{ "$schema" : "http://json-schema.org/draft-07/schema#", "$id" : "http://csrc.nist.gov/ns/oscal/1.0-schema.json", "$comment" : "OSCAL Plan of Action and Milestones (POA&M) Model: JSON Schema", "type" : "object", "definitions" : { "metadata" : { "title" : "Publication metadata", "description" : "Provides information about the publication and availability of the containing document.", "$id" : "#/definitions/metadata", "type" : "object", "properties" : { "title" : { "title" : "Document Title", "description" : "A name given to the document, which may be used by a tool for display and navigation.", "type" : "string" }, "published" : { "$ref" : "#/definitions/oscal-metadata-published" }, "last-modified" : { "$ref" : "#/definitions/oscal-metadata-last-modified" }, "version" : { "$ref" : "#/definitions/oscal-metadata-version" }, "oscal-version" : { "$ref" : "#/definitions/oscal-metadata-oscal-version" }, "revisions" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/oscal-metadata-revision" } }, "document-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/oscal-metadata-document-id" } }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "roles" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/role" } }, "locations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/location" } }, "parties" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/party" } }, "responsible-parties" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "$ref" : "#/definitions/responsible-party" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "title", "last-modified", "version", "oscal-version" ], "additionalProperties" : false }, "oscal-metadata-revision" : { "title" : "Revision History Entry", "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", "$id" : "#/definitions/oscal-metadata-revision", "type" : "object", "properties" : { "title" : { "title" : "Document Title", "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", "type" : "string" }, "published" : { "$ref" : "#/definitions/oscal-metadata-published" }, "last-modified" : { "$ref" : "#/definitions/oscal-metadata-last-modified" }, "version" : { "$ref" : "#/definitions/oscal-metadata-version" }, "oscal-version" : { "$ref" : "#/definitions/oscal-metadata-oscal-version" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false }, "location" : { "title" : "Location", "description" : "A location, with associated metadata that can be referenced.", "$id" : "#/definitions/location", "type" : "object", "properties" : { "uuid" : { "title" : "Location Universally Unique Identifier", "description" : "A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title" : { "title" : "Location Title", "description" : "A name given to the location, which may be used by a tool for display and navigation.", "type" : "string" }, "address" : { "$ref" : "#/definitions/oscal-metadata-address" }, "email-addresses" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/oscal-metadata-email-address" } }, "telephone-numbers" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/oscal-metadata-telephone-number" } }, "urls" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Location URL", "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", "type" : "string", "format" : "uri" } }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "address" ], "additionalProperties" : false }, "location-uuid" : { "title" : "Location Reference", "description" : "References a location defined in metadata.", "$id" : "#/definitions/location-uuid", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "party" : { "title" : "Party (organization or person)", "description" : "A responsible entity which is either a person or an organization.", "$id" : "#/definitions/party", "type" : "object", "properties" : { "uuid" : { "title" : "Party Universally Unique Identifier", "description" : "A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given party across revisions of the document.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "type" : { "title" : "Party Type", "description" : "A category describing the kind of party the object describes.", "type" : "string", "enum" : [ "person", "organization" ] }, "name" : { "title" : "Party Name", "description" : "The full name of the party. This is typically the legal name associated with the party.", "type" : "string" }, "short-name" : { "title" : "Party Short Name", "description" : "A short common name, abbreviation, or acronym for the party.", "type" : "string" }, "external-ids" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Party External Identifier", "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", "type" : "object", "properties" : { "scheme" : { "title" : "External Identifier Schema", "description" : "Indicates the type of external identifier.", "type" : "string", "format" : "uri" }, "id" : { "type" : "string" } }, "required" : [ "id", "scheme" ], "additionalProperties" : false } }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "email-addresses" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/oscal-metadata-email-address" } }, "telephone-numbers" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/oscal-metadata-telephone-number" } }, "addresses" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/oscal-metadata-address" } }, "location-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/location-uuid" } }, "member-of-organizations" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Organizational Affiliation", "description" : "Identifies that the party object is a member of the organization associated with the provided UUID.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "type" ], "additionalProperties" : false }, "party-uuid" : { "title" : "Party Reference", "description" : "References a party defined in metadata.", "$id" : "#/definitions/party-uuid", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "role" : { "title" : "Role", "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", "$id" : "#/definitions/role", "type" : "object", "properties" : { "id" : { "title" : "Role Identifier", "description" : "A unique identifier for a specific role instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same role across minor revisions of the document.", "type" : "string" }, "title" : { "title" : "Role Title", "description" : "A name given to the role, which may be used by a tool for display and navigation.", "type" : "string" }, "short-name" : { "title" : "Role Short Name", "description" : "A short common name, abbreviation, or acronym for the role.", "type" : "string" }, "description" : { "title" : "Role Description", "description" : "A summary of the role's purpose and associated responsibilities.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "id", "title" ], "additionalProperties" : false }, "back-matter" : { "title" : "Back matter", "description" : "A collection of resources, which may be included directly or by reference.", "$id" : "#/definitions/back-matter", "type" : "object", "properties" : { "resources" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Resource", "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equavalent internet resources.", "type" : "object", "properties" : { "uuid" : { "title" : "Resource Universally Unique Identifier", "description" : "A globally unique identifier that can be used to reference this defined resource elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title" : { "title" : "Resource Title", "description" : "A name given to the resource, which may be used by a tool for display and navigation.", "type" : "string" }, "description" : { "title" : "Resource Description", "description" : "A short summary of the resource used to indicate the purpose of the resource.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "document-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/oscal-metadata-document-id" } }, "citation" : { "title" : "Citation", "description" : "A citation consisting of end note text and optional structured bibliographic data.", "type" : "object", "properties" : { "text" : { "title" : "Citation Text", "description" : "A line of citation text.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "biblio" : { "title" : "Bibliographic Definition", "description" : "A container for structured bibliographic information. The model of this information is undefined by OSCAL.", "type" : "object", "additionalProperties" : true } }, "required" : [ "text" ], "additionalProperties" : false }, "rlinks" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Resource link", "description" : "A pointer to an external resource with an optional hash for verification and change detection.", "type" : "object", "properties" : { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URI reference to a resource.", "type" : "string", "format" : "uri-reference" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", "type" : "string" }, "hashes" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/hash" } } }, "required" : [ "href" ], "additionalProperties" : false } }, "base64" : { "title" : "Base64", "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", "type" : "object", "properties" : { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", "type" : "string", "format" : "uri-reference" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", "type" : "string" }, "value" : { "type" : "string" } }, "required" : [ "value" ], "additionalProperties" : false }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid" ], "additionalProperties" : true } } }, "additionalProperties" : false }, "property" : { "title" : "Property", "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values in some OSCAL formats.", "$id" : "#/definitions/property", "type" : "object", "properties" : { "uuid" : { "title" : "Property Universally Unique Identifier", "description" : "A unique identifier that can be used to reference this property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "name" : { "title" : "Property Name", "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", "type" : "string" }, "ns" : { "title" : "Property Namespace", "description" : "A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.", "type" : "string", "format" : "uri" }, "class" : { "title" : "Property Class", "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", "type" : "string" }, "value" : { "type" : "string" } }, "required" : [ "value", "name" ], "additionalProperties" : false }, "annotation" : { "title" : "Annotated Property", "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair with optional explanatory remarks. The value of an annotated property is a simple scalar value.", "$id" : "#/definitions/annotation", "type" : "object", "properties" : { "name" : { "title" : "Annotated Property Name", "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the annotated property's containing object.", "type" : "string" }, "uuid" : { "title" : "Annotated Property Universally Unique Identifier", "description" : "A unique identifier that can be used to reference this annotated property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "ns" : { "title" : "Annotated Property Namespace", "description" : "A namespace qualifying the annotated property's name. This allows different organizations to associate distinct semantics with the same name.", "type" : "string", "format" : "uri" }, "value" : { "title" : "Annotated Property Value", "description" : "Indicates the value of the attribute, characteristic, or quality.", "type" : "string" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "name", "value" ], "additionalProperties" : false }, "link" : { "title" : "Link", "description" : "A reference to a local or remote resource", "$id" : "#/definitions/link", "type" : "object", "properties" : { "href" : { "title" : "Hypertext Reference", "description" : "A resolvable URL reference to a resource.", "type" : "string", "format" : "uri-reference" }, "rel" : { "title" : "Relation", "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", "type" : "string" }, "media-type" : { "title" : "Media Type", "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", "type" : "string" }, "text" : { "title" : "Link Text", "description" : "A textual label to associate with the link, which may be used for presentation in a tool.", "type" : "string" } }, "required" : [ "href" ], "additionalProperties" : false }, "responsible-party" : { "title" : "Responsible Party", "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", "$id" : "#/definitions/responsible-party", "type" : "object", "properties" : { "party-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/party-uuid" } }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "party-uuids" ], "additionalProperties" : false }, "responsible-role" : { "title" : "Responsible Role", "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", "$id" : "#/definitions/responsible-role", "type" : "object", "properties" : { "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "party-uuids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/party-uuid" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false }, "hash" : { "title" : "Hash", "description" : "A representation of a cryptographic digest generated over a resource using a specified hash algorithm.", "$id" : "#/definitions/hash", "type" : "object", "properties" : { "algorithm" : { "title" : "Hash algorithm", "description" : "Method by which a hash is derived", "type" : "string" }, "value" : { "type" : "string" } }, "required" : [ "value", "algorithm" ], "additionalProperties" : false }, "remarks" : { "title" : "Remarks", "description" : "Additional commentary on the containing object.", "$id" : "#/definitions/remarks", "type" : "string" }, "oscal-metadata-published" : { "title" : "Publication Timestamp", "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#/definitions/oscal-metadata-published", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, "oscal-metadata-last-modified" : { "title" : "Last Modified Timestamp", "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", "$id" : "#/definitions/oscal-metadata-last-modified", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, "oscal-metadata-version" : { "title" : "Document Version", "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", "$id" : "#/definitions/oscal-metadata-version", "type" : "string" }, "oscal-metadata-oscal-version" : { "title" : "OSCAL version", "description" : "The OSCAL model version the document was authored against.", "$id" : "#/definitions/oscal-metadata-oscal-version", "type" : "string" }, "oscal-metadata-email-address" : { "title" : "Email Address", "description" : "An email address as defined by RFC 5322 Section 3.4.1.", "$id" : "#/definitions/oscal-metadata-email-address", "type" : "string", "format" : "email", "pattern" : "^.+@.+" }, "oscal-metadata-telephone-number" : { "title" : "Telephone Number", "description" : "Contact number by telephone.", "$id" : "#/definitions/oscal-metadata-telephone-number", "type" : "object", "properties" : { "type" : { "title" : "type flag", "description" : "Indicates the type of phone number.", "type" : "string" }, "number" : { "type" : "string" } }, "required" : [ "number" ], "additionalProperties" : false }, "oscal-metadata-address" : { "title" : "Address", "description" : "A postal address for the location.", "$id" : "#/definitions/oscal-metadata-address", "type" : "object", "properties" : { "type" : { "type" : "string" }, "addr-lines" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/oscal-metadata-addr-line" } }, "city" : { "title" : "City", "description" : "City, town or geographical region for the mailing address.", "type" : "string" }, "state" : { "title" : "State", "description" : "State, province or analogous geographical region for mailing address", "type" : "string" }, "postal-code" : { "title" : "Postal Code", "description" : "Postal or ZIP code for mailing address", "type" : "string" }, "country" : { "title" : "Country Code", "description" : "The ISO 3166-1 alpha-2 country code for the mailing address.", "type" : "string" } }, "additionalProperties" : false }, "oscal-metadata-addr-line" : { "title" : "Address line", "description" : "A single line of an address.", "$id" : "#/definitions/oscal-metadata-addr-line", "type" : "string" }, "oscal-metadata-document-id" : { "title" : "Document Identifier", "description" : "A document identifier qualified by an identifier type.", "$id" : "#/definitions/oscal-metadata-document-id", "type" : "object", "properties" : { "scheme" : { "title" : "Document Identification Scheme", "description" : "Qualifies the kind of document identifier.", "type" : "string", "format" : "uri" }, "identifier" : { "type" : "string" } }, "required" : [ "identifier", "scheme" ], "additionalProperties" : false }, "system-component" : { "title" : "Component", "description" : "A defined component that can be part of an implemented system.", "$id" : "#/definitions/system-component", "type" : "object", "properties" : { "type" : { "title" : "Component Type", "description" : "A category describing the purpose of the component.", "type" : "string" }, "title" : { "title" : "Component Title", "description" : "A human readable name for the system component.", "type" : "string" }, "description" : { "title" : "Component Description", "description" : "A description of the component, including information about its function.", "type" : "string" }, "purpose" : { "title" : "Purpose", "description" : "A summary of the technological or business purpose of the component.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "status" : { "title" : "Status", "description" : "Describes the operational status of the system component.", "type" : "object", "properties" : { "state" : { "title" : "State", "description" : "The operational status.", "type" : "string", "enum" : [ "under-development", "operational", "disposition", "other" ] }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "state" ], "additionalProperties" : false }, "responsible-roles" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "$ref" : "#/definitions/responsible-role" }, { "not" : { "type" : "string" } } ] } }, "protocols" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/protocol" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "type", "title", "description", "status" ], "additionalProperties" : false }, "protocol" : { "title" : "Service Protocol Information", "description" : "Information about the protocol used to provide a service.", "$id" : "#/definitions/protocol", "type" : "object", "properties" : { "uuid" : { "title" : "Service Protocol Information Universally Unique Identifier", "description" : "A globally unique identifier that can be used to reference this service protocol entry elsewhere in an OSCAL document. A UUID should be consistently used for a given resource across revisions of the document.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "name" : { "title" : "Protocol Name", "description" : "The common name of the protocol, which should be the appropriate \"service name\" from the IANA Service Name and Transport Protocol Port Number Registry.", "type" : "string" }, "title" : { "title" : "title field", "description" : "A human readable name for the protocol (e.g., Transport Layer Security).", "type" : "string" }, "port-ranges" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/port-range" } } }, "required" : [ "name" ], "additionalProperties" : false }, "port-range" : { "title" : "Port Range", "description" : "Where applicable this is the IPv4 port range on which the service operates.", "$id" : "#/definitions/port-range", "type" : "object", "properties" : { "start" : { "title" : "Start", "description" : "Indicates the starting port number in a port range", "type" : "integer", "multipleOf" : 1, "minimum" : 0 }, "end" : { "title" : "End", "description" : "Indicates the ending port number in a port range", "type" : "integer", "multipleOf" : 1, "minimum" : 0 }, "transport" : { "title" : "Transport", "description" : "Indicates the transport type.", "type" : "string", "enum" : [ "TCP", "UDP" ] } }, "additionalProperties" : false }, "inventory-item" : { "title" : "Inventory Item", "description" : "A single managed inventory item within the system.", "$id" : "#/definitions/inventory-item", "type" : "object", "properties" : { "uuid" : { "title" : "Inventory Item Universally Unique Identifier", "description" : "A globally unique identifier that can be used to reference this inventory item entry elsewhere in an OSCAL document. A UUID should be consistently used for a given resource across revisions of the document.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "description" : { "title" : "Inventory Item Description", "description" : "A summary of the inventory item stating its purpose within the system.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "responsible-parties" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "$ref" : "#/definitions/responsible-party" }, { "not" : { "type" : "string" } } ] } }, "implemented-components" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Implemented Component", "description" : "The set of components that are implemented in a given system inventory item.", "type" : "object", "properties" : { "component-uuid" : { "title" : "Component Universally Unique Identifier Reference", "description" : "A reference to a component that is implemented as part of an inventory item.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "responsible-parties" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "$ref" : "#/definitions/responsible-party" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "component-uuid" ], "additionalProperties" : false } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "description" ], "additionalProperties" : false }, "system-id" : { "title" : "System Identification", "description" : "A unique identifier for the system described by this system security plan.", "$id" : "#/definitions/system-id", "type" : "object", "properties" : { "identifier-type" : { "title" : "Identification System Type", "description" : "Identifies the identification system from which the provided identifier was assigned.", "type" : "string", "format" : "uri" }, "id" : { "type" : "string" } }, "required" : [ "id" ], "additionalProperties" : false }, "import-ssp" : { "title" : "Import System Security Plan", "description" : "Used by the assessment plan and POA&M to import information about the system.", "$id" : "#/definitions/import-ssp", "type" : "object", "properties" : { "href" : { "title" : "System Security Plan Reference", "description" : ">A resolvable URL reference to the system security plan for the system being assessed.", "type" : "string", "format" : "uri-reference" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "href" ], "additionalProperties" : false }, "task" : { "title" : "Task", "description" : "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.", "$id" : "#/definitions/task", "type" : "object", "properties" : { "uuid" : { "title" : "Task Universally Unique Identifier", "description" : "Uniquely identifies this assessment task.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "type" : { "title" : "Task Type", "description" : "The type of task.", "type" : "string" }, "title" : { "title" : "Task Title", "description" : "The title for this task.", "type" : "string" }, "description" : { "title" : "Task Description", "description" : "A human-readable description of this task.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "timing" : { "title" : "Event Timing", "description" : "The timing under which the task is intended to occur.", "type" : "object", "properties" : { "on-date" : { "title" : "On Date Condition", "description" : "The task is intended to occur on the specified date.", "type" : "object", "properties" : { "date" : { "title" : "On Date Condition", "description" : "The task must occur on the specified date.", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" } }, "required" : [ "date" ], "additionalProperties" : false }, "within-date-range" : { "title" : "On Date Range Condition", "description" : "The task is intended to occur within the specified date range.", "type" : "object", "properties" : { "start" : { "title" : "Start Date Condition", "description" : "The task must occur on or after the specified date.", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, "end" : { "title" : "End Date Condition", "description" : "The task must occur on or before the specified date.", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" } }, "required" : [ "start", "end" ], "additionalProperties" : false }, "at-frequency" : { "title" : "Frequency Condition", "description" : "The task is intended to occur at the specified frequency.", "type" : "object", "properties" : { "period" : { "title" : "Period", "description" : "The task must occur after the specified period has elapsed.", "type" : "integer", "multipleOf" : 1, "minimum" : 1 }, "unit" : { "title" : "Time Unit", "description" : "The unit of time for the period.", "type" : "string", "enum" : [ "seconds", "minutes", "hours", "days", "months", "years" ] } }, "required" : [ "period", "unit" ], "additionalProperties" : false } }, "additionalProperties" : false }, "dependencies" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Task Dependency", "description" : "Used to indicate that a task is dependant on another task.", "type" : "object", "properties" : { "task-uuid" : { "title" : "Task Universally Unique Identifier Reference", "description" : "References a unique task by UUID.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "task-uuid" ], "additionalProperties" : false } }, "tasks" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/task" } }, "associated-activities" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Associated Activity", "description" : "Identifies an individual activity to be performed as part of an action.", "type" : "object", "properties" : { "activity-uuid" : { "title" : "Activity Universally Unique Identifier Reference", "description" : "References an activity defined in the list of activities.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "responsible-roles" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "$ref" : "#/definitions/responsible-role" }, { "not" : { "type" : "string" } } ] } }, "subjects" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/assessment-subject" } }, "subject-placeholder" : { "$ref" : "#/definitions/assessment-subject-placeholder" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "activity-uuid" ], "additionalProperties" : false } }, "subjects" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/assessment-subject" } }, "responsible-roles" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "$ref" : "#/definitions/responsible-role" }, { "not" : { "type" : "string" } } ] } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "type", "title" ], "additionalProperties" : false }, "assessment-subject-placeholder" : { "title" : "Assessment Subject Placeholder", "description" : "Used when the assessment subjects will be determined as part of one or more other assessment activities. These assessment subjects will be recorded in the assessment results in the assessment log.", "$id" : "#/definitions/assessment-subject-placeholder", "type" : "object", "properties" : { "uuid" : { "title" : "Assessment Subject Placeholder Universally Unique Identifier", "description" : "Uniquely identifies a set of assessment subjects that will be identified by a task or an activity that is part of a task.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "description" : { "title" : "Assessment Subject Placeholder Description", "description" : "A human-readable description of intent of this assessment subject placeholder.", "type" : "string" }, "sources" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Assessment Subject Source", "description" : "Assessment subjects will be identified while conducting the referenced activity-instance.", "type" : "object", "properties" : { "task-uuid" : { "title" : "Task Universally Unique Identifier", "description" : "Uniquely identifies an assessment activity to be performed as part of the event. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. A UUID should be consistantly used for this schedule across revisions of the document.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, "required" : [ "task-uuid" ], "additionalProperties" : false } }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "sources" ], "additionalProperties" : false }, "assessment-subject" : { "title" : "Subject of Assessment", "description" : "Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope.", "$id" : "#/definitions/assessment-subject", "type" : "object", "properties" : { "type" : { "title" : "Subject Type", "description" : "Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.", "type" : "string" }, "description" : { "title" : "Include Subjects Description", "description" : "A human-readable description of the collection of subjects being included in this assessment.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "include-all" : { "title" : "All", "description" : "A key word to indicate all.", "type" : "object", "additionalProperties" : false }, "include-subjects" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/select-subject-by-id" } }, "exclude-subjects" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/select-subject-by-id" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "type" ], "additionalProperties" : false }, "select-subject-by-id" : { "title" : "Select Assessment Subject", "description" : "Identifies a set of assessment subjects to include/exclude by UUID.", "$id" : "#/definitions/select-subject-by-id", "type" : "object", "properties" : { "uuid-ref" : { "title" : "UUID Reference", "description" : "A pointer to a component, inventory-item, location, party, user, or resource using it's UUID.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid-ref" ], "additionalProperties" : false }, "oscal-assessment-common-subject-reference" : { "title" : "Identifies the Subject", "description" : "A pointer to a resource based on its universally unique identifier (UUID). Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.", "$id" : "#/definitions/oscal-assessment-common-subject-reference", "type" : "object", "properties" : { "uuid-ref" : { "title" : "UUID Reference", "description" : "A pointer to a component, inventory-item, location, party, user, or resource using it's UUID.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "type" : { "title" : "Universally Unique Identifier Reference Type", "description" : "Used to indicate the type of object pointed to by the uuid-ref.", "type" : "string" }, "title" : { "title" : "Subject Reference Title", "description" : "The title or name for the referenced subject.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid-ref", "type" ], "additionalProperties" : false }, "observation" : { "title" : "Objective", "description" : "Describes an individual observation.", "$id" : "#/definitions/observation", "type" : "object", "properties" : { "uuid" : { "title" : "Observation Universally Unique Identifier", "description" : "Uniquely identifies this observation. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. Once assigned, a UUID should be consistantly used for a given observation across revisions.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title" : { "title" : "Observation Title", "description" : "The title for this observation.", "type" : "string" }, "description" : { "title" : "Observaton Description", "description" : "A human-readable description of this assessment observation.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "methods" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Observation Method", "description" : "Identifies how the observation was made.", "type" : "string" } }, "types" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Observation Type", "description" : "Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.", "type" : "string" } }, "origins" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/origin" } }, "subjects" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/oscal-assessment-common-subject-reference" } }, "relevant-evidence" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Relevant Evidence", "description" : "Links this observation to relevant evidence.", "type" : "object", "properties" : { "href" : { "title" : "Relevant Evidence Reference", "description" : ">A resolvable URL reference to relevant evidence.", "type" : "string", "format" : "uri-reference" }, "description" : { "title" : "Relevant Evidence Description", "description" : "A human-readable description of this evidence.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "description" ], "additionalProperties" : false } }, "collected" : { "title" : "collected field", "description" : "Date/time stamp identifying when the finding information was collected.", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, "expires" : { "title" : "expires field", "description" : "Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "description", "methods", "collected" ], "additionalProperties" : false }, "origin" : { "title" : "Origin", "description" : "Identifies the source of the finding, such as a tool, interviewed person, or activity.", "$id" : "#/definitions/origin", "type" : "object", "properties" : { "actors" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/origin-actor" } }, "related-tasks" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/related-task" } } }, "required" : [ "actors" ], "additionalProperties" : false }, "origin-actor" : { "title" : "Originating Actor", "description" : "The actor that produces an observation, a finding, or a risk. One or more actor type can be used to specify a person that is using a tool.", "$id" : "#/definitions/origin-actor", "type" : "object", "properties" : { "type" : { "title" : "Actor Type", "description" : "The kind of actor.", "type" : "string", "enum" : [ "tool", "assessment-platform", "party" ] }, "uuid-ref" : { "title" : "Actor UUID Reference", "description" : "A pointer to the tool or person based on the associated type.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "role-id" : { "title" : "Actor Role", "description" : "For a party, this can optionally be used to specify the role the actor was performing.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } } }, "required" : [ "type", "uuid-ref" ], "additionalProperties" : false }, "related-task" : { "title" : "Task Reference", "description" : "Identifies an individual task for which the containing object is a consequence of.", "$id" : "#/definitions/related-task", "type" : "object", "properties" : { "task-uuid" : { "title" : "Task Universally Unique Identifier Reference", "description" : "References a unique task by UUID.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "responsible-parties" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "$ref" : "#/definitions/responsible-party" }, { "not" : { "type" : "string" } } ] } }, "subjects" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/assessment-subject" } }, "identified-subject" : { "title" : "Identified Subject", "description" : "Used to detail assessment subjects that were identfied by this task.", "type" : "object", "properties" : { "subject-placeholder-uuid" : { "title" : "Assessment Subject Placeholder Universally Unique Identifier Reference", "description" : "References a unique assessment subject placeholder defined by this task.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "subjects" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/assessment-subject" } } }, "required" : [ "subject-placeholder-uuid", "subjects" ], "additionalProperties" : false }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "task-uuid" ], "additionalProperties" : false }, "threat-id" : { "title" : "Threat ID", "description" : "A pointer, by ID, to an externally-defined threat.", "$id" : "#/definitions/threat-id", "type" : "object", "properties" : { "system" : { "title" : "Threat Type Identification System", "description" : "Specifies the source of the threat information.", "type" : "string", "format" : "uri" }, "href" : { "title" : "Threat Information Resource Reference", "description" : "An optional location for the threat data, from which this ID originates.", "type" : "string", "format" : "uri-reference" }, "id" : { "type" : "string" } }, "required" : [ "id", "system" ], "additionalProperties" : false }, "risk" : { "title" : "Identified Risk", "description" : "An identified risk.", "$id" : "#/definitions/risk", "type" : "object", "properties" : { "uuid" : { "title" : "Risk Universally Unique Identifier", "description" : "Uniquely identifies this risk. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. Once assigned, a UUID should be consistantly used for a given risk across revisions.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title" : { "title" : "Risk Title", "description" : "The title for this risk.", "type" : "string" }, "description" : { "title" : "Risk Description", "description" : "A human-readable summary of what was identified regarding the risk.", "type" : "string" }, "statement" : { "title" : "Risk Statement", "description" : "An summary of impact for how the risk affects the system.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "status" : { "title" : "Status", "description" : "Describes the status of the associated risk.", "type" : "string" }, "origins" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/origin" } }, "threat-ids" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/threat-id" } }, "characterizations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/characterization" } }, "mitigating-factors" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Mitigating Factor", "description" : "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.", "type" : "object", "properties" : { "uuid" : { "title" : "Mitigating Factor Universally Unique Identifier", "description" : "Uniquely identifies this mitigating factor. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. Once assigned, a UUID should be consistantly used for a given mitigating factor across revisions.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "implementation-uuid" : { "title" : "Implementation UUID", "description" : "Points to an implementation statement in the SSP.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "description" : { "title" : "Mitigating Factor Description", "description" : "A human-readable description of this mitigating factor.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "subjects" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/oscal-assessment-common-subject-reference" } } }, "required" : [ "uuid", "description" ], "additionalProperties" : false } }, "deadline" : { "title" : "Risk Resolution Deadline", "description" : "The date/time by which the risk must be resolved.", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, "remediations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/oscal-assessment-common-response" } }, "risk-log" : { "title" : "Risk Log", "description" : "A log of all risk-related actions taken.", "type" : "object", "properties" : { "entries" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Risk Log Entry", "description" : "Identifies the result of an action and/or task that occured as part of executing an assessment plan or an assessment event that occured in producing the assessment results.", "type" : "object", "properties" : { "uuid" : { "title" : "Risk Log Entry Universally Unique Identifier", "description" : "Uniquely identifies an assessment event. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. A UUID should be consistantly used for this schedule across revisions of the document.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title" : { "title" : "Action Title", "description" : "The title for this event.", "type" : "string" }, "description" : { "title" : "Action Description", "description" : "A human-readable description of this event.", "type" : "string" }, "start" : { "title" : "Start", "description" : "Identifies the start date and time of an event.", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, "end" : { "title" : "End", "description" : "Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.", "type" : "string", "format" : "date-time", "pattern" : "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})$" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "logged-by" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/logged-by" } }, "status-change" : { "$ref" : "#/definitions/risk-status" }, "related-responses" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Action Reference", "description" : "Identifies an individual risk response that this log entry is for.", "type" : "object", "properties" : { "response-uuid" : { "title" : "Response Universally Unique Identifier Reference", "description" : "References a unique risk response by UUID.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "related-tasks" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/related-task" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "response-uuid" ], "additionalProperties" : false } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "start" ], "additionalProperties" : false } } }, "required" : [ "entries" ], "additionalProperties" : false }, "related-observations" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Related Observation", "description" : "Relates the finding to a set of referenced observations that were used to determine the finding.", "type" : "object", "properties" : { "observation-uuid" : { "title" : "Observation Universally Unique Identifier Reference", "description" : "References an observation defined in the list of observations.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, "required" : [ "observation-uuid" ], "additionalProperties" : false } } }, "required" : [ "uuid", "title", "description", "statement", "status" ], "additionalProperties" : false }, "logged-by" : { "title" : "Logged By", "description" : "Used to indicate who created a log entry in what role.", "$id" : "#/definitions/logged-by", "type" : "object", "properties" : { "party-uuid" : { "title" : "Party UUID Reference", "description" : "A pointer to the party who is making the log entry.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "role-id" : { "title" : "Actor Role", "description" : "A point to the role-id of the role in which the party is making the log entry.", "type" : "string" } }, "required" : [ "party-uuid" ], "additionalProperties" : false }, "risk-status" : { "title" : "Risk Status", "description" : "Describes the status of the associated risk.", "$id" : "#/definitions/risk-status", "type" : "string" }, "characterization" : { "title" : "Characterization", "description" : "A collection of descriptive data about the containing object from a specific origin.", "$id" : "#/definitions/characterization", "type" : "object", "properties" : { "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "origin" : { "$ref" : "#/definitions/origin" }, "facets" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Facet", "description" : "An individual characteristic that is part of a larger set produced by the same actor.", "type" : "object", "properties" : { "name" : { "title" : "Facet Name", "description" : "The name of the risk metric within the specified system.", "type" : "string" }, "system" : { "title" : "Naming System", "description" : "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.", "type" : "string", "format" : "uri" }, "value" : { "title" : "Facet Value", "description" : "Indicates the value of the facet.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "name", "system", "value" ], "additionalProperties" : false } } }, "required" : [ "origin", "facets" ], "additionalProperties" : false }, "oscal-assessment-common-response" : { "title" : "Risk Response", "description" : "Describes either recommended or an actual plan for addressing the risk.", "$id" : "#/definitions/oscal-assessment-common-response", "type" : "object", "properties" : { "uuid" : { "title" : "Remediation Universally Unique Identifier", "description" : "Uniquely identifies this remediation. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. Once assigned, a UUID should be consistantly used for a given remediation across revisions.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "lifecycle" : { "title" : "Remediation Intent", "description" : "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.", "type" : "string" }, "title" : { "title" : "Response Title", "description" : "The title for this response activity.", "type" : "string" }, "description" : { "title" : "Response Description", "description" : "A human-readable description of this response plan.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "origins" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/origin" } }, "required-assets" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Required Asset", "description" : "Identifies an asset required to achieve remediation.", "type" : "object", "properties" : { "uuid" : { "title" : "Required Universally Unique Identifier", "description" : "Uniquely identifies this required asset. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. Once assigned, a UUID should be consistantly used for a given required asset across revisions.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "subjects" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/oscal-assessment-common-subject-reference" } }, "title" : { "title" : "Title for Required Asset", "description" : "The title for this required asset.", "type" : "string" }, "description" : { "title" : "Description of Required Asset", "description" : "A human-readable description of this required asset.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "description" ], "additionalProperties" : false } }, "tasks" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/task" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "uuid", "lifecycle", "title", "description" ], "additionalProperties" : false }, "plan-of-action-and-milestones" : { "title" : "Plan of Action and Milestones (POA&M)", "description" : "A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.", "$id" : "#/definitions/plan-of-action-and-milestones", "type" : "object", "properties" : { "uuid" : { "title" : "POA&M Universally Unique Identifier", "description" : "Uniquely identifies this POA&M. This UUID must be changed each time the content of the POA&M changes.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "metadata" : { "$ref" : "#/definitions/metadata" }, "import-ssp" : { "$ref" : "#/definitions/import-ssp" }, "system-id" : { "$ref" : "#/definitions/system-id" }, "local-definitions" : { "$ref" : "#/definitions/local-definitions" }, "observations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/observation" } }, "risks" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/risk" } }, "poam-items" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/poam-item" } }, "back-matter" : { "$ref" : "#/definitions/back-matter" } }, "required" : [ "uuid", "metadata", "poam-items" ], "additionalProperties" : false }, "local-definitions" : { "title" : "Local Definitions", "description" : "Allows components, and inventory-items to be defined within the POA&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA&M.", "$id" : "#/definitions/local-definitions", "type" : "object", "properties" : { "components" : { "type" : "object", "minProperties" : 1, "additionalProperties" : { "allOf" : [ { "$ref" : "#/definitions/system-component" }, { "not" : { "type" : "string" } } ] } }, "inventory-items" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/inventory-item" } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "additionalProperties" : false }, "poam-item" : { "title" : "POA&M Item", "description" : "Describes an individual POA&M item.", "$id" : "#/definitions/poam-item", "type" : "object", "properties" : { "uuid" : { "title" : "POA&M Item Universally Unique Identifier", "description" : "Uniquely identifies the POA&M entry. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. A UUID should be consistantly used for a given POA&M item across revisions of the document.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title" : { "title" : "POA&M Item Title", "description" : "The title or name for this POA&M item .", "type" : "string" }, "description" : { "title" : "POA&M Item Description", "description" : "A human-readable description of POA&M item.", "type" : "string" }, "props" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/property" } }, "annotations" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/annotation" } }, "links" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/link" } }, "origins" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Origin", "description" : "Identifies the source of the finding, such as a tool or person.", "type" : "object", "properties" : { "actors" : { "type" : "array", "minItems" : 1, "items" : { "$ref" : "#/definitions/origin-actor" } } }, "required" : [ "actors" ], "additionalProperties" : false } }, "related-observations" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Related Observation", "description" : "Relates the poam-item to a set of referenced observations that were used to determine the finding.", "type" : "object", "properties" : { "observation-uuid" : { "title" : "Observation Universally Unique Identifier Reference", "description" : "References an observation defined in the list of observations.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, "required" : [ "observation-uuid" ], "additionalProperties" : false } }, "related-risks" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Associated Risk", "description" : "Relates the finding to a set of referenced risks that were used to determine the finding.", "type" : "object", "properties" : { "risk-uuid" : { "title" : "Risk Universally Unique Identifier Reference", "description" : "References an risk defined in the list of risks.", "type" : "string", "pattern" : "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" } }, "required" : [ "risk-uuid" ], "additionalProperties" : false } }, "remarks" : { "$ref" : "#/definitions/remarks" } }, "required" : [ "title", "description" ], "additionalProperties" : false } }, "properties" : { "plan-of-action-and-milestones" : { "$ref" : "#/definitions/plan-of-action-and-milestones" } }, "required" : [ "plan-of-action-and-milestones" ], "additionalProperties" : false, "maxProperties" : 1 }