@mitre/hdf-schema 3.0.1 → 3.1.0-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.md +55 -0
- package/README.md +83 -40
- package/dist/go/hdf.go +148 -104
- package/dist/index.d.ts +26 -1
- package/dist/index.js +26 -1
- package/dist/schemas/hdf-amendments.schema.json +178 -53
- package/dist/schemas/hdf-baseline.schema.json +181 -56
- package/dist/schemas/hdf-comparison.schema.json +523 -108
- package/dist/schemas/hdf-evidence-package.schema.json +175 -50
- package/dist/schemas/hdf-plan.schema.json +181 -56
- package/dist/schemas/hdf-results.schema.json +502 -87
- package/dist/schemas/hdf-system.schema.json +190 -65
- package/dist/ts/hdf-amendments.d.ts +43 -15
- package/dist/ts/hdf-amendments.js +18 -7
- package/dist/ts/hdf-amendments.ts +44 -15
- package/dist/ts/hdf-results.d.ts +91 -37
- package/dist/ts/hdf-results.js +40 -20
- package/dist/ts/hdf-results.ts +91 -36
- package/package.json +44 -45
- package/dist/python/hdf_amendments.py +0 -695
- package/dist/python/hdf_baseline.py +0 -782
- package/dist/python/hdf_comparison.py +0 -1771
- package/dist/python/hdf_evidence_package.py +0 -593
- package/dist/python/hdf_plan.py +0 -363
- package/dist/python/hdf_results.py +0 -2163
- package/dist/python/hdf_system.py +0 -904
- package/src/schemas/hdf-amendments.schema.json +0 -97
- package/src/schemas/hdf-baseline.schema.json +0 -190
- package/src/schemas/hdf-comparison.schema.json +0 -107
- package/src/schemas/hdf-evidence-package.schema.json +0 -227
- package/src/schemas/hdf-plan.schema.json +0 -92
- package/src/schemas/hdf-results.schema.json +0 -304
- package/src/schemas/hdf-system.schema.json +0 -136
- package/src/schemas/primitives/amendments.schema.json +0 -155
- package/src/schemas/primitives/common.schema.json +0 -814
- package/src/schemas/primitives/comparison.schema.json +0 -809
- package/src/schemas/primitives/component.schema.json +0 -518
- package/src/schemas/primitives/data-flow.schema.json +0 -158
- package/src/schemas/primitives/extensions.schema.json +0 -342
- package/src/schemas/primitives/parameter.schema.json +0 -128
- package/src/schemas/primitives/plan.schema.json +0 -128
- package/src/schemas/primitives/platform.schema.json +0 -32
- package/src/schemas/primitives/result.schema.json +0 -133
- package/src/schemas/primitives/runner.schema.json +0 -83
- package/src/schemas/primitives/statistics.schema.json +0 -71
- package/src/schemas/primitives/system.schema.json +0 -132
- package/src/schemas/primitives/target.schema.json +0 -523
|
@@ -1,155 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
-
"$id": "https://mitre.github.io/hdf-libs/schemas/primitives/amendments/v3.0.0",
|
|
4
|
-
"title": "HDF Amendment Primitives",
|
|
5
|
-
"description": "Types for waivers, attestations, exceptions, and POA&Ms that modify requirement compliance status.",
|
|
6
|
-
"$defs": {
|
|
7
|
-
"Override_Type": {
|
|
8
|
-
"type": "string",
|
|
9
|
-
"enum": [
|
|
10
|
-
"waiver",
|
|
11
|
-
"attestation",
|
|
12
|
-
"exception",
|
|
13
|
-
"poam",
|
|
14
|
-
"inherited"
|
|
15
|
-
],
|
|
16
|
-
"description": "The type of amendment. 'waiver': risk accepted (AO). 'attestation': manually verified (assessor). 'exception': not applicable (system owner + AO). 'poam': remediation tracked (no status change). 'inherited': control provided by another component or system (overrides to notApplicable/passed).",
|
|
17
|
-
"title": "Override Type"
|
|
18
|
-
},
|
|
19
|
-
"Standalone_Override": {
|
|
20
|
-
"type": "object",
|
|
21
|
-
"unevaluatedProperties": false,
|
|
22
|
-
"required": [
|
|
23
|
-
"type",
|
|
24
|
-
"requirementId",
|
|
25
|
-
"status",
|
|
26
|
-
"reason",
|
|
27
|
-
"appliedBy",
|
|
28
|
-
"appliedAt",
|
|
29
|
-
"expiresAt"
|
|
30
|
-
],
|
|
31
|
-
"properties": {
|
|
32
|
-
"type": {
|
|
33
|
-
"$ref": "#/$defs/Override_Type",
|
|
34
|
-
"description": "The type of amendment."
|
|
35
|
-
},
|
|
36
|
-
"requirementId": {
|
|
37
|
-
"type": "string",
|
|
38
|
-
"description": "The ID of the requirement being amended. Must match a requirement ID in the referenced baseline."
|
|
39
|
-
},
|
|
40
|
-
"baselineRef": {
|
|
41
|
-
"type": "string",
|
|
42
|
-
"description": "Name of the baseline containing the requirement. Required when the system has multiple baselines with potentially overlapping requirement IDs."
|
|
43
|
-
},
|
|
44
|
-
"status": {
|
|
45
|
-
"$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/result/v3.0.0#/$defs/Result_Status",
|
|
46
|
-
"description": "The new status this amendment sets. For POA&Ms, this is the current status (POA&Ms track work, they don't change status)."
|
|
47
|
-
},
|
|
48
|
-
"reason": {
|
|
49
|
-
"type": "string",
|
|
50
|
-
"description": "Justification for this amendment."
|
|
51
|
-
},
|
|
52
|
-
"appliedBy": {
|
|
53
|
-
"$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Identity",
|
|
54
|
-
"description": "Identity of who applied this amendment."
|
|
55
|
-
},
|
|
56
|
-
"appliedAt": {
|
|
57
|
-
"type": "string",
|
|
58
|
-
"format": "date-time",
|
|
59
|
-
"description": "When this amendment was applied. ISO 8601 format."
|
|
60
|
-
},
|
|
61
|
-
"expiresAt": {
|
|
62
|
-
"type": "string",
|
|
63
|
-
"format": "date-time",
|
|
64
|
-
"description": "When this amendment expires and must be reviewed. No permanent amendments. ISO 8601 format."
|
|
65
|
-
},
|
|
66
|
-
"evidence": {
|
|
67
|
-
"type": "array",
|
|
68
|
-
"items": {
|
|
69
|
-
"$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Evidence"
|
|
70
|
-
},
|
|
71
|
-
"description": "Supporting evidence (screenshots, logs, URLs, documents)."
|
|
72
|
-
},
|
|
73
|
-
"signature": {
|
|
74
|
-
"$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Signature",
|
|
75
|
-
"description": "Digital signature for non-repudiation."
|
|
76
|
-
},
|
|
77
|
-
"previousChecksum": {
|
|
78
|
-
"$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Checksum",
|
|
79
|
-
"description": "Checksum of the prior amendment in the chain. Creates a tamper-evident linked list. Null for the first amendment."
|
|
80
|
-
},
|
|
81
|
-
"milestones": {
|
|
82
|
-
"type": "array",
|
|
83
|
-
"items": {
|
|
84
|
-
"$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Milestone"
|
|
85
|
-
},
|
|
86
|
-
"description": "Remediation milestones (primarily for POA&M type amendments)."
|
|
87
|
-
},
|
|
88
|
-
"inheritedFrom": {
|
|
89
|
-
"type": "string",
|
|
90
|
-
"format": "uuid",
|
|
91
|
-
"description": "componentId of the local component that provides this control. Set when the provider is in the same system. Omit for external or cross-system providers; the reason field explains the source. Primarily used with type 'inherited'."
|
|
92
|
-
},
|
|
93
|
-
"componentRef": {
|
|
94
|
-
"type": "string",
|
|
95
|
-
"format": "uuid",
|
|
96
|
-
"description": "componentId of the component this amendment is scoped to. When set, the amendment only applies to the specified component. When omitted, the amendment applies system-wide."
|
|
97
|
-
}
|
|
98
|
-
},
|
|
99
|
-
"examples": [
|
|
100
|
-
{
|
|
101
|
-
"type": "waiver",
|
|
102
|
-
"requirementId": "SV-257777",
|
|
103
|
-
"baselineRef": "RHEL9-STIG",
|
|
104
|
-
"status": "passed",
|
|
105
|
-
"reason": "Compensating control: session timeout set to 15 min",
|
|
106
|
-
"appliedBy": { "type": "email", "identifier": "ao@agency.gov" },
|
|
107
|
-
"appliedAt": "2026-01-15T10:00:00Z",
|
|
108
|
-
"expiresAt": "2026-06-30T00:00:00Z",
|
|
109
|
-
"evidence": [
|
|
110
|
-
{
|
|
111
|
-
"type": "url",
|
|
112
|
-
"data": "https://jira.agency.gov/CYBER-4521",
|
|
113
|
-
"description": "ISSM approval with compensating control documentation"
|
|
114
|
-
}
|
|
115
|
-
]
|
|
116
|
-
},
|
|
117
|
-
{
|
|
118
|
-
"type": "poam",
|
|
119
|
-
"requirementId": "SV-258001",
|
|
120
|
-
"baselineRef": "RHEL9-STIG",
|
|
121
|
-
"status": "failed",
|
|
122
|
-
"reason": "Patch requires vendor release, expected Q2 2026",
|
|
123
|
-
"appliedBy": { "type": "email", "identifier": "sysadmin@agency.gov" },
|
|
124
|
-
"appliedAt": "2026-01-20T09:00:00Z",
|
|
125
|
-
"expiresAt": "2026-07-01T00:00:00Z",
|
|
126
|
-
"milestones": [
|
|
127
|
-
{
|
|
128
|
-
"description": "Vendor patch release",
|
|
129
|
-
"estimatedCompletion": "2026-04-15T00:00:00Z",
|
|
130
|
-
"status": "pending"
|
|
131
|
-
},
|
|
132
|
-
{
|
|
133
|
-
"description": "Apply patch to all servers",
|
|
134
|
-
"estimatedCompletion": "2026-05-01T00:00:00Z",
|
|
135
|
-
"status": "pending"
|
|
136
|
-
}
|
|
137
|
-
]
|
|
138
|
-
},
|
|
139
|
-
{
|
|
140
|
-
"type": "inherited",
|
|
141
|
-
"requirementId": "SV-230368",
|
|
142
|
-
"baselineRef": "RHEL9-STIG",
|
|
143
|
-
"status": "notApplicable",
|
|
144
|
-
"reason": "IA-2 is a common control provided by Keycloak SSO. This application has no local authentication mechanism.",
|
|
145
|
-
"inheritedFrom": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
|
|
146
|
-
"appliedBy": { "type": "email", "identifier": "issm@agency.gov" },
|
|
147
|
-
"appliedAt": "2026-03-26T10:00:00Z",
|
|
148
|
-
"expiresAt": "2026-09-26T00:00:00Z"
|
|
149
|
-
}
|
|
150
|
-
],
|
|
151
|
-
"description": "A standalone amendment that modifies a requirement's compliance status. Extends the inline Status_Override concept with requirementId and baselineRef for use outside of results documents.",
|
|
152
|
-
"title": "Standalone Override"
|
|
153
|
-
}
|
|
154
|
-
}
|
|
155
|
-
}
|