https://pages.nist.gov/OSCAL/concepts/layer/implementation/ssp/