OSCAL Control Catalog Model 1.0.0-rc1 oscal-catalog

The OSCAL Control Catalog format can be used to describe a collection of security controls and related control enhancements, along with contextualizing documentation and metadata. The root of the Control Catalog format is catalog.

 catalog Part A partition of a control's definition or a child of another part. Part: A partition of a control's definition or a child of another part. Part Identifier A unique identifier for a specific part instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same part across minor revisions of the document. Part Identifier: A unique identifier for a specific part instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same part across minor revisions of the document. Part Name A textual label that uniquely identifies the part's semantic type. Part Name: A textual label that uniquely identifies the part's semantic type. Part Namespace A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. Parameter Parameters provide a mechanism for the dynamic assignment of value(s) in a control. Parameter: Parameters provide a mechanism for the dynamic assignment of value(s) in a control. Remarks Additional commentary on the containing object. Remarks: Additional commentary on the containing object. Parameter Identifier A unique identifier for a specific parameter instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same parameter across minor revisions of the document. Parameter Identifier: A unique identifier for a specific parameter instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same parameter across minor revisions of the document. Parameter Class A textual label that provides a characterization of the parameter. Parameter Class: A textual label that provides a characterization of the parameter. Depends on Another parameter invoking this one Depends on: Another parameter invoking this one Constraint A formal or informal expression of a constraint or test Constraint: A formal or informal expression of a constraint or test Constraint Test A test expression which is expected to be evaluated by a tool. Constraint Test: A test expression which is expected to be evaluated by a tool. Constraint test A formal (executable) expression of a constraint Constraint test: A formal (executable) expression of a constraint Remarks Additional commentary on the containing object. Remarks: Additional commentary on the containing object. Guideline A prose statement that provides a recommendation for the use of a parameter. Guideline: A prose statement that provides a recommendation for the use of a parameter. Parameter Value A parameter value or set of values. Parameter Value: A parameter value or set of values. Selection Presenting a choice among alternatives Selection: Presenting a choice among alternatives Parameter Cardinality Describes the number of selections that must occur. Parameter Cardinality: Describes the number of selections that must occur. Publication metadata Provides information about the publication and availability of the containing document. Publication metadata: Provides information about the publication and availability of the containing document. Remarks Additional commentary on the containing object. Remarks: Additional commentary on the containing object. Revision History Entry An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). Remarks Additional commentary on the containing object. Remarks: Additional commentary on the containing object. Location A location, with associated metadata that can be referenced. Location: A location, with associated metadata that can be referenced. Location URL The uniform resource locator (URL) for a web site or Internet presence associated with the location. Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. Remarks Additional commentary on the containing object. Remarks: Additional commentary on the containing object. Location Universally Unique Identifier A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document. Location Universally Unique Identifier: A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document. Location Reference References a location defined in metadata. Location Reference: References a location defined in metadata. Party (organization or person) A responsible entity which is either a person or an organization. Party (organization or person): A responsible entity which is either a person or an organization. Party Name The full name of the party. This is typically the legal name associated with the party. Party Name: The full name of the party. This is typically the legal name associated with the party. Party Short Name A short common name, abbreviation, or acronym for the party. Party Short Name: A short common name, abbreviation, or acronym for the party. Party External Identifier An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) External Identifier Schema Indicates the type of external identifier. External Identifier Schema: Indicates the type of external identifier. Organizational Affiliation Identifies that the party object is a member of the organization associated with the provided UUID. Organizational Affiliation: Identifies that the party object is a member of the organization associated with the provided UUID. Remarks Additional commentary on the containing object. Remarks: Additional commentary on the containing object. Party Universally Unique Identifier A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given party across revisions of the document. Party Universally Unique Identifier: A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given party across revisions of the document. Party Type A category describing the kind of party the object describes. Party Type: A category describing the kind of party the object describes. Party Reference References a party defined in metadata. Party Reference: References a party defined in metadata. Role Defines a function assumed or expected to be assumed by a party in a specific situation. Role: Defines a function assumed or expected to be assumed by a party in a specific situation. Role Short Name A short common name, abbreviation, or acronym for the role. Role Short Name: A short common name, abbreviation, or acronym for the role. Remarks Additional commentary on the containing object. Remarks: Additional commentary on the containing object. Role Identifier A unique identifier for a specific role instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same role across minor revisions of the document. Role Identifier: A unique identifier for a specific role instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same role across minor revisions of the document. Back matter A collection of resources, which may be included directly or by reference. Back matter: A collection of resources, which may be included directly or by reference. Resource A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equavalent internet resources. Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equavalent internet resources. Citation A citation consisting of end note text and optional structured bibliographic data. Citation: A citation consisting of end note text and optional structured bibliographic data. Bibliographic Definition A container for structured bibliographic information. The model of this information is undefined by OSCAL. Bibliographic Definition: A container for structured bibliographic information. The model of this information is undefined by OSCAL. Resource link A pointer to an external resource with an optional hash for verification and change detection. Resource link: A pointer to an external resource with an optional hash for verification and change detection. Hypertext Reference A resolvable URI reference to a resource. Hypertext Reference: A resolvable URI reference to a resource. Media Type Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Base64 The Base64 alphabet in RFC 2045 - aligned with XSD. Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. File Name Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. File Name: Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded. Media Type Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Remarks Additional commentary on the containing object. Remarks: Additional commentary on the containing object. Resource Universally Unique Identifier A globally unique identifier that can be used to reference this defined resource elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document. Resource Universally Unique Identifier: A globally unique identifier that can be used to reference this defined resource elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document. Property An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values in some OSCAL formats. Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values in some OSCAL formats. Property Universally Unique Identifier A unique identifier that can be used to reference this property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document. Property Universally Unique Identifier: A unique identifier that can be used to reference this property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document. Property Name A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Namespace A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name. Property Namespace: A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name. Property Class A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. Annotated Property An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair with optional explanatory remarks. The value of an annotated property is a simple scalar value. Annotated Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair with optional explanatory remarks. The value of an annotated property is a simple scalar value. Remarks Additional commentary on the containing object. Remarks: Additional commentary on the containing object. Annotated Property Name A textual label that uniquely identifies a specific attribute, characteristic, or quality of the annotated property's containing object. Annotated Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the annotated property's containing object. Annotated Property Universally Unique Identifier A unique identifier that can be used to reference this annotated property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document. Annotated Property Universally Unique Identifier: A unique identifier that can be used to reference this annotated property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document. Annotated Property Namespace A namespace qualifying the annotated property's name. This allows different organizations to associate distinct semantics with the same name. Annotated Property Namespace: A namespace qualifying the annotated property's name. This allows different organizations to associate distinct semantics with the same name. Annotated Property Value Indicates the value of the attribute, characteristic, or quality. Annotated Property Value: Indicates the value of the attribute, characteristic, or quality. Link A reference to a local or remote resource Link: A reference to a local or remote resource Hypertext Reference A resolvable URL reference to a resource. Hypertext Reference: A resolvable URL reference to a resource. Relation Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. Media Type Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. Responsible Party A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. Remarks Additional commentary on the containing object. Remarks: Additional commentary on the containing object. Responsible Role The role that the party is responsible for. Responsible Role: The role that the party is responsible for. Hash A representation of a cryptographic digest generated over a resource using a specified hash algorithm. Hash: A representation of a cryptographic digest generated over a resource using a specified hash algorithm. Hash algorithm Method by which a hash is derived Hash algorithm: Method by which a hash is derived Publication Timestamp The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Last Modified Timestamp The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. Document Version A string used to distinguish the current version of the document from other previous (and future) versions. Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. OSCAL version The OSCAL model version the document was authored against. OSCAL version: The OSCAL model version the document was authored against. Email Address An email address as defined by RFC 5322 Section 3.4.1. Email Address: An email address as defined by RFC 5322 Section 3.4.1. Telephone Number Contact number by telephone. Telephone Number: Contact number by telephone. type flag Indicates the type of phone number. type flag: Indicates the type of phone number. Address A postal address for the location. Address: A postal address for the location. City City, town or geographical region for the mailing address. City: City, town or geographical region for the mailing address. State State, province or analogous geographical region for mailing address State: State, province or analogous geographical region for mailing address Postal Code Postal or ZIP code for mailing address Postal Code: Postal or ZIP code for mailing address Country Code The ISO 3166-1 alpha-2 country code for the mailing address. Country Code: The ISO 3166-1 alpha-2 country code for the mailing address. Address line A single line of an address. Address line: A single line of an address. Document Identifier A document identifier qualified by an identifier type. Document Identifier: A document identifier qualified by an identifier type. Document Identification Scheme Qualifies the kind of document identifier. Document Identification Scheme: Qualifies the kind of document identifier. Catalog A collection of controls. Catalog: A collection of controls. Catalog Universally Unique Identifier A globally unique identifier for this catalog instance. This UUID should be changed when this document is revised. Catalog Universally Unique Identifier: A globally unique identifier for this catalog instance. This UUID should be changed when this document is revised. Control Group A group of controls, or of groups of controls. Control Group: A group of controls, or of groups of controls. Group Identifier A unique identifier for a specific group instance that can be used to reference the group within this and in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same group across minor revisions of the document. Group Identifier: A unique identifier for a specific group instance that can be used to reference the group within this and in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same group across minor revisions of the document. Group Class A textual label that provides a sub-type or characterization of the group. Group Class: A textual label that provides a sub-type or characterization of the group. Control A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance. Control: A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance. Control Identifier A unique identifier for a specific control instance that can be used to reference the control in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same control across minor revisions of the document. Control Identifier: A unique identifier for a specific control instance that can be used to reference the control in other OSCAL documents. This identifier's uniqueness is document scoped and is intended to be consistent for the same control across minor revisions of the document. Control Class A textual label that provides a sub-type or characterization of the control. Control Class: A textual label that provides a sub-type or characterization of the control. The content model is the same as blockElementType, but line endings need to be preserved, since this is preformatted. The content model is the same as blockElementType, but line endings need to be preserved, since this is preformatted. The xs:dateTime with a required timezone. An email address Need a better pattern. A URI Requires a scheme with colon per RFC 3986 A URI reference, such as a relative URL A Type 4 ('random' or 'pseudorandom' UUID per RFC 4122 A sequence of 8-4-4-4-12 hex digits, with extra constraints in the 13th and 17-18th places for version 4