https://pages.nist.gov/OSCAL/concepts/layer/assessment/