The OSCAL assessment plan format is used to describe the information typically provided by an assessor during the preparation for an assessment.
The root of the OSCAL assessment plan format is assessment-plan.
assessment-planPartA partition of a control's definition or a child of another part.Part: A partition of a control's definition or a child of another part.Part IdentifierA unique identifier for a specific part instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same part across minor revisions of the document.Part Identifier: A unique identifier for a specific part instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same part across minor revisions of the document.Part NameA textual label that uniquely identifies the part's semantic type.Part Name: A textual label that uniquely identifies the part's semantic type.Part NamespaceA namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.Part ClassA textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.Publication metadataProvides information about the publication and availability of the containing document.Publication metadata: Provides information about the publication and availability of the containing document.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Revision History EntryAn entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.LocationA location, with associated metadata that can be referenced.Location: A location, with associated metadata that can be referenced.Location URLThe uniform resource locator (URL) for a web site or Internet presence associated with the location.Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Location Universally Unique IdentifierA unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.Location Universally Unique Identifier: A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.Location ReferenceReferences a location defined in metadata.Location Reference: References a location defined in metadata.Party (organization or person)A responsible entity which is either a person or an organization.Party (organization or person): A responsible entity which is either a person or an organization.Party NameThe full name of the party. This is typically the legal name associated with the party.Party Name: The full name of the party. This is typically the legal name associated with the party.Party Short NameA short common name, abbreviation, or acronym for the party.Party Short Name: A short common name, abbreviation, or acronym for the party.Party External IdentifierAn identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)External Identifier SchemaIndicates the type of external identifier.External Identifier Schema: Indicates the type of external identifier.Organizational AffiliationIdentifies that the party object is a member of the organization associated with the provided UUID.Organizational Affiliation: Identifies that the party object is a member of the organization associated with the provided UUID.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Party Universally Unique IdentifierA unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given party across revisions of the document.Party Universally Unique Identifier: A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given party across revisions of the document.Party TypeA category describing the kind of party the object describes.Party Type: A category describing the kind of party the object describes.Party ReferenceReferences a party defined in metadata.Party Reference: References a party defined in metadata.RoleDefines a function assumed or expected to be assumed by a party in a specific situation.Role: Defines a function assumed or expected to be assumed by a party in a specific situation.Role Short NameA short common name, abbreviation, or acronym for the role.Role Short Name: A short common name, abbreviation, or acronym for the role.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Role IdentifierA unique identifier for a specific role instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same role across minor revisions of the document.Role Identifier: A unique identifier for a specific role instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same role across minor revisions of the document.Role Identifier ReferenceA reference to the roles served by the user.Role Identifier Reference: A reference to the roles served by the user.Back matterA collection of resources, which may be included directly or by reference.Back matter: A collection of resources, which may be included directly or by reference.ResourceA resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equavalent internet resources.Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equavalent internet resources.CitationA citation consisting of end note text and optional structured bibliographic data.Citation: A citation consisting of end note text and optional structured bibliographic data.Bibliographic DefinitionA container for structured bibliographic information. The model of this information is undefined by OSCAL.Bibliographic Definition: A container for structured bibliographic information. The model of this information is undefined by OSCAL.Resource linkA pointer to an external resource with an optional hash for verification and change detection.Resource link: A pointer to an external resource with an optional hash for verification and change detection.Hypertext ReferenceA resolvable URI reference to a resource.Hypertext Reference: A resolvable URI reference to a resource.Media TypeSpecifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.Base64The Base64 alphabet in RFC 2045 - aligned with XSD.Base64: The Base64 alphabet in RFC 2045 - aligned with XSD.File NameName of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.File Name: Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.Media TypeSpecifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Resource Universally Unique IdentifierA globally unique identifier that can be used to reference this defined resource elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Resource Universally Unique Identifier: A globally unique identifier that can be used to reference this defined resource elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.PropertyAn attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values in some OSCAL formats.Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values in some OSCAL formats.Property Universally Unique IdentifierA unique identifier that can be used to reference this property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.Property Universally Unique Identifier: A unique identifier that can be used to reference this property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.Property NameA textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.Property NamespaceA namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.Property Namespace: A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.Property ClassA textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.Annotated PropertyAn attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair with optional explanatory remarks. The value of an annotated property is a simple scalar value.Annotated Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair with optional explanatory remarks. The value of an annotated property is a simple scalar value.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Annotated Property NameA textual label that uniquely identifies a specific attribute, characteristic, or quality of the annotated property's containing object.Annotated Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the annotated property's containing object.Annotated Property Universally Unique IdentifierA unique identifier that can be used to reference this annotated property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.Annotated Property Universally Unique Identifier: A unique identifier that can be used to reference this annotated property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.Annotated Property NamespaceA namespace qualifying the annotated property's name. This allows different organizations to associate distinct semantics with the same name.Annotated Property Namespace: A namespace qualifying the annotated property's name. This allows different organizations to associate distinct semantics with the same name.Annotated Property ValueIndicates the value of the attribute, characteristic, or quality.Annotated Property Value: Indicates the value of the attribute, characteristic, or quality.LinkA reference to a local or remote resourceLink: A reference to a local or remote resourceHypertext ReferenceA resolvable URL reference to a resource.Hypertext Reference: A resolvable URL reference to a resource.RelationDescribes the type of relationship provided by the link. This can be an indicator of the link's purpose.Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.Media TypeSpecifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.Responsible PartyA reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Responsible RoleThe role that the party is responsible for.Responsible Role: The role that the party is responsible for.Responsible RoleA reference to one or more roles with responsibility for performing a function relative to the containing object.Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Responsible Role IDThe role that is responsible for the business function.Responsible Role ID: The role that is responsible for the business function.HashA representation of a cryptographic digest generated over a resource using a specified hash algorithm.Hash: A representation of a cryptographic digest generated over a resource using a specified hash algorithm.Hash algorithmMethod by which a hash is derivedHash algorithm: Method by which a hash is derivedPublication TimestampThe date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.Last Modified TimestampThe date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.Document VersionA string used to distinguish the current version of the document from other previous (and future) versions.Document Version: A string used to distinguish the current version of the document from other previous (and future) versions.OSCAL versionThe OSCAL model version the document was authored against.OSCAL version: The OSCAL model version the document was authored against.Email AddressAn email address as defined by RFC 5322 Section 3.4.1.Email Address: An email address as defined by RFC 5322 Section 3.4.1.Telephone NumberContact number by telephone.Telephone Number: Contact number by telephone.type flagIndicates the type of phone number.type flag: Indicates the type of phone number.AddressA postal address for the location.Address: A postal address for the location.CityCity, town or geographical region for the mailing address.City: City, town or geographical region for the mailing address.StateState, province or analogous geographical region for mailing addressState: State, province or analogous geographical region for mailing addressPostal CodePostal or ZIP code for mailing addressPostal Code: Postal or ZIP code for mailing addressCountry CodeThe ISO 3166-1 alpha-2 country code for the mailing address.Country Code: The ISO 3166-1 alpha-2 country code for the mailing address.Address lineA single line of an address.Address line: A single line of an address.Document IdentifierA document identifier qualified by an identifier type.Document Identifier: A document identifier qualified by an identifier type.Document Identification SchemeQualifies the kind of document identifier.Document Identification Scheme: Qualifies the kind of document identifier.ComponentA defined component that can be part of an implemented system.Component: A defined component that can be part of an implemented system.StatusDescribes the operational status of the system component.Status: Describes the operational status of the system component.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.StateThe operational status.State: The operational status.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Component IdentifierThe unique identifier for the component.Component Identifier: The unique identifier for the component.Component TypeA category describing the purpose of the component.Component Type: A category describing the purpose of the component.Service Protocol InformationInformation about the protocol used to provide a service.Service Protocol Information: Information about the protocol used to provide a service.Service Protocol Information Universally Unique IdentifierA globally unique identifier that can be used to reference this service protocol entry elsewhere in an OSCAL document. A UUID should be consistently used for a given resource across revisions of the document.Service Protocol Information Universally Unique Identifier: A globally unique identifier that can be used to reference this service protocol entry elsewhere in an OSCAL document. A UUID should be consistently used for a given resource across revisions of the document.Protocol NameThe common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry.Protocol Name: The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry.Port RangeWhere applicable this is the IPv4 port range on which the service operates.Port Range: Where applicable this is the IPv4 port range on which the service operates.StartIndicates the starting port number in a port rangeStart: Indicates the starting port number in a port rangeEndIndicates the ending port number in a port rangeEnd: Indicates the ending port number in a port rangeTransportIndicates the transport type.Transport: Indicates the transport type.System UserA type of user that interacts with the system based on an associated role.System User: A type of user that interacts with the system based on an associated role.User Short NameA short common name, abbreviation, or acronym for the user.User Short Name: A short common name, abbreviation, or acronym for the user.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.User Universally Unique IdentifierThe unique identifier for the user class.User Universally Unique Identifier: The unique identifier for the user class.PrivilegeIdentifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.Privilege: Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.Functions PerformedDescribes a function performed for a given authorized privilege by this user class.Functions Performed: Describes a function performed for a given authorized privilege by this user class.Inventory ItemA single managed inventory item within the system.Inventory Item: A single managed inventory item within the system.Implemented ComponentThe set of components that are implemented in a given system inventory item.Implemented Component: The set of components that are implemented in a given system inventory item.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Component Universally Unique Identifier ReferenceA reference to a component that is implemented as part of an inventory item.Component Universally Unique Identifier Reference: A reference to a component that is implemented as part of an inventory item.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Inventory Item Universally Unique IdentifierA globally unique identifier that can be used to reference this inventory item entry elsewhere in an OSCAL document. A UUID should be consistently used for a given resource across revisions of the document.Inventory Item Universally Unique Identifier: A globally unique identifier that can be used to reference this inventory item entry elsewhere in an OSCAL document. A UUID should be consistently used for a given resource across revisions of the document.Import System Security PlanUsed by the assessment plan and POA&M to import information about the system.Import System Security Plan: Used by the assessment plan and POA&M to import information about the system.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.System Security Plan Reference>A resolvable URL reference to the system security plan for the system being assessed.System Security Plan Reference: >A resolvable URL reference to the system security plan for the system being assessed.Assessment-Specific Control ObjectiveA local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.Assessment-Specific Control Objective: A local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Control Identifier ReferenceA reference to a control identifier.Control Identifier Reference: A reference to a control identifier.ActivityIdentifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessement.Activity: Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessement.ActionIdentifies an individual actions, such as test steps or examination procedures.Action: Identifies an individual actions, such as test steps or examination procedures.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Action Universally Unique IdentifierUniquely identifies this defined action. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. A UUID should be consistantly used for a given test step across revisions of the document.Action Universally Unique Identifier: Uniquely identifies this defined action. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. A UUID should be consistantly used for a given test step across revisions of the document.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Assessment Activity Universally Unique IdentifierUniquely identifies this assessment activity. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. A UUID should be consistantly used for a given included activity across revisions of the document.Assessment Activity Universally Unique Identifier: Uniquely identifies this assessment activity. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. A UUID should be consistantly used for a given included activity across revisions of the document.TaskRepresents a scheduled event or milestone, which may be associated with a series of assessment actions.Task: Represents a scheduled event or milestone, which may be associated with a series of assessment actions.Event TimingThe timing under which the task is intended to occur.Event Timing: The timing under which the task is intended to occur.On Date ConditionThe task is intended to occur on the specified date.On Date Condition: The task is intended to occur on the specified date.On Date ConditionThe task must occur on the specified date.On Date Condition: The task must occur on the specified date.On Date Range ConditionThe task is intended to occur within the specified date range.On Date Range Condition: The task is intended to occur within the specified date range.Start Date ConditionThe task must occur on or after the specified date.Start Date Condition: The task must occur on or after the specified date.End Date ConditionThe task must occur on or before the specified date.End Date Condition: The task must occur on or before the specified date.Frequency ConditionThe task is intended to occur at the specified frequency.Frequency Condition: The task is intended to occur at the specified frequency.PeriodThe task must occur after the specified period has elapsed.Period: The task must occur after the specified period has elapsed.Time UnitThe unit of time for the period.Time Unit: The unit of time for the period.Task DependencyUsed to indicate that a task is dependant on another task.Task Dependency: Used to indicate that a task is dependant on another task.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Task Universally Unique Identifier ReferenceReferences a unique task by UUID.Task Universally Unique Identifier Reference: References a unique task by UUID.Associated ActivityIdentifies an individual activity to be performed as part of an action.Associated Activity: Identifies an individual activity to be performed as part of an action.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Activity Universally Unique Identifier ReferenceReferences an activity defined in the list of activities.Activity Universally Unique Identifier Reference: References an activity defined in the list of activities.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Task Universally Unique IdentifierUniquely identifies this assessment task. Task Universally Unique Identifier: Uniquely identifies this assessment task. Task TypeThe type of task.Task Type: The type of task.Reviewed Controls and Control ObjectivesIdentifies the controls being assessed and their control objectives.Reviewed Controls and Control Objectives: Identifies the controls being assessed and their control objectives.Assessed ControlsIdentifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.Assessed Controls: Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.AllA key word to indicate all.All: A key word to indicate all.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Referened Control ObjectivesIdentifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the assessed objectives, and reflects any changes from the plan.Referened Control Objectives: Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the assessed objectives, and reflects any changes from the plan.AllA key word to indicate all.All: A key word to indicate all.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Select ControlUsed to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.Select Control: Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.Include Specific StatementsUsed to constrain the selection to only specificly identified statements.Include Specific Statements: Used to constrain the selection to only specificly identified statements.Control Identifier ReferenceA reference to a control identifier.Control Identifier Reference: A reference to a control identifier.Select ObjectiveUsed to select a control objective for inclusion/exclusion based on the control objective's identifier.Select Objective: Used to select a control objective for inclusion/exclusion based on the control objective's identifier.Assessment Subject PlaceholderUsed when the assessment subjects will be determined as part of one or more other assessment activities. These assessment subjects will be recorded in the assessment results in the assessment log.Assessment Subject Placeholder: Used when the assessment subjects will be determined as part of one or more other assessment activities. These assessment subjects will be recorded in the assessment results in the assessment log.Assessment Subject SourceAssessment subjects will be identified while conducting the referenced activity-instance.Assessment Subject Source: Assessment subjects will be identified while conducting the referenced activity-instance.Task Universally Unique IdentifierUniquely identifies an assessment activity to be performed as part of the event. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. A UUID should be consistantly used for this schedule across revisions of the document.Task Universally Unique Identifier: Uniquely identifies an assessment activity to be performed as part of the event. This UUID may be referenced elsewhere in an OSCAL document when refering to this information. A UUID should be consistantly used for this schedule across revisions of the document.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Assessment Subject Placeholder Universally Unique IdentifierUniquely identifies a set of assessment subjects that will be identified by a task or an activity that is part of a task.Assessment Subject Placeholder Universally Unique Identifier: Uniquely identifies a set of assessment subjects that will be identified by a task or an activity that is part of a task.Subject of AssessmentIdentifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope.Subject of Assessment: Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope.AllA key word to indicate all.All: A key word to indicate all.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Subject TypeIndicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.Subject Type: Indicates the type of assessment subject, such as a component, inventory, item, location, or party represented by this selection statement.Select Assessment SubjectIdentifies a set of assessment subjects to include/exclude by UUID.Select Assessment Subject: Identifies a set of assessment subjects to include/exclude by UUID.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.UUID ReferenceA pointer to a component, inventory-item, location, party, user, or resource using it's UUID.UUID Reference: A pointer to a component, inventory-item, location, party, user, or resource using it's UUID.Assessment AssetsIdentifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.Assessment Assets: Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.Assessment PlatformUsed to represent the toolset used to perform aspects of the assessment.Assessment Platform: Used to represent the toolset used to perform aspects of the assessment.Uses ComponentThe set of components that are used by the assessment platform.Uses Component: The set of components that are used by the assessment platform.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Component Universally Unique Identifier ReferenceA reference to a component that is implemented as part of an inventory item.Component Universally Unique Identifier Reference: A reference to a component that is implemented as part of an inventory item.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Assessment Platform Universally Unique IdentifierUniquely identifies this assessment Platform.Assessment Platform Universally Unique Identifier: Uniquely identifies this assessment Platform.Assessment PartA partition of an assessment plan or results or a child of another part.Assessment Part: A partition of an assessment plan or results or a child of another part.Part IdentifierA unique identifier for a specific part instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same part across minor revisions of the document.Part Identifier: A unique identifier for a specific part instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same part across minor revisions of the document.Part NameA textual label that uniquely identifies the part's semantic type.Part Name: A textual label that uniquely identifies the part's semantic type.Part NamespaceA namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.Part ClassA textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.Security Assessment Plan (SAP)An assessment plan, such as those provided by a FedRAMP assessor.Security Assessment Plan (SAP): An assessment plan, such as those provided by a FedRAMP assessor.Local DefinitionsUsed to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.Local Definitions: Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Assessment Plan Terms and ConditionsUsed to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition.Assessment Plan Terms and Conditions: Used to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition.Assessment Plan Universally Unique IdentifierUniquely identifies this assessment plan. This UUID must be changed each time the content of the plan changes.Assessment Plan Universally Unique Identifier: Uniquely identifies this assessment plan. This UUID must be changed each time the content of the plan changes.The content model is the same as blockElementType, but line endings need
to be preserved, since this is preformatted.The content model is the same as blockElementType, but line endings need
to be preserved, since this is preformatted.The xs:dateTime with a required timezone.An email addressNeed a better pattern.A URIRequires a scheme with colon per RFC 3986A URI reference, such as a relative URLA Type 4 ('random' or 'pseudorandom' UUID per RFC 4122A sequence of 8-4-4-4-12 hex digits, with extra constraints in the 13th and 17-18th places for version 4