mcp-server-for-oscal 0.1.5__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. mcp_server_for_oscal/__init__.py +0 -0
  2. mcp_server_for_oscal/__main__.py +7 -0
  3. mcp_server_for_oscal/config.py +72 -0
  4. mcp_server_for_oscal/main.py +131 -0
  5. mcp_server_for_oscal/oscal_agent.py +40 -0
  6. mcp_server_for_oscal/oscal_docs/awesome-oscal.md +181 -0
  7. mcp_server_for_oscal/oscal_schemas/README.md +116 -0
  8. mcp_server_for_oscal/oscal_schemas/oscal_assessment-plan_schema.json +1 -0
  9. mcp_server_for_oscal/oscal_schemas/oscal_assessment-plan_schema.xsd +5268 -0
  10. mcp_server_for_oscal/oscal_schemas/oscal_assessment-results_schema.json +1 -0
  11. mcp_server_for_oscal/oscal_schemas/oscal_assessment-results_schema.xsd +5555 -0
  12. mcp_server_for_oscal/oscal_schemas/oscal_catalog_schema.json +1 -0
  13. mcp_server_for_oscal/oscal_schemas/oscal_catalog_schema.xsd +2071 -0
  14. mcp_server_for_oscal/oscal_schemas/oscal_complete_schema.json +1 -0
  15. mcp_server_for_oscal/oscal_schemas/oscal_complete_schema.xsd +9326 -0
  16. mcp_server_for_oscal/oscal_schemas/oscal_component_schema.json +1 -0
  17. mcp_server_for_oscal/oscal_schemas/oscal_component_schema.xsd +3011 -0
  18. mcp_server_for_oscal/oscal_schemas/oscal_mapping_schema.json +1 -0
  19. mcp_server_for_oscal/oscal_schemas/oscal_mapping_schema.xsd +2226 -0
  20. mcp_server_for_oscal/oscal_schemas/oscal_poam_schema.json +1 -0
  21. mcp_server_for_oscal/oscal_schemas/oscal_poam_schema.xsd +5406 -0
  22. mcp_server_for_oscal/oscal_schemas/oscal_profile_schema.json +1 -0
  23. mcp_server_for_oscal/oscal_schemas/oscal_profile_schema.xsd +2493 -0
  24. mcp_server_for_oscal/oscal_schemas/oscal_ssp_schema.json +1 -0
  25. mcp_server_for_oscal/oscal_schemas/oscal_ssp_schema.xsd +3945 -0
  26. mcp_server_for_oscal/py.typed +0 -0
  27. mcp_server_for_oscal/tools/__init__.py +5 -0
  28. mcp_server_for_oscal/tools/get_schema.py +101 -0
  29. mcp_server_for_oscal/tools/list_models.py +79 -0
  30. mcp_server_for_oscal/tools/list_oscal_resources.py +123 -0
  31. mcp_server_for_oscal/tools/query_documentation.py +75 -0
  32. mcp_server_for_oscal/tools/utils.py +37 -0
  33. mcp_server_for_oscal-0.1.5.dist-info/METADATA +137 -0
  34. mcp_server_for_oscal-0.1.5.dist-info/RECORD +38 -0
  35. mcp_server_for_oscal-0.1.5.dist-info/WHEEL +4 -0
  36. mcp_server_for_oscal-0.1.5.dist-info/entry_points.txt +2 -0
  37. mcp_server_for_oscal-0.1.5.dist-info/licenses/LICENSE +175 -0
  38. mcp_server_for_oscal-0.1.5.dist-info/licenses/NOTICE +1 -0
mcp_server_for_oscal/oscal_schemas/oscal_ssp_schema.json ADDED
@@ -0,0 +1 @@
1
+ {"$schema":"http://json-schema.org/draft-07/schema#","$id":"http://csrc.nist.gov/ns/oscal/1.2.0/oscal-ssp-schema.json","$comment":"OSCAL System Security Plan (SSP) Model: JSON Schema","type":"object","definitions":{"json-schema-directive":{"title":"Schema Directive","description":"A JSON Schema directive to bind a specific schema to its document instance.","$id":"#/definitions/json-schema-directive","$ref":"#/definitions/URIReferenceDatatype"},"oscal-ssp-oscal-ssp:system-security-plan":{"title":"System Security Plan (SSP)","description":"A system security plan, such as those described in NIST SP 800-18.","$id":"#/definitions/oscal-ssp-oscal-ssp:system-security-plan","type":"object","properties":{"uuid":{"title":"System Security Plan Universally Unique Identifier","description":"A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"metadata":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:metadata"},"import-profile":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:import-profile"},"system-characteristics":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:system-characteristics"},"system-implementation":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:system-implementation"},"control-implementation":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:control-implementation"},"back-matter":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:back-matter"}},"required":["uuid","metadata","import-profile","system-characteristics","system-implementation","control-implementation"],"additionalProperties":false},"oscal-ssp-oscal-ssp:import-profile":{"title":"Import Profile","description":"Used to import the OSCAL profile representing the system's control baseline.","$id":"#/definitions/oscal-ssp-oscal-ssp:import-profile","type":"object","properties":{"href":{"title":"Profile Reference","description":"A resolvable URL reference to the profile or catalog to use as the system's control baseline.","$ref":"#/definitions/URIReferenceDatatype"},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["href"],"additionalProperties":false},"oscal-ssp-oscal-ssp:system-characteristics":{"title":"System Characteristics","description":"Contains the characteristics of the system, such as its name, purpose, and security impact level.","$id":"#/definitions/oscal-ssp-oscal-ssp:system-characteristics","type":"object","properties":{"system-ids":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-implementation-common:system-id"}},"system-name":{"title":"System Name - Full","description":"The full name of the system.","$ref":"#/definitions/StringDatatype"},"system-name-short":{"title":"System Name - Short","description":"A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.","$ref":"#/definitions/StringDatatype"},"description":{"title":"System Description","description":"A summary of the system.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"date-authorized":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:date-authorized"},"security-sensitivity-level":{"title":"Security Sensitivity Level","description":"The overall information system sensitivity categorization, such as defined by FIPS-199.","$ref":"#/definitions/StringDatatype"},"system-information":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:system-information"},"security-impact-level":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:security-impact-level"},"status":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:status"},"authorization-boundary":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:authorization-boundary"},"network-architecture":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:network-architecture"},"data-flow":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:data-flow"},"responsible-parties":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:responsible-party"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["system-ids","system-name","description","system-information","status","authorization-boundary"],"additionalProperties":false},"oscal-ssp-oscal-ssp:system-information":{"title":"System Information","description":"Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.","$id":"#/definitions/oscal-ssp-oscal-ssp:system-information","type":"object","properties":{"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"information-types":{"type":"array","minItems":1,"items":{"title":"Information Type","description":"Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.","type":"object","properties":{"uuid":{"title":"Information Type Universally Unique Identifier","description":"A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"title":{"title":"title field","description":"A human readable name for the information type. This title should be meaningful within the context of the system.","$ref":"#/definitions/MarkupLineDatatype"},"description":{"title":"Information Type Description","description":"A summary of how this information type is used within the system.","$ref":"#/definitions/MarkupMultilineDatatype"},"categorizations":{"type":"array","minItems":1,"items":{"title":"Information Type Categorization","description":"A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60.","type":"object","properties":{"system":{"title":"Information Type Identification System","description":"Specifies the information type identification system used.","anyOf":[{"$ref":"#/definitions/URIDatatype"},{"enum":["http://doi.org/10.6028/NIST.SP.800-60v2r1"]}]},"information-type-ids":{"type":"array","minItems":1,"items":{"title":"Information Type Systematized Identifier","description":"A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/StringDatatype"}}},"required":["system"],"additionalProperties":false}},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"confidentiality-impact":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:impact"},"integrity-impact":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:impact"},"availability-impact":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:impact"}},"required":["title","description"],"additionalProperties":false}}},"required":["information-types"],"additionalProperties":false},"oscal-ssp-oscal-ssp:impact":{"title":"Impact Level","description":"The expected level of impact resulting from the described information.","$id":"#/definitions/oscal-ssp-oscal-ssp:impact","type":"object","properties":{"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"base":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:base"},"selected":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:selected"},"adjustment-justification":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:adjustment-justification"}},"required":["base"],"additionalProperties":false},"oscal-ssp-oscal-ssp:base":{"title":"Base Level (Confidentiality, Integrity, or Availability)","description":"The prescribed base (Confidentiality, Integrity, or Availability) security impact level.","$id":"#/definitions/oscal-ssp-oscal-ssp:base","$ref":"#/definitions/StringDatatype"},"oscal-ssp-oscal-ssp:selected":{"title":"Selected Level (Confidentiality, Integrity, or Availability)","description":"The selected (Confidentiality, Integrity, or Availability) security impact level.","$id":"#/definitions/oscal-ssp-oscal-ssp:selected","$ref":"#/definitions/StringDatatype"},"oscal-ssp-oscal-ssp:adjustment-justification":{"title":"Adjustment Justification","description":"If the selected security level is different from the base security level, this contains the justification for the change.","$id":"#/definitions/oscal-ssp-oscal-ssp:adjustment-justification","$ref":"#/definitions/MarkupMultilineDatatype"},"oscal-ssp-oscal-ssp:security-impact-level":{"title":"Security Impact Level","description":"The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.","$id":"#/definitions/oscal-ssp-oscal-ssp:security-impact-level","type":"object","properties":{"security-objective-confidentiality":{"title":"Security Objective: Confidentiality","description":"A target-level of confidentiality for the system, based on the sensitivity of information within the system.","$ref":"#/definitions/StringDatatype"},"security-objective-integrity":{"title":"Security Objective: Integrity","description":"A target-level of integrity for the system, based on the sensitivity of information within the system.","$ref":"#/definitions/StringDatatype"},"security-objective-availability":{"title":"Security Objective: Availability","description":"A target-level of availability for the system, based on the sensitivity of information within the system.","$ref":"#/definitions/StringDatatype"}},"required":["security-objective-confidentiality","security-objective-integrity","security-objective-availability"],"additionalProperties":false},"oscal-ssp-oscal-ssp:status":{"title":"Status","description":"Describes the operational status of the system.","$id":"#/definitions/oscal-ssp-oscal-ssp:status","type":"object","properties":{"state":{"title":"State","description":"The current operating status.","allOf":[{"$ref":"#/definitions/StringDatatype"},{"enum":["operational","under-development","under-major-modification","disposition","other"]}]},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["state"],"additionalProperties":false},"oscal-ssp-oscal-ssp:date-authorized":{"title":"System Authorization Date","description":"The date the system received its authorization.","$id":"#/definitions/oscal-ssp-oscal-ssp:date-authorized","$ref":"#/definitions/DateDatatype"},"oscal-ssp-oscal-ssp:authorization-boundary":{"title":"Authorization Boundary","description":"A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.","$id":"#/definitions/oscal-ssp-oscal-ssp:authorization-boundary","type":"object","properties":{"description":{"title":"Authorization Boundary Description","description":"A summary of the system's authorization boundary.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"diagrams":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:diagram"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["description"],"additionalProperties":false},"oscal-ssp-oscal-ssp:diagram":{"title":"Diagram","description":"A graphic that provides a visual representation the system, or some aspect of it.","$id":"#/definitions/oscal-ssp-oscal-ssp:diagram","type":"object","properties":{"uuid":{"title":"Diagram ID","description":"A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"description":{"title":"Diagram Description","description":"A summary of the diagram.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"caption":{"title":"Caption","description":"A brief caption to annotate the diagram.","$ref":"#/definitions/MarkupLineDatatype"},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["uuid"],"additionalProperties":false},"oscal-ssp-oscal-ssp:network-architecture":{"title":"Network Architecture","description":"A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.","$id":"#/definitions/oscal-ssp-oscal-ssp:network-architecture","type":"object","properties":{"description":{"title":"Network Architecture Description","description":"A summary of the system's network architecture.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"diagrams":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:diagram"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["description"],"additionalProperties":false},"oscal-ssp-oscal-ssp:data-flow":{"title":"Data Flow","description":"A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.","$id":"#/definitions/oscal-ssp-oscal-ssp:data-flow","type":"object","properties":{"description":{"title":"Data Flow Description","description":"A summary of the system's data flow.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"diagrams":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:diagram"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["description"],"additionalProperties":false},"oscal-ssp-oscal-ssp:system-implementation":{"title":"System Implementation","description":"Provides information as to how the system is implemented.","$id":"#/definitions/oscal-ssp-oscal-ssp:system-implementation","type":"object","properties":{"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"leveraged-authorizations":{"type":"array","minItems":1,"items":{"title":"Leveraged Authorization","description":"A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider.","type":"object","properties":{"uuid":{"title":"Leveraged Authorization Universally Unique Identifier","description":"A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"title":{"title":"title field","description":"A human readable name for the leveraged authorization in the context of the system.","$ref":"#/definitions/MarkupLineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"party-uuid":{"title":"party-uuid field","description":"A machine-oriented identifier reference to the party that manages the leveraged system.","$ref":"#/definitions/UUIDDatatype"},"date-authorized":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:date-authorized"},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["uuid","title","party-uuid","date-authorized"],"additionalProperties":false}},"users":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-implementation-common:system-user"}},"components":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-implementation-common:system-component"}},"inventory-items":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-implementation-common:inventory-item"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["components"],"additionalProperties":false},"oscal-ssp-oscal-ssp:control-implementation":{"title":"Control Implementation","description":"Describes how the system satisfies a set of controls.","$id":"#/definitions/oscal-ssp-oscal-ssp:control-implementation","type":"object","properties":{"description":{"title":"Control Implementation Description","description":"A statement describing important things to know about how this set of control satisfaction documentation is approached.","$ref":"#/definitions/MarkupMultilineDatatype"},"set-parameters":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-implementation-common:set-parameter"}},"implemented-requirements":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:implemented-requirement"}}},"required":["description","implemented-requirements"],"additionalProperties":false},"oscal-ssp-oscal-ssp:implemented-requirement":{"title":"Control-based Requirement","description":"Describes how the system satisfies the requirements of an individual control.","$id":"#/definitions/oscal-ssp-oscal-ssp:implemented-requirement","type":"object","properties":{"uuid":{"title":"Control Requirement Universally Unique Identifier","description":"A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"control-id":{"title":"Control Identifier Reference","description":"A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).","$ref":"#/definitions/TokenDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"set-parameters":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-implementation-common:set-parameter"}},"responsible-roles":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:responsible-role"}},"statements":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:statement"}},"by-components":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:by-component"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["uuid","control-id"],"additionalProperties":false},"oscal-ssp-oscal-ssp:statement":{"title":"Specific Control Statement","description":"Identifies which statements within a control are addressed.","$id":"#/definitions/oscal-ssp-oscal-ssp:statement","type":"object","properties":{"statement-id":{"title":"Control Statement Reference","description":"A human-oriented identifier reference to a control statement.","$ref":"#/definitions/TokenDatatype"},"uuid":{"title":"Control Statement Reference Universally Unique Identifier","description":"A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).","$ref":"#/definitions/UUIDDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"responsible-roles":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:responsible-role"}},"by-components":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:by-component"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["statement-id","uuid"],"additionalProperties":false},"oscal-ssp-oscal-ssp:by-component":{"title":"Component Control Implementation","description":"Defines how the referenced component implements a set of controls.","$id":"#/definitions/oscal-ssp-oscal-ssp:by-component","type":"object","properties":{"component-uuid":{"title":"Component Universally Unique Identifier Reference","description":"A machine-oriented identifier reference to the component that is implementing a given control.","$ref":"#/definitions/UUIDDatatype"},"uuid":{"title":"By-Component Universally Unique Identifier","description":"A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"description":{"title":"Control Implementation Description","description":"An implementation statement that describes how a control or a control statement is implemented within the referenced system component.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"set-parameters":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-implementation-common:set-parameter"}},"implementation-status":{"$ref":"#/definitions/oscal-ssp-oscal-implementation-common:implementation-status"},"export":{"title":"Export","description":"Identifies content intended for external consumption, such as with leveraged organizations.","type":"object","properties":{"description":{"title":"Control Implementation Export Description","description":"An implementation statement that describes the aspects of the control or control statement implementation that can be available to another system leveraging this system.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"provided":{"type":"array","minItems":1,"items":{"title":"Provided Control Implementation","description":"Describes a capability which may be inherited by a leveraging system.","type":"object","properties":{"uuid":{"title":"Provided Universally Unique Identifier","description":"A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"description":{"title":"Provided Control Implementation Description","description":"An implementation statement that describes the aspects of the control or control statement implementation that can be provided to another system leveraging this system.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"responsible-roles":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:responsible-role"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["uuid","description"],"additionalProperties":false}},"responsibilities":{"type":"array","minItems":1,"items":{"title":"Control Implementation Responsibility","description":"Describes a control implementation responsibility imposed on a leveraging system.","type":"object","properties":{"uuid":{"title":"Responsibility Universally Unique Identifier","description":"A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"provided-uuid":{"title":"Provided UUID","description":"A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.","$ref":"#/definitions/UUIDDatatype"},"description":{"title":"Control Implementation Responsibility Description","description":"An implementation statement that describes the aspects of the control or control statement implementation that a leveraging system must implement to satisfy the control provided by a leveraged system.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"responsible-roles":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:responsible-role"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["uuid","description"],"additionalProperties":false}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"additionalProperties":false},"inherited":{"type":"array","minItems":1,"items":{"title":"Inherited Control Implementation","description":"Describes a control implementation inherited by a leveraging system.","type":"object","properties":{"uuid":{"title":"Inherited Universally Unique Identifier","description":"A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"provided-uuid":{"title":"Provided UUID","description":"A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.","$ref":"#/definitions/UUIDDatatype"},"description":{"title":"Inherited Control Implementation Description","description":"An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is inheriting from a leveraged system.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"responsible-roles":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:responsible-role"}}},"required":["uuid","description"],"additionalProperties":false}},"satisfied":{"type":"array","minItems":1,"items":{"title":"Satisfied Control Implementation Responsibility","description":"Describes how this system satisfies a responsibility imposed by a leveraged system.","type":"object","properties":{"uuid":{"title":"Satisfied Universally Unique Identifier","description":"A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"responsibility-uuid":{"title":"Responsibility UUID","description":"A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system.","$ref":"#/definitions/UUIDDatatype"},"description":{"title":"Satisfied Control Implementation Responsibility Description","description":"An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is implementing based on a requirement from a leveraged system.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"responsible-roles":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:responsible-role"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["uuid","description"],"additionalProperties":false}},"responsible-roles":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:responsible-role"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["component-uuid","uuid","description"],"additionalProperties":false},"oscal-ssp-oscal-metadata:metadata":{"title":"Document Metadata","description":"Provides information about the containing document, and defines concepts that are shared across the document.","$id":"#/definitions/oscal-ssp-oscal-metadata:metadata","type":"object","properties":{"title":{"title":"Document Title","description":"A name given to the document, which may be used by a tool for display and navigation.","$ref":"#/definitions/MarkupLineDatatype"},"published":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:published"},"last-modified":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:last-modified"},"version":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:version"},"oscal-version":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:oscal-version"},"revisions":{"type":"array","minItems":1,"items":{"title":"Revision History Entry","description":"An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).","type":"object","properties":{"title":{"title":"Document Title","description":"A name given to the document revision, which may be used by a tool for display and navigation.","$ref":"#/definitions/MarkupLineDatatype"},"published":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:published"},"last-modified":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:last-modified"},"version":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:version"},"oscal-version":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:oscal-version"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["version"],"additionalProperties":false}},"document-ids":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:document-id"}},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"roles":{"type":"array","minItems":1,"items":{"title":"Role","description":"Defines a function, which might be assigned to a party in a specific situation.","type":"object","properties":{"id":{"title":"Role Identifier","description":"A unique identifier for the role.","$ref":"#/definitions/TokenDatatype"},"title":{"title":"Role Title","description":"A name given to the role, which may be used by a tool for display and navigation.","$ref":"#/definitions/MarkupLineDatatype"},"short-name":{"title":"Role Short Name","description":"A short common name, abbreviation, or acronym for the role.","$ref":"#/definitions/StringDatatype"},"description":{"title":"Role Description","description":"A summary of the role's purpose and associated responsibilities.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["id","title"],"additionalProperties":false}},"locations":{"type":"array","minItems":1,"items":{"title":"Location","description":"A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.","type":"object","properties":{"uuid":{"title":"Location Universally Unique Identifier","description":"A unique ID for the location, for reference.","$ref":"#/definitions/UUIDDatatype"},"title":{"title":"Location Title","description":"A name given to the location, which may be used by a tool for display and navigation.","$ref":"#/definitions/MarkupLineDatatype"},"address":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:address"},"email-addresses":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:email-address"}},"telephone-numbers":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:telephone-number"}},"urls":{"type":"array","minItems":1,"items":{"title":"Location URL","description":"The uniform resource locator (URL) for a web site or other resource associated with the location.","$ref":"#/definitions/URIDatatype"}},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["uuid"],"additionalProperties":false}},"parties":{"type":"array","minItems":1,"items":{"title":"Party","description":"An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.","type":"object","anyOf":[{"properties":{"uuid":{"title":"Party Universally Unique Identifier","description":"A unique identifier for the party.","$ref":"#/definitions/UUIDDatatype"},"type":{"title":"Party Type","description":"A category describing the kind of party the object describes.","allOf":[{"$ref":"#/definitions/StringDatatype"},{"enum":["person","organization"]}]},"name":{"title":"Party Name","description":"The full name of the party. This is typically the legal name associated with the party.","$ref":"#/definitions/StringDatatype"},"short-name":{"title":"Party Short Name","description":"A short common name, abbreviation, or acronym for the party.","$ref":"#/definitions/StringDatatype"},"external-ids":{"type":"array","minItems":1,"items":{"title":"Party External Identifier","description":"An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).","type":"object","properties":{"scheme":{"title":"External Identifier Schema","description":"Indicates the type of external identifier.","anyOf":[{"$ref":"#/definitions/URIDatatype"},{"enum":["http://orcid.org/"]}]},"id":{"$ref":"#/definitions/StringDatatype"}},"required":["id","scheme"],"additionalProperties":false}},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"email-addresses":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:email-address"}},"telephone-numbers":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:telephone-number"}},"addresses":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:address"}},"member-of-organizations":{"type":"array","minItems":1,"items":{"title":"Organizational Affiliation","description":"A reference to another party by UUID, typically an organization, that this subject is associated with.","$ref":"#/definitions/UUIDDatatype"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"additionalProperties":false},{"properties":{"uuid":{"title":"Party Universally Unique Identifier","description":"A unique identifier for the party.","$ref":"#/definitions/UUIDDatatype"},"type":{"title":"Party Type","description":"A category describing the kind of party the object describes.","allOf":[{"$ref":"#/definitions/StringDatatype"},{"enum":["person","organization"]}]},"name":{"title":"Party Name","description":"The full name of the party. This is typically the legal name associated with the party.","$ref":"#/definitions/StringDatatype"},"short-name":{"title":"Party Short Name","description":"A short common name, abbreviation, or acronym for the party.","$ref":"#/definitions/StringDatatype"},"external-ids":{"type":"array","minItems":1,"items":{"title":"Party External Identifier","description":"An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).","type":"object","properties":{"scheme":{"title":"External Identifier Schema","description":"Indicates the type of external identifier.","anyOf":[{"$ref":"#/definitions/URIDatatype"},{"enum":["http://orcid.org/"]}]},"id":{"$ref":"#/definitions/StringDatatype"}},"required":["id","scheme"],"additionalProperties":false}},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"email-addresses":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:email-address"}},"telephone-numbers":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:telephone-number"}},"location-uuids":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:location-uuid"}},"member-of-organizations":{"type":"array","minItems":1,"items":{"title":"Organizational Affiliation","description":"A reference to another party by UUID, typically an organization, that this subject is associated with.","$ref":"#/definitions/UUIDDatatype"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"additionalProperties":false}]}},"responsible-parties":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:responsible-party"}},"actions":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:action"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["title","last-modified","version","oscal-version"],"additionalProperties":false},"oscal-ssp-oscal-metadata:location-uuid":{"title":"Location Universally Unique Identifier Reference","description":"Reference to a location by UUID.","$id":"#/definitions/oscal-ssp-oscal-metadata:location-uuid","$ref":"#/definitions/UUIDDatatype"},"oscal-ssp-oscal-metadata:party-uuid":{"title":"Party Universally Unique Identifier Reference","description":"Reference to a party by UUID.","$id":"#/definitions/oscal-ssp-oscal-metadata:party-uuid","$ref":"#/definitions/UUIDDatatype"},"oscal-ssp-oscal-metadata:role-id":{"title":"Role Identifier Reference","description":"Reference to a role by UUID.","$id":"#/definitions/oscal-ssp-oscal-metadata:role-id","$ref":"#/definitions/TokenDatatype"},"oscal-ssp-oscal-metadata:back-matter":{"title":"Back matter","description":"A collection of resources that may be referenced from within the OSCAL document instance.","$id":"#/definitions/oscal-ssp-oscal-metadata:back-matter","type":"object","properties":{"resources":{"type":"array","minItems":1,"items":{"title":"Resource","description":"A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.","type":"object","properties":{"uuid":{"title":"Resource Universally Unique Identifier","description":"A unique identifier for a resource.","$ref":"#/definitions/UUIDDatatype"},"title":{"title":"Resource Title","description":"An optional name given to the resource, which may be used by a tool for display and navigation.","$ref":"#/definitions/MarkupLineDatatype"},"description":{"title":"Resource Description","description":"An optional short summary of the resource used to indicate the purpose of the resource.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"document-ids":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:document-id"}},"citation":{"title":"Citation","description":"An optional citation consisting of end note text using structured markup.","type":"object","properties":{"text":{"title":"Citation Text","description":"A line of citation text.","$ref":"#/definitions/MarkupLineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}}},"required":["text"],"additionalProperties":false},"rlinks":{"type":"array","minItems":1,"items":{"title":"Resource link","description":"A URL-based pointer to an external resource with an optional hash for verification and change detection.","type":"object","properties":{"href":{"title":"Hypertext Reference","description":"A resolvable URL pointing to the referenced resource.","$ref":"#/definitions/URIReferenceDatatype"},"media-type":{"title":"Media Type","description":"A label that indicates the nature of a resource, as a data serialization or format.","$ref":"#/definitions/StringDatatype"},"hashes":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:hash"}}},"required":["href"],"additionalProperties":false}},"base64":{"title":"Base64","description":"A resource encoded using the Base64 alphabet defined by RFC 2045.","type":"object","properties":{"filename":{"title":"File Name","description":"Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.","$ref":"#/definitions/TokenDatatype"},"media-type":{"title":"Media Type","description":"A label that indicates the nature of a resource, as a data serialization or format.","$ref":"#/definitions/StringDatatype"},"value":{"$ref":"#/definitions/Base64Datatype"}},"required":["value"],"additionalProperties":false},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["uuid"],"additionalProperties":false}}},"additionalProperties":false},"oscal-ssp-oscal-metadata:property":{"title":"Property","description":"An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.","$id":"#/definitions/oscal-ssp-oscal-metadata:property","type":"object","properties":{"name":{"title":"Property Name","description":"A textual label, within a namespace, that identifies a specific attribute, characteristic, or quality of the property's containing object.","$ref":"#/definitions/TokenDatatype"},"uuid":{"title":"Property Universally Unique Identifier","description":"A unique identifier for a property.","$ref":"#/definitions/UUIDDatatype"},"ns":{"title":"Property Namespace","description":"A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.","$ref":"#/definitions/URIDatatype"},"value":{"title":"Property Value","description":"Indicates the value of the attribute, characteristic, or quality.","$ref":"#/definitions/StringDatatype"},"class":{"title":"Property Class","description":"A textual label that provides a sub-type or characterization of the property's name.","$ref":"#/definitions/TokenDatatype"},"group":{"title":"Property Group","description":"An identifier for relating distinct sets of properties.","$ref":"#/definitions/TokenDatatype"},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["name","value"],"additionalProperties":false},"oscal-ssp-oscal-metadata:link":{"title":"Link","description":"A reference to a local or remote resource, that has a specific relation to the containing object.","$id":"#/definitions/oscal-ssp-oscal-metadata:link","type":"object","properties":{"href":{"title":"Hypertext Reference","description":"A resolvable URL reference to a resource.","$ref":"#/definitions/URIReferenceDatatype"},"rel":{"title":"Link Relation Type","description":"Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.","anyOf":[{"$ref":"#/definitions/TokenDatatype"},{"enum":["reference"]}]},"media-type":{"title":"Media Type","description":"A label that indicates the nature of a resource, as a data serialization or format.","$ref":"#/definitions/StringDatatype"},"resource-fragment":{"title":"Resource Fragment","description":"In case where the href points to a back-matter/resource, this value will indicate the URI fragment to append to any rlink associated with the resource. This value MUST be URI encoded.","$ref":"#/definitions/StringDatatype"},"text":{"title":"Link Text","description":"A textual label to associate with the link, which may be used for presentation in a tool.","$ref":"#/definitions/MarkupLineDatatype"}},"required":["href"],"additionalProperties":false},"oscal-ssp-oscal-metadata:responsible-party":{"title":"Responsible Party","description":"A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.","$id":"#/definitions/oscal-ssp-oscal-metadata:responsible-party","type":"object","properties":{"role-id":{"title":"Responsible Role","description":"A reference to a role performed by a party.","$ref":"#/definitions/TokenDatatype"},"party-uuids":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:party-uuid"}},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["role-id","party-uuids"],"additionalProperties":false},"oscal-ssp-oscal-metadata:action":{"title":"Action","description":"An action applied by a role within a given party to the content.","$id":"#/definitions/oscal-ssp-oscal-metadata:action","type":"object","properties":{"uuid":{"title":"Action Universally Unique Identifier","description":"A unique identifier that can be used to reference this defined action elsewhere in an OSCAL document. A UUID should be consistently used for a given location across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"date":{"title":"Action Occurrence Date","description":"The date and time when the action occurred.","$ref":"#/definitions/DateTimeWithTimezoneDatatype"},"type":{"title":"Action Type","description":"The type of action documented by the assembly, such as an approval.","$ref":"#/definitions/TokenDatatype"},"system":{"title":"Action Type System","description":"Specifies the action type system used.","$ref":"#/definitions/URIDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"responsible-parties":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:responsible-party"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["uuid","type","system"],"additionalProperties":false},"oscal-ssp-oscal-metadata:responsible-role":{"title":"Responsible Role","description":"A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.","$id":"#/definitions/oscal-ssp-oscal-metadata:responsible-role","type":"object","properties":{"role-id":{"title":"Responsible Role ID","description":"A human-oriented identifier reference to a role performed.","$ref":"#/definitions/TokenDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"party-uuids":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:party-uuid"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["role-id"],"additionalProperties":false},"oscal-ssp-oscal-metadata:hash":{"title":"Hash","description":"A representation of a cryptographic digest generated over a resource using a specified hash algorithm.","$id":"#/definitions/oscal-ssp-oscal-metadata:hash","type":"object","properties":{"algorithm":{"title":"Hash algorithm","description":"The digest method by which a hash is derived.","anyOf":[{"$ref":"#/definitions/StringDatatype"},{"enum":["SHA-224","SHA-256","SHA-384","SHA-512","SHA3-224","SHA3-256","SHA3-384","SHA3-512"]}]},"value":{"$ref":"#/definitions/StringDatatype"}},"required":["value","algorithm"],"additionalProperties":false},"oscal-ssp-oscal-metadata:remarks":{"title":"Remarks","description":"Additional commentary about the containing object.","$id":"#/definitions/oscal-ssp-oscal-metadata:remarks","$ref":"#/definitions/MarkupMultilineDatatype"},"oscal-ssp-oscal-metadata:published":{"title":"Publication Timestamp","description":"The date and time the document was last made available.","$id":"#/definitions/oscal-ssp-oscal-metadata:published","$ref":"#/definitions/DateTimeWithTimezoneDatatype"},"oscal-ssp-oscal-metadata:last-modified":{"title":"Last Modified Timestamp","description":"The date and time the document was last stored for later retrieval.","$id":"#/definitions/oscal-ssp-oscal-metadata:last-modified","$ref":"#/definitions/DateTimeWithTimezoneDatatype"},"oscal-ssp-oscal-metadata:version":{"title":"Document Version","description":"Used to distinguish a specific revision of an OSCAL document from other previous and future versions.","$id":"#/definitions/oscal-ssp-oscal-metadata:version","$ref":"#/definitions/StringDatatype"},"oscal-ssp-oscal-metadata:oscal-version":{"title":"OSCAL Version","description":"The OSCAL model version the document was authored against and will conform to as valid.","$id":"#/definitions/oscal-ssp-oscal-metadata:oscal-version","$ref":"#/definitions/StringDatatype"},"oscal-ssp-oscal-metadata:email-address":{"title":"Email Address","description":"An email address as defined by RFC 5322 Section 3.4.1.","$id":"#/definitions/oscal-ssp-oscal-metadata:email-address","$ref":"#/definitions/EmailAddressDatatype"},"oscal-ssp-oscal-metadata:telephone-number":{"title":"Telephone Number","description":"A telephone service number as defined by ITU-T E.164.","$id":"#/definitions/oscal-ssp-oscal-metadata:telephone-number","type":"object","properties":{"type":{"title":"type flag","description":"Indicates the type of phone number.","anyOf":[{"$ref":"#/definitions/StringDatatype"},{"enum":["home","office","mobile"]}]},"number":{"$ref":"#/definitions/StringDatatype"}},"required":["number"],"additionalProperties":false},"oscal-ssp-oscal-metadata:address":{"title":"Address","description":"A postal address for the location.","$id":"#/definitions/oscal-ssp-oscal-metadata:address","type":"object","properties":{"type":{"title":"Address Type","description":"Indicates the type of address.","anyOf":[{"$ref":"#/definitions/TokenDatatype"},{"enum":["home","work"]}]},"addr-lines":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:addr-line"}},"city":{"title":"City","description":"City, town or geographical region for the mailing address.","$ref":"#/definitions/StringDatatype"},"state":{"title":"State","description":"State, province or analogous geographical region for a mailing address.","$ref":"#/definitions/StringDatatype"},"postal-code":{"title":"Postal Code","description":"Postal or ZIP code for mailing address.","$ref":"#/definitions/StringDatatype"},"country":{"title":"Country Code","description":"The ISO 3166-1 alpha-2 country code for the mailing address.","$ref":"#/definitions/StringDatatype"}},"additionalProperties":false},"oscal-ssp-oscal-metadata:addr-line":{"title":"Address line","description":"A single line of an address.","$id":"#/definitions/oscal-ssp-oscal-metadata:addr-line","$ref":"#/definitions/StringDatatype"},"oscal-ssp-oscal-metadata:document-id":{"title":"Document Identifier","description":"A document identifier qualified by an identifier scheme.","$id":"#/definitions/oscal-ssp-oscal-metadata:document-id","type":"object","properties":{"scheme":{"title":"Document Identification Scheme","description":"Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters.","anyOf":[{"$ref":"#/definitions/URIDatatype"},{"enum":["http://www.doi.org/"]}]},"identifier":{"$ref":"#/definitions/StringDatatype"}},"required":["identifier"],"additionalProperties":false},"oscal-ssp-oscal-implementation-common:system-component":{"title":"Component","description":"A defined component that can be part of an implemented system.","$id":"#/definitions/oscal-ssp-oscal-implementation-common:system-component","type":"object","properties":{"uuid":{"title":"Component Identifier","description":"A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"type":{"title":"Component Type","description":"A category describing the purpose of the component.","anyOf":[{"$ref":"#/definitions/StringDatatype"},{"enum":["this-system","system","interconnection","software","hardware","service","policy","physical","process-procedure","plan","guidance","standard","validation","network"]}]},"title":{"title":"Component Title","description":"A human readable name for the system component.","$ref":"#/definitions/MarkupLineDatatype"},"description":{"title":"Component Description","description":"A description of the component, including information about its function.","$ref":"#/definitions/MarkupMultilineDatatype"},"purpose":{"title":"Purpose","description":"A summary of the technological or business purpose of the component.","$ref":"#/definitions/MarkupLineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"status":{"title":"Status","description":"Describes the operational status of the system component.","type":"object","properties":{"state":{"title":"State","description":"The operational status.","allOf":[{"$ref":"#/definitions/TokenDatatype"},{"enum":["under-development","operational","disposition","other"]}]},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["state"],"additionalProperties":false},"responsible-roles":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:responsible-role"}},"protocols":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-implementation-common:protocol"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["uuid","type","title","description","status"],"additionalProperties":false},"oscal-ssp-oscal-implementation-common:protocol":{"title":"Service Protocol Information","description":"Information about the protocol used to provide a service.","$id":"#/definitions/oscal-ssp-oscal-implementation-common:protocol","type":"object","properties":{"uuid":{"title":"Service Protocol Information Universally Unique Identifier","description":"A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"name":{"title":"Protocol Name","description":"The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.","$ref":"#/definitions/StringDatatype"},"title":{"title":"Protocol Title","description":"A human readable name for the protocol (e.g., Transport Layer Security).","$ref":"#/definitions/MarkupLineDatatype"},"port-ranges":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-implementation-common:port-range"}}},"additionalProperties":false},"oscal-ssp-oscal-implementation-common:port-range":{"title":"Port Range","description":"Where applicable this is the transport layer protocol port range an IPv4-based or IPv6-based service uses.","$id":"#/definitions/oscal-ssp-oscal-implementation-common:port-range","type":"object","additionalProperties":false},"oscal-ssp-oscal-implementation-common:implementation-status":{"title":"Implementation Status","description":"Indicates the degree to which the a given control is implemented.","$id":"#/definitions/oscal-ssp-oscal-implementation-common:implementation-status","type":"object","properties":{"state":{"title":"Implementation State","description":"Identifies the implementation status of the control or control objective.","anyOf":[{"$ref":"#/definitions/TokenDatatype"},{"enum":["implemented","partial","planned","alternative","not-applicable"]}]},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["state"],"additionalProperties":false},"oscal-ssp-oscal-implementation-common:system-user":{"title":"System User","description":"A type of user that interacts with the system based on an associated role.","$id":"#/definitions/oscal-ssp-oscal-implementation-common:system-user","type":"object","properties":{"uuid":{"title":"User Universally Unique Identifier","description":"A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this user class elsewhere in this or other OSCAL instances. The locally defined UUID of the system user can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"title":{"title":"User Title","description":"A name given to the user, which may be used by a tool for display and navigation.","$ref":"#/definitions/MarkupLineDatatype"},"short-name":{"title":"User Short Name","description":"A short common name, abbreviation, or acronym for the user.","$ref":"#/definitions/StringDatatype"},"description":{"title":"User Description","description":"A summary of the user's purpose within the system.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"role-ids":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:role-id"}},"authorized-privileges":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-implementation-common:authorized-privilege"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["uuid"],"additionalProperties":false},"oscal-ssp-oscal-implementation-common:authorized-privilege":{"title":"Privilege","description":"Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.","$id":"#/definitions/oscal-ssp-oscal-implementation-common:authorized-privilege","type":"object","properties":{"title":{"title":"Privilege Title","description":"A human readable name for the privilege.","$ref":"#/definitions/MarkupLineDatatype"},"description":{"title":"Privilege Description","description":"A summary of the privilege's purpose within the system.","$ref":"#/definitions/MarkupMultilineDatatype"},"functions-performed":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-implementation-common:function-performed"}}},"required":["title","functions-performed"],"additionalProperties":false},"oscal-ssp-oscal-implementation-common:function-performed":{"title":"Functions Performed","description":"Describes a function performed for a given authorized privilege by this user class.","$id":"#/definitions/oscal-ssp-oscal-implementation-common:function-performed","$ref":"#/definitions/StringDatatype"},"oscal-ssp-oscal-implementation-common:inventory-item":{"title":"Inventory Item","description":"A single managed inventory item within the system.","$id":"#/definitions/oscal-ssp-oscal-implementation-common:inventory-item","type":"object","properties":{"uuid":{"title":"Inventory Item Universally Unique Identifier","description":"A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inventory item elsewhere in this or other OSCAL instances. The locally defined UUID of the inventory item can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.","$ref":"#/definitions/UUIDDatatype"},"description":{"title":"Inventory Item Description","description":"A summary of the inventory item stating its purpose within the system.","$ref":"#/definitions/MarkupMultilineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"responsible-parties":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:responsible-party"}},"implemented-components":{"type":"array","minItems":1,"items":{"title":"Implemented Component","description":"The set of components that are implemented in a given system inventory item.","type":"object","properties":{"component-uuid":{"title":"Component Universally Unique Identifier Reference","description":"A machine-oriented identifier reference to a component that is implemented as part of an inventory item.","$ref":"#/definitions/UUIDDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"responsible-parties":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:responsible-party"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["component-uuid"],"additionalProperties":false}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["uuid","description"],"additionalProperties":false},"oscal-ssp-oscal-implementation-common:set-parameter":{"title":"Set Parameter Value","description":"Identifies the parameter that will be set by the enclosed value.","$id":"#/definitions/oscal-ssp-oscal-implementation-common:set-parameter","type":"object","properties":{"param-id":{"title":"Parameter ID","description":"A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.","$ref":"#/definitions/TokenDatatype"},"values":{"type":"array","minItems":1,"items":{"title":"Parameter Value","description":"A parameter value or set of values.","$ref":"#/definitions/StringDatatype"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["param-id","values"],"additionalProperties":false},"oscal-ssp-oscal-implementation-common:system-id":{"title":"System Identification","description":"A human-oriented, globally unique identifier with cross-instance scope that can be used to reference this system identification property elsewhere in this or other OSCAL instances. When referencing an externally defined system identification, the system identification must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned per-subject, which means it should be consistently used to identify the same system across revisions of the document.","$id":"#/definitions/oscal-ssp-oscal-implementation-common:system-id","type":"object","properties":{"identifier-type":{"title":"Identification System Type","description":"Identifies the identification system from which the provided identifier was assigned.","anyOf":[{"$ref":"#/definitions/URIDatatype"},{"enum":["http://fedramp.gov","http://fedramp.gov/ns/oscal","https://ietf.org/rfc/rfc4122","http://ietf.org/rfc/rfc4122","http://datatracker.ietf.org/doc/html/rfc4122"]}]},"id":{"$ref":"#/definitions/StringDatatype"}},"required":["id"],"additionalProperties":false},"oscal-ssp-oscal-control-common:part":{"title":"Part","description":"An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.","$id":"#/definitions/oscal-ssp-oscal-control-common:part","type":"object","properties":{"id":{"title":"Part Identifier","description":"A unique identifier for the part.","$ref":"#/definitions/TokenDatatype"},"name":{"title":"Part Name","description":"A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.","$ref":"#/definitions/TokenDatatype"},"ns":{"title":"Part Namespace","description":"An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.","$ref":"#/definitions/URIDatatype"},"class":{"title":"Part Class","description":"An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.","$ref":"#/definitions/TokenDatatype"},"title":{"title":"Part Title","description":"An optional name given to the part, which may be used by a tool for display and navigation.","$ref":"#/definitions/MarkupLineDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"prose":{"title":"Part Text","description":"Permits multiple paragraphs, lists, tables etc.","$ref":"#/definitions/MarkupMultilineDatatype"},"parts":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-control-common:part"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}}},"required":["name"],"additionalProperties":false},"oscal-ssp-oscal-control-common:parameter":{"title":"Parameter","description":"Parameters provide a mechanism for the dynamic assignment of value(s) in a control.","$id":"#/definitions/oscal-ssp-oscal-control-common:parameter","type":"object","anyOf":[{"properties":{"id":{"title":"Parameter Identifier","description":"A unique identifier for the parameter.","$ref":"#/definitions/TokenDatatype"},"class":{"title":"Parameter Class","description":"A textual label that provides a characterization of the type, purpose, use or scope of the parameter.","$ref":"#/definitions/TokenDatatype"},"depends-on":{"title":"Depends on","description":"(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.","$ref":"#/definitions/TokenDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"label":{"title":"Parameter Label","description":"A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.","$ref":"#/definitions/MarkupLineDatatype"},"usage":{"title":"Parameter Usage Description","description":"Describes the purpose and use of a parameter.","$ref":"#/definitions/MarkupMultilineDatatype"},"constraints":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-control-common:parameter-constraint"}},"guidelines":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-control-common:parameter-guideline"}},"values":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-control-common:parameter-value"}},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"additionalProperties":false},{"properties":{"id":{"title":"Parameter Identifier","description":"A unique identifier for the parameter.","$ref":"#/definitions/TokenDatatype"},"class":{"title":"Parameter Class","description":"A textual label that provides a characterization of the type, purpose, use or scope of the parameter.","$ref":"#/definitions/TokenDatatype"},"depends-on":{"title":"Depends on","description":"(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.","$ref":"#/definitions/TokenDatatype"},"props":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:property"}},"links":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:link"}},"label":{"title":"Parameter Label","description":"A short, placeholder name for the parameter, which can be used as a substitute for a value if no value is assigned.","$ref":"#/definitions/MarkupLineDatatype"},"usage":{"title":"Parameter Usage Description","description":"Describes the purpose and use of a parameter.","$ref":"#/definitions/MarkupMultilineDatatype"},"constraints":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-control-common:parameter-constraint"}},"guidelines":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/oscal-ssp-oscal-control-common:parameter-guideline"}},"select":{"$ref":"#/definitions/oscal-ssp-oscal-control-common:parameter-selection"},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"additionalProperties":false}]},"oscal-ssp-oscal-control-common:parameter-constraint":{"title":"Constraint","description":"A formal or informal expression of a constraint or test.","$id":"#/definitions/oscal-ssp-oscal-control-common:parameter-constraint","type":"object","properties":{"description":{"title":"Constraint Description","description":"A textual summary of the constraint to be applied.","$ref":"#/definitions/MarkupMultilineDatatype"},"tests":{"type":"array","minItems":1,"items":{"title":"Constraint Test","description":"A test expression which is expected to be evaluated by a tool.","type":"object","properties":{"expression":{"title":"Constraint test","description":"A formal (executable) expression of a constraint.","$ref":"#/definitions/StringDatatype"},"remarks":{"$ref":"#/definitions/oscal-ssp-oscal-metadata:remarks"}},"required":["expression"],"additionalProperties":false}}},"additionalProperties":false},"oscal-ssp-oscal-control-common:parameter-guideline":{"title":"Guideline","description":"A prose statement that provides a recommendation for the use of a parameter.","$id":"#/definitions/oscal-ssp-oscal-control-common:parameter-guideline","type":"object","properties":{"prose":{"title":"Guideline Text","description":"Prose permits multiple paragraphs, lists, tables etc.","$ref":"#/definitions/MarkupMultilineDatatype"}},"required":["prose"],"additionalProperties":false},"oscal-ssp-oscal-control-common:parameter-value":{"title":"Parameter Value","description":"A parameter value or set of values.","$id":"#/definitions/oscal-ssp-oscal-control-common:parameter-value","$ref":"#/definitions/StringDatatype"},"oscal-ssp-oscal-control-common:parameter-selection":{"title":"Selection","description":"Presenting a choice among alternatives.","$id":"#/definitions/oscal-ssp-oscal-control-common:parameter-selection","type":"object","properties":{"how-many":{"title":"Parameter Cardinality","description":"Describes the number of selections that must occur. Without this setting, only one value should be assumed to be permitted.","allOf":[{"$ref":"#/definitions/TokenDatatype"},{"enum":["one","one-or-more"]}]},"choice":{"type":"array","minItems":1,"items":{"title":"Choice","description":"A value selection among several such options.","$ref":"#/definitions/MarkupLineDatatype"}}},"additionalProperties":false},"oscal-ssp-oscal-control-common:include-all":{"title":"Include All","description":"Include all controls from the imported catalog or profile resources.","$id":"#/definitions/oscal-ssp-oscal-control-common:include-all","type":"object","additionalProperties":false},"Base64Datatype":{"description":"Binary data encoded using the Base 64 encoding algorithm as defined by RFC4648.","type":"string","pattern":"^[0-9A-Za-z+/]+={0,2}$","contentEncoding":"base64"},"DateDatatype":{"description":"A string representing a 24-hour period with an optional timezone.","type":"string","pattern":"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))?$"},"DateTimeWithTimezoneDatatype":{"description":"A string representing a point in time with a required timezone.","type":"string","format":"date-time","pattern":"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))$"},"EmailAddressDatatype":{"description":"An email address string formatted according to RFC 6531.","allOf":[{"$ref":"#/definitions/StringDatatype"},{"type":"string","format":"email","pattern":"^.+@.+$"}]},"IntegerDatatype":{"description":"A whole number value.","type":"integer"},"MarkupLineDatatype":{"description":"A single line of Markdown content conformant to the Commonmark specification.","type":"string","pattern":"^[^\n]+$"},"MarkupMultilineDatatype":{"description":"A multiple lines of Markdown content conformant to the Commonmark specification.","type":"string"},"NonNegativeIntegerDatatype":{"description":"An integer value that is equal to or greater than 0.","allOf":[{"$ref":"#/definitions/IntegerDatatype"},{"type":"number","minimum":0}]},"StringDatatype":{"description":"A non-empty string with leading and trailing whitespace disallowed. Whitespace is: U+9, U+10, U+32 or [ \n\t]+","type":"string","pattern":"^\\S(.*\\S)?$"},"TokenDatatype":{"description":"A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. https://www.w3.org/TR/xmlschema11-2/#NCName.","type":"string","pattern":"^(\\p{L}|_)(\\p{L}|\\p{N}|[.\\-_])*$"},"URIDatatype":{"description":"A universal resource identifier (URI) formatted according to RFC3986.","type":"string","format":"uri","pattern":"^[a-zA-Z][a-zA-Z0-9+\\-.]+:.+$"},"URIReferenceDatatype":{"description":"A URI Reference, either a URI or a relative-reference, formatted according to section 4.1 of RFC3986.","type":"string","format":"uri-reference"},"UUIDDatatype":{"description":"A type 4 ('random' or 'pseudorandom') or type 5 UUID per RFC 4122.","type":"string","pattern":"^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"}},"properties":{"$schema":{"$ref":"#/definitions/json-schema-directive"},"system-security-plan":{"$ref":"#/definitions/oscal-ssp-oscal-ssp:system-security-plan"}},"required":["system-security-plan"],"additionalProperties":false}