OSCAL System Security Plan (SSP) Model1.0.0-rc1oscal-ssp
The OSCAL Control SSP format can be used to describe the information typically specified in a system security plan, such as those defined in NIST SP 800-18.
The root of the OSCAL System Security Plan (SSP) format is system-security-plan.
system-security-planPublication metadataProvides information about the publication and availability of the containing document.Publication metadata: Provides information about the publication and availability of the containing document.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Revision History EntryAn entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.LocationA location, with associated metadata that can be referenced.Location: A location, with associated metadata that can be referenced.Location URLThe uniform resource locator (URL) for a web site or Internet presence associated with the location.Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Location Universally Unique IdentifierA unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.Location Universally Unique Identifier: A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.Location ReferenceReferences a location defined in metadata.Location Reference: References a location defined in metadata.Party (organization or person)A responsible entity which is either a person or an organization.Party (organization or person): A responsible entity which is either a person or an organization.Party NameThe full name of the party. This is typically the legal name associated with the party.Party Name: The full name of the party. This is typically the legal name associated with the party.Party Short NameA short common name, abbreviation, or acronym for the party.Party Short Name: A short common name, abbreviation, or acronym for the party.Party External IdentifierAn identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)External Identifier SchemaIndicates the type of external identifier.External Identifier Schema: Indicates the type of external identifier.Organizational AffiliationIdentifies that the party object is a member of the organization associated with the provided UUID.Organizational Affiliation: Identifies that the party object is a member of the organization associated with the provided UUID.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Party Universally Unique IdentifierA unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given party across revisions of the document.Party Universally Unique Identifier: A unique identifier that can be used to reference this defined location elsewhere in an OSCAL document. A UUID should be consistantly used for a given party across revisions of the document.Party TypeA category describing the kind of party the object describes.Party Type: A category describing the kind of party the object describes.Party ReferenceReferences a party defined in metadata.Party Reference: References a party defined in metadata.RoleDefines a function assumed or expected to be assumed by a party in a specific situation.Role: Defines a function assumed or expected to be assumed by a party in a specific situation.Role Short NameA short common name, abbreviation, or acronym for the role.Role Short Name: A short common name, abbreviation, or acronym for the role.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Role IdentifierA unique identifier for a specific role instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same role across minor revisions of the document.Role Identifier: A unique identifier for a specific role instance. This identifier's uniqueness is document scoped and is intended to be consistent for the same role across minor revisions of the document.Role Identifier ReferenceA reference to the roles served by the user.Role Identifier Reference: A reference to the roles served by the user.Back matterA collection of resources, which may be included directly or by reference.Back matter: A collection of resources, which may be included directly or by reference.ResourceA resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equavalent internet resources.Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equavalent internet resources.CitationA citation consisting of end note text and optional structured bibliographic data.Citation: A citation consisting of end note text and optional structured bibliographic data.Bibliographic DefinitionA container for structured bibliographic information. The model of this information is undefined by OSCAL.Bibliographic Definition: A container for structured bibliographic information. The model of this information is undefined by OSCAL.Resource linkA pointer to an external resource with an optional hash for verification and change detection.Resource link: A pointer to an external resource with an optional hash for verification and change detection.Hypertext ReferenceA resolvable URI reference to a resource.Hypertext Reference: A resolvable URI reference to a resource.Media TypeSpecifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.Base64The Base64 alphabet in RFC 2045 - aligned with XSD.Base64: The Base64 alphabet in RFC 2045 - aligned with XSD.File NameName of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.File Name: Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.Media TypeSpecifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Resource Universally Unique IdentifierA globally unique identifier that can be used to reference this defined resource elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Resource Universally Unique Identifier: A globally unique identifier that can be used to reference this defined resource elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.PropertyAn attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values in some OSCAL formats.Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values in some OSCAL formats.Property Universally Unique IdentifierA unique identifier that can be used to reference this property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.Property Universally Unique Identifier: A unique identifier that can be used to reference this property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.Property NameA textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.Property NamespaceA namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.Property Namespace: A namespace qualifying the property's name. This allows different organizations to associate distinct semantics with the same name.Property ClassA textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.Annotated PropertyAn attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair with optional explanatory remarks. The value of an annotated property is a simple scalar value.Annotated Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair with optional explanatory remarks. The value of an annotated property is a simple scalar value.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Annotated Property NameA textual label that uniquely identifies a specific attribute, characteristic, or quality of the annotated property's containing object.Annotated Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the annotated property's containing object.Annotated Property Universally Unique IdentifierA unique identifier that can be used to reference this annotated property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.Annotated Property Universally Unique Identifier: A unique identifier that can be used to reference this annotated property elsewhere in an OSCAL document. A UUID should be consistantly used for a given location across revisions of the document.Annotated Property NamespaceA namespace qualifying the annotated property's name. This allows different organizations to associate distinct semantics with the same name.Annotated Property Namespace: A namespace qualifying the annotated property's name. This allows different organizations to associate distinct semantics with the same name.Annotated Property ValueIndicates the value of the attribute, characteristic, or quality.Annotated Property Value: Indicates the value of the attribute, characteristic, or quality.LinkA reference to a local or remote resourceLink: A reference to a local or remote resourceHypertext ReferenceA resolvable URL reference to a resource.Hypertext Reference: A resolvable URL reference to a resource.RelationDescribes the type of relationship provided by the link. This can be an indicator of the link's purpose.Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.Media TypeSpecifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.Responsible PartyA reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Responsible RoleThe role that the party is responsible for.Responsible Role: The role that the party is responsible for.Responsible RoleA reference to one or more roles with responsibility for performing a function relative to the containing object.Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Responsible Role IDThe role that is responsible for the business function.Responsible Role ID: The role that is responsible for the business function.HashA representation of a cryptographic digest generated over a resource using a specified hash algorithm.Hash: A representation of a cryptographic digest generated over a resource using a specified hash algorithm.Hash algorithmMethod by which a hash is derivedHash algorithm: Method by which a hash is derivedPublication TimestampThe date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.Last Modified TimestampThe date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.Document VersionA string used to distinguish the current version of the document from other previous (and future) versions.Document Version: A string used to distinguish the current version of the document from other previous (and future) versions.OSCAL versionThe OSCAL model version the document was authored against.OSCAL version: The OSCAL model version the document was authored against.Email AddressAn email address as defined by RFC 5322 Section 3.4.1.Email Address: An email address as defined by RFC 5322 Section 3.4.1.Telephone NumberContact number by telephone.Telephone Number: Contact number by telephone.type flagIndicates the type of phone number.type flag: Indicates the type of phone number.AddressA postal address for the location.Address: A postal address for the location.CityCity, town or geographical region for the mailing address.City: City, town or geographical region for the mailing address.StateState, province or analogous geographical region for mailing addressState: State, province or analogous geographical region for mailing addressPostal CodePostal or ZIP code for mailing addressPostal Code: Postal or ZIP code for mailing addressCountry CodeThe ISO 3166-1 alpha-2 country code for the mailing address.Country Code: The ISO 3166-1 alpha-2 country code for the mailing address.Address lineA single line of an address.Address line: A single line of an address.Document IdentifierA document identifier qualified by an identifier type.Document Identifier: A document identifier qualified by an identifier type.Document Identification SchemeQualifies the kind of document identifier.Document Identification Scheme: Qualifies the kind of document identifier.ComponentA defined component that can be part of an implemented system.Component: A defined component that can be part of an implemented system.StatusDescribes the operational status of the system component.Status: Describes the operational status of the system component.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.StateThe operational status.State: The operational status.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Component IdentifierThe unique identifier for the component.Component Identifier: The unique identifier for the component.Component TypeA category describing the purpose of the component.Component Type: A category describing the purpose of the component.Service Protocol InformationInformation about the protocol used to provide a service.Service Protocol Information: Information about the protocol used to provide a service.Service Protocol Information Universally Unique IdentifierA globally unique identifier that can be used to reference this service protocol entry elsewhere in an OSCAL document. A UUID should be consistently used for a given resource across revisions of the document.Service Protocol Information Universally Unique Identifier: A globally unique identifier that can be used to reference this service protocol entry elsewhere in an OSCAL document. A UUID should be consistently used for a given resource across revisions of the document.Protocol NameThe common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry.Protocol Name: The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry.Port RangeWhere applicable this is the IPv4 port range on which the service operates.Port Range: Where applicable this is the IPv4 port range on which the service operates.StartIndicates the starting port number in a port rangeStart: Indicates the starting port number in a port rangeEndIndicates the ending port number in a port rangeEnd: Indicates the ending port number in a port rangeTransportIndicates the transport type.Transport: Indicates the transport type.System UserA type of user that interacts with the system based on an associated role.System User: A type of user that interacts with the system based on an associated role.User Short NameA short common name, abbreviation, or acronym for the user.User Short Name: A short common name, abbreviation, or acronym for the user.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.User Universally Unique IdentifierThe unique identifier for the user class.User Universally Unique Identifier: The unique identifier for the user class.PrivilegeIdentifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.Privilege: Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.Functions PerformedDescribes a function performed for a given authorized privilege by this user class.Functions Performed: Describes a function performed for a given authorized privilege by this user class.Inventory ItemA single managed inventory item within the system.Inventory Item: A single managed inventory item within the system.Implemented ComponentThe set of components that are implemented in a given system inventory item.Implemented Component: The set of components that are implemented in a given system inventory item.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Component Universally Unique Identifier ReferenceA reference to a component that is implemented as part of an inventory item.Component Universally Unique Identifier Reference: A reference to a component that is implemented as part of an inventory item.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Inventory Item Universally Unique IdentifierA globally unique identifier that can be used to reference this inventory item entry elsewhere in an OSCAL document. A UUID should be consistently used for a given resource across revisions of the document.Inventory Item Universally Unique Identifier: A globally unique identifier that can be used to reference this inventory item entry elsewhere in an OSCAL document. A UUID should be consistently used for a given resource across revisions of the document.Set Parameter ValueIdentifies the parameter that will be set by the enclosed value.Set Parameter Value: Identifies the parameter that will be set by the enclosed value.Parameter ValueA parameter value or set of values.Parameter Value: A parameter value or set of values.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Parameter IDA reference to a parameter within a control, who's catalog has been imported into the current implementation context.Parameter ID: A reference to a parameter within a control, who's catalog has been imported into the current implementation context.System IdentificationA unique identifier for the system described by this system security plan.System Identification: A unique identifier for the system described by this system security plan.Identification System TypeIdentifies the identification system from which the provided identifier was assigned.Identification System Type: Identifies the identification system from which the provided identifier was assigned.System Security Plan (SSP)A system security plan, such as those described in NIST SP 800-18System Security Plan (SSP): A system security plan, such as those described in NIST SP 800-18System Security Plan Universally Unique IdentifierA globally unique identifier for this catalog instance. This UUID should be changed when this document is revised.System Security Plan Universally Unique Identifier: A globally unique identifier for this catalog instance. This UUID should be changed when this document is revised.Import ProfileUsed to import the OSCAL profile representing the system's control baseline.Import Profile: Used to import the OSCAL profile representing the system's control baseline.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Profile ReferenceA resolvable URL reference to the profile to use as the system's control baseline.Profile Reference: A resolvable URL reference to the profile to use as the system's control baseline.System CharacteristicsContains the characteristics of the system, such as its name, purpose, and security impact level.System Characteristics: Contains the characteristics of the system, such as its name, purpose, and security impact level.System Name - FullThe full name of the system.System Name - Full: The full name of the system.System Name - ShortA short name for the system, such as an acronym, that is suitable for display in a data table or summary list.System Name - Short: A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.Security Sensitivity LevelThe overall information system sensitivity categorization, such as defined by FIPS-199.Security Sensitivity Level: The overall information system sensitivity categorization, such as defined by FIPS-199.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.System InformationContains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.System Information: Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.Information TypeContains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.Information Type: Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.Information Type CategorizationA set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60.Information Type Categorization: A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60.Information Type Systemized IdentifierAn identifier qualified by the given identification system used, such as NIST SP 800-60.Information Type Systemized Identifier: An identifier qualified by the given identification system used, such as NIST SP 800-60.Information Type Identification SystemSpecifies the information type identification system used.Information Type Identification System: Specifies the information type identification system used.Confidentiality Impact LevelThe expected level of impact resulting from the unauthorized disclosure of the described information.Confidentiality Impact Level: The expected level of impact resulting from the unauthorized disclosure of the described information.Adjustment JustificationIf the selected security level is different from the base security level, this contains the justification for the change.Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change.Integrity Impact LevelThe expected level of impact resulting from the unauthorized modification of the described information.Integrity Impact Level: The expected level of impact resulting from the unauthorized modification of the described information.Adjustment JustificationIf the selected security level is different from the base security level, this contains the justification for the change.Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change.Availability Impact LevelThe expected level of impact resulting from the disruption of access to or use of the described information or the information system.Availability Impact Level: The expected level of impact resulting from the disruption of access to or use of the described information or the information system.Adjustment JustificationIf the selected security level is different from the base security level, this contains the justification for the change.Adjustment Justification: If the selected security level is different from the base security level, this contains the justification for the change.Information Type Universally Unique IdentifierA globally unique identifier that can be used to reference this information type entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Information Type Universally Unique Identifier: A globally unique identifier that can be used to reference this information type entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Base Level (Confidentiality, Integrity, or Availability)The prescribed base (Confidentiality, Integrity, or Availability) security impact level.Base Level (Confidentiality, Integrity, or Availability): The prescribed base (Confidentiality, Integrity, or Availability) security impact level.Selected Level (Confidentiality, Integrity, or Availability)The selected (Confidentiality, Integrity, or Availability) security impact level.Selected Level (Confidentiality, Integrity, or Availability): The selected (Confidentiality, Integrity, or Availability) security impact level.Security Impact LevelThe overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.Security Impact Level: The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.Security Objective: ConfidentialityA target-level of confidentiality for the system, based on the sensitivity of information within the system.Security Objective: Confidentiality: A target-level of confidentiality for the system, based on the sensitivity of information within the system.Security Objective: IntegrityA target-level of integrity for the system, based on the sensitivity of information within the system.Security Objective: Integrity: A target-level of integrity for the system, based on the sensitivity of information within the system.Security Objective: AvailabilityA target-level of availability for the system, based on the sensitivity of information within the system.Security Objective: Availability: A target-level of availability for the system, based on the sensitivity of information within the system.StatusDescribes the operational status of the system.Status: Describes the operational status of the system.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.StateThe current operating status.State: The current operating status.System Authorization DateThe date the system received its authorization.System Authorization Date: The date the system received its authorization.Authorization BoundaryA description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.Authorization Boundary: A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.DiagramA graphic that provides a visual representation the system, or some aspect of it.Diagram: A graphic that provides a visual representation the system, or some aspect of it.Diagram IDThe identifier for this diagram.Diagram ID: The identifier for this diagram.Network ArchitectureA description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.Network Architecture: A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Data FlowA description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.Data Flow: A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.System ImplementationProvides information as to how the system is implemented.System Implementation: Provides information as to how the system is implemented.Leveraged AuthorizationA description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider.Leveraged Authorization: A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider.party-uuid fieldA reference to the party that manages the leveraged system.party-uuid field: A reference to the party that manages the leveraged system.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Leveraged Authorization Universally Unique IdentifierA globally unique identifier that can be used to reference this leveraged authorization entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Leveraged Authorization Universally Unique Identifier: A globally unique identifier that can be used to reference this leveraged authorization entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Control ImplementationDescribes how the system satisfies a set of controls.Control Implementation: Describes how the system satisfies a set of controls.Control-based RequirementDescribes how the system satisfies an individual control.Control-based Requirement: Describes how the system satisfies an individual control.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Control Requirement Universally Unique IdentifierA globally unique identifier that can be used to reference this control requirement entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Control Requirement Universally Unique Identifier: A globally unique identifier that can be used to reference this control requirement entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Control Identifier ReferenceA reference to a control identifier.Control Identifier Reference: A reference to a control identifier.Specific Control StatementIdentifies which statements within a control are addressed.Specific Control Statement: Identifies which statements within a control are addressed.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Control Statement ReferenceA reference to a control statement by its identifierControl Statement Reference: A reference to a control statement by its identifierControl Statement Reference Universally Unique IdentifierA globally unique identifier that can be used to reference this control statement entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Control Statement Reference Universally Unique Identifier: A globally unique identifier that can be used to reference this control statement entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Component Control ImplementationDefines how the referenced component implements a set of controls.Component Control Implementation: Defines how the referenced component implements a set of controls.ExportIdentifies content intended for external consumption, such as with leveraged organizations.Export: Identifies content intended for external consumption, such as with leveraged organizations.Provided Control ImplementationDescribes a capability which may be inherited by a leveraging system.Provided Control Implementation: Describes a capability which may be inherited by a leveraging system.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Provided Universally Unique IdentifierA globally unique identifier that can be used to reference this provided entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Provided Universally Unique Identifier: A globally unique identifier that can be used to reference this provided entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Control Implementation ResponsibilityDescribes a control implementation responsibiity imposed on a leveraging system.Control Implementation Responsibility: Describes a control implementation responsibiity imposed on a leveraging system.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Responsibility Universally Unique IdentifierA globally unique identifier that can be used to reference this responsibility entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Responsibility Universally Unique Identifier: A globally unique identifier that can be used to reference this responsibility entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Provided UUIDIdentifies a 'provided' assembly associated with this assembly.Provided UUID: Identifies a 'provided' assembly associated with this assembly.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Inherited Control ImplementationDescribes a control implementation inherited by a leveraging system.Inherited Control Implementation: Describes a control implementation inherited by a leveraging system.Inherited Universally Unique IdentifierA globally unique identifier that can be used to reference this inherited entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Inherited Universally Unique Identifier: A globally unique identifier that can be used to reference this inherited entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Provided UUIDIdentifies a 'provided' assembly associated with this assembly.Provided UUID: Identifies a 'provided' assembly associated with this assembly.Satisfied Control Implementation ResponsibilityDescribes how this system satisfies a responsibiity imposed by a leveraged system.Satisfied Control Implementation Responsibility: Describes how this system satisfies a responsibiity imposed by a leveraged system.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Satisfied Universally Unique IdentifierA globally unique identifier that can be used to reference this satisfied entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Satisfied Universally Unique Identifier: A globally unique identifier that can be used to reference this satisfied entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.Provided UUIDIdentifies a 'provided' assembly associated with this assembly.Provided UUID: Identifies a 'provided' assembly associated with this assembly.RemarksAdditional commentary on the containing object.Remarks: Additional commentary on the containing object.Component Universally Unique Identifier ReferenceA reference to the component that is implementing a given control or control statement.Component Universally Unique Identifier Reference: A reference to the component that is implementing a given control or control statement.By-Component Universally Unique IdentifierA globally unique identifier that can be used to reference this by-component entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.By-Component Universally Unique Identifier: A globally unique identifier that can be used to reference this by-component entry elsewhere in an OSCAL document. A UUID should be consistantly used for a given resource across revisions of the document.The content model is the same as blockElementType, but line endings need
to be preserved, since this is preformatted.The content model is the same as blockElementType, but line endings need
to be preserved, since this is preformatted.The xs:dateTime with a required timezone.An email addressNeed a better pattern.A URIRequires a scheme with colon per RFC 3986A URI reference, such as a relative URLA Type 4 ('random' or 'pseudorandom' UUID per RFC 4122A sequence of 8-4-4-4-12 hex digits, with extra constraints in the 13th and 17-18th places for version 4