@mitre/hdf-schema 3.0.1 → 3.1.0

package/src/schemas/hdf-amendments.schema.json

@@ -1,97 +0,0 @@
-{
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://mitre.github.io/hdf-libs/schemas/hdf-amendments/v3.0.0",
-  "title": "HDF Amendments",
-  "description": "Waivers, attestations, exceptions, and POA&Ms that modify requirement compliance status. Amendments are standalone documents that can be applied to results via merge operations.",
-  "type": "object",
-  "unevaluatedProperties": false,
-  "required": [
-    "name",
-    "overrides"
-  ],
-  "properties": {
-    "amendmentId": {
-      "type": "string",
-      "format": "uuid",
-      "description": "Unique identifier for this amendments document. Useful for cross-referencing when multiple amendment documents target the same results."
-    },
-    "name": {
-      "type": "string",
-      "description": "Human-readable name for this amendments document. Example: 'Portal Q1 2026 Waivers'."
-    },
-    "description": {
-      "type": "string",
-      "description": "Description of the amendments' purpose and scope."
-    },
-    "systemRef": {
-      "type": "string",
-      "format": "uri-reference",
-      "description": "URI to the hdf-system document these amendments apply to."
-    },
-    "appliedBy": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Identity",
-      "description": "Default identity of who created this amendments document. Individual overrides may specify their own appliedBy."
-    },
-    "approvedBy": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Identity",
-      "description": "Identity of the authorizing official who approved these amendments."
-    },
-    "overrides": {
-      "type": "array",
-      "minItems": 1,
-      "items": {
-        "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/amendments/v3.0.0#/$defs/Standalone_Override"
-      },
-      "description": "The set of amendments (waivers, attestations, exceptions, POA&Ms)."
-    },
-    "labels": {
-      "type": "object",
-      "additionalProperties": {
-        "type": "string"
-      },
-      "description": "Optional key-value labels for grouping and querying amendments."
-    },
-    "integrity": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/extensions/v3.0.0#/$defs/Integrity",
-      "description": "Cryptographic integrity information for verifying this amendments document has not been tampered with."
-    },
-    "signature": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Signature",
-      "description": "Document-level digital signature covering all amendments."
-    },
-    "version": {
-      "type": "string",
-      "description": "Version of this amendments document."
-    },
-    "generator": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/extensions/v3.0.0#/$defs/Generator",
-      "description": "Information about the tool that generated this document."
-    }
-  },
-  "examples": [
-    {
-      "name": "Portal Q1 2026 Waivers",
-      "systemRef": "portal-prod.hdf-system.json",
-      "approvedBy": { "type": "email", "identifier": "ao@agency.gov" },
-      "overrides": [
-        {
-          "type": "waiver",
-          "requirementId": "SV-257777",
-          "baselineRef": "RHEL9-STIG",
-          "status": "passed",
-          "reason": "Compensating control: session timeout set to 15 min",
-          "appliedBy": { "type": "email", "identifier": "ao@agency.gov" },
-          "appliedAt": "2026-01-15T10:00:00Z",
-          "expiresAt": "2026-06-30T00:00:00Z",
-          "evidence": [
-            {
-              "type": "url",
-              "data": "https://jira.agency.gov/CYBER-4521",
-              "description": "ISSM approval with compensating control documentation"
-            }
-          ]
-        }
-      ]
-    }
-  ]
-}

package/src/schemas/hdf-baseline.schema.json

@@ -1,190 +0,0 @@
-{
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://mitre.github.io/hdf-libs/schemas/hdf-baseline/v3.0.0",
-  "type": "object",
-  "unevaluatedProperties": false,
-  "required": [
-    "name",
-    "requirements"
-  ],
-  "allOf": [
-    {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Baseline_Metadata"
-    }
-  ],
-  "properties": {
-    "requirements": {
-      "type": "array",
-      "minItems": 1,
-      "items": {
-        "$ref": "#/$defs/Baseline_Requirement"
-      },
-      "description": "The set of requirements - contains no findings as the assessment has not yet occurred."
-    },
-    "groups": {
-      "type": "array",
-      "items": {
-        "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Requirement_Group"
-      },
-      "description": "A set of descriptions for the requirement groups."
-    },
-    "inputs": {
-      "type": "array",
-      "items": {
-        "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/parameter/v3.0.0#/$defs/Input"
-      },
-      "description": "The input(s) or attribute(s) to be used in the run."
-    },
-    "integrity": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/extensions/v3.0.0#/$defs/Integrity",
-      "description": "Cryptographic integrity information for verifying this baseline has not been tampered with."
-    },
-    "remediation": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Remediation",
-      "description": "Optional reference to automated remediation resources (Ansible playbooks, Terraform scripts, etc.) for implementing the security controls defined in this baseline."
-    },
-    "depends": {
-      "type": "array",
-      "items": {
-        "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Dependency"
-      },
-      "description": "The set of dependencies this baseline depends on."
-    },
-    "generator": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/extensions/v3.0.0#/$defs/Generator",
-      "description": "The tool that generated this file."
-    }
-  },
-  "examples": [
-    {
-      "name": "ubuntu-2204-stig-baseline",
-      "title": "Canonical Ubuntu 22.04 LTS STIG Baseline",
-      "version": "1.2.0",
-      "maintainer": "DISA STIG Team",
-      "license": "Apache-2.0",
-      "summary": "Security Technical Implementation Guide for Ubuntu 22.04 LTS",
-      "supports": [
-        {
-          "platformName": "ubuntu",
-          "platformFamily": "debian",
-          "release": "22.04"
-        }
-      ],
-      "requirements": [
-        {
-          "id": "SV-260476",
-          "title": "Ubuntu 22.04 LTS must enforce password complexity",
-          "impact": 0.5,
-          "tags": {
-            "nist": ["IA-5"],
-            "severity": "medium",
-            "gtitle": "SRG-OS-000069-GPOS-00037"
-          },
-          "descriptions": [
-            {
-              "label": "default",
-              "data": "Use of a complex password helps to increase the time and resources required to compromise the password."
-            },
-            {
-              "label": "check",
-              "data": "Verify the value of 'minlen' in /etc/security/pwquality.conf is 15 or more."
-            },
-            {
-              "label": "fix",
-              "data": "Configure Ubuntu 22.04 LTS to enforce a minimum 15-character password length by adding 'minlen = 15' to /etc/security/pwquality.conf."
-            }
-          ]
-        },
-        {
-          "id": "SV-260477",
-          "title": "Ubuntu 22.04 LTS must configure audit logging",
-          "impact": 0.7,
-          "tags": {
-            "nist": ["AU-3", "AU-12"],
-            "severity": "high",
-            "gtitle": "SRG-OS-000037-GPOS-00015"
-          },
-          "descriptions": [
-            {
-              "label": "default",
-              "data": "Without establishing what type of events occurred, it would be difficult to establish, correlate, and investigate security incidents."
-            }
-          ]
-        }
-      ],
-      "groups": [
-        {
-          "id": "controls/SV-260476.rb",
-          "title": "Password Configuration",
-          "requirements": ["SV-260476"]
-        }
-      ]
-    }
-  ],
-  "description": "Information on the set of requirements that can be assessed, including baseline metadata and requirement definitions.",
-  "title": "HDF Baseline",
-  "$defs": {
-    "Baseline_Requirement": {
-      "type": "object",
-      "unevaluatedProperties": false,
-      "required": [
-        "id",
-        "impact",
-        "tags",
-        "descriptions"
-      ],
-      "allOf": [
-        {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Requirement_Core"
-        }
-      ],
-      "properties": {
-        "descriptions": {
-          "$ref": "#/$defs/Baseline_Requirement_Descriptions",
-          "description": "Array of labeled descriptions. At least one description with label 'default' must be present. Convention: place default description first. Common labels: 'default', 'check', 'fix', 'rationale'."
-        },
-        "severity": {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Severity",
-          "description": "Explicit severity rating. Typically derived from impact score but provided explicitly for clarity."
-        }
-      },
-      "description": "A requirement definition without assessment results.",
-      "title": "Baseline Requirement"
-    },
-    "Baseline_Requirement_Descriptions": {
-      "type": "array",
-      "minItems": 1,
-      "items": {
-        "type": "object",
-        "unevaluatedProperties": false,
-        "required": [
-          "label",
-          "data"
-        ],
-        "properties": {
-          "label": {
-            "type": "string",
-            "description": "Description category. The 'default' label is required for the primary description. Common labels: 'default', 'check', 'fix', 'rationale'. Tools may use custom labels."
-          },
-          "data": {
-            "type": "string",
-            "description": "The description text content."
-          }
-        }
-      },
-      "contains": {
-        "type": "object",
-        "required": [
-          "label"
-        ],
-        "properties": {
-          "label": {
-            "const": "default"
-          }
-        }
-      },
-      "description": "Array of labeled descriptions. At least one description with label 'default' must be present.",
-      "title": "Baseline Requirement Descriptions"
-    }
-  }
-}

package/src/schemas/hdf-comparison.schema.json

@@ -1,107 +0,0 @@
-{
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://mitre.github.io/hdf-libs/schemas/hdf-comparison/v3.0.0",
-  "type": "object",
-  "unevaluatedProperties": false,
-  "required": [
-    "formatVersion",
-    "comparisonMode",
-    "sources",
-    "summary",
-    "requirementDiffs"
-  ],
-  "properties": {
-    "formatVersion": {
-      "type": "string",
-      "const": "1.0.0",
-      "description": "Schema version for this comparison format."
-    },
-    "comparisonMode": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/comparison/v3.0.0#/$defs/Comparison_Mode",
-      "description": "The mode of comparison being performed."
-    },
-    "timestamp": {
-      "type": "string",
-      "format": "date-time",
-      "description": "When this comparison was performed."
-    },
-    "generator": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/extensions/v3.0.0#/$defs/Generator",
-      "description": "Information about the tool that generated this comparison."
-    },
-    "sources": {
-      "type": "array",
-      "minItems": 2,
-      "items": {
-        "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/comparison/v3.0.0#/$defs/Source"
-      },
-      "description": "The source documents being compared. At least two sources are required."
-    },
-    "matching": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/comparison/v3.0.0#/$defs/Matching_Config",
-      "description": "Configuration for how requirements were matched across sources."
-    },
-    "summary": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/comparison/v3.0.0#/$defs/Comparison_Summary",
-      "description": "Summary statistics for the overall comparison."
-    },
-    "baselineDiffs": {
-      "type": "array",
-      "items": {
-        "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/comparison/v3.0.0#/$defs/Baseline_Diff"
-      },
-      "description": "Comparison of baselines between sources."
-    },
-    "requirementDiffs": {
-      "type": "array",
-      "items": {
-        "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/comparison/v3.0.0#/$defs/Requirement_Diff"
-      },
-      "description": "Detailed comparison of individual requirements between sources."
-    },
-    "componentDiffs": {
-      "type": "array",
-      "items": {
-        "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/comparison/v3.0.0#/$defs/Component_Diff"
-      },
-      "description": "Comparison of components between two system documents. Used in systemDrift mode."
-    },
-    "packageDiffs": {
-      "type": "array",
-      "items": {
-        "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/comparison/v3.0.0#/$defs/Package_Diff"
-      },
-      "description": "Comparison of packages between two SBOMs. Used in systemDrift mode for SBOM comparison."
-    },
-    "systemRef": {
-      "type": "string",
-      "format": "uri-reference",
-      "description": "URI identifying the system being compared in systemDrift mode."
-    },
-    "drift": {
-      "type": "array",
-      "items": {
-        "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/comparison/v3.0.0#/$defs/Requirement_Diff"
-      },
-      "description": "External/metadata changes separate from status changes (Terraform pattern)."
-    },
-    "annotations": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/comparison/v3.0.0#/$defs/Annotation"
-      },
-      "description": "Map of annotation IDs to annotation objects, providing context or action items for requirement diffs."
-    },
-    "integrity": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/extensions/v3.0.0#/$defs/Integrity",
-      "description": "Cryptographic integrity information for verifying this comparison document."
-    },
-    "extensions": {
-      "type": "object",
-      "additionalProperties": true,
-      "description": "Reserved for tool-specific data not defined in the HDF standard."
-    }
-  },
-  "description": "Structured comparison between two or more HDF security assessment documents. Supports temporal, baseline, fleet, and multi-source comparison modes.",
-  "title": "HDF Comparison"
-}

package/src/schemas/hdf-evidence-package.schema.json

@@ -1,227 +0,0 @@
-{
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://mitre.github.io/hdf-libs/schemas/hdf-evidence-package/v3.0.0",
-  "title": "HDF Evidence Package",
-  "description": "Bundles references to all HDF documents for audit, authorization, and compliance review. Each content entry references a document by type, URI, and checksum for integrity verification.",
-  "type": "object",
-  "unevaluatedProperties": false,
-  "required": [
-    "name",
-    "contents"
-  ],
-  "properties": {
-    "packageId": {
-      "type": "string",
-      "format": "uuid",
-      "description": "Unique identifier for this evidence package. Optional in casual use, expected in production ATO submissions. Auto-generated if omitted during creation."
-    },
-    "name": {
-      "type": "string",
-      "description": "Human-readable name for this evidence package. Example: 'Enterprise Portal ATO Evidence - Q1 2026'."
-    },
-    "description": {
-      "type": "string",
-      "description": "Description of the evidence package's purpose and scope."
-    },
-    "systemRef": {
-      "type": "string",
-      "format": "uri-reference",
-      "description": "URI to the hdf-system document this evidence package covers."
-    },
-    "planRef": {
-      "type": "string",
-      "format": "uri-reference",
-      "description": "URI to the hdf-plan document that drove this assessment. Used for completeness verification — every baseline in the plan should have a corresponding results document in this package."
-    },
-    "preparedBy": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Identity",
-      "description": "Identity of who prepared this evidence package."
-    },
-    "preparedAt": {
-      "type": "string",
-      "format": "date-time",
-      "description": "When this evidence package was prepared. ISO 8601 format."
-    },
-    "contents": {
-      "type": "array",
-      "minItems": 1,
-      "items": {
-        "$ref": "#/$defs/Content_Reference"
-      },
-      "description": "References to HDF documents included in this evidence package."
-    },
-    "completenessCheck": {
-      "$ref": "#/$defs/Completeness_Check",
-      "description": "Summary of assessment completeness and compliance status."
-    },
-    "signature": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Signature",
-      "description": "Digital signature covering the entire evidence package."
-    },
-    "labels": {
-      "type": "object",
-      "additionalProperties": {
-        "type": "string"
-      },
-      "description": "Optional key-value labels for grouping and querying evidence packages."
-    },
-    "integrity": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/extensions/v3.0.0#/$defs/Integrity",
-      "description": "Cryptographic integrity information for verifying this evidence package has not been tampered with."
-    },
-    "version": {
-      "type": "string",
-      "description": "Version of this evidence package."
-    },
-    "generator": {
-      "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/extensions/v3.0.0#/$defs/Generator",
-      "description": "Information about the tool that generated this document."
-    }
-  },
-  "$defs": {
-    "Content_Type": {
-      "type": "string",
-      "enum": [
-        "hdf-system",
-        "hdf-baseline",
-        "hdf-plan",
-        "hdf-results",
-        "hdf-amendments",
-        "hdf-comparison",
-        "sbom"
-      ],
-      "description": "The type of document referenced in the evidence package.",
-      "title": "Content Type"
-    },
-    "Content_Reference": {
-      "type": "object",
-      "unevaluatedProperties": false,
-      "required": [
-        "type",
-        "uri"
-      ],
-      "properties": {
-        "type": {
-          "$ref": "#/$defs/Content_Type",
-          "description": "The type of HDF document being referenced."
-        },
-        "uri": {
-          "type": "string",
-          "format": "uri-reference",
-          "description": "URI to the document. Can be a relative path or absolute URL."
-        },
-        "checksum": {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Checksum",
-          "description": "Cryptographic checksum for verifying the referenced document's integrity."
-        },
-        "description": {
-          "type": "string",
-          "description": "Optional description of this content entry."
-        },
-        "componentRef": {
-          "type": "string",
-          "format": "uuid",
-          "description": "componentId of the component this content entry relates to. Use to link SBOMs, results, or other documents to a specific system component."
-        }
-      },
-      "examples": [
-        {
-          "type": "hdf-system",
-          "uri": "portal-prod.hdf-system.json",
-          "checksum": { "algorithm": "sha256", "value": "aaa111..." }
-        },
-        {
-          "type": "hdf-results",
-          "uri": "portal-scan-march-2026.json",
-          "checksum": { "algorithm": "sha256", "value": "ddd444..." },
-          "description": "March 2026 monthly scan results"
-        },
-        {
-          "type": "sbom",
-          "uri": "https://artifacts.agency.gov/sbom/webtier.cdx.json",
-          "description": "WebTier CycloneDX SBOM"
-        }
-      ],
-      "description": "A reference to an HDF document or SBOM included in the evidence package.",
-      "title": "Content Reference"
-    },
-    "SBOM_Coverage": {
-      "type": "object",
-      "unevaluatedProperties": false,
-      "properties": {
-        "componentsWithSbom": {
-          "type": "integer",
-          "minimum": 0,
-          "description": "Number of system components that have an associated SBOM."
-        },
-        "totalComponents": {
-          "type": "integer",
-          "minimum": 0,
-          "description": "Total number of components in the system."
-        }
-      },
-      "description": "SBOM coverage statistics for the system.",
-      "title": "SBOM Coverage"
-    },
-    "Completeness_Check": {
-      "type": "object",
-      "unevaluatedProperties": false,
-      "properties": {
-        "allBaselinesAssessed": {
-          "type": "boolean",
-          "description": "Whether all baselines referenced by system components have assessment results."
-        },
-        "allComponentsCovered": {
-          "type": "boolean",
-          "description": "Whether all system components have at least one matching target in the results."
-        },
-        "expiredWaivers": {
-          "type": "integer",
-          "minimum": 0,
-          "description": "Number of waivers/amendments that have expired."
-        },
-        "unresolvedPoams": {
-          "type": "integer",
-          "minimum": 0,
-          "description": "Number of POA&M items that are still open (not completed)."
-        },
-        "compliancePercent": {
-          "type": "number",
-          "minimum": 0,
-          "maximum": 100,
-          "description": "Overall compliance percentage across all assessments."
-        },
-        "sbomCoverage": {
-          "$ref": "#/$defs/SBOM_Coverage",
-          "description": "SBOM coverage across system components."
-        }
-      },
-      "description": "Informational summary of assessment completeness. Not authoritative — tools should compute these from the referenced documents.",
-      "title": "Completeness Check"
-    }
-  },
-  "examples": [
-    {
-      "name": "Enterprise Portal ATO Evidence - Q1 2026",
-      "systemRef": "portal-prod.hdf-system.json",
-      "preparedBy": { "type": "email", "identifier": "compliance@agency.gov" },
-      "preparedAt": "2026-03-31T12:00:00Z",
-      "contents": [
-        { "type": "hdf-system", "uri": "portal-prod.hdf-system.json", "checksum": { "algorithm": "sha256", "value": "aaa111" } },
-        { "type": "hdf-baseline", "uri": "rhel9-stig.hdf-baseline.json", "checksum": { "algorithm": "sha256", "value": "bbb222" } },
-        { "type": "hdf-plan", "uri": "portal-monthly-scan.hdf-plan.json", "checksum": { "algorithm": "sha256", "value": "ccc333" } },
-        { "type": "hdf-results", "uri": "portal-scan-march.json", "checksum": { "algorithm": "sha256", "value": "ddd444" } },
-        { "type": "hdf-amendments", "uri": "portal-waivers-q1.json", "checksum": { "algorithm": "sha256", "value": "eee555" } },
-        { "type": "hdf-comparison", "uri": "portal-diff-feb-mar.json", "checksum": { "algorithm": "sha256", "value": "fff666" } }
-      ],
-      "completenessCheck": {
-        "allBaselinesAssessed": true,
-        "allComponentsCovered": true,
-        "expiredWaivers": 0,
-        "unresolvedPoams": 2,
-        "compliancePercent": 95.8,
-        "sbomCoverage": { "componentsWithSbom": 3, "totalComponents": 5 }
-      }
-    }
-  ]
-}