following:
- SHA-224: The SHA-224 algorithm as defined by NIST FIPS 180-4.
- SHA-256: The SHA-256 algorithm as defined by NIST FIPS 180-4.
- SHA-384: The SHA-384 algorithm as defined by NIST FIPS 180-4.
- SHA-512: The SHA-512 algorithm as defined by NIST FIPS 180-4.
- SHA3-224: The SHA3-224 algorithm as defined by NIST FIPS 202.
- SHA3-256: The SHA3-256 algorithm as defined by NIST FIPS 202.
- SHA3-384: The SHA3-384 algorithm as defined by NIST FIPS 202.
- SHA3-512: The SHA3-512 algorithm as defined by NIST FIPS 202.
description The expected level of impact resulting from the described information.
Elements (5):
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
description Indicates the degree to which the a given control is implemented.
Attribute (1):
description Identifies the implementation status of the control or control objective.
Constraint (1)
allowed values
The value may be locally defined, or one of the following:
- implemented: The control is fully implemented.
- partial: The control is partially implemented.
- planned: There is a plan for implementing the control as explained in the remarks.
- alternative: There is an alternative implementation for this control as explained in the remarks.
- not-applicable: This control does not apply to this system as justified in the remarks.
Elements (1):
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description Describes how the system satisfies the requirements of an individual control.
Remarks
Use of set-parameter in this context, sets the parameter for the referenced control. Any set-parameter defined in a child context will override this value. If not overridden by a child,
this value applies in the child context.
Constraints (10)
allowed value for (.|statement|.//by-component)/prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- control-origination: Identifies the source of the implemented control. Any control-origination prop defined in a child context will override the parent value.
allowed values for (.|statement|.//by-component)/prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')
and @name='control-origination']/@value
The value must be one of the following:
- organization: The control is implemented by the organization owning the system, but is not specific to the system itself.
- system-specific: The control is implemented specifically to this system.
- customer-configured: The control is provided by the system, but must be configured by the customer.
- customer-provided: The control must be implemented by the customer.
- inherited: This control is inherited from an underlying system.
allowed values for responsible-role/@role-id
The value may be locally defined, or one of the following:
- asset-owner: Accountable for ensuring the asset is managed in accordance with organizational policies and procedures.
- asset-administrator: Responsible for administering a set of assets.
- security-operations: Members of the security operations center (SOC).
- network-operations: Members of the network operations center (NOC).
- incident-response: Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions.
- help-desk: Responsible for providing information and support to users.
- configuration-management: Responsible for the configuration management processes governing changes to the asset.
index has key for responsible-role|statement/responsible-role|.//by-component//responsible-rolethis value must correspond to a listing in the index index-metadata-role-id using a key constructed of key field(s) @role-id
index has key for responsible-role|statement/responsible-role|.//by-component//responsible-rolethis value must correspond to a listing in the index index-metadata-party-uuid using a key constructed of key field(s) party-uuid
has cardinality for .//by-component the cardinality of .//by-component is constrained: 1; maximum unbounded.
is unique for set-parameter: any target value must be unique (i.e., occur only once)
is unique for responsible-role: any target value must be unique (i.e., occur only once)
is unique for statement: any target value must be unique (i.e., occur only once)
is unique for by-component: any target value must be unique (i.e., occur only once)
Attributes (2):
description A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported
OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
Elements (7):
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
A responsible-role allows zero or more party-uuid references, each of which creates a relationship arc between the referenced role-id and the referenced party. This differs in semantics from responsible-party, which requires that at least one party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
Remarks
Use of set-parameter in this context, sets the parameter for the control referenced in the containing
implemented-requirement applied to the referenced component. If the by-component is used as a child of a statement, then the parameter value also applies only in the context of the referenced statement.
If the same parameter is also set in the control-implementation or a specific implemented-requirement, then this by-component/set-parameter value will override the other value(s) in the context of the referenced component,
control, and statement (if parent).
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description Used to import the OSCAL profile representing the system's control baseline.
Attribute (1):
description A resolvable URL reference to the profile or catalog to use as the system's control baseline.
Remarks
This value may be one of:
- an absolute URI that points to a network resolvable resource,
- a relative reference pointing to a network resolvable resource whose base URI is the URI of the containing document, or
- a bare URI fragment (i.e., `#uuid`) pointing to a
back-matterresource in this or an imported document (see linking to another OSCAL object).
If the resource is an OSCAL profile, it is expected that a tool will resolve the profile according to the OSCAL profile resolution specification to produce a resolved profile for use when processing the containing system security plan. This allows a system security plan processor to use the baseline as a catalog of controls.
While it is possible to reference a previously resolved OSCAL profile as a catalog, this practice is discouraged since the unresolved form of the profile communicates more information about selections and changes to the underlying catalog. Furthermore, the underlying catalog can be maintained separately from the profile, which also has maintenance advantages for distinct maintainers, ensuring that the best available information is produced through profile resolution.
Elements (1):
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description Include all controls from the imported catalog or profile resources.
Remarks
This element provides an alternative to calling controls individually from a catalog.
description A single managed inventory item within the system.
Constraints (9)
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- ipv4-address: The Internet Protocol v4 Address of the asset.
- ipv6-address: The Internet Protocol v6 Address of the asset.
- fqdn: The full-qualified domain name (FQDN) of the asset.
- uri: A Uniform Resource Identifier (URI) for the asset.
- serial-number: A serial number for the asset.
- netbios-name: The NetBIOS name for the asset.
- mac-address: The media access control (MAC) address for the asset.
- physical-location: The physical location of the asset's hardware (e.g., Data Center ID, Cage#, Rack#, or other meaningful location identifiers).
- is-scanned: is the asset subjected to network scans? (yes/no)
- hardware-model: The model number of the hardware used by the asset.
- os-name: The name of the operating system used by the asset.
- os-version: The version of the operating system used by the asset.
- software-name: The software product name used by the asset.
- software-version: The software product version used by the asset.
- software-patch-level: The software product patch level used by the asset.
- asset-type: Simple indication of the asset's function, such as Router, Storage Array, DNS Server.
- asset-id: An organizationally specific identifier that is used to uniquely identify a logical or tangible item by the organization that owns the item.
- asset-tag: An asset tag assigned by the organization responsible for maintaining the logical or tangible item.
- public: Identifies whether the asset is publicly accessible (yes/no)
- virtual: Identifies whether the asset is virtualized (yes/no)
- vlan-id: Virtual LAN identifier of the asset.
- network-id: The network identifier of the asset.
- label: A human-readable label for the parent context.
- sort-id: An alternative identifier, whose value is easily sortable among other such values in the document.
- baseline-configuration-name: The name of the baseline configuration for the asset.
- allows-authenticated-scan: Can the asset be check with an authenticated scan? (yes/no)
- function: The function provided by the asset for the system.
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='asset-type']/@value
The value may be locally defined, or one of the following:
- operating-system: System software that manages computer hardware, software resources, and provides common services for computer programs.
- database: An electronic collection of data, or information, that is specially organized for rapid search and retrieval.
- web-server: A system that delivers content or services to end users over the Internet or an intranet.
- dns-server: A system that resolves domain names to internet protocol (IP) addresses.
- email-server: A computer system that sends and receives electronic mail messages.
- directory-server: A system that stores, organizes and provides access to directory information in order to unify network resources.
- pbx: A private branch exchange (PBX) provides a a private telephone switchboard.
- firewall: A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
- router: A physical or virtual networking device that forwards data packets between computer networks.
- switch: A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device.
- storage-array: A consolidated, block-level data storage capability.
- appliance: A physical or virtual machine that centralizes hardware, software, or services for a specific purpose.
allowed value for (.)[@type=('software', 'hardware', 'service')]/prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- vendor-name: The name of the company or organization
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='is-scanned']/@value
The value must be one of the following:
- yes: The asset is included in periodic vulnerability scanning.
- no: The asset is not included in periodic vulnerability scanning.
allowed value for link/@rel
The value may be locally defined, or the following:
- baseline-template: A reference to the baseline template used to configure the asset.
allowed values for responsible-party/@role-id
The value may be locally defined, or one of the following:
- asset-owner: Accountable for ensuring the asset is managed in accordance with organizational policies and procedures.
- asset-administrator: Responsible for administering a set of assets.
- security-operations: Members of the security operations center (SOC).
- network-operations: Members of the network operations center (NOC).
- incident-response: Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions.
- help-desk: Responsible for providing information and support to users.
- configuration-management: Responsible for the configuration management processes governing changes to the asset.
- maintainer: Responsible for the creation and maintenance of a component.
- provider: Organization responsible for providing the component, if this is different from the "maintainer" (e.g., a reseller).
index has key for responsible-partythis value must correspond to a listing in the index index-metadata-role-id using a key constructed of key field(s) @role-id
index has key for responsible-partythis value must correspond to a listing in the index index-metadata-party-uuid using a key constructed of key field(s) party-uuid
is unique for responsible-party: any target value must be unique (i.e., occur only once)
Attribute (1):
description A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported
OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
Elements (6):
description A summary of the inventory item stating its purpose within the system.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
A responsible-party requires one or more party-uuid references creating a strong relationship arc between the referenced role-id and the reference parties. This differs in semantics from responsible-role which doesn't require that a party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
description The set of components that are implemented in a given system inventory item.
Constraints (4)
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- version: The version of the component.
- patch-level: The specific patch level of the component.
- model: The model of the component.
- release-date: The date the component was released, such as a software release date or policy publication date.
- validation-type: Used with component-type='validation' to provide a well-known name for a kind of validation.
- validation-reference: Used with component-type='validation' to indicate the validating body's assigned identifier for their validation of this component.
- asset-type: Simple indication of the asset's function, such as Router, Storage Array, DNS Server.
- asset-id: An organizationally specific identifier that is used to uniquely identify a logical or tangible item by the organization that owns the item.
- asset-tag: An asset tag assigned by the organization responsible for maintaining the logical or tangible item.
- public: Identifies whether the asset is publicly accessible (yes/no)
- virtual: Identifies whether the asset is virtualized (yes/no)
- vlan-id: Virtual LAN identifier of the asset.
- network-id: The network identifier of the asset.
- label: A human-readable label for the parent context.
- sort-id: An alternative identifier, whose value is easily sortable among other such values in the document.
- baseline-configuration-name: The name of the baseline configuration for the asset.
- allows-authenticated-scan: Can the asset be check with an authenticated scan? (yes/no)
- function: The function provided by the asset for the system.
has cardinality for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='asset-id'] the cardinality of prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='asset-id'] is constrained: 1; maximum unbounded.
allowed values for responsible-party/@role-id
The value may be locally defined, or one of the following:
- asset-owner: Accountable for ensuring the asset is managed in accordance with organizational policies and procedures.
- asset-administrator: Responsible for administering a set of assets.
- security-operations: Members of the security operations center (SOC).
- network-operations: Members of the network operations center (NOC).
- incident-response: Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions.
- help-desk: Responsible for providing information and support to users.
- configuration-management: Responsible for the configuration management processes governing changes to the asset.
is unique for responsible-party: any target value must be unique (i.e., occur only once)
Attribute (1):
description A machine-oriented identifier reference to a component that is implemented as part of an inventory item.
Elements (4):
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
A responsible-party requires one or more party-uuid references creating a strong relationship arc between the referenced role-id and the reference parties. This differs in semantics from responsible-role which doesn't require that a party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
This construct is used to either: 1) associate a party or parties to a role defined
on the component using the responsible-role construct, or 2) to define a party or parties that are responsible for a role defined
within the context of the containing inventory-item.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description The date and time the document was last stored for later retrieval.
Remarks
This value represents the point in time when the OSCAL document was last updated, or at the point of creation the creation date. Typically, this date value will be machine generated at time of creation or modification. Ideally, this field will be managed by the editing tool or service used to make modifications when storing the modified document.
The intent of the last modified timestamp is to distinguish between significant change milestones when the document may be accessed by multiple entities. This allows a given entity to differentiate between mutiple document states at specific points in time. It is possible to make multiple modifications to the document without storing these changes. In such a case, the last modified timestamp might not be updated until the document is finally stored.
In some cases, an OSCAL document may be derived from some source material in a different
format. In such a case, the last-modified value should indicate the last modification time of the OSCAL document instance,
not the source material.
description A reference to a local or remote resource, that has a specific relation to the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Constraints (4)
A local reference SHOULD NOT have a media-type. Since both link and back-matter/resource both allow specification of a media-type, the media-type on link may conflict with the any media-type entries on a resource's rlink or base64 objects. This constraint prevents this from occurring.matches for .[@rel=('reference') and starts-with(@href,'#')]/@href: the target value must match the lexical form of the 'uri-reference' data type.
index has key for .[@rel=('reference') and starts-with(@href,'#')]this value must correspond to a listing in the index index-back-matter-resource using a key constructed of key field(s) @href
matches for .[@rel=('reference') and not(starts-with(@href,'#'))]/@href: the target value must match the lexical form of the 'uri' data type.
matches for @resource-fragment: a target (value) must match the regular expression '(?:[0-9a-zA-Z-._~/?!$&'()*+,;=:@]|%[0-9A-F][0-9A-F])+'.
Attributes (4):
description A resolvable URL reference to a resource.
Remarks
This value may be one of:
- an absolute URI that points to a network resolvable resource,
- a relative reference pointing to a network resolvable resource whose base URI is the URI of the containing document, or
- a bare URI fragment (i.e., `#uuid`) pointing to an OSCAL object by the objects identifier (e.g., id, uuid) in this or an imported document (see linking to another OSCAL object). The specific object type will differ based on the link relationship type.
description Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.
Constraint (1)
allowed value
The value may be locally defined, or the following:
- reference: A generalized reference to a network resource (relative or absolute) or to a back-matter resource by UUID expressed as a bare URI fragment.
Remarks
The Internet Assigned Numbers Authority (IANA) Media Types Registry defines a standardized set of media types, which may be used here.
The application/oscal+xml, application/oscal+json or application/oscal+yaml media types SHOULD be used when referencing OSCAL XML, JSON, or YAML resources respectively.
**Note: There is no official media type for YAML at this time.** OSCAL documents should
specify application/yaml for general YAML content, or application/oscal+yaml for YAML-based OSCAL content. This approach aligns with use of a structured name
suffix, per RFC 6838 Section 4.2.8.
Some earlier OSCAL content incorporated the model into the media type. For example:
application/oscal.catalog+xml. This practice SHOULD be avoided, since the OSCAL model can be detected by parsing
the initial content of the referenced resource.
The media-type provides a hint about the content model of the referenced resource. A valid entry
from the IANA Media Types registry SHOULD be used.
description In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded.
Elements (1):
description A textual label to associate with the link, which may be used for presentation in a tool.
description Indicates the type of address.
Constraint (1)
allowed values
The value may be locally defined, or one of the following:
- home: A home address.
- work: A work address.
description Reference to a location by UUID.
Constraint (1)
index has keythis value must correspond to a listing in the index index-metadata-location-uuid using a key constructed of key field(s) .
description Reference to a location by UUID.
Constraint (1)
index has keythis value must correspond to a listing in the index index-metadata-location-uuid using a key constructed of key field(s) .
description A label that indicates the nature of a resource, as a data serialization or format.
Remarks
The Internet Assigned Numbers Authority (IANA) Media Types Registry defines a standardized set of media types, which may be used here.
The application/oscal+xml, application/oscal+json or application/oscal+yaml media types SHOULD be used when referencing OSCAL XML, JSON, or YAML resources respectively.
**Note: There is no official media type for YAML at this time.** OSCAL documents should
specify application/yaml for general YAML content, or application/oscal+yaml for YAML-based OSCAL content. This approach aligns with use of a structured name
suffix, per RFC 6838 Section 4.2.8.
Some earlier OSCAL content incorporated the model into the media type. For example:
application/oscal.catalog+xml. This practice SHOULD be avoided, since the OSCAL model can be detected by parsing
the initial content of the referenced resource.
description Provides information about the containing document, and defines concepts that are shared across the document.
Remarks
All OSCAL documents use the same metadata structure, that provides a consistent way of expressing OSCAL document metadata across all OSCAL models. The metadata section also includes declarations of individual objects (i.e., roles, location, parties) that may be referenced within and across linked OSCAL documents.
The metadata in an OSCAL document has few required fields, representing only the bare minimum data needed to differentiate one instance from another. Tools and users creating OSCAL documents may choose to use any of the optional fields, as well as extension mechanisms (e.g., properties, links) to go beyond this minimum to suit their use cases.
A publisher of OSCAL content can use the published, last-modified, and version fields to establish information about an individual in a sequence of successive revisions
of a given OSCAL-based publication. The metadata for a previous revision can be represented
as a revision within this object. Links may also be provided using the predecessor-version and successor-version link relations to provide for direct access to the related resource. These relations
can be provided as a link child of this object or as link within a given revision.
A responsible-party entry in this context refers to roles and parties that have responsibility relative
to the production, review, publication, and use of the containing document.
Constraints (14)
index for role an index index-metadata-role-ids shall list values returned by targets role using keys constructed of key field(s) @id
is unique for document-id: any target value must be unique (i.e., occur only once)
is unique for prop: any target value must be unique (i.e., occur only once)
index for .//prop an index index-metadata-property-uuid shall list values returned by targets .//prop using keys constructed of key field(s) @uuid
is unique for link: any target value must be unique (i.e., occur only once)
index for role an index index-metadata-role-id shall list values returned by targets role using keys constructed of key field(s) @id
index for location an index index-metadata-location-uuid shall list values returned by targets location using keys constructed of key field(s) @uuid
index for party an index index-metadata-party-uuid shall list values returned by targets party using keys constructed of key field(s) @uuid
index for party[@type='organization'] an index index-metadata-party-organizations-uuid shall list values returned by targets party[@type='organization'] using keys constructed of key field(s) @uuid
is unique for responsible-party: any target value must be unique (i.e., occur only once)
allowed values for responsible-party/@role-id
The value may be locally defined, or one of the following:
- creator: Indicates the person or organization that created this content.
- prepared-by: Indicates the person or organization that prepared this content.
- prepared-for: Indicates the person or organization for which this content was created.
- content-approver: Indicates the person or organization responsible for all content represented in the "document".
- contact: Indicates the person or organization to contact for questions or support related to this content.
allowed value for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- keywords: The value identifies a comma-seperated listing of keywords associated with this content. These keywords may be used as search terms for indexing and other applications.
allowed values for link/@rel
The value may be locally defined, or one of the following:
- canonical: The link identifies the authoritative location for this resource. Defined by RFC 6596.
- alternate: The link identifies an alternative location or format for this resource. Defined by the HTML Living Standard
- latest-version: This link identifies a resource containing the latest version in the version history. Defined by RFC 5829.
- predecessor-version: This link identifies a resource containing the predecessor version in the version history. Defined by RFC 5829.
- successor-version: This link identifies a resource containing the predecessor version in the version history. Defined by RFC 5829.
is unique for document-id: any target value must be unique (i.e., occur only once)
Elements (15):
description A name given to the document, which may be used by a tool for display and navigation.
Remarks
Typically, this date value will be machine-generated at the time the containing document is published.
In some cases, an OSCAL document may be derived from some source material provided
in a different format. In such a case, the published value should indicate when the OSCAL document instance was last published, not the
source material.
Remarks
This value represents the point in time when the OSCAL document was last updated, or at the point of creation the creation date. Typically, this date value will be machine generated at time of creation or modification. Ideally, this field will be managed by the editing tool or service used to make modifications when storing the modified document.
The intent of the last modified timestamp is to distinguish between significant change milestones when the document may be accessed by multiple entities. This allows a given entity to differentiate between mutiple document states at specific points in time. It is possible to make multiple modifications to the document without storing these changes. In such a case, the last modified timestamp might not be updated until the document is finally stored.
In some cases, an OSCAL document may be derived from some source material in a different
format. In such a case, the last-modified value should indicate the last modification time of the OSCAL document instance,
not the source material.
Remarks
A version may be a release number, sequence number, date, or other identifier sufficient to distinguish between different document revisions.
While not required, it is recommended that OSCAL content authors use Semantic Versioning as the version format. This allows for the easy identification of a version tree consisting of major, minor, and patch numbers.
A version is typically set by the document owner or by the tool used to maintain the content.
Remarks
Indicates the version of the OSCAL model to which the document conforms, for example
1.1.0
or 1.0.0-milestone1
. That can be used as a hint for a tool indicating which version of the OSCAL XML
or JSON schema to use for validation.
The OSCAL version serves a different purpose from the document version and is used to represent a different concept. If both have the same value, this is coincidental.
description An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).
wrapper element revisions
Remarks
While published, last-modified, and oscal-version are not required, values for these entries should be provided if the information
is known. A link with a rel of source
should be provided if the information is known.
Constraint (1)
allowed values for link/@rel
The value may be locally defined, or one of the following:
- canonical: The link identifies the authoritative location for this resource. Defined by RFC 6596.
- alternate: The link identifies an alternative location or format for this resource. Defined by the HTML Living Standard
- predecessor-version: This link identifies a resource containing the predecessor version in the version history. Defined by RFC 5829.
- successor-version: This link identifies a resource containing the predecessor version in the version history. Defined by RFC 5829.
- version-history: This link identifies a resource containing the version history of this document. Defined by RFC 5829.
Elements (8):
description A name given to the document revision, which may be used by a tool for display and navigation.
Remarks
Typically, this date value will be machine-generated at the time the containing document is published.
In some cases, an OSCAL document may be derived from some source material provided
in a different format. In such a case, the published value should indicate when the OSCAL document instance was last published, not the
source material.
Remarks
This value represents the point in time when the OSCAL document was last updated, or at the point of creation the creation date. Typically, this date value will be machine generated at time of creation or modification. Ideally, this field will be managed by the editing tool or service used to make modifications when storing the modified document.
The intent of the last modified timestamp is to distinguish between significant change milestones when the document may be accessed by multiple entities. This allows a given entity to differentiate between mutiple document states at specific points in time. It is possible to make multiple modifications to the document without storing these changes. In such a case, the last modified timestamp might not be updated until the document is finally stored.
In some cases, an OSCAL document may be derived from some source material in a different
format. In such a case, the last-modified value should indicate the last modification time of the OSCAL document instance,
not the source material.
Remarks
A version may be a release number, sequence number, date, or other identifier sufficient to distinguish between different document revisions.
While not required, it is recommended that OSCAL content authors use Semantic Versioning as the version format. This allows for the easy identification of a version tree consisting of major, minor, and patch numbers.
A version is typically set by the document owner or by the tool used to maintain the content.
Remarks
Indicates the version of the OSCAL model to which the document conforms, for example
1.1.0
or 1.0.0-milestone1
. That can be used as a hint for a tool indicating which version of the OSCAL XML
or JSON schema to use for validation.
The OSCAL version serves a different purpose from the document version and is used to represent a different concept. If both have the same value, this is coincidental.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
Remarks
A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions, representations or digital surrogates of the same document.
A document identifier provides an additional data point for identifying a document that can be assigned by a publisher or organization for purposes in a wider system, such as a digital object identifier (DOI) or a local content management system identifier.
Use of a document identifier allows for document creators to associate sets of documents
that are related in some way by the same document-id.
An OSCAL document always has an implicit document identifier provided by the document's
UUID, defined by the uuid on the top-level object. Having a default UUID-based identifier ensures all documents
can be minimally identified when other document identifiers are not provided.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
description Defines a function, which might be assigned to a party in a specific situation.
Remarks
Permissible values to be determined closer to the application (e.g. by a receiving authority).
OSCAL has defined a set of standardized roles for consistent use in OSCAL documents. This allows tools consuming OSCAL content to infer specific semantics when these roles are used. These roles are documented in the specific contexts of their use (e.g., responsible-party, responsible-role). When using such a role, it is necessary to define these roles in this list, which will then allow such a role to be referenced.
Attribute (1):
description A unique identifier for the role.
Elements (6):
description A name given to the role, which may be used by a tool for display and navigation.
description A short common name, abbreviation, or acronym for the role.
description A summary of the role's purpose and associated responsibilities.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.
Remarks
An address might be sensitive in nature. In such cases a title, mailing address, email-address, and/or phone number may be used instead.
Constraints (5)
allowed value for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- type: Characterizes the kind of location.
allowed value for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='type']/@value
The value must be one of the following:
- data-center: A location that contains computing assets. A class can be used to indicate the sub-type of data-center as primary or alternate.
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='type' and @value='data-center']/@class
The value must be one of the following:
- primary: The location is a data-center used for normal operations.
- alternate: The location is a data-center used for fail-over or backup operations.
has cardinality for address the cardinality of address is constrained: 1; maximum unbounded.
has cardinality for title|address|email-address|telephone-number the cardinality of title|address|email-address|telephone-number is constrained: 1; maximum unbounded.
Attribute (1):
description A unique ID for the location, for reference.
Elements (8):
description A name given to the location, which may be used by a tool for display and navigation.
Remarks
The physical address of the location, which will provided for physical locations. Virtual locations can omit this data item.
Remarks
A contact email associated with the location.
Remarks
A phone number used to contact the location.
deprecated as of 1.1.0
description The uniform resource locator (URL) for a web site or other resource associated with the location.
Remarks
This data field is deprecated in favor of using a link with an appropriate relationship.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.
Remarks
A party can be optionally associated with either an address or a location. While providing a meaningful location for a party is desired, there are some cases where it might not be possible to provide an exact location or even any location.
Constraint (1)
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- mail-stop: A mail stop associated with the party.
- office: The name or number of the party's office.
- job-title: The formal job title of a person.
Attributes (2):
description A unique identifier for the party.
description A category describing the kind of party the object describes.
Constraint (1)
allowed values
The value must be one of the following:
- person: A human being regarded as an individual.
- organization: An organized group of one or more person individuals with a specific purpose.
Elements (10):
description The full name of the party. This is typically the legal name associated with the party.
description A short common name, abbreviation, or acronym for the party.
description An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).
Attribute (1):
description Indicates the type of external identifier.
Remarks
This value must be an absolute URI that serves as a naming system identifier.
Constraint (1)
allowed value
The value may be locally defined, or the following:
- http://orcid.org/: The identifier is Open Researcher and Contributor ID (ORCID).
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
This is a contact email associated with the party.
Remarks
A phone number used to contact the party.
description A reference to another party by UUID, typically an organization, that this subject is associated with.
Remarks
Since the reference target of an organizational affiliation must be another party (whether further qualified as person or organization) as inidcated by its uuid. As a machine-oriented identifier with uniqueness across document and trans-document scope, this uuid value is sufficient to reference the data item locally or globally across related
documents, e.g., in an imported OSCAL instance.
Parties of both the person or organization type can be associated with an organization using the member-of-organization.
Constraint (1)
index has keythis value must correspond to a listing in the index index-metadata-party-organizations-uuid using a key constructed of key field(s) .
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
Remarks
A responsible-party requires one or more party-uuid references creating a strong relationship arc between the referenced role-id and the reference parties. This differs in semantics from responsible-role which doesn't require that a party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.
Constraint (1)
is unique for diagram: any target value must be unique (i.e., occur only once)
Elements (5):
description A summary of the system's network architecture.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
A diagram must include a link with a rel value of "diagram", who's href references a remote URI or an internal
reference within this document containing the diagram.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description The OSCAL model version the document was authored against and will conform to as valid.
Remarks
Indicates the version of the OSCAL model to which the document conforms, for example
1.1.0
or 1.0.0-milestone1
. That can be used as a hint for a tool indicating which version of the OSCAL XML
or JSON schema to use for validation.
The OSCAL version serves a different purpose from the document version and is used to represent a different concept. If both have the same value, this is coincidental.
description Parameters provide a mechanism for the dynamic assignment of value(s) in a control.
use name param
Remarks
In a catalog, a parameter is typically used as a placeholder for the future assignment
of a parameter value, although the OSCAL model allows for the direct assignment of
a value if desired by the control author. The value may be optionally used to specify one or more values. If no value is provided, then
it is expected that the value will be provided at the Profile or Implementation layer.
A parameter can include a variety of metadata options that support the future solicitation
of one or more values. A label provides a textual placeholder that can be used in a tool to solicit parameter value
input, or to display in catalog documentation. The desc provides a short description of what the parameter is used for, which can be used
in tooling to help a user understand how to use the parameter. A constraint can be used to provide criteria for the allowed values. A guideline provides a recommendation for the use of a parameter.
Constraints (2)
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- label: A human-readable label for the parent context, which may be rendered in place of the actual identifier for some use cases.
- sort-id: An alternative identifier, whose value is easily sortable among other such values in the document.
- alt-identifier: An alternate or aliased identifier for the parent context.
- alt-label: An alternate to the value provided by the parameter's label. This will typically be qualified by a class.
allowed value for prop[has-oscal-namespace('http://csrc.nist.gov/ns/rmf')]/@name
The value must be one of the following:
- aggregates: The parent parameter provides an aggregation of two or more other parameters, each described by this property.
Attributes (3):
description A unique identifier for the parameter.
description A textual label that provides a characterization of the type, purpose, use or scope of the parameter.
Remarks
A class can be used in validation rules to express extra constraints over named items of
a specific class value.
deprecated as of 1.0.1
description (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.
Elements (8):
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
description A short, placeholder name for the parameter, which can be used as a substitute for
a value if no value is assigned.
Remarks
The label value is intended use when rendering a parameter in generated documentation or a user interface when a parameter is referenced. Note that labels are not required to be distinctive, which means that parameters within the same control may have the same label.
description Describes the purpose and use of a parameter.
use name constraint
use name guideline
use name value
Remarks
A set of values provided in a catalog can be redefined in OSCAL's profile or system-security-plan models.
use name select
Remarks
A set of parameter value choices, that may be picked from to set the parameter value.
The OSCAL parameter value construct can be used to prescribe a specific parameter value in a catalog or profile.
In cases where a prescriptive value is not possible in a catalog or profile, it may
be possible to constrain the set of possible values to a few options. Use of select in a parameter instead of value is a way of defining value options that may be set.
A set of allowed parameter values expressed as a set of options which may be selected. These options constrain the permissible values that may be selected for the containing parameter. When the value assignment is made, such as in an OSCAL profile or system security plan, the actual selected value can be examined to determine if it matches one of the permissible choices for the parameter value.
When the value of how-many is set to "one-or-more", multiple values may be assigned reflecting more than one
choice.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation
context.
description A formal or informal expression of a constraint or test.
Elements (2):
description A textual summary of the constraint to be applied.
description A test expression which is expected to be evaluated by a tool.
Elements (2):
description A formal (executable) expression of a constraint.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description A prose statement that provides a recommendation for the use of a parameter.
Elements (1):
description Prose permits multiple paragraphs, lists, tables etc.
description Presenting a choice among alternatives.
Remarks
A set of parameter value choices, that may be picked from to set the parameter value.
Attribute (1):
description Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.
Constraint (1)
allowed values
The value must be one of the following:
- one: Only one value is permitted.
- one-or-more: One or more values are permitted.
Elements (1):
description A value selection among several such options.
description A parameter value or set of values.
description An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.
Remarks
A part provides for logical partitioning of prose, and can be thought of as a grouping structure
(e.g., section). A part can have child parts allowing for arbitrary nesting of prose content (e.g., statement
hierarchy). A part can contain prop objects that allow for enriching prose text with structured name/value information.
A part can be assigned an optional id, which allows references to this part from within a catalog, or within an instance
of another OSCAL model that has a need to reference the part. Examples of where part
referencing is used in OSCAL include:
- Referencing a part by id to tailor (make modifications to) a control statement in a profile.
- Referencing a control statement represented by a part in a system security plan implemented-requirement where a statement-level response is desired.
Use of part and prop provides for a wide degree of extensibility within the OSCAL catalog model. The optional
ns provides a means to qualify a part's name, allowing for organization-specific vocabularies to be defined with clear semantics.
Any organization that extends OSCAL in this way should consistently assign a ns value that represents the organization, making a given namespace qualified name unique to that organization. This allows the combination of ns and name to always be unique and unambiguous, even when mixed with extensions from other organizations.
Each organization is responsible for governance of their own extensions, and is strongly
encouraged to publish their extensions as standards to their user community. If no
ns is provided, the name is expected to be in the "OSCAL" namespace.
To ensure a ns is unique to an organization and naming conflicts are avoided, a URI containing a
DNS or other globally defined organization name should be used. For example, if FedRAMP
and DoD both extend OSCAL, FedRAMP will use the ns http://fedramp.gov/ns/oscal, while DoD might use the ns https://defense.gov for any organization specific name.
Tools that process OSCAL content are not required to interpret unrecognized OSCAL extensions; however, OSCAL compliant tools should not modify or remove unrecognized extensions, unless there is a compelling reason to do so, such as data sensitivity.
Constraint (1)
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- label: A human-readable label for the parent context, which may be rendered in place of the actual identifier for some use cases.
- sort-id: An alternative identifier, whose value is easily sortable among other such values in the document.
- alt-identifier: An alternate or aliased identifier for the parent context.
Attributes (4):
description A unique identifier for the part.
Remarks
While a part is not required to have an id, it is often desirable for an identifier to be provided, which allows the part to be referenced elsewhere in OSCAL document instances. For this reason, it is RECOMMENDED to provide a part identifier.
description A textual label that uniquely identifies the part's semantic type, which exists in
a value space qualified by the ns.
description An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same
name.
Remarks
This value must be an absolute URI that serves as a naming system identifier.
When a ns is not provided, its value should be assumed to be http://csrc.nist.gov/ns/oscal and the name should be a name defined by the associated OSCAL model.
description An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.
Remarks
One use of this flag is to distinguish or discriminate between the semantics of multiple
parts of the same control with the same name and ns (since even within a given namespace it can be useful to overload a name).
A class can be used in validation rules to express extra constraints over named items of
a specific class value.
A class can also be used in an OSCAL profile as a means to target an alteration to control
content.
Elements (5):
description An optional name given to the part, which may be used by a tool for display and navigation.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
description Permits multiple paragraphs, lists, tables etc.
Remarks
A part provides for logical partitioning of prose, and can be thought of as a grouping structure
(e.g., section). A part can have child parts allowing for arbitrary nesting of prose content (e.g., statement
hierarchy). A part can contain prop objects that allow for enriching prose text with structured name/value information.
A part can be assigned an optional id, which allows references to this part from within a catalog, or within an instance
of another OSCAL model that has a need to reference the part. Examples of where part
referencing is used in OSCAL include:
- Referencing a part by id to tailor (make modifications to) a control statement in a profile.
- Referencing a control statement represented by a part in a system security plan implemented-requirement where a statement-level response is desired.
Use of part and prop provides for a wide degree of extensibility within the OSCAL catalog model. The optional
ns provides a means to qualify a part's name, allowing for organization-specific vocabularies to be defined with clear semantics.
Any organization that extends OSCAL in this way should consistently assign a ns value that represents the organization, making a given namespace qualified name unique to that organization. This allows the combination of ns and name to always be unique and unambiguous, even when mixed with extensions from other organizations.
Each organization is responsible for governance of their own extensions, and is strongly
encouraged to publish their extensions as standards to their user community. If no
ns is provided, the name is expected to be in the "OSCAL" namespace.
To ensure a ns is unique to an organization and naming conflicts are avoided, a URI containing a
DNS or other globally defined organization name should be used. For example, if FedRAMP
and DoD both extend OSCAL, FedRAMP will use the ns http://fedramp.gov/ns/oscal, while DoD might use the ns https://defense.gov for any organization specific name.
Tools that process OSCAL content are not required to interpret unrecognized OSCAL extensions; however, OSCAL compliant tools should not modify or remove unrecognized extensions, unless there is a compelling reason to do so, such as data sensitivity.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
description Reference to a party by UUID.
Constraint (1)
index has keythis value must correspond to a listing in the index index-metadata-party-uuid using a key constructed of key field(s) .
description Where applicable this is the IPv4 port range on which the service operates.
Remarks
To be validated as a natural number (integer >= 1). A single port uses the same value for start and end. Use multiple 'port-range' entries for non-contiguous ranges.
Attributes (3):
description Indicates the starting port number in a port range
Remarks
Should be a number within a permitted range
description Indicates the ending port number in a port range
Remarks
Should be a number within a permitted range
description Indicates the transport type.
Constraint (1)
allowed values
The value must be one of the following:
- TCP: Transmission Control Protocol
- UDP: User Datagram Protocol
description An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Constraint (1)
allowed value for .[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- marking: A label or descriptor that is tied to a sensitivity or classification marking system. An optional class can be used to define the specific marking system used for the associated value.
Attributes (6):
description A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.
description A unique identifier for a property.
description A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.
Remarks
This value must be an absolute URI that serves as a naming system identifier.
When a ns is not provided, its value should be assumed to be http://csrc.nist.gov/ns/oscal and the name should be a name defined by the associated OSCAL model.
description Indicates the value of the attribute, characteristic, or quality.
description A textual label that provides a sub-type or characterization of the property's name.
Remarks
This can be used to further distinguish or discriminate between the semantics of multiple
properties of the same object with the same name and ns, or to group properties into categories.
A class can be used in validation rules to express extra constraints over named items of
a specific class value. It is available for grouping, but unlike group is not expected specifically to designate any group membership as such.
description An identifier for relating distinct sets of properties.
Remarks
Different sets of properties may relate to separate contexts. Declare a group on a property to associate it with one or more other properties in a given context.
Elements (1):
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description Information about the protocol used to provide a service.
Attributes (2):
description A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in
this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported
OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
description The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry.
Remarks
The short name of the protocol (e.g., https).
Elements (2):
description A human readable name for the protocol (e.g., Transport Layer Security).
Remarks
To be validated as a natural number (integer >= 1). A single port uses the same value for start and end. Use multiple 'port-range' entries for non-contiguous ranges.
description A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.
description The date and time the document was last made available.
Remarks
Typically, this date value will be machine-generated at the time the containing document is published.
In some cases, an OSCAL document may be derived from some source material provided
in a different format. In such a case, the published value should indicate when the OSCAL document instance was last published, not the
source material.
description Additional commentary about the containing object.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system.
description A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.
Remarks
A responsible-party requires one or more party-uuid references creating a strong relationship arc between the referenced role-id and the reference parties. This differs in semantics from responsible-role which doesn't require that a party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
Constraint (1)
index has keythis value must correspond to a listing in the index index-metadata-role-id using a key constructed of key field(s) @role-id
Attribute (1):
description A reference to a role performed by a party.
Elements (4):
description Specifies one or more parties responsible for performing the associated role.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.
Remarks
A responsible-role allows zero or more party-uuid references, each of which creates a relationship arc between the referenced role-id and the referenced party. This differs in semantics from responsible-party, which requires that at least one party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
Attribute (1):
description A human-oriented identifier reference to a role performed.
Elements (4):
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
description Specifies zero or more parties responsible for performing the associated role.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description Reference to a role by UUID.
Constraint (1)
index has keythis value must correspond to a listing in the index index-metadata-role-id using a key constructed of key field(s) .
description The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.
Elements (3):
description A target-level of confidentiality for the system, based on the sensitivity of information within the system.
description A target-level of integrity for the system, based on the sensitivity of information within the system.
description A target-level of availability for the system, based on the sensitivity of information within the system.
description The selected (Confidentiality, Integrity, or Availability) security impact level.
description Identifies the parameter that will be set by the enclosed value.
Attribute (1):
Elements (2):
description A parameter value or set of values.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description Identifies which statements within a control are addressed.
Constraints (3)
allowed values for responsible-role/@role-id
The value may be locally defined, or one of the following:
- asset-owner: Accountable for ensuring the asset is managed in accordance with organizational policies and procedures.
- asset-administrator: Responsible for administering a set of assets.
- security-operations: Members of the security operations center (SOC).
- network-operations: Members of the network operations center (NOC).
- incident-response: Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions.
- help-desk: Responsible for providing information and support to users.
- configuration-management: Responsible for the configuration management processes governing changes to the asset.
is unique for responsible-role: any target value must be unique (i.e., occur only once)
is unique for by-component: any target value must be unique (i.e., occur only once)
Attributes (2):
Remarks
A reference to the specific implemented statement associated with a control.
description A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or
globally (e.g., in an imported OSCAL instance).
Elements (5):
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
A responsible-role allows zero or more party-uuid references, each of which creates a relationship arc between the referenced role-id and the referenced party. This differs in semantics from responsible-party, which requires that at least one party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
Remarks
Use of set-parameter in this context, sets the parameter for the control referenced in the containing
implemented-requirement applied to the referenced component. If the by-component is used as a child of a statement, then the parameter value also applies only in the context of the referenced statement.
If the same parameter is also set in the control-implementation or a specific implemented-requirement, then this by-component/set-parameter value will override the other value(s) in the context of the referenced component,
control, and statement (if parent).
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description A human-oriented identifier reference to a control statement.
description Describes the operational status of the system.
Remarks
If 'other' is selected, a remark must be included to describe the current state.
Attribute (1):
description The current operating status.
Constraint (1)
allowed values
The value must be one of the following:
- operational: The system is currently operating in production.
- under-development: The system is being designed, developed, or implemented
- under-major-modification: The system is undergoing a major change, development, or transition.
- disposition: The system is no longer operational.
- other: Some other state.
Elements (1):
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description Contains the characteristics of the system, such as its name, purpose, and security impact level.
Constraints (7)
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- identity-assurance-level: A value of 1, 2, or 3 as defined by SP 800-63-3.
- authenticator-assurance-level: A value of 1, 2, or 3 as defined by SP 800-63-3.
- federation-assurance-level: A value of 1, 2, or 3 as defined by SP 800-63-3.
allowed values for prop[@name=('identity-assurance-level','authenticator-assurance-level','federation-assurance-level')]/@value
The value must be one of the following:
- 1: As defined by SP 800-63-3.
- 2: As defined by SP 800-63-3.
- 3: As defined by SP 800-63-3.
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- cloud-deployment-model: The associated value is one of: public-cloud, private-cloud, community-cloud, government-only-cloud, hybrid-cloud, or other.
- cloud-service-model: The associated value is one of: saas, paas, iaas, or other.
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='cloud-deployment-model']/@value
The value must be one of the following:
- public-cloud: The public cloud deployment model as defined by The NIST Definition of Cloud Computing.
- private-cloud: The private cloud deployment model as defined by The NIST Definition of Cloud Computing.
- community-cloud: The community cloud deployment model as defined by The NIST Definition of Cloud Computing.
- government-only-cloud: A specific type of community-cloud for use only by government services.
- other: Any other type of cloud deployment model that is exclusive to the other choices. The hybrid cloud deployment model, as defined by The NIST Definition of Cloud Computing, can be supported by selecting two or more of the existing deployment models.
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='cloud-service-model']/@value
The value must be one of the following:
- saas: Software as a service (SaaS) cloud service model as defined by The NIST Definition of Cloud Computing.
- paas: Platform as a service (PaaS) cloud service model as defined by The NIST Definition of Cloud Computing.
- iaas: Infrastructure as a service (IaaS) cloud service model as defined by The NIST Definition of Cloud Computing.
- other: Any other type of cloud service model that is exclusive to the other choices.
is unique for responsible-party: any target value must be unique (i.e., occur only once)
allowed values for responsible-party/@role-id
The value may be locally defined, or one of the following:
- authorizing-official: The authorizing official for this system.
- authorizing-official-poc: The authorizing official's designated point of contact (POC) for this system.
- system-owner: The executive ultimately accountable for the system.
- system-poc-management: The primary management-level point of contact (POC) for the system.
- system-poc-technical: The primary technical point of contact (POC) for the system.
- system-poc-other: Other point of contact (POC) for the system that is not the management or technical POC.
- information-system-security-officer: The primary role responsible for ensuring the organization operates the system securely.
- privacy-poc: The point of contact (POC) responsible for identifying privacy information within the system, and ensuring its protection if present.
Elements (16):
description The full name of the system.
description A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.
Remarks
Since system-name-short is optional, if the system-name-short is not provided, the system-name can be used as a substitute.
description A summary of the system.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
description The overall information system sensitivity categorization, such as defined by FIPS-199.
Remarks
Often, organizations require the security sensitivity level to correspond with the
highest confidentiality, integrity, or availability level identified by security-impact-level.
Remarks
If 'other' is selected, a remark must be included to describe the current state.
Remarks
A responsible-party requires one or more party-uuid references creating a strong relationship arc between the referenced role-id and the reference parties. This differs in semantics from responsible-role which doesn't require that a party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description A defined component that can be part of an implemented system.
Remarks
Components may be products, services, application programming interface (APIs), policies, processes, plans, guidance, standards, or other tangible items that enable security and/or privacy.
The type indicates which of these component types is represented.
When defining a service component where are relationship to other components is known, one or more link entries with rel values of provided-by and used-by can be used to link to the specific
component identifier(s) that provide and use the service respectively.
Constraints (24)
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- implementation-point: Relative placement of component ('internal' or 'external') to the system.
- leveraged-authorization-uuid: UUID of the related leveraged-authorization assembly in this SSP.
- inherited-uuid: UUID of the component as it was assigned in the leveraged system's SSP.
- asset-type: Simple indication of the asset's function, such as Router, Storage Array, DNS Server.
- asset-id: An organizationally specific identifier that is used to uniquely identify a logical or tangible item by the organization that owns the item.
- asset-tag: An asset tag assigned by the organization responsible for maintaining the logical or tangible item.
- public: Identifies whether the asset is publicly accessible (yes/no)
- virtual: Identifies whether the asset is virtualized (yes/no)
- vlan-id: Virtual LAN identifier of the asset.
- network-id: The network identifier of the asset.
- label: A human-readable label for the parent context.
- sort-id: An alternative identifier, whose value is easily sortable among other such values in the document.
- baseline-configuration-name: The name of the baseline configuration for the asset.
- allows-authenticated-scan: Can the asset be check with an authenticated scan? (yes/no)
- function: The function provided by the asset for the system.
- version: The version of the component.
- patch-level: The specific patch level of the component.
- model: The model of the component.
- release-date: The date the component was released, such as a software release date or policy publication date.
- validation-type: Used with component-type='validation' to provide a well-known name for a kind of validation.
- validation-reference: Used with component-type='validation' to indicate the validating body's assigned identifier for their validation of this component.
allowed values for link/@rel
The value may be locally defined, or one of the following:
- depends-on: A reference to another component that this component has a dependency on.
- validation: A reference to another component of component-type=validation, that is a validation (e.g., FIPS 140-2) for this component
- proof-of-compliance: A pointer to a validation record (e.g., FIPS 140-2) or other compliance information.
- baseline-template: A reference to the baseline template used to configure the asset.
- uses-service: This service is used by the referenced component identifier.
- system-security-plan: A link to the system security plan of the external system.
- uses-network: This component uses the network provided by the identified network component.
- imported-from: The hyperlink identifies a URI pointing to the component in a component-definition that originally defined the component.
allowed values for responsible-role/@role-id
The value may be locally defined, or one of the following:
- asset-owner: Accountable for ensuring the asset is managed in accordance with organizational policies and procedures.
- asset-administrator: Responsible for administering a set of assets.
- security-operations: Members of the security operations center (SOC).
- network-operations: Members of the network operations center (NOC).
- incident-response: Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions.
- help-desk: Responsible for providing information and support to users.
- configuration-management: Responsible for the configuration management processes governing changes to the asset.
- maintainer: Responsible for the creation and maintenance of a component.
- provider: Organization responsible for providing the component, if this is different from the "maintainer" (e.g., a reseller).
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='asset-type']/@value
The value may be locally defined, or one of the following:
- operating-system: System software that manages computer hardware, software resources, and provides common services for computer programs.
- database: An electronic collection of data, or information, that is specially organized for rapid search and retrieval.
- web-server: A system that delivers content or services to end users over the Internet or an intranet.
- dns-server: A system that resolves domain names to internet protocol (IP) addresses.
- email-server: A computer system that sends and receives electronic mail messages.
- directory-server: A system that stores, organizes and provides access to directory information in order to unify network resources.
- pbx: A private branch exchange (PBX) provides a a private telephone switchboard.
- firewall: A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
- router: A physical or virtual networking device that forwards data packets between computer networks.
- switch: A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device.
- storage-array: A consolidated, block-level data storage capability.
- appliance: A physical or virtual machine that centralizes hardware, software, or services for a specific purpose.
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='allows-authenticated-scan']/@value
The value must be one of the following:
- yes: The component allows an authenticated scan.
- no: The component does not allow an authenticated scan.
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='public']/@value
The value must be one of the following:
- yes: The component is publicly accessible.
- no: The component is not publicly accessible.
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='virtual']/@value
The value must be one of the following:
- yes: The component is virtualized.
- no: The component is not virtualized.
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='implementation-point']/@value
The value must be one of the following:
- internal: The component is implemented within the system boundary.
- external: The component is implemented outside the system boundary.
index has key for prop[@name='physical-location']this value must correspond to a listing in the index index-metadata-location-uuid using a key constructed of key field(s) @value
matches for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='inherited-uuid']/@value: the target value must match the lexical form of the 'uuid' data type.
matches for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='release-date']/@value: the target value must match the lexical form of the 'date' data type.
allowed value for (.)[@type=('software', 'hardware', 'service')]/prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- vendor-name: The name of the company or organization
allowed value for (.)[@type='validation']/link/@rel
The value may be locally defined, or the following:
- validation-details: A link to an online information provided by the authorizing body.
allowed value for (.)[@type='software']/prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- software-identifier: If a "software" component-type, the identifier, such as a SWID tag, for the software component.
allowed values for (.)[@type='service']/link/@rel
The value may be locally defined, or one of the following:
- provided-by: This service is provided by the referenced component identifier.
- used-by: This service is used by the referenced component identifier.
allowed values for (.)[@type='interconnection']/prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- isa-title: Title of the Interconnection Security Agreement (ISA).
- isa-date: Date of the Interconnection Security Agreement (ISA).
- isa-remote-system-name: The name of the remote interconnected system.
- ipv4-address: An Internet Protocol Version 4 interconnection address
- ipv6-address: An Internet Protocol Version 6 interconnection address
- direction: An Internet Protocol Version 6 interconnection address
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name=('ipv4-address','ipv6-address')]/@class
The value must be one of the following:
- local: The identified IP address is for this system.
- remote: The identified IP address is for the remote system to which this system is connected.
allowed value for (.)[@type='interconnection']/link/@rel
The value may be locally defined, or the following:
- isa-agreement: A link to the system interconnection agreement.
allowed values for (.)[@type='interconnection']/responsible-role/@role-id
The value may be locally defined, or one of the following:
- isa-poc-local: Interconnection Security Agreement (ISA) point of contact (POC) for this system.
- isa-poc-remote: Interconnection Security Agreement (ISA) point of contact (POC) for the remote interconnected system.
- isa-authorizing-official-local: Interconnection Security Agreement (ISA) authorizing official for this system.
- isa-authorizing-official-remote: Interconnection Security Agreement (ISA) authorizing official for the remote interconnected system.
matches for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='isa-date']/@value: the target value must match the lexical form of the 'dateTime' data type.
matches for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='ipv4-address']/@value: the target value must match the lexical form of the 'ip-v4-address' data type.
matches for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='ipv6-address']/@value: the target value must match the lexical form of the 'ip-v6-address' data type.
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='direction']/@value
The value must be one of the following:
- incoming: Data from the remote system flows into this system.
- outgoing: Data from this system flows to the remote system.
is unique for responsible-role: any target value must be unique (i.e., occur only once)
Attributes (2):
description A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported
OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
use name type
Elements (9):
description A human readable name for the system component.
description A description of the component, including information about its function.
description A summary of the technological or business purpose of the component.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
description Describes the operational status of the system component.
Attribute (1):
description The operational status.
Constraint (1)
allowed values
The value must be one of the following:
- under-development: The component is being designed, developed, or implemented.
- operational: The component is currently operational and is available for use in the system.
- disposition: The component is no longer operational.
- other: Some other state.
Elements (1):
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
Remarks
A responsible-role allows zero or more party-uuid references, each of which creates a relationship arc between the referenced role-id and the referenced party. This differs in semantics from responsible-party, which requires that at least one party-uuid is referenced.
The scope of use of this object determines if the responsibility has been performed or will be performed in the future. The containing object will describe the intent.
Remarks
Used for service components to define the protocols supported by the service.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description A category describing the purpose of the component.
Constraint (1)
allowed values
The value may be locally defined, or one of the following:
- this-system: The system as a whole.
- system: An external system, which may be a leveraged system or the other side of an interconnection.
- interconnection: A connection to something outside this system.
- software: Any software, operating system, or firmware.
- hardware: A physical device.
- service: A service that may provide APIs.
- policy: An enforceable policy.
- physical: A tangible asset used to provide physical protections or countermeasures.
- process-procedure: A list of steps or actions to take to achieve some end result.
- plan: An applicable plan.
- guidance: Any guideline or recommendation.
- standard: Any organizational or industry standard.
- validation: An external assessment performed on some other component, that has been validated by a third-party.
- network: A physical or virtual network.
description A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere
in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).
This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions
of the document.
Attribute (1):
description Identifies the identification system from which the provided identifier was assigned.
Remarks
This value must be an absolute URI that serves as a naming system identifier.
Constraint (1)
allowed values
The value may be locally defined, or one of the following:
- https://fedramp.gov: **deprecated** The identifier was assigned by FedRAMP. This has been deprecated; use http://fedramp.gov/ns/oscal instead.
- http://fedramp.gov/ns/oscal: The identifier was assigned by FedRAMP.
- https://ietf.org/rfc/rfc4122: **deprecated** A Universally Unique Identifier (UUID) as defined by RFC4122. This value has been deprecated; use http://ietf.org/rfc/rfc4122 instead.
- http://ietf.org/rfc/rfc4122: A Universally Unique Identifier (UUID) as defined by RFC4122.
description Provides information as to how the system is implemented.
Constraints (13)
index for leveraged-authorization an index index-system-implementation-leveraged-authorization-uuid shall list values returned by targets leveraged-authorization using keys constructed of key field(s) @uuid
index has key for component/prop[@name='leveraged-authorization-uuid']this value must correspond to a listing in the index index-system-implementation-leveraged-authorization-uuid using a key constructed of key field(s) @value
index for component an index index-system-implementation-component-uuid shall list values returned by targets component using keys constructed of key field(s) @uuid
index has key for component/link[@rel='depends-on']this value must correspond to a listing in the index index-system-implementation-component-uuid using a key constructed of key field(s) @href
index for component[@type='validation'] an index index-system-implementation-component-uuid-validation shall list values returned by targets component[@type='validation'] using keys constructed of key field(s) @uuid
index has key for component/link[@rel='validated-by']this value must correspond to a listing in the index index-system-implementation-component-uuid-validation using a key constructed of key field(s) @href
index has key for component/link[@rel='proof-of-compliance']this value must correspond to a listing in the index index-system-implementation-component-uuid-validation using a key constructed of key field(s) @href
index for component[@type='service'] an index index-system-implementation-component-uuid-service shall list values returned by targets component[@type='service'] using keys constructed of key field(s) @uuid
index has key for component/link[@rel='uses-service']this value must correspond to a listing in the index index-system-implementation-component-uuid-service using a key constructed of key field(s) @href
index for component[@type='service'] an index index-system-implementation-component-uuid-software shall list values returned by targets component[@type='service'] using keys constructed of key field(s) @uuid
index has key for component[@type='service']/link[@rel='provided-by']this value must correspond to a listing in the index index-system-implementation-component-uuid-software using a key constructed of key field(s) @href
allowed values for (component | inventory-item)/prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')
and @name='allows-authenticated-scan']/@value
The value must be one of the following:
- yes: The component allows an authenticated scan.
- no: The component does not allow an authenticated scan.
is unique for user: any target value must be unique (i.e., occur only once)
Elements (7):
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
description A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider.
Constraints (4)
allowed value for link/@rel
The value may be locally defined, or the following:
- system-security-plan: A reference to the system security plan for the leveraged authorization.
matches for link[@rel='system-security-plan']/@href[starts-with(.,'#')]: the target value must match the lexical form of the 'uri-reference' data type.
index has key for link[@rel='system-security-plan' and starts-with(@href,'#')]this value must correspond to a listing in the index index-back-matter-resource using a key constructed of key field(s) @href
matches for link[@rel='system-security-plan']/@href[not(starts-with(.,'#'))]: the target value must match the lexical form of the 'uri' data type.
Attribute (1):
description A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported
OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
Elements (6):
description A human readable name for the leveraged authorization in the context of the system.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
description A machine-oriented identifier reference to the party that manages the leveraged system.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
use name user
Remarks
Permissible values to be determined closer to the application, such as by a receiving authority.
use name component
Remarks
Components may be products, services, application programming interface (APIs), policies, processes, plans, guidance, standards, or other tangible items that enable security and/or privacy.
The type indicates which of these component types is represented.
When defining a service component where are relationship to other components is known, one or more link entries with rel values of provided-by and used-by can be used to link to the specific
component identifier(s) that provide and use the service respectively.
Remarks
A set of inventory-item entries that represent the managed inventory instances of the system.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.
Constraints (7)
allowed value for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- privacy-designation: Is this a privacy sensitive system? yes or no
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='privacy-designation']/@value
The value must be one of the following:
- yes: The system is privacy sensitive.
- no: The system is not privacy sensitive.
allowed value for link/@rel
The value may be locally defined, or the following:
- privacy-impact-assessment: A link to the privacy impact assessment.
matches for link[@rel='privacy-impact-assessment']/@href[starts-with(.,'#')]: the target value must match the lexical form of the 'uri-reference' data type.
index has key for link[@rel='privacy-impact-assessment' and starts-with(@href,'#')]this value must correspond to a listing in the index index-back-matter-resource using a key constructed of key field(s) @href
matches for link[@rel='privacy-impact-assessment']/@href[not(starts-with(.,'#'))]: the target value must match the lexical form of the 'uri' data type.
allowed values for information-type/(confidentiality-impact|integrity-impact|availability-impact)/(base|selected)
The value may be locally defined, or one of the following:
- fips-199-low: A 'low' sensitivity level as defined in FIPS-199.
- fips-199-moderate: A 'moderate' sensitivity level as defined in FIPS-199.
- fips-199-high: A 'high' sensitivity level as defined in FIPS-199. FIPS-199 taxonomy is provided here as a starting point. We will provide other taxonomies based on community requests.
Elements (3):
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
description Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.
Attribute (1):
description A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported
OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
Elements (8):
description A human readable name for the information type. This title should be meaningful within the context of the system.
description A summary of how this information type is used within the system.
description A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60.
Attribute (1):
description Specifies the information type identification system used.
Remarks
This value must be an absolute URI that serves as a naming system identifier.
Constraint (1)
allowed value
The value may be locally defined, or the following:
- http://doi.org/10.6028/NIST.SP.800-60v2r1: Based on the section identifiers in NIST Special Publication 800-60 Volume II Revision 1.
Elements (1):
description A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
description The expected level of impact resulting from the unauthorized disclosure of the described information.
use name confidentiality-impact
description The expected level of impact resulting from the unauthorized modification of the described information.
use name integrity-impact
description The expected level of impact resulting from the disruption of access to or use of the described information or the information system.
use name availability-impact
description A system security plan, such as those described in NIST SP 800-18.
root name system-security-plan
Constraint (1)
index for control-implementation/implemented-requirement//by-component|doc(system-implementation/leveraged-authorization/link[@rel='system-security-plan']/@href)/system-security-plan/control-implementation/implemented-requirement//by-component an index by-component-uuid shall list values returned by targets control-implementation/implemented-requirement//by-component|doc(system-implementation/leveraged-authorization/link[@rel='system-security-plan']/@href)/system-security-plan/control-implementation/implemented-requirement//by-component using keys constructed of key field(s) @uuid
Attribute (1):
description A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in
this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported
OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
Elements (6):
Remarks
All OSCAL documents use the same metadata structure, that provides a consistent way of expressing OSCAL document metadata across all OSCAL models. The metadata section also includes declarations of individual objects (i.e., roles, location, parties) that may be referenced within and across linked OSCAL documents.
The metadata in an OSCAL document has few required fields, representing only the bare minimum data needed to differentiate one instance from another. Tools and users creating OSCAL documents may choose to use any of the optional fields, as well as extension mechanisms (e.g., properties, links) to go beyond this minimum to suit their use cases.
A publisher of OSCAL content can use the published, last-modified, and version fields to establish information about an individual in a sequence of successive revisions
of a given OSCAL-based publication. The metadata for a previous revision can be represented
as a revision within this object. Links may also be provided using the predecessor-version and successor-version link relations to provide for direct access to the related resource. These relations
can be provided as a link child of this object or as link within a given revision.
A responsible-party entry in this context refers to roles and parties that have responsibility relative
to the production, review, publication, and use of the containing document.
Remarks
Use of set-parameter in this context, sets the parameter for all controls referenced by any implemented-requirement contained in this context. Any set-parameter defined in a child context will override this value. If not overridden by a child,
this value applies in the child context.
Remarks
Provides a collection of identified resource objects that can be referenced by a link with a rel value of "reference" and an href value that is a fragment "#" followed by a reference to a reference's uuid. Other specialized link "rel" values also use this pattern when indicated in that
context of use.
description A type of user that interacts with the system based on an associated role.
Remarks
Permissible values to be determined closer to the application, such as by a receiving authority.
Constraints (4)
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name
The value must be one of the following:
- type: The type of user, such as internal, external, or general-public.
- privilege-level: The user's privilege level within the system, such as privileged, non-privileged, no-logical-access.
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='type']/@value
The value must be one of the following:
- internal: A user account for a person or entity that is part of the organization who owns or operates the system.
- external: A user account for a person or entity that is not part of the organization who owns or operates the system.
- general-public: A user of the system considered to be outside
allowed values for prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='privilege-level']/@value
The value must be one of the following:
- privileged: This role has elevated access to the system, such as a group or system administrator.
- non-privileged: This role has typical user-level access to the system without elevated access.
- no-logical-access: This role has no access to the system, such as a manager who approves access as part of a process.
allowed values for role-id
The value may be locally defined, or one of the following:
- asset-owner: Accountable for ensuring the asset is managed in accordance with organizational policies and procedures.
- asset-administrator: Responsible for administering a set of assets.
- security-operations: Members of the security operations center (SOC).
- network-operations: Members of the network operations center (NOC).
- incident-response: Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions.
- help-desk: Responsible for providing information and support to users.
- configuration-management: Responsible for the configuration management processes governing changes to the asset.
Attribute (1):
description A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported
OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions
of the document.
Elements (8):
description A name given to the user, which may be used by a tool for display and navigation.
description A short common name, abbreviation, or acronym for the user.
description A summary of the user's purpose within the system.
use name prop
Remarks
Properties permit the deployment and management of arbitrary controlled values, within OSCAL objects. A property can be included for any purpose useful to an application or implementation. Typically, properties will be used to sort, filter, select, order, and arrange OSCAL content objects, to relate OSCAL objects to one another, or to associate an OSCAL object to class hierarchies, taxonomies, or external authorities. Thus, the lexical composition of properties may be constrained by external processes to ensure consistency.
Property allows for associated remarks that describe why the specific property value was applied to the containing object, or the significance of the value in the context of the containing object.
Remarks
To provide a cryptographic hash for a remote target resource, a local reference to
a back matter resource is needed. The resource allows one or more hash values to be provided using the rlink/hash object.
The OSCAL link is a roughly based on the HTML link element.
Remarks
The remarks field SHOULD not be used to store arbitrary data. Instead, a prop or link should be used to annotate or reference any additional data not formally supported
by OSCAL.
description A telephone service number as defined by ITU-T E.164.
Constraint (1)
matches: a target (value) must match the regular expression '^[0-9]{3}[0-9]{1,12}$'.
Attribute (1):
description Indicates the type of phone number.
Constraint (1)
allowed values
The value may be locally defined, or one of the following:
- home: A home phone number.
- office: An office phone number.
- mobile: A mobile phone number.
description Used to distinguish a specific revision of an OSCAL document from other previous and future versions.
Remarks
A version may be a release number, sequence number, date, or other identifier sufficient to distinguish between different document revisions.
While not required, it is recommended that OSCAL content authors use Semantic Versioning as the version format. This allows for the easy identification of a version tree consisting of major, minor, and patch numbers.
A version is typically set by the document owner or by the tool used to maintain the content.