From 80878bf68c8c078544e29213879ea1a472c66adf Mon Sep 17 00:00:00 2001 From: david-waltermire-nist Date: Tue, 27 Sep 2022 13:27:53 +0000 Subject: [PATCH] Publishing generated metaschema resources [ci skip] --- ..._assessment-plan_xml-to-json-converter.xsl | 321 ++-- ...sessment-results_xml-to-json-converter.xsl | 321 ++-- .../oscal_catalog_xml-to-json-converter.xsl | 325 ++-- .../oscal_complete_xml-to-json-converter.xsl | 1384 +++++++++++++-- .../oscal_component_xml-to-json-converter.xsl | 304 ++-- .../oscal_mapping_xml-to-json-converter.xsl | 310 ++-- .../oscal_poam_xml-to-json-converter.xsl | 303 ++-- .../oscal_profile_xml-to-json-converter.xsl | 318 ++-- .../oscal_ssp_xml-to-json-converter.xsl | 303 ++-- json/schema/oscal_assessment-plan_schema.json | 582 ++++--- .../oscal_assessment-results_schema.json | 582 ++++--- json/schema/oscal_catalog_schema.json | 592 ++++--- json/schema/oscal_complete_schema.json | 718 ++++---- json/schema/oscal_component_schema.json | 586 ++++--- json/schema/oscal_mapping_schema.json | 506 +++--- json/schema/oscal_poam_schema.json | 582 ++++--- json/schema/oscal_profile_schema.json | 666 ++++---- json/schema/oscal_ssp_schema.json | 572 ++++--- ..._assessment-plan_json-to-xml-converter.xsl | 152 +- ...sessment-results_json-to-xml-converter.xsl | 152 +- .../oscal_catalog_json-to-xml-converter.xsl | 200 ++- .../oscal_complete_json-to-xml-converter.xsl | 623 +++++-- .../oscal_component_json-to-xml-converter.xsl | 133 +- .../oscal_mapping_json-to-xml-converter.xsl | 137 +- .../oscal_poam_json-to-xml-converter.xsl | 130 +- .../oscal_profile_json-to-xml-converter.xsl | 177 +- .../oscal_ssp_json-to-xml-converter.xsl | 130 +- xml/schema/oscal_assessment-plan_schema.xsd | 1165 ++++++------- .../oscal_assessment-results_schema.xsd | 1181 ++++++------- xml/schema/oscal_catalog_schema.xsd | 1053 ++++++------ xml/schema/oscal_complete_schema.xsd | 1504 ++++++++--------- xml/schema/oscal_component_schema.xsd | 1089 ++++++------ xml/schema/oscal_mapping_schema.xsd | 932 +++++----- xml/schema/oscal_poam_schema.xsd | 1169 ++++++------- xml/schema/oscal_profile_schema.xsd | 1162 ++++++------- xml/schema/oscal_ssp_schema.xsd | 1101 ++++++------ 36 files changed, 11516 insertions(+), 9949 deletions(-) diff --git a/json/convert/oscal_assessment-plan_xml-to-json-converter.xsl b/json/convert/oscal_assessment-plan_xml-to-json-converter.xsl index 570f62d77d..945939c9c0 100644 --- a/json/convert/oscal_assessment-plan_xml-to-json-converter.xsl +++ b/json/convert/oscal_assessment-plan_xml-to-json-converter.xsl @@ -209,143 +209,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -660,8 +523,8 @@ key="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE"> @@ -1224,7 +1087,12 @@ - + @@ -1304,15 +1172,15 @@ - - - - - + @@ -1686,7 +1559,12 @@ - + @@ -1900,7 +1778,7 @@ priority="7" xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -2189,6 +2067,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -2265,6 +2169,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -2426,6 +2376,7 @@ @@ -2451,6 +2402,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/json/convert/oscal_assessment-results_xml-to-json-converter.xsl b/json/convert/oscal_assessment-results_xml-to-json-converter.xsl index 522bf1ab05..be7cfcf1a4 100644 --- a/json/convert/oscal_assessment-results_xml-to-json-converter.xsl +++ b/json/convert/oscal_assessment-results_xml-to-json-converter.xsl @@ -201,143 +201,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -466,8 +329,8 @@ key="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE"> @@ -1682,7 +1545,12 @@ - + @@ -1762,15 +1630,15 @@ - - - - - + @@ -2307,7 +2180,12 @@ - + @@ -2741,7 +2619,7 @@ priority="7" xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3030,6 +2908,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -3106,6 +3010,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -3267,6 +3217,7 @@ @@ -3292,6 +3243,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/json/convert/oscal_catalog_xml-to-json-converter.xsl b/json/convert/oscal_catalog_xml-to-json-converter.xsl index 0ce7c28285..085a74e5d0 100644 --- a/json/convert/oscal_catalog_xml-to-json-converter.xsl +++ b/json/convert/oscal_catalog_xml-to-json-converter.xsl @@ -211,143 +211,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -485,8 +348,8 @@ key="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE"> @@ -581,8 +444,8 @@ key="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE"> @@ -886,7 +749,12 @@ - + @@ -966,15 +834,15 @@ - - - - - + @@ -1235,7 +1108,12 @@ - + @@ -1326,7 +1204,7 @@ priority="7" xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1615,6 +1493,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -1691,6 +1595,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1852,6 +1802,7 @@ @@ -1877,6 +1828,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/json/convert/oscal_complete_xml-to-json-converter.xsl b/json/convert/oscal_complete_xml-to-json-converter.xsl index 428a5f3f14..4aff0b6d79 100644 --- a/json/convert/oscal_complete_xml-to-json-converter.xsl +++ b/json/convert/oscal_complete_xml-to-json-converter.xsl @@ -211,143 +211,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -485,8 +348,8 @@ key="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE"> @@ -581,8 +444,8 @@ key="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE"> @@ -3070,7 +2933,12 @@ - + @@ -3150,15 +3018,15 @@ - - - - - + @@ -3419,7 +3292,12 @@ - + @@ -3510,7 +3388,7 @@ priority="7" xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -3874,6 +3752,7 @@ - + @@ -5246,6 +5130,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -5322,6 +5232,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -5483,6 +5439,7 @@ @@ -5508,40 +5465,108 @@ - - - - - name - - - - - - - - - - short-name - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + name + + + + + + + + + + + short-name + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -7227,6 +7278,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -7388,6 +7485,7 @@ @@ -7413,6 +7511,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -8246,6 +8412,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -8322,6 +8514,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -8483,6 +8721,7 @@ @@ -8508,6 +8747,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -10187,6 +10494,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -10263,6 +10596,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -10424,6 +10803,7 @@ @@ -10449,6 +10829,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -11948,6 +12396,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -12024,6 +12498,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -12185,6 +12705,7 @@ @@ -12210,6 +12731,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -15531,6 +16120,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -15607,6 +16222,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -15768,6 +16429,7 @@ @@ -15793,6 +16455,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -18705,6 +19435,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -18781,6 +19537,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -18942,6 +19744,7 @@ @@ -18967,6 +19770,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -25165,6 +26036,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -25241,6 +26138,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -25402,6 +26345,7 @@ @@ -25427,6 +26371,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/json/convert/oscal_component_xml-to-json-converter.xsl b/json/convert/oscal_component_xml-to-json-converter.xsl index 8d08103439..5129c9c652 100644 --- a/json/convert/oscal_component_xml-to-json-converter.xsl +++ b/json/convert/oscal_component_xml-to-json-converter.xsl @@ -213,143 +213,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -691,7 +554,12 @@ - + @@ -771,15 +639,15 @@ - - - - @@ -1438,6 +1307,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -1514,6 +1409,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1675,6 +1616,7 @@ @@ -1700,6 +1642,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/json/convert/oscal_mapping_xml-to-json-converter.xsl b/json/convert/oscal_mapping_xml-to-json-converter.xsl index f27f3515e8..2c0f37edf5 100644 --- a/json/convert/oscal_mapping_xml-to-json-converter.xsl +++ b/json/convert/oscal_mapping_xml-to-json-converter.xsl @@ -199,143 +199,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -663,7 +526,12 @@ - + @@ -743,15 +611,15 @@ - - - - - + @@ -990,7 +863,7 @@ priority="7" xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1279,6 +1152,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -1355,6 +1254,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1516,6 +1461,7 @@ @@ -1541,6 +1487,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/json/convert/oscal_poam_xml-to-json-converter.xsl b/json/convert/oscal_poam_xml-to-json-converter.xsl index 7d63684587..5e79516a4f 100644 --- a/json/convert/oscal_poam_xml-to-json-converter.xsl +++ b/json/convert/oscal_poam_xml-to-json-converter.xsl @@ -216,143 +216,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -1231,7 +1094,12 @@ - + @@ -1311,15 +1179,15 @@ - - - - @@ -2374,6 +2242,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -2450,6 +2344,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -2611,6 +2551,7 @@ @@ -2636,6 +2577,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/json/convert/oscal_profile_xml-to-json-converter.xsl b/json/convert/oscal_profile_xml-to-json-converter.xsl index 5c43a5c0be..96cd596adf 100644 --- a/json/convert/oscal_profile_xml-to-json-converter.xsl +++ b/json/convert/oscal_profile_xml-to-json-converter.xsl @@ -199,143 +199,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -571,8 +434,8 @@ key="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/parameter-guideline/prose/PROSE"> @@ -622,8 +485,8 @@ key="prose"> + _metaschema-xml-id="/assembly/oscal-control-common/part/prose/PROSE" + _metaschema-json-id="/assembly/oscal-control-common/part/prose/PROSE"> @@ -811,7 +674,12 @@ - + @@ -891,15 +759,15 @@ - - - - - + @@ -1335,7 +1208,7 @@ priority="7" xpath-default-namespace="http://csrc.nist.gov/ns/oscal/1.0"> @@ -1624,6 +1497,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -1700,6 +1599,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1861,6 +1806,7 @@ @@ -1886,6 +1832,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/json/convert/oscal_ssp_xml-to-json-converter.xsl b/json/convert/oscal_ssp_xml-to-json-converter.xsl index be3987cdfc..4e6dbcd3a6 100644 --- a/json/convert/oscal_ssp_xml-to-json-converter.xsl +++ b/json/convert/oscal_ssp_xml-to-json-converter.xsl @@ -196,143 +196,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -1176,7 +1039,12 @@ - + @@ -1256,15 +1124,15 @@ - - - - @@ -2086,6 +1954,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -2162,6 +2056,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -2323,6 +2263,7 @@ @@ -2348,6 +2289,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/json/schema/oscal_assessment-plan_schema.json b/json/schema/oscal_assessment-plan_schema.json index a7abbbe3a8..49bb202861 100644 --- a/json/schema/oscal_assessment-plan_schema.json +++ b/json/schema/oscal_assessment-plan_schema.json @@ -85,8 +85,8 @@ "reviewed-controls" ], "additionalProperties" : false }, "oscal-ap-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", "$id" : "#assembly_oscal-metadata_metadata", "type" : "object", "properties" : @@ -106,7 +106,37 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, "document-ids" : { "type" : "array", "minItems" : 1, @@ -126,17 +156,183 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, "locations" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, + { "title" : "Location", + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, "parties" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "$ref" : "#/definitions/URIDatatype" }, + "id" : + { "type" : "string" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, "responsible-parties" : { "type" : "array", "minItems" : 1, @@ -155,233 +351,24 @@ "version", "oscal-version" ], "additionalProperties" : false }, - "oscal-ap-oscal-metadata:revision" : - { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-ap-oscal-metadata:location" : - { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, "oscal-ap-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", "$id" : "#field_oscal-metadata_location-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-ap-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "$ref" : "#/definitions/URIDatatype" }, - "id" : - { "type" : "string" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, "oscal-ap-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", "$id" : "#field_oscal-metadata_party-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-ap-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, "oscal-ap-oscal-metadata:role-id" : { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "Reference to a role by UUID.", "$id" : "#field_oscal-metadata_role-id", "$ref" : "#/definitions/TokenDatatype" }, "oscal-ap-oscal-metadata:back-matter" : { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", "$id" : "#assembly_oscal-metadata_back-matter", "type" : "object", "properties" : @@ -390,20 +377,20 @@ "minItems" : 1, "items" : { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", "type" : "object", "properties" : { "uuid" : { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a resource.", "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", "type" : "string" }, "description" : { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", "type" : "string" }, "props" : { "type" : "array", @@ -417,7 +404,7 @@ { "$ref" : "#field_oscal-metadata_document-id" } }, "citation" : { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", + "description" : "An optional citation consisting of end note text using structured markup.", "type" : "object", "properties" : { "text" : @@ -442,16 +429,16 @@ "minItems" : 1, "items" : { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", "type" : "object", "properties" : { "href" : { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", + "description" : "A resolvable URL pointing to the referenced resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", @@ -463,16 +450,16 @@ "additionalProperties" : false } }, "base64" : { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", "type" : "object", "properties" : { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, + "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -487,17 +474,22 @@ "additionalProperties" : false }, "oscal-ap-oscal-metadata:property" : { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", "$id" : "#assembly_oscal-metadata_property", "type" : "object", "properties" : { "name" : { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "$ref" : "#/definitions/TokenDatatype" }, + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a property.", "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", @@ -509,7 +501,7 @@ "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", "$ref" : "#/definitions/TokenDatatype" }, "group" : { "title" : "Property Group", @@ -523,7 +515,7 @@ "additionalProperties" : false }, "oscal-ap-oscal-metadata:link" : { "title" : "Link", - "description" : "A reference to a local or remote resource", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", "$id" : "#assembly_oscal-metadata_link", "type" : "object", "properties" : @@ -532,12 +524,12 @@ "description" : "A resolvable URL reference to a resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", @@ -548,13 +540,13 @@ "additionalProperties" : false }, "oscal-ap-oscal-metadata:responsible-party" : { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", "$id" : "#assembly_oscal-metadata_responsible-party", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "A reference to a role performed by a party.", "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", @@ -623,13 +615,13 @@ "additionalProperties" : false }, "oscal-ap-oscal-metadata:responsible-role" : { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", "$id" : "#assembly_oscal-metadata_responsible-role", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", + "description" : "A human-oriented identifier reference to a role performed.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -659,7 +651,7 @@ "properties" : { "algorithm" : { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", + "description" : "The digest method by which a hash is derived.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -669,27 +661,27 @@ "additionalProperties" : false }, "oscal-ap-oscal-metadata:remarks" : { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", + "description" : "Additional commentary about the containing object.", "$id" : "#field_oscal-metadata_remarks", "type" : "string" }, "oscal-ap-oscal-metadata:published" : { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last made available.", "$id" : "#field_oscal-metadata_published", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-ap-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last stored for later retrieval.", "$id" : "#field_oscal-metadata_last-modified", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-ap-oscal-metadata:version" : { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", "$id" : "#field_oscal-metadata_version", "$ref" : "#/definitions/StringDatatype" }, "oscal-ap-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", "$id" : "#field_oscal-metadata_oscal-version", "$ref" : "#/definitions/StringDatatype" }, "oscal-ap-oscal-metadata:email-address" : @@ -699,7 +691,7 @@ "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-ap-oscal-metadata:telephone-number" : { "title" : "Telephone Number", - "description" : "Contact number by telephone.", + "description" : "A telephone service number as defined by ITU-T E.164.", "$id" : "#field_oscal-metadata_telephone-number", "type" : "object", "properties" : @@ -733,11 +725,11 @@ "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", + "description" : "State, province or analogous geographical region for a mailing address.", "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", + "description" : "Postal or ZIP code for mailing address.", "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", @@ -751,7 +743,7 @@ "$ref" : "#/definitions/StringDatatype" }, "oscal-ap-oscal-metadata:document-id" : { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", + "description" : "A document identifier qualified by an identifier scheme.", "$id" : "#field_oscal-metadata_document-id", "type" : "object", "properties" : @@ -787,7 +779,7 @@ "properties" : { "control-id" : { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", "$ref" : "#/definitions/TokenDatatype" }, "description" : { "title" : "Objective Description", @@ -807,7 +799,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1144,7 +1136,7 @@ "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-controls" : { "type" : "array", "minItems" : 1, @@ -1181,7 +1173,7 @@ "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-objectives" : { "type" : "array", "minItems" : 1, @@ -1208,7 +1200,7 @@ "properties" : { "control-id" : { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", "$ref" : "#/definitions/TokenDatatype" }, "statement-ids" : { "type" : "array", @@ -1303,7 +1295,7 @@ "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-subjects" : { "type" : "array", "minItems" : 1, @@ -2191,31 +2183,31 @@ "required" : [ "name" ], "additionalProperties" : false }, - "oscal-ap-oscal-catalog-common:part" : + "oscal-ap-oscal-control-common:part" : { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", "type" : "object", "properties" : { "id" : { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the part.", "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", "type" : "string" }, "props" : { "type" : "array", @@ -2230,7 +2222,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "links" : { "type" : "array", "minItems" : 1, @@ -2239,23 +2231,23 @@ "required" : [ "name" ], "additionalProperties" : false }, - "oscal-ap-oscal-catalog-common:parameter" : + "oscal-ap-oscal-control-common:parameter" : { "title" : "Parameter", "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", + "$id" : "#assembly_oscal-control-common_parameter", "type" : "object", "properties" : { "id" : { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -2273,34 +2265,34 @@ "type" : "string" }, "usage" : { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", + "description" : "Describes the purpose and use of a parameter.", "type" : "string" }, "constraints" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, "guidelines" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, "values" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, + { "$ref" : "#field_oscal-control-common_parameter-value" } }, "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : [ "id" ], "additionalProperties" : false }, - "oscal-ap-oscal-catalog-common:parameter-constraint" : + "oscal-ap-oscal-control-common:parameter-constraint" : { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", "type" : "object", "properties" : { "description" : @@ -2317,7 +2309,7 @@ "properties" : { "expression" : { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", + "description" : "A formal (executable) expression of a constraint.", "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, @@ -2325,10 +2317,10 @@ [ "expression" ], "additionalProperties" : false } } }, "additionalProperties" : false }, - "oscal-ap-oscal-catalog-common:parameter-guideline" : + "oscal-ap-oscal-control-common:parameter-guideline" : { "title" : "Guideline", "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", + "$id" : "#assembly_oscal-control-common_parameter-guideline", "type" : "object", "properties" : { "prose" : @@ -2338,15 +2330,15 @@ "required" : [ "prose" ], "additionalProperties" : false }, - "oscal-ap-oscal-catalog-common:parameter-value" : + "oscal-ap-oscal-control-common:parameter-value" : { "title" : "Parameter Value", "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", + "$id" : "#field_oscal-control-common_parameter-value", "$ref" : "#/definitions/StringDatatype" }, - "oscal-ap-oscal-catalog-common:parameter-selection" : + "oscal-ap-oscal-control-common:parameter-selection" : { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", "type" : "object", "properties" : { "how-many" : @@ -2364,13 +2356,13 @@ "minItems" : 1, "items" : { "title" : "Choice", - "description" : "A value selection among several such options", + "description" : "A value selection among several such options.", "type" : "string" } } }, "additionalProperties" : false }, - "oscal-ap-oscal-catalog-common:include-all" : + "oscal-ap-oscal-control-common:include-all" : { "title" : "Include All", "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", + "$id" : "#assembly_oscal-control-common_include-all", "type" : "object", "additionalProperties" : false }, "oscal-ap-oscal-implementation-common:system-component" : diff --git a/json/schema/oscal_assessment-results_schema.json b/json/schema/oscal_assessment-results_schema.json index ade931ad24..fd9efdcdb7 100644 --- a/json/schema/oscal_assessment-results_schema.json +++ b/json/schema/oscal_assessment-results_schema.json @@ -315,8 +315,8 @@ [ "href" ], "additionalProperties" : false }, "oscal-ar-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", "$id" : "#assembly_oscal-metadata_metadata", "type" : "object", "properties" : @@ -336,7 +336,37 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, "document-ids" : { "type" : "array", "minItems" : 1, @@ -356,17 +386,183 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, "locations" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, + { "title" : "Location", + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, "parties" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "$ref" : "#/definitions/URIDatatype" }, + "id" : + { "type" : "string" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, "responsible-parties" : { "type" : "array", "minItems" : 1, @@ -385,233 +581,24 @@ "version", "oscal-version" ], "additionalProperties" : false }, - "oscal-ar-oscal-metadata:revision" : - { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-ar-oscal-metadata:location" : - { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, "oscal-ar-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", "$id" : "#field_oscal-metadata_location-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-ar-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "$ref" : "#/definitions/URIDatatype" }, - "id" : - { "type" : "string" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, "oscal-ar-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", "$id" : "#field_oscal-metadata_party-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-ar-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, "oscal-ar-oscal-metadata:role-id" : { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "Reference to a role by UUID.", "$id" : "#field_oscal-metadata_role-id", "$ref" : "#/definitions/TokenDatatype" }, "oscal-ar-oscal-metadata:back-matter" : { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", "$id" : "#assembly_oscal-metadata_back-matter", "type" : "object", "properties" : @@ -620,20 +607,20 @@ "minItems" : 1, "items" : { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", "type" : "object", "properties" : { "uuid" : { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a resource.", "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", "type" : "string" }, "description" : { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", "type" : "string" }, "props" : { "type" : "array", @@ -647,7 +634,7 @@ { "$ref" : "#field_oscal-metadata_document-id" } }, "citation" : { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", + "description" : "An optional citation consisting of end note text using structured markup.", "type" : "object", "properties" : { "text" : @@ -672,16 +659,16 @@ "minItems" : 1, "items" : { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", "type" : "object", "properties" : { "href" : { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", + "description" : "A resolvable URL pointing to the referenced resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", @@ -693,16 +680,16 @@ "additionalProperties" : false } }, "base64" : { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", "type" : "object", "properties" : { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, + "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -717,17 +704,22 @@ "additionalProperties" : false }, "oscal-ar-oscal-metadata:property" : { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", "$id" : "#assembly_oscal-metadata_property", "type" : "object", "properties" : { "name" : { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "$ref" : "#/definitions/TokenDatatype" }, + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a property.", "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", @@ -739,7 +731,7 @@ "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", "$ref" : "#/definitions/TokenDatatype" }, "group" : { "title" : "Property Group", @@ -753,7 +745,7 @@ "additionalProperties" : false }, "oscal-ar-oscal-metadata:link" : { "title" : "Link", - "description" : "A reference to a local or remote resource", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", "$id" : "#assembly_oscal-metadata_link", "type" : "object", "properties" : @@ -762,12 +754,12 @@ "description" : "A resolvable URL reference to a resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", @@ -778,13 +770,13 @@ "additionalProperties" : false }, "oscal-ar-oscal-metadata:responsible-party" : { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", "$id" : "#assembly_oscal-metadata_responsible-party", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "A reference to a role performed by a party.", "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", @@ -853,13 +845,13 @@ "additionalProperties" : false }, "oscal-ar-oscal-metadata:responsible-role" : { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", "$id" : "#assembly_oscal-metadata_responsible-role", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", + "description" : "A human-oriented identifier reference to a role performed.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -889,7 +881,7 @@ "properties" : { "algorithm" : { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", + "description" : "The digest method by which a hash is derived.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -899,27 +891,27 @@ "additionalProperties" : false }, "oscal-ar-oscal-metadata:remarks" : { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", + "description" : "Additional commentary about the containing object.", "$id" : "#field_oscal-metadata_remarks", "type" : "string" }, "oscal-ar-oscal-metadata:published" : { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last made available.", "$id" : "#field_oscal-metadata_published", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-ar-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last stored for later retrieval.", "$id" : "#field_oscal-metadata_last-modified", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-ar-oscal-metadata:version" : { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", "$id" : "#field_oscal-metadata_version", "$ref" : "#/definitions/StringDatatype" }, "oscal-ar-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", "$id" : "#field_oscal-metadata_oscal-version", "$ref" : "#/definitions/StringDatatype" }, "oscal-ar-oscal-metadata:email-address" : @@ -929,7 +921,7 @@ "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-ar-oscal-metadata:telephone-number" : { "title" : "Telephone Number", - "description" : "Contact number by telephone.", + "description" : "A telephone service number as defined by ITU-T E.164.", "$id" : "#field_oscal-metadata_telephone-number", "type" : "object", "properties" : @@ -963,11 +955,11 @@ "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", + "description" : "State, province or analogous geographical region for a mailing address.", "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", + "description" : "Postal or ZIP code for mailing address.", "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", @@ -981,7 +973,7 @@ "$ref" : "#/definitions/StringDatatype" }, "oscal-ar-oscal-metadata:document-id" : { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", + "description" : "A document identifier qualified by an identifier scheme.", "$id" : "#field_oscal-metadata_document-id", "type" : "object", "properties" : @@ -1017,7 +1009,7 @@ "properties" : { "control-id" : { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", "$ref" : "#/definitions/TokenDatatype" }, "description" : { "title" : "Objective Description", @@ -1037,7 +1029,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1374,7 +1366,7 @@ "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-controls" : { "type" : "array", "minItems" : 1, @@ -1411,7 +1403,7 @@ "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-objectives" : { "type" : "array", "minItems" : 1, @@ -1438,7 +1430,7 @@ "properties" : { "control-id" : { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", "$ref" : "#/definitions/TokenDatatype" }, "statement-ids" : { "type" : "array", @@ -1533,7 +1525,7 @@ "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-subjects" : { "type" : "array", "minItems" : 1, @@ -2421,31 +2413,31 @@ "required" : [ "name" ], "additionalProperties" : false }, - "oscal-ar-oscal-catalog-common:part" : + "oscal-ar-oscal-control-common:part" : { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", "type" : "object", "properties" : { "id" : { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the part.", "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", "type" : "string" }, "props" : { "type" : "array", @@ -2460,7 +2452,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "links" : { "type" : "array", "minItems" : 1, @@ -2469,23 +2461,23 @@ "required" : [ "name" ], "additionalProperties" : false }, - "oscal-ar-oscal-catalog-common:parameter" : + "oscal-ar-oscal-control-common:parameter" : { "title" : "Parameter", "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", + "$id" : "#assembly_oscal-control-common_parameter", "type" : "object", "properties" : { "id" : { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -2503,34 +2495,34 @@ "type" : "string" }, "usage" : { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", + "description" : "Describes the purpose and use of a parameter.", "type" : "string" }, "constraints" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, "guidelines" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, "values" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, + { "$ref" : "#field_oscal-control-common_parameter-value" } }, "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : [ "id" ], "additionalProperties" : false }, - "oscal-ar-oscal-catalog-common:parameter-constraint" : + "oscal-ar-oscal-control-common:parameter-constraint" : { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", "type" : "object", "properties" : { "description" : @@ -2547,7 +2539,7 @@ "properties" : { "expression" : { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", + "description" : "A formal (executable) expression of a constraint.", "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, @@ -2555,10 +2547,10 @@ [ "expression" ], "additionalProperties" : false } } }, "additionalProperties" : false }, - "oscal-ar-oscal-catalog-common:parameter-guideline" : + "oscal-ar-oscal-control-common:parameter-guideline" : { "title" : "Guideline", "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", + "$id" : "#assembly_oscal-control-common_parameter-guideline", "type" : "object", "properties" : { "prose" : @@ -2568,15 +2560,15 @@ "required" : [ "prose" ], "additionalProperties" : false }, - "oscal-ar-oscal-catalog-common:parameter-value" : + "oscal-ar-oscal-control-common:parameter-value" : { "title" : "Parameter Value", "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", + "$id" : "#field_oscal-control-common_parameter-value", "$ref" : "#/definitions/StringDatatype" }, - "oscal-ar-oscal-catalog-common:parameter-selection" : + "oscal-ar-oscal-control-common:parameter-selection" : { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", "type" : "object", "properties" : { "how-many" : @@ -2594,13 +2586,13 @@ "minItems" : 1, "items" : { "title" : "Choice", - "description" : "A value selection among several such options", + "description" : "A value selection among several such options.", "type" : "string" } } }, "additionalProperties" : false }, - "oscal-ar-oscal-catalog-common:include-all" : + "oscal-ar-oscal-control-common:include-all" : { "title" : "Include All", "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", + "$id" : "#assembly_oscal-control-common_include-all", "type" : "object", "additionalProperties" : false }, "oscal-ar-oscal-implementation-common:system-component" : diff --git a/json/schema/oscal_catalog_schema.json b/json/schema/oscal_catalog_schema.json index f4008a9ba0..361f9fe091 100644 --- a/json/schema/oscal_catalog_schema.json +++ b/json/schema/oscal_catalog_schema.json @@ -6,13 +6,13 @@ "definitions" : { "oscal-catalog-oscal-catalog:catalog" : { "title" : "Catalog", - "description" : "A collection of controls.", + "description" : "A structured, organized collection of control information.", "$id" : "#assembly_oscal-catalog_catalog", "type" : "object", "properties" : { "uuid" : { "title" : "Catalog Universally Unique Identifier", - "description" : "A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised.", + "description" : "Provides a globally unique means to identify a given catalog instance.", "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, @@ -20,7 +20,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, + { "$ref" : "#assembly_oscal-control-common_parameter" } }, "controls" : { "type" : "array", "minItems" : 1, @@ -45,7 +45,7 @@ "properties" : { "id" : { "title" : "Group Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document.", + "description" : "Identifies the group for the purpose of cross-linking within the defining instance or from other instances that reference the catalog.", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Group Class", @@ -59,7 +59,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, + { "$ref" : "#assembly_oscal-control-common_parameter" } }, "props" : { "type" : "array", "minItems" : 1, @@ -74,7 +74,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "groups" : { "type" : "array", "minItems" : 1, @@ -90,13 +90,13 @@ "additionalProperties" : false }, "oscal-catalog-oscal-catalog:control" : { "title" : "Control", - "description" : "A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance.", + "description" : "A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information.", "$id" : "#assembly_oscal-catalog_control", "type" : "object", "properties" : { "id" : { "title" : "Control Identifier", - "description" : "A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document.", + "description" : "Identifies a control such that it can be referenced in the defining catalog and other OSCAL instances (e.g., profiles).", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Control Class", @@ -110,7 +110,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, + { "$ref" : "#assembly_oscal-control-common_parameter" } }, "props" : { "type" : "array", "minItems" : 1, @@ -125,7 +125,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "mapping" : { "title" : "Mapping", "description" : "A mapping between the containing control and another resource.", @@ -156,31 +156,31 @@ [ "id", "title" ], "additionalProperties" : false }, - "oscal-catalog-oscal-catalog-common:part" : + "oscal-catalog-oscal-control-common:part" : { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", "type" : "object", "properties" : { "id" : { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the part.", "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", "type" : "string" }, "props" : { "type" : "array", @@ -195,7 +195,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "links" : { "type" : "array", "minItems" : 1, @@ -204,23 +204,23 @@ "required" : [ "name" ], "additionalProperties" : false }, - "oscal-catalog-oscal-catalog-common:parameter" : + "oscal-catalog-oscal-control-common:parameter" : { "title" : "Parameter", "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", + "$id" : "#assembly_oscal-control-common_parameter", "type" : "object", "properties" : { "id" : { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -238,34 +238,34 @@ "type" : "string" }, "usage" : { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", + "description" : "Describes the purpose and use of a parameter.", "type" : "string" }, "constraints" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, "guidelines" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, "values" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, + { "$ref" : "#field_oscal-control-common_parameter-value" } }, "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : [ "id" ], "additionalProperties" : false }, - "oscal-catalog-oscal-catalog-common:parameter-constraint" : + "oscal-catalog-oscal-control-common:parameter-constraint" : { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", "type" : "object", "properties" : { "description" : @@ -282,7 +282,7 @@ "properties" : { "expression" : { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", + "description" : "A formal (executable) expression of a constraint.", "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, @@ -290,10 +290,10 @@ [ "expression" ], "additionalProperties" : false } } }, "additionalProperties" : false }, - "oscal-catalog-oscal-catalog-common:parameter-guideline" : + "oscal-catalog-oscal-control-common:parameter-guideline" : { "title" : "Guideline", "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", + "$id" : "#assembly_oscal-control-common_parameter-guideline", "type" : "object", "properties" : { "prose" : @@ -303,15 +303,15 @@ "required" : [ "prose" ], "additionalProperties" : false }, - "oscal-catalog-oscal-catalog-common:parameter-value" : + "oscal-catalog-oscal-control-common:parameter-value" : { "title" : "Parameter Value", "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", + "$id" : "#field_oscal-control-common_parameter-value", "$ref" : "#/definitions/StringDatatype" }, - "oscal-catalog-oscal-catalog-common:parameter-selection" : + "oscal-catalog-oscal-control-common:parameter-selection" : { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", "type" : "object", "properties" : { "how-many" : @@ -329,18 +329,18 @@ "minItems" : 1, "items" : { "title" : "Choice", - "description" : "A value selection among several such options", + "description" : "A value selection among several such options.", "type" : "string" } } }, "additionalProperties" : false }, - "oscal-catalog-oscal-catalog-common:include-all" : + "oscal-catalog-oscal-control-common:include-all" : { "title" : "Include All", "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", + "$id" : "#assembly_oscal-control-common_include-all", "type" : "object", "additionalProperties" : false }, "oscal-catalog-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", "$id" : "#assembly_oscal-metadata_metadata", "type" : "object", "properties" : @@ -360,7 +360,37 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, "document-ids" : { "type" : "array", "minItems" : 1, @@ -380,17 +410,183 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, "locations" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, + { "title" : "Location", + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, "parties" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "$ref" : "#/definitions/URIDatatype" }, + "id" : + { "type" : "string" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, "responsible-parties" : { "type" : "array", "minItems" : 1, @@ -409,233 +605,24 @@ "version", "oscal-version" ], "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:revision" : - { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-catalog-oscal-metadata:location" : - { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, "oscal-catalog-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", "$id" : "#field_oscal-metadata_location-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-catalog-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "$ref" : "#/definitions/URIDatatype" }, - "id" : - { "type" : "string" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, "oscal-catalog-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", "$id" : "#field_oscal-metadata_party-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-catalog-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, "oscal-catalog-oscal-metadata:role-id" : { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "Reference to a role by UUID.", "$id" : "#field_oscal-metadata_role-id", "$ref" : "#/definitions/TokenDatatype" }, "oscal-catalog-oscal-metadata:back-matter" : { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", "$id" : "#assembly_oscal-metadata_back-matter", "type" : "object", "properties" : @@ -644,20 +631,20 @@ "minItems" : 1, "items" : { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", "type" : "object", "properties" : { "uuid" : { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a resource.", "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", "type" : "string" }, "description" : { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", "type" : "string" }, "props" : { "type" : "array", @@ -671,7 +658,7 @@ { "$ref" : "#field_oscal-metadata_document-id" } }, "citation" : { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", + "description" : "An optional citation consisting of end note text using structured markup.", "type" : "object", "properties" : { "text" : @@ -696,16 +683,16 @@ "minItems" : 1, "items" : { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", "type" : "object", "properties" : { "href" : { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", + "description" : "A resolvable URL pointing to the referenced resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", @@ -717,16 +704,16 @@ "additionalProperties" : false } }, "base64" : { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", "type" : "object", "properties" : { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, + "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -741,17 +728,22 @@ "additionalProperties" : false }, "oscal-catalog-oscal-metadata:property" : { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", "$id" : "#assembly_oscal-metadata_property", "type" : "object", "properties" : { "name" : { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "$ref" : "#/definitions/TokenDatatype" }, + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a property.", "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", @@ -763,7 +755,7 @@ "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", "$ref" : "#/definitions/TokenDatatype" }, "group" : { "title" : "Property Group", @@ -777,7 +769,7 @@ "additionalProperties" : false }, "oscal-catalog-oscal-metadata:link" : { "title" : "Link", - "description" : "A reference to a local or remote resource", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", "$id" : "#assembly_oscal-metadata_link", "type" : "object", "properties" : @@ -786,12 +778,12 @@ "description" : "A resolvable URL reference to a resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", @@ -802,13 +794,13 @@ "additionalProperties" : false }, "oscal-catalog-oscal-metadata:responsible-party" : { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", "$id" : "#assembly_oscal-metadata_responsible-party", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "A reference to a role performed by a party.", "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", @@ -877,13 +869,13 @@ "additionalProperties" : false }, "oscal-catalog-oscal-metadata:responsible-role" : { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", "$id" : "#assembly_oscal-metadata_responsible-role", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", + "description" : "A human-oriented identifier reference to a role performed.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -913,7 +905,7 @@ "properties" : { "algorithm" : { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", + "description" : "The digest method by which a hash is derived.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -923,27 +915,27 @@ "additionalProperties" : false }, "oscal-catalog-oscal-metadata:remarks" : { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", + "description" : "Additional commentary about the containing object.", "$id" : "#field_oscal-metadata_remarks", "type" : "string" }, "oscal-catalog-oscal-metadata:published" : { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last made available.", "$id" : "#field_oscal-metadata_published", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-catalog-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last stored for later retrieval.", "$id" : "#field_oscal-metadata_last-modified", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-catalog-oscal-metadata:version" : { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", "$id" : "#field_oscal-metadata_version", "$ref" : "#/definitions/StringDatatype" }, "oscal-catalog-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", "$id" : "#field_oscal-metadata_oscal-version", "$ref" : "#/definitions/StringDatatype" }, "oscal-catalog-oscal-metadata:email-address" : @@ -953,7 +945,7 @@ "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-catalog-oscal-metadata:telephone-number" : { "title" : "Telephone Number", - "description" : "Contact number by telephone.", + "description" : "A telephone service number as defined by ITU-T E.164.", "$id" : "#field_oscal-metadata_telephone-number", "type" : "object", "properties" : @@ -987,11 +979,11 @@ "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", + "description" : "State, province or analogous geographical region for a mailing address.", "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", + "description" : "Postal or ZIP code for mailing address.", "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", @@ -1005,7 +997,7 @@ "$ref" : "#/definitions/StringDatatype" }, "oscal-catalog-oscal-metadata:document-id" : { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", + "description" : "A document identifier qualified by an identifier scheme.", "$id" : "#field_oscal-metadata_document-id", "type" : "object", "properties" : @@ -1114,7 +1106,7 @@ "additionalProperties" : false }, "oscal-catalog-oscal-mapping-common:mapping-resource-reference" : { "title" : "Mapped Resource Reference", - "description" : "A reference to a back-matter resource that is either the source or target of a mapping.", + "description" : "A reference to a resource that is either the source or target of a mapping.", "$id" : "#assembly_oscal-mapping-common_mapping-resource-reference", "type" : "object", "properties" : diff --git a/json/schema/oscal_complete_schema.json b/json/schema/oscal_complete_schema.json index ce849cc5a0..114a262b47 100644 --- a/json/schema/oscal_complete_schema.json +++ b/json/schema/oscal_complete_schema.json @@ -6,13 +6,13 @@ "definitions" : { "oscal-complete-oscal-catalog:catalog" : { "title" : "Catalog", - "description" : "A collection of controls.", + "description" : "A structured, organized collection of control information.", "$id" : "#assembly_oscal-catalog_catalog", "type" : "object", "properties" : { "uuid" : { "title" : "Catalog Universally Unique Identifier", - "description" : "A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised.", + "description" : "Provides a globally unique means to identify a given catalog instance.", "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, @@ -20,7 +20,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, + { "$ref" : "#assembly_oscal-control-common_parameter" } }, "controls" : { "type" : "array", "minItems" : 1, @@ -45,7 +45,7 @@ "properties" : { "id" : { "title" : "Group Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document.", + "description" : "Identifies the group for the purpose of cross-linking within the defining instance or from other instances that reference the catalog.", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Group Class", @@ -59,7 +59,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, + { "$ref" : "#assembly_oscal-control-common_parameter" } }, "props" : { "type" : "array", "minItems" : 1, @@ -74,7 +74,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "groups" : { "type" : "array", "minItems" : 1, @@ -90,13 +90,13 @@ "additionalProperties" : false }, "oscal-complete-oscal-catalog:control" : { "title" : "Control", - "description" : "A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance.", + "description" : "A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information.", "$id" : "#assembly_oscal-catalog_control", "type" : "object", "properties" : { "id" : { "title" : "Control Identifier", - "description" : "A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document.", + "description" : "Identifies a control such that it can be referenced in the defining catalog and other OSCAL instances (e.g., profiles).", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Control Class", @@ -110,7 +110,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, + { "$ref" : "#assembly_oscal-control-common_parameter" } }, "props" : { "type" : "array", "minItems" : 1, @@ -125,7 +125,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "mapping" : { "title" : "Mapping", "description" : "A mapping between the containing control and another resource.", @@ -156,31 +156,31 @@ [ "id", "title" ], "additionalProperties" : false }, - "oscal-complete-oscal-catalog-common:part" : + "oscal-complete-oscal-control-common:part" : { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", "type" : "object", "properties" : { "id" : { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the part.", "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", "type" : "string" }, "props" : { "type" : "array", @@ -195,7 +195,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "links" : { "type" : "array", "minItems" : 1, @@ -204,23 +204,23 @@ "required" : [ "name" ], "additionalProperties" : false }, - "oscal-complete-oscal-catalog-common:parameter" : + "oscal-complete-oscal-control-common:parameter" : { "title" : "Parameter", "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", + "$id" : "#assembly_oscal-control-common_parameter", "type" : "object", "properties" : { "id" : { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -238,34 +238,34 @@ "type" : "string" }, "usage" : { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", + "description" : "Describes the purpose and use of a parameter.", "type" : "string" }, "constraints" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, "guidelines" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, "values" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, + { "$ref" : "#field_oscal-control-common_parameter-value" } }, "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : [ "id" ], "additionalProperties" : false }, - "oscal-complete-oscal-catalog-common:parameter-constraint" : + "oscal-complete-oscal-control-common:parameter-constraint" : { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", "type" : "object", "properties" : { "description" : @@ -282,7 +282,7 @@ "properties" : { "expression" : { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", + "description" : "A formal (executable) expression of a constraint.", "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, @@ -290,10 +290,10 @@ [ "expression" ], "additionalProperties" : false } } }, "additionalProperties" : false }, - "oscal-complete-oscal-catalog-common:parameter-guideline" : + "oscal-complete-oscal-control-common:parameter-guideline" : { "title" : "Guideline", "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", + "$id" : "#assembly_oscal-control-common_parameter-guideline", "type" : "object", "properties" : { "prose" : @@ -303,15 +303,15 @@ "required" : [ "prose" ], "additionalProperties" : false }, - "oscal-complete-oscal-catalog-common:parameter-value" : + "oscal-complete-oscal-control-common:parameter-value" : { "title" : "Parameter Value", "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", + "$id" : "#field_oscal-control-common_parameter-value", "$ref" : "#/definitions/StringDatatype" }, - "oscal-complete-oscal-catalog-common:parameter-selection" : + "oscal-complete-oscal-control-common:parameter-selection" : { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", "type" : "object", "properties" : { "how-many" : @@ -329,18 +329,18 @@ "minItems" : 1, "items" : { "title" : "Choice", - "description" : "A value selection among several such options", + "description" : "A value selection among several such options.", "type" : "string" } } }, "additionalProperties" : false }, - "oscal-complete-oscal-catalog-common:include-all" : + "oscal-complete-oscal-control-common:include-all" : { "title" : "Include All", "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", + "$id" : "#assembly_oscal-control-common_include-all", "type" : "object", "additionalProperties" : false }, "oscal-complete-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", "$id" : "#assembly_oscal-metadata_metadata", "type" : "object", "properties" : @@ -360,7 +360,37 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, "document-ids" : { "type" : "array", "minItems" : 1, @@ -380,17 +410,183 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, "locations" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, + { "title" : "Location", + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, "parties" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "$ref" : "#/definitions/URIDatatype" }, + "id" : + { "type" : "string" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, "responsible-parties" : { "type" : "array", "minItems" : 1, @@ -409,233 +605,24 @@ "version", "oscal-version" ], "additionalProperties" : false }, - "oscal-complete-oscal-metadata:revision" : - { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-complete-oscal-metadata:location" : - { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, "oscal-complete-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", "$id" : "#field_oscal-metadata_location-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-complete-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "$ref" : "#/definitions/URIDatatype" }, - "id" : - { "type" : "string" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, "oscal-complete-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", "$id" : "#field_oscal-metadata_party-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-complete-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, "oscal-complete-oscal-metadata:role-id" : { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "Reference to a role by UUID.", "$id" : "#field_oscal-metadata_role-id", "$ref" : "#/definitions/TokenDatatype" }, "oscal-complete-oscal-metadata:back-matter" : { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", "$id" : "#assembly_oscal-metadata_back-matter", "type" : "object", "properties" : @@ -644,20 +631,20 @@ "minItems" : 1, "items" : { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", "type" : "object", "properties" : { "uuid" : { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a resource.", "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", "type" : "string" }, "description" : { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", "type" : "string" }, "props" : { "type" : "array", @@ -671,7 +658,7 @@ { "$ref" : "#field_oscal-metadata_document-id" } }, "citation" : { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", + "description" : "An optional citation consisting of end note text using structured markup.", "type" : "object", "properties" : { "text" : @@ -696,16 +683,16 @@ "minItems" : 1, "items" : { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", "type" : "object", "properties" : { "href" : { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", + "description" : "A resolvable URL pointing to the referenced resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", @@ -717,16 +704,16 @@ "additionalProperties" : false } }, "base64" : { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", "type" : "object", "properties" : { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, + "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -741,17 +728,22 @@ "additionalProperties" : false }, "oscal-complete-oscal-metadata:property" : { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", "$id" : "#assembly_oscal-metadata_property", "type" : "object", "properties" : { "name" : { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "$ref" : "#/definitions/TokenDatatype" }, + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a property.", "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", @@ -763,7 +755,7 @@ "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", "$ref" : "#/definitions/TokenDatatype" }, "group" : { "title" : "Property Group", @@ -777,7 +769,7 @@ "additionalProperties" : false }, "oscal-complete-oscal-metadata:link" : { "title" : "Link", - "description" : "A reference to a local or remote resource", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", "$id" : "#assembly_oscal-metadata_link", "type" : "object", "properties" : @@ -786,12 +778,12 @@ "description" : "A resolvable URL reference to a resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", @@ -802,13 +794,13 @@ "additionalProperties" : false }, "oscal-complete-oscal-metadata:responsible-party" : { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", "$id" : "#assembly_oscal-metadata_responsible-party", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "A reference to a role performed by a party.", "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", @@ -877,13 +869,13 @@ "additionalProperties" : false }, "oscal-complete-oscal-metadata:responsible-role" : { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", "$id" : "#assembly_oscal-metadata_responsible-role", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", + "description" : "A human-oriented identifier reference to a role performed.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -913,7 +905,7 @@ "properties" : { "algorithm" : { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", + "description" : "The digest method by which a hash is derived.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -923,27 +915,27 @@ "additionalProperties" : false }, "oscal-complete-oscal-metadata:remarks" : { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", + "description" : "Additional commentary about the containing object.", "$id" : "#field_oscal-metadata_remarks", "type" : "string" }, "oscal-complete-oscal-metadata:published" : { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last made available.", "$id" : "#field_oscal-metadata_published", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-complete-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last stored for later retrieval.", "$id" : "#field_oscal-metadata_last-modified", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-complete-oscal-metadata:version" : { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", "$id" : "#field_oscal-metadata_version", "$ref" : "#/definitions/StringDatatype" }, "oscal-complete-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", "$id" : "#field_oscal-metadata_oscal-version", "$ref" : "#/definitions/StringDatatype" }, "oscal-complete-oscal-metadata:email-address" : @@ -953,7 +945,7 @@ "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-complete-oscal-metadata:telephone-number" : { "title" : "Telephone Number", - "description" : "Contact number by telephone.", + "description" : "A telephone service number as defined by ITU-T E.164.", "$id" : "#field_oscal-metadata_telephone-number", "type" : "object", "properties" : @@ -987,11 +979,11 @@ "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", + "description" : "State, province or analogous geographical region for a mailing address.", "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", + "description" : "Postal or ZIP code for mailing address.", "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", @@ -1005,7 +997,7 @@ "$ref" : "#/definitions/StringDatatype" }, "oscal-complete-oscal-metadata:document-id" : { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", + "description" : "A document identifier qualified by an identifier scheme.", "$id" : "#field_oscal-metadata_document-id", "type" : "object", "properties" : @@ -1114,7 +1106,7 @@ "additionalProperties" : false }, "oscal-complete-oscal-mapping-common:mapping-resource-reference" : { "title" : "Mapped Resource Reference", - "description" : "A reference to a back-matter resource that is either the source or target of a mapping.", + "description" : "A reference to a resource that is either the source or target of a mapping.", "$id" : "#assembly_oscal-mapping-common_mapping-resource-reference", "type" : "object", "properties" : @@ -1202,13 +1194,13 @@ "additionalProperties" : false }, "oscal-complete-oscal-profile:profile" : { "title" : "Profile", - "description" : "Each OSCAL profile is defined by a Profile element", + "description" : "Each OSCAL profile is defined by a profile element.", "$id" : "#assembly_oscal-profile_profile", "type" : "object", "properties" : { "uuid" : { "title" : "Profile Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document.", + "description" : "Provides a globally unique means to identify a given profile instance.", "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, @@ -1229,8 +1221,8 @@ "imports" ], "additionalProperties" : false }, "oscal-complete-oscal-profile:import" : - { "title" : "Import resource", - "description" : "The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives.", + { "title" : "Import Resource", + "description" : "Designates a referenced source catalog or profile that provides a source of control information for use in creating a new overlay or baseline.", "$id" : "#assembly_oscal-profile_import", "type" : "object", "properties" : @@ -1239,7 +1231,7 @@ "description" : "A resolvable URL reference to the base catalog or profile that this profile is tailoring.", "$ref" : "#/definitions/URIReferenceDatatype" }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-controls" : { "type" : "array", "minItems" : 1, @@ -1254,19 +1246,19 @@ [ "href" ], "additionalProperties" : false }, "oscal-complete-oscal-profile:merge" : - { "title" : "Merge controls", - "description" : "A Merge element provides structuring directives that drive how controls are organized after resolution.", + { "title" : "Merge Controls", + "description" : "Provides structuring directives that instruct how controls are organized after profile resolution.", "$id" : "#assembly_oscal-profile_merge", "type" : "object", "properties" : { "combine" : - { "title" : "Combination rule", - "description" : "A Combine element defines how to combine multiple (competing) versions of the same control.", + { "title" : "Combination Rule", + "description" : "A Combine element defines how to resolve duplicate instances of the same control (e.g., controls with the same ID).", "type" : "object", "properties" : { "method" : - { "title" : "Combination method", - "description" : "How clashing controls should be handled", + { "title" : "Combination Method", + "description" : "Declare how clashing controls should be handled.", "allOf" : [ { "$ref" : "#/definitions/StringDatatype" }, @@ -1277,17 +1269,17 @@ "keep" ] } ] } }, "additionalProperties" : false }, "flat" : - { "title" : "Flat", - "description" : "Use the flat structuring method.", + { "title" : "Flat Without Grouping", + "description" : "Directs that controls appear without any grouping structure.", "type" : "object", "additionalProperties" : false }, "as-is" : - { "title" : "As-Is Structuring Directive", - "description" : "An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes.", + { "title" : "Group As-Is", + "description" : "Indicates that the controls selected should retain their original grouping as defined in the import source.", "$ref" : "#/definitions/BooleanDatatype" }, "custom" : - { "title" : "Custom grouping", - "description" : "A Custom element frames a structure for embedding represented controls in resolution.", + { "title" : "Custom Grouping", + "description" : "Provides an alternate grouping structure that selected controls will be placed in.", "type" : "object", "properties" : { "groups" : @@ -1303,14 +1295,14 @@ "additionalProperties" : false } }, "additionalProperties" : false }, "oscal-complete-oscal-profile:group" : - { "title" : "Control group", - "description" : "A group of (selected) controls or of groups of controls", + { "title" : "Control Group", + "description" : "A group of (selected) controls or of groups of controls.", "$id" : "#assembly_oscal-profile_group", "type" : "object", "properties" : { "id" : { "title" : "Group Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document.", + "description" : "Identifies the group.", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Group Class", @@ -1318,13 +1310,13 @@ "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Group Title", - "description" : "A name given to the group, which may be used by a tool for display and navigation.", + "description" : "A name to be given to the group for use in display.", "type" : "string" }, "params" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, + { "$ref" : "#assembly_oscal-control-common_parameter" } }, "props" : { "type" : "array", "minItems" : 1, @@ -1339,7 +1331,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "groups" : { "type" : "array", "minItems" : 1, @@ -1354,8 +1346,8 @@ [ "title" ], "additionalProperties" : false }, "oscal-complete-oscal-profile:modify" : - { "title" : "Modify controls", - "description" : "Set parameters or amend controls in resolution", + { "title" : "Modify Controls", + "description" : "Set parameters or amend controls in resolution.", "$id" : "#assembly_oscal-profile_modify", "type" : "object", "properties" : @@ -1364,19 +1356,19 @@ "minItems" : 1, "items" : { "title" : "Parameter Setting", - "description" : "A parameter setting, to be propagated to points of insertion", + "description" : "A parameter setting, to be propagated to points of insertion.", "type" : "object", "properties" : { "param-id" : { "title" : "Parameter ID", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "An identifier for the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", "description" : "A textual label that provides a characterization of the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : - { "title" : "Depends on", + { "title" : "Depends On", "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", "$ref" : "#/definitions/TokenDatatype" }, "props" : @@ -1395,25 +1387,25 @@ "type" : "string" }, "usage" : { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", + "description" : "Describes the purpose and use of a parameter.", "type" : "string" }, "constraints" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, "guidelines" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, "values" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, + { "$ref" : "#field_oscal-control-common_parameter-value" } }, "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-selection" } }, "required" : [ "param-id" ], "additionalProperties" : false } }, @@ -1422,12 +1414,12 @@ "minItems" : 1, "items" : { "title" : "Alteration", - "description" : "An Alter element specifies changes to be made to an included control when a profile is resolved.", + "description" : "Specifies changes to be made to an included control when a profile is resolved.", "type" : "object", "properties" : { "control-id" : { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", "$ref" : "#/definitions/TokenDatatype" }, "removes" : { "type" : "array", @@ -1439,7 +1431,7 @@ "properties" : { "by-name" : { "title" : "Reference by (assigned) name", - "description" : "Identify items to remove by matching their assigned name", + "description" : "Identify items remove by matching their assigned name.", "$ref" : "#/definitions/TokenDatatype" }, "by-class" : { "title" : "Reference by class", @@ -1451,7 +1443,7 @@ "$ref" : "#/definitions/TokenDatatype" }, "by-item-name" : { "title" : "Item Name Reference", - "description" : "Identify items to remove by the name of the item's information element name, e.g. title or prop", + "description" : "Identify items to remove by the name of the item's information object name, e.g. title or prop.", "allOf" : [ { "$ref" : "#/definitions/TokenDatatype" }, @@ -1473,12 +1465,12 @@ "minItems" : 1, "items" : { "title" : "Addition", - "description" : "Specifies contents to be added into controls, in resolution", + "description" : "Specifies contents to be added into controls, in resolution.", "type" : "object", "properties" : { "position" : { "title" : "Position", - "description" : "Where to add the new content with respect to the targeted element (beside it or inside it)", + "description" : "Where to add the new content with respect to the targeted element (beside it or inside it).", "allOf" : [ { "$ref" : "#/definitions/TokenDatatype" }, @@ -1500,7 +1492,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, + { "$ref" : "#assembly_oscal-control-common_parameter" } }, "props" : { "type" : "array", "minItems" : 1, @@ -1515,14 +1507,14 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } } }, + { "$ref" : "#assembly_oscal-control-common_part" } } }, "additionalProperties" : false } } }, "required" : [ "control-id" ], "additionalProperties" : false } } }, "additionalProperties" : false }, "oscal-complete-oscal-profile:insert-controls" : - { "title" : "Select controls", + { "title" : "Select Controls", "description" : "Specifies which controls to use in the containing context.", "$id" : "#assembly_oscal-profile_insert-controls", "type" : "object", @@ -1539,7 +1531,7 @@ "ascending", "descending" ] } ] }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-controls" : { "type" : "array", "minItems" : 1, @@ -1552,13 +1544,13 @@ { "$ref" : "#assembly_oscal-profile_select-control-by-id" } } }, "additionalProperties" : false }, "oscal-complete-oscal-profile:select-control-by-id" : - { "title" : "Call", - "description" : "Call a control by its ID", + { "title" : "Select Control", + "description" : "Select a control or controls from an imported control set.", "$id" : "#assembly_oscal-profile_select-control-by-id", "type" : "object", "properties" : { "with-child-controls" : - { "title" : "Include contained controls with control", + { "title" : "Include Contained Controls with Control", "description" : "When a control is included, whether its child (dependent) controls are also included.", "allOf" : [ @@ -1572,14 +1564,14 @@ "minItems" : 1, "items" : { "title" : "Match Controls by Identifier", - "description" : "", + "description" : "Selecting a control by its ID given as a literal.", "$ref" : "#/definitions/TokenDatatype" } }, "matching" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Match Controls by Pattern", - "description" : "Select controls by (regular expression) match on ID", + "description" : "Selecting a set of controls by matching their IDs with a wildcard pattern.", "type" : "object", "properties" : { "pattern" : @@ -1596,7 +1588,7 @@ "properties" : { "uuid" : { "title" : "Component Definition Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "Provides a globally unique means to identify a given component definition instance.", "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, @@ -1642,7 +1634,7 @@ "properties" : { "uuid" : { "title" : "Component Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "Provides a globally unique means to identify a given component.", "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Component Type", @@ -1701,7 +1693,7 @@ "properties" : { "uuid" : { "title" : "Capability Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "Provides a globally unique means to identify a given capability.", "$ref" : "#/definitions/UUIDDatatype" }, "name" : { "title" : "Capability Name", @@ -1740,7 +1732,7 @@ "additionalProperties" : false }, "oscal-complete-oscal-component-definition:incorporates-component" : { "title" : "Incorporates Component", - "description" : "TBD", + "description" : "The collection of components comprising this capability.", "$id" : "#assembly_oscal-component-definition_incorporates-component", "type" : "object", "properties" : @@ -1764,7 +1756,7 @@ "properties" : { "uuid" : { "title" : "Control Implementation Set Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "Provides a means to identify a set of control implementations that are supported by a given component or capability.", "$ref" : "#/definitions/UUIDDatatype" }, "source" : { "title" : "Source Resource Reference", @@ -1808,15 +1800,15 @@ "properties" : { "uuid" : { "title" : "Control Implementation Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "Provides a globally unique means to identify a given control implementation by a component.", "$ref" : "#/definitions/UUIDDatatype" }, "control-id" : { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", "$ref" : "#/definitions/TokenDatatype" }, "description" : { "title" : "Control Implementation Description", - "description" : "A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan.", + "description" : "A suggestion from the supplier (e.g., component vendor or author) for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan.", "type" : "string" }, "props" : { "type" : "array", @@ -2735,7 +2727,7 @@ "$ref" : "#/definitions/UUIDDatatype" }, "control-id" : { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -3143,7 +3135,7 @@ "properties" : { "control-id" : { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", "$ref" : "#/definitions/TokenDatatype" }, "description" : { "title" : "Objective Description", @@ -3163,7 +3155,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -3500,7 +3492,7 @@ "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-controls" : { "type" : "array", "minItems" : 1, @@ -3537,7 +3529,7 @@ "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-objectives" : { "type" : "array", "minItems" : 1, @@ -3564,7 +3556,7 @@ "properties" : { "control-id" : { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", "$ref" : "#/definitions/TokenDatatype" }, "statement-ids" : { "type" : "array", @@ -3659,7 +3651,7 @@ "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-subjects" : { "type" : "array", "minItems" : 1, diff --git a/json/schema/oscal_component_schema.json b/json/schema/oscal_component_schema.json index 10127bda25..8f3e0c7523 100644 --- a/json/schema/oscal_component_schema.json +++ b/json/schema/oscal_component_schema.json @@ -12,7 +12,7 @@ "properties" : { "uuid" : { "title" : "Component Definition Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "Provides a globally unique means to identify a given component definition instance.", "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, @@ -58,7 +58,7 @@ "properties" : { "uuid" : { "title" : "Component Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "Provides a globally unique means to identify a given component.", "$ref" : "#/definitions/UUIDDatatype" }, "type" : { "title" : "Component Type", @@ -117,7 +117,7 @@ "properties" : { "uuid" : { "title" : "Capability Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "Provides a globally unique means to identify a given capability.", "$ref" : "#/definitions/UUIDDatatype" }, "name" : { "title" : "Capability Name", @@ -156,7 +156,7 @@ "additionalProperties" : false }, "oscal-component-definition-oscal-component-definition:incorporates-component" : { "title" : "Incorporates Component", - "description" : "TBD", + "description" : "The collection of components comprising this capability.", "$id" : "#assembly_oscal-component-definition_incorporates-component", "type" : "object", "properties" : @@ -180,7 +180,7 @@ "properties" : { "uuid" : { "title" : "Control Implementation Set Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "Provides a means to identify a set of control implementations that are supported by a given component or capability.", "$ref" : "#/definitions/UUIDDatatype" }, "source" : { "title" : "Source Resource Reference", @@ -224,15 +224,15 @@ "properties" : { "uuid" : { "title" : "Control Implementation Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "Provides a globally unique means to identify a given control implementation by a component.", "$ref" : "#/definitions/UUIDDatatype" }, "control-id" : { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", "$ref" : "#/definitions/TokenDatatype" }, "description" : { "title" : "Control Implementation Description", - "description" : "A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan.", + "description" : "A suggestion from the supplier (e.g., component vendor or author) for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan.", "type" : "string" }, "props" : { "type" : "array", @@ -630,8 +630,8 @@ [ "id" ], "additionalProperties" : false }, "oscal-component-definition-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", "$id" : "#assembly_oscal-metadata_metadata", "type" : "object", "properties" : @@ -651,7 +651,37 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, "document-ids" : { "type" : "array", "minItems" : 1, @@ -671,17 +701,183 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, "locations" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, + { "title" : "Location", + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, "parties" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "$ref" : "#/definitions/URIDatatype" }, + "id" : + { "type" : "string" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, "responsible-parties" : { "type" : "array", "minItems" : 1, @@ -700,233 +896,24 @@ "version", "oscal-version" ], "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:revision" : - { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-component-definition-oscal-metadata:location" : - { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, "oscal-component-definition-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", "$id" : "#field_oscal-metadata_location-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-component-definition-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "$ref" : "#/definitions/URIDatatype" }, - "id" : - { "type" : "string" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, "oscal-component-definition-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", "$id" : "#field_oscal-metadata_party-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-component-definition-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, "oscal-component-definition-oscal-metadata:role-id" : { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "Reference to a role by UUID.", "$id" : "#field_oscal-metadata_role-id", "$ref" : "#/definitions/TokenDatatype" }, "oscal-component-definition-oscal-metadata:back-matter" : { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", "$id" : "#assembly_oscal-metadata_back-matter", "type" : "object", "properties" : @@ -935,20 +922,20 @@ "minItems" : 1, "items" : { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", "type" : "object", "properties" : { "uuid" : { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a resource.", "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", "type" : "string" }, "description" : { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", "type" : "string" }, "props" : { "type" : "array", @@ -962,7 +949,7 @@ { "$ref" : "#field_oscal-metadata_document-id" } }, "citation" : { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", + "description" : "An optional citation consisting of end note text using structured markup.", "type" : "object", "properties" : { "text" : @@ -987,16 +974,16 @@ "minItems" : 1, "items" : { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", "type" : "object", "properties" : { "href" : { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", + "description" : "A resolvable URL pointing to the referenced resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", @@ -1008,16 +995,16 @@ "additionalProperties" : false } }, "base64" : { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", "type" : "object", "properties" : { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, + "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -1032,17 +1019,22 @@ "additionalProperties" : false }, "oscal-component-definition-oscal-metadata:property" : { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", "$id" : "#assembly_oscal-metadata_property", "type" : "object", "properties" : { "name" : { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "$ref" : "#/definitions/TokenDatatype" }, + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a property.", "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", @@ -1054,7 +1046,7 @@ "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", "$ref" : "#/definitions/TokenDatatype" }, "group" : { "title" : "Property Group", @@ -1068,7 +1060,7 @@ "additionalProperties" : false }, "oscal-component-definition-oscal-metadata:link" : { "title" : "Link", - "description" : "A reference to a local or remote resource", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", "$id" : "#assembly_oscal-metadata_link", "type" : "object", "properties" : @@ -1077,12 +1069,12 @@ "description" : "A resolvable URL reference to a resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", @@ -1093,13 +1085,13 @@ "additionalProperties" : false }, "oscal-component-definition-oscal-metadata:responsible-party" : { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", "$id" : "#assembly_oscal-metadata_responsible-party", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "A reference to a role performed by a party.", "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", @@ -1168,13 +1160,13 @@ "additionalProperties" : false }, "oscal-component-definition-oscal-metadata:responsible-role" : { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", "$id" : "#assembly_oscal-metadata_responsible-role", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", + "description" : "A human-oriented identifier reference to a role performed.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -1204,7 +1196,7 @@ "properties" : { "algorithm" : { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", + "description" : "The digest method by which a hash is derived.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -1214,27 +1206,27 @@ "additionalProperties" : false }, "oscal-component-definition-oscal-metadata:remarks" : { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", + "description" : "Additional commentary about the containing object.", "$id" : "#field_oscal-metadata_remarks", "type" : "string" }, "oscal-component-definition-oscal-metadata:published" : { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last made available.", "$id" : "#field_oscal-metadata_published", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-component-definition-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last stored for later retrieval.", "$id" : "#field_oscal-metadata_last-modified", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-component-definition-oscal-metadata:version" : { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", "$id" : "#field_oscal-metadata_version", "$ref" : "#/definitions/StringDatatype" }, "oscal-component-definition-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", "$id" : "#field_oscal-metadata_oscal-version", "$ref" : "#/definitions/StringDatatype" }, "oscal-component-definition-oscal-metadata:email-address" : @@ -1244,7 +1236,7 @@ "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-component-definition-oscal-metadata:telephone-number" : { "title" : "Telephone Number", - "description" : "Contact number by telephone.", + "description" : "A telephone service number as defined by ITU-T E.164.", "$id" : "#field_oscal-metadata_telephone-number", "type" : "object", "properties" : @@ -1278,11 +1270,11 @@ "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", + "description" : "State, province or analogous geographical region for a mailing address.", "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", + "description" : "Postal or ZIP code for mailing address.", "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", @@ -1296,7 +1288,7 @@ "$ref" : "#/definitions/StringDatatype" }, "oscal-component-definition-oscal-metadata:document-id" : { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", + "description" : "A document identifier qualified by an identifier scheme.", "$id" : "#field_oscal-metadata_document-id", "type" : "object", "properties" : @@ -1309,31 +1301,31 @@ "required" : [ "identifier" ], "additionalProperties" : false }, - "oscal-component-definition-oscal-catalog-common:part" : + "oscal-component-definition-oscal-control-common:part" : { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", "type" : "object", "properties" : { "id" : { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the part.", "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", "type" : "string" }, "props" : { "type" : "array", @@ -1348,7 +1340,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "links" : { "type" : "array", "minItems" : 1, @@ -1357,23 +1349,23 @@ "required" : [ "name" ], "additionalProperties" : false }, - "oscal-component-definition-oscal-catalog-common:parameter" : + "oscal-component-definition-oscal-control-common:parameter" : { "title" : "Parameter", "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", + "$id" : "#assembly_oscal-control-common_parameter", "type" : "object", "properties" : { "id" : { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -1391,34 +1383,34 @@ "type" : "string" }, "usage" : { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", + "description" : "Describes the purpose and use of a parameter.", "type" : "string" }, "constraints" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, "guidelines" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, "values" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, + { "$ref" : "#field_oscal-control-common_parameter-value" } }, "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : [ "id" ], "additionalProperties" : false }, - "oscal-component-definition-oscal-catalog-common:parameter-constraint" : + "oscal-component-definition-oscal-control-common:parameter-constraint" : { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", "type" : "object", "properties" : { "description" : @@ -1435,7 +1427,7 @@ "properties" : { "expression" : { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", + "description" : "A formal (executable) expression of a constraint.", "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, @@ -1443,10 +1435,10 @@ [ "expression" ], "additionalProperties" : false } } }, "additionalProperties" : false }, - "oscal-component-definition-oscal-catalog-common:parameter-guideline" : + "oscal-component-definition-oscal-control-common:parameter-guideline" : { "title" : "Guideline", "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", + "$id" : "#assembly_oscal-control-common_parameter-guideline", "type" : "object", "properties" : { "prose" : @@ -1456,15 +1448,15 @@ "required" : [ "prose" ], "additionalProperties" : false }, - "oscal-component-definition-oscal-catalog-common:parameter-value" : + "oscal-component-definition-oscal-control-common:parameter-value" : { "title" : "Parameter Value", "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", + "$id" : "#field_oscal-control-common_parameter-value", "$ref" : "#/definitions/StringDatatype" }, - "oscal-component-definition-oscal-catalog-common:parameter-selection" : + "oscal-component-definition-oscal-control-common:parameter-selection" : { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", "type" : "object", "properties" : { "how-many" : @@ -1482,13 +1474,13 @@ "minItems" : 1, "items" : { "title" : "Choice", - "description" : "A value selection among several such options", + "description" : "A value selection among several such options.", "type" : "string" } } }, "additionalProperties" : false }, - "oscal-component-definition-oscal-catalog-common:include-all" : + "oscal-component-definition-oscal-control-common:include-all" : { "title" : "Include All", "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", + "$id" : "#assembly_oscal-control-common_include-all", "type" : "object", "additionalProperties" : false }, "Base64Datatype" : diff --git a/json/schema/oscal_mapping_schema.json b/json/schema/oscal_mapping_schema.json index d7feaf047c..b0b946b972 100644 --- a/json/schema/oscal_mapping_schema.json +++ b/json/schema/oscal_mapping_schema.json @@ -58,8 +58,8 @@ "maps" ], "additionalProperties" : false }, "oscal-mapping-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", "$id" : "#assembly_oscal-metadata_metadata", "type" : "object", "properties" : @@ -79,7 +79,37 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, "document-ids" : { "type" : "array", "minItems" : 1, @@ -99,17 +129,183 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, "locations" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, + { "title" : "Location", + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, "parties" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "$ref" : "#/definitions/URIDatatype" }, + "id" : + { "type" : "string" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, "responsible-parties" : { "type" : "array", "minItems" : 1, @@ -128,233 +324,24 @@ "version", "oscal-version" ], "additionalProperties" : false }, - "oscal-mapping-oscal-metadata:revision" : - { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-mapping-oscal-metadata:location" : - { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, "oscal-mapping-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", "$id" : "#field_oscal-metadata_location-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-mapping-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "$ref" : "#/definitions/URIDatatype" }, - "id" : - { "type" : "string" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, "oscal-mapping-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", "$id" : "#field_oscal-metadata_party-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-mapping-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, "oscal-mapping-oscal-metadata:role-id" : { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "Reference to a role by UUID.", "$id" : "#field_oscal-metadata_role-id", "$ref" : "#/definitions/TokenDatatype" }, "oscal-mapping-oscal-metadata:back-matter" : { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", "$id" : "#assembly_oscal-metadata_back-matter", "type" : "object", "properties" : @@ -363,20 +350,20 @@ "minItems" : 1, "items" : { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", "type" : "object", "properties" : { "uuid" : { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a resource.", "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", "type" : "string" }, "description" : { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", "type" : "string" }, "props" : { "type" : "array", @@ -390,7 +377,7 @@ { "$ref" : "#field_oscal-metadata_document-id" } }, "citation" : { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", + "description" : "An optional citation consisting of end note text using structured markup.", "type" : "object", "properties" : { "text" : @@ -415,16 +402,16 @@ "minItems" : 1, "items" : { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", "type" : "object", "properties" : { "href" : { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", + "description" : "A resolvable URL pointing to the referenced resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", @@ -436,16 +423,16 @@ "additionalProperties" : false } }, "base64" : { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", "type" : "object", "properties" : { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, + "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -460,17 +447,22 @@ "additionalProperties" : false }, "oscal-mapping-oscal-metadata:property" : { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", "$id" : "#assembly_oscal-metadata_property", "type" : "object", "properties" : { "name" : { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "$ref" : "#/definitions/TokenDatatype" }, + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a property.", "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", @@ -482,7 +474,7 @@ "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", "$ref" : "#/definitions/TokenDatatype" }, "group" : { "title" : "Property Group", @@ -496,7 +488,7 @@ "additionalProperties" : false }, "oscal-mapping-oscal-metadata:link" : { "title" : "Link", - "description" : "A reference to a local or remote resource", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", "$id" : "#assembly_oscal-metadata_link", "type" : "object", "properties" : @@ -505,12 +497,12 @@ "description" : "A resolvable URL reference to a resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", @@ -521,13 +513,13 @@ "additionalProperties" : false }, "oscal-mapping-oscal-metadata:responsible-party" : { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", "$id" : "#assembly_oscal-metadata_responsible-party", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "A reference to a role performed by a party.", "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", @@ -596,13 +588,13 @@ "additionalProperties" : false }, "oscal-mapping-oscal-metadata:responsible-role" : { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", "$id" : "#assembly_oscal-metadata_responsible-role", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", + "description" : "A human-oriented identifier reference to a role performed.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -632,7 +624,7 @@ "properties" : { "algorithm" : { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", + "description" : "The digest method by which a hash is derived.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -642,27 +634,27 @@ "additionalProperties" : false }, "oscal-mapping-oscal-metadata:remarks" : { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", + "description" : "Additional commentary about the containing object.", "$id" : "#field_oscal-metadata_remarks", "type" : "string" }, "oscal-mapping-oscal-metadata:published" : { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last made available.", "$id" : "#field_oscal-metadata_published", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-mapping-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last stored for later retrieval.", "$id" : "#field_oscal-metadata_last-modified", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-mapping-oscal-metadata:version" : { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", "$id" : "#field_oscal-metadata_version", "$ref" : "#/definitions/StringDatatype" }, "oscal-mapping-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", "$id" : "#field_oscal-metadata_oscal-version", "$ref" : "#/definitions/StringDatatype" }, "oscal-mapping-oscal-metadata:email-address" : @@ -672,7 +664,7 @@ "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-mapping-oscal-metadata:telephone-number" : { "title" : "Telephone Number", - "description" : "Contact number by telephone.", + "description" : "A telephone service number as defined by ITU-T E.164.", "$id" : "#field_oscal-metadata_telephone-number", "type" : "object", "properties" : @@ -706,11 +698,11 @@ "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", + "description" : "State, province or analogous geographical region for a mailing address.", "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", + "description" : "Postal or ZIP code for mailing address.", "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", @@ -724,7 +716,7 @@ "$ref" : "#/definitions/StringDatatype" }, "oscal-mapping-oscal-metadata:document-id" : { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", + "description" : "A document identifier qualified by an identifier scheme.", "$id" : "#field_oscal-metadata_document-id", "type" : "object", "properties" : @@ -833,7 +825,7 @@ "additionalProperties" : false }, "oscal-mapping-oscal-mapping-common:mapping-resource-reference" : { "title" : "Mapped Resource Reference", - "description" : "A reference to a back-matter resource that is either the source or target of a mapping.", + "description" : "A reference to a resource that is either the source or target of a mapping.", "$id" : "#assembly_oscal-mapping-common_mapping-resource-reference", "type" : "object", "properties" : diff --git a/json/schema/oscal_poam_schema.json b/json/schema/oscal_poam_schema.json index 8fbc2f3058..68483162f3 100644 --- a/json/schema/oscal_poam_schema.json +++ b/json/schema/oscal_poam_schema.json @@ -146,8 +146,8 @@ "description" ], "additionalProperties" : false }, "oscal-poam-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", "$id" : "#assembly_oscal-metadata_metadata", "type" : "object", "properties" : @@ -167,7 +167,37 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, "document-ids" : { "type" : "array", "minItems" : 1, @@ -187,17 +217,183 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, "locations" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, + { "title" : "Location", + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, "parties" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "$ref" : "#/definitions/URIDatatype" }, + "id" : + { "type" : "string" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, "responsible-parties" : { "type" : "array", "minItems" : 1, @@ -216,233 +412,24 @@ "version", "oscal-version" ], "additionalProperties" : false }, - "oscal-poam-oscal-metadata:revision" : - { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-poam-oscal-metadata:location" : - { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, "oscal-poam-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", "$id" : "#field_oscal-metadata_location-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-poam-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "$ref" : "#/definitions/URIDatatype" }, - "id" : - { "type" : "string" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, "oscal-poam-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", "$id" : "#field_oscal-metadata_party-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-poam-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, "oscal-poam-oscal-metadata:role-id" : { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "Reference to a role by UUID.", "$id" : "#field_oscal-metadata_role-id", "$ref" : "#/definitions/TokenDatatype" }, "oscal-poam-oscal-metadata:back-matter" : { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", "$id" : "#assembly_oscal-metadata_back-matter", "type" : "object", "properties" : @@ -451,20 +438,20 @@ "minItems" : 1, "items" : { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", "type" : "object", "properties" : { "uuid" : { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a resource.", "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", "type" : "string" }, "description" : { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", "type" : "string" }, "props" : { "type" : "array", @@ -478,7 +465,7 @@ { "$ref" : "#field_oscal-metadata_document-id" } }, "citation" : { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", + "description" : "An optional citation consisting of end note text using structured markup.", "type" : "object", "properties" : { "text" : @@ -503,16 +490,16 @@ "minItems" : 1, "items" : { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", "type" : "object", "properties" : { "href" : { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", + "description" : "A resolvable URL pointing to the referenced resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", @@ -524,16 +511,16 @@ "additionalProperties" : false } }, "base64" : { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", "type" : "object", "properties" : { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, + "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -548,17 +535,22 @@ "additionalProperties" : false }, "oscal-poam-oscal-metadata:property" : { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", "$id" : "#assembly_oscal-metadata_property", "type" : "object", "properties" : { "name" : { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "$ref" : "#/definitions/TokenDatatype" }, + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a property.", "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", @@ -570,7 +562,7 @@ "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", "$ref" : "#/definitions/TokenDatatype" }, "group" : { "title" : "Property Group", @@ -584,7 +576,7 @@ "additionalProperties" : false }, "oscal-poam-oscal-metadata:link" : { "title" : "Link", - "description" : "A reference to a local or remote resource", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", "$id" : "#assembly_oscal-metadata_link", "type" : "object", "properties" : @@ -593,12 +585,12 @@ "description" : "A resolvable URL reference to a resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", @@ -609,13 +601,13 @@ "additionalProperties" : false }, "oscal-poam-oscal-metadata:responsible-party" : { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", "$id" : "#assembly_oscal-metadata_responsible-party", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "A reference to a role performed by a party.", "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", @@ -684,13 +676,13 @@ "additionalProperties" : false }, "oscal-poam-oscal-metadata:responsible-role" : { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", "$id" : "#assembly_oscal-metadata_responsible-role", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", + "description" : "A human-oriented identifier reference to a role performed.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -720,7 +712,7 @@ "properties" : { "algorithm" : { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", + "description" : "The digest method by which a hash is derived.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -730,27 +722,27 @@ "additionalProperties" : false }, "oscal-poam-oscal-metadata:remarks" : { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", + "description" : "Additional commentary about the containing object.", "$id" : "#field_oscal-metadata_remarks", "type" : "string" }, "oscal-poam-oscal-metadata:published" : { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last made available.", "$id" : "#field_oscal-metadata_published", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-poam-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last stored for later retrieval.", "$id" : "#field_oscal-metadata_last-modified", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-poam-oscal-metadata:version" : { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", "$id" : "#field_oscal-metadata_version", "$ref" : "#/definitions/StringDatatype" }, "oscal-poam-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", "$id" : "#field_oscal-metadata_oscal-version", "$ref" : "#/definitions/StringDatatype" }, "oscal-poam-oscal-metadata:email-address" : @@ -760,7 +752,7 @@ "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-poam-oscal-metadata:telephone-number" : { "title" : "Telephone Number", - "description" : "Contact number by telephone.", + "description" : "A telephone service number as defined by ITU-T E.164.", "$id" : "#field_oscal-metadata_telephone-number", "type" : "object", "properties" : @@ -794,11 +786,11 @@ "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", + "description" : "State, province or analogous geographical region for a mailing address.", "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", + "description" : "Postal or ZIP code for mailing address.", "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", @@ -812,7 +804,7 @@ "$ref" : "#/definitions/StringDatatype" }, "oscal-poam-oscal-metadata:document-id" : { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", + "description" : "A document identifier qualified by an identifier scheme.", "$id" : "#field_oscal-metadata_document-id", "type" : "object", "properties" : @@ -1148,31 +1140,31 @@ "required" : [ "id" ], "additionalProperties" : false }, - "oscal-poam-oscal-catalog-common:part" : + "oscal-poam-oscal-control-common:part" : { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", "type" : "object", "properties" : { "id" : { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the part.", "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", "type" : "string" }, "props" : { "type" : "array", @@ -1187,7 +1179,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "links" : { "type" : "array", "minItems" : 1, @@ -1196,23 +1188,23 @@ "required" : [ "name" ], "additionalProperties" : false }, - "oscal-poam-oscal-catalog-common:parameter" : + "oscal-poam-oscal-control-common:parameter" : { "title" : "Parameter", "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", + "$id" : "#assembly_oscal-control-common_parameter", "type" : "object", "properties" : { "id" : { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -1230,34 +1222,34 @@ "type" : "string" }, "usage" : { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", + "description" : "Describes the purpose and use of a parameter.", "type" : "string" }, "constraints" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, "guidelines" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, "values" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, + { "$ref" : "#field_oscal-control-common_parameter-value" } }, "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : [ "id" ], "additionalProperties" : false }, - "oscal-poam-oscal-catalog-common:parameter-constraint" : + "oscal-poam-oscal-control-common:parameter-constraint" : { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", "type" : "object", "properties" : { "description" : @@ -1274,7 +1266,7 @@ "properties" : { "expression" : { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", + "description" : "A formal (executable) expression of a constraint.", "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, @@ -1282,10 +1274,10 @@ [ "expression" ], "additionalProperties" : false } } }, "additionalProperties" : false }, - "oscal-poam-oscal-catalog-common:parameter-guideline" : + "oscal-poam-oscal-control-common:parameter-guideline" : { "title" : "Guideline", "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", + "$id" : "#assembly_oscal-control-common_parameter-guideline", "type" : "object", "properties" : { "prose" : @@ -1295,15 +1287,15 @@ "required" : [ "prose" ], "additionalProperties" : false }, - "oscal-poam-oscal-catalog-common:parameter-value" : + "oscal-poam-oscal-control-common:parameter-value" : { "title" : "Parameter Value", "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", + "$id" : "#field_oscal-control-common_parameter-value", "$ref" : "#/definitions/StringDatatype" }, - "oscal-poam-oscal-catalog-common:parameter-selection" : + "oscal-poam-oscal-control-common:parameter-selection" : { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", "type" : "object", "properties" : { "how-many" : @@ -1321,13 +1313,13 @@ "minItems" : 1, "items" : { "title" : "Choice", - "description" : "A value selection among several such options", + "description" : "A value selection among several such options.", "type" : "string" } } }, "additionalProperties" : false }, - "oscal-poam-oscal-catalog-common:include-all" : + "oscal-poam-oscal-control-common:include-all" : { "title" : "Include All", "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", + "$id" : "#assembly_oscal-control-common_include-all", "type" : "object", "additionalProperties" : false }, "oscal-poam-oscal-assessment-common:import-ssp" : @@ -1353,7 +1345,7 @@ "properties" : { "control-id" : { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", "$ref" : "#/definitions/TokenDatatype" }, "description" : { "title" : "Objective Description", @@ -1373,7 +1365,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : @@ -1710,7 +1702,7 @@ "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-controls" : { "type" : "array", "minItems" : 1, @@ -1747,7 +1739,7 @@ "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-objectives" : { "type" : "array", "minItems" : 1, @@ -1774,7 +1766,7 @@ "properties" : { "control-id" : { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", "$ref" : "#/definitions/TokenDatatype" }, "statement-ids" : { "type" : "array", @@ -1869,7 +1861,7 @@ "items" : { "$ref" : "#assembly_oscal-metadata_link" } }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-subjects" : { "type" : "array", "minItems" : 1, diff --git a/json/schema/oscal_profile_schema.json b/json/schema/oscal_profile_schema.json index e7c75bf559..9dd4defa63 100644 --- a/json/schema/oscal_profile_schema.json +++ b/json/schema/oscal_profile_schema.json @@ -6,13 +6,13 @@ "definitions" : { "oscal-profile-oscal-profile:profile" : { "title" : "Profile", - "description" : "Each OSCAL profile is defined by a Profile element", + "description" : "Each OSCAL profile is defined by a profile element.", "$id" : "#assembly_oscal-profile_profile", "type" : "object", "properties" : { "uuid" : { "title" : "Profile Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document.", + "description" : "Provides a globally unique means to identify a given profile instance.", "$ref" : "#/definitions/UUIDDatatype" }, "metadata" : { "$ref" : "#assembly_oscal-metadata_metadata" }, @@ -33,8 +33,8 @@ "imports" ], "additionalProperties" : false }, "oscal-profile-oscal-profile:import" : - { "title" : "Import resource", - "description" : "The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives.", + { "title" : "Import Resource", + "description" : "Designates a referenced source catalog or profile that provides a source of control information for use in creating a new overlay or baseline.", "$id" : "#assembly_oscal-profile_import", "type" : "object", "properties" : @@ -43,7 +43,7 @@ "description" : "A resolvable URL reference to the base catalog or profile that this profile is tailoring.", "$ref" : "#/definitions/URIReferenceDatatype" }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-controls" : { "type" : "array", "minItems" : 1, @@ -58,19 +58,19 @@ [ "href" ], "additionalProperties" : false }, "oscal-profile-oscal-profile:merge" : - { "title" : "Merge controls", - "description" : "A Merge element provides structuring directives that drive how controls are organized after resolution.", + { "title" : "Merge Controls", + "description" : "Provides structuring directives that instruct how controls are organized after profile resolution.", "$id" : "#assembly_oscal-profile_merge", "type" : "object", "properties" : { "combine" : - { "title" : "Combination rule", - "description" : "A Combine element defines how to combine multiple (competing) versions of the same control.", + { "title" : "Combination Rule", + "description" : "A Combine element defines how to resolve duplicate instances of the same control (e.g., controls with the same ID).", "type" : "object", "properties" : { "method" : - { "title" : "Combination method", - "description" : "How clashing controls should be handled", + { "title" : "Combination Method", + "description" : "Declare how clashing controls should be handled.", "allOf" : [ { "$ref" : "#/definitions/StringDatatype" }, @@ -81,17 +81,17 @@ "keep" ] } ] } }, "additionalProperties" : false }, "flat" : - { "title" : "Flat", - "description" : "Use the flat structuring method.", + { "title" : "Flat Without Grouping", + "description" : "Directs that controls appear without any grouping structure.", "type" : "object", "additionalProperties" : false }, "as-is" : - { "title" : "As-Is Structuring Directive", - "description" : "An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes.", + { "title" : "Group As-Is", + "description" : "Indicates that the controls selected should retain their original grouping as defined in the import source.", "$ref" : "#/definitions/BooleanDatatype" }, "custom" : - { "title" : "Custom grouping", - "description" : "A Custom element frames a structure for embedding represented controls in resolution.", + { "title" : "Custom Grouping", + "description" : "Provides an alternate grouping structure that selected controls will be placed in.", "type" : "object", "properties" : { "groups" : @@ -107,14 +107,14 @@ "additionalProperties" : false } }, "additionalProperties" : false }, "oscal-profile-oscal-profile:group" : - { "title" : "Control group", - "description" : "A group of (selected) controls or of groups of controls", + { "title" : "Control Group", + "description" : "A group of (selected) controls or of groups of controls.", "$id" : "#assembly_oscal-profile_group", "type" : "object", "properties" : { "id" : { "title" : "Group Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document.", + "description" : "Identifies the group.", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Group Class", @@ -122,13 +122,13 @@ "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Group Title", - "description" : "A name given to the group, which may be used by a tool for display and navigation.", + "description" : "A name to be given to the group for use in display.", "type" : "string" }, "params" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, + { "$ref" : "#assembly_oscal-control-common_parameter" } }, "props" : { "type" : "array", "minItems" : 1, @@ -143,7 +143,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "groups" : { "type" : "array", "minItems" : 1, @@ -158,8 +158,8 @@ [ "title" ], "additionalProperties" : false }, "oscal-profile-oscal-profile:modify" : - { "title" : "Modify controls", - "description" : "Set parameters or amend controls in resolution", + { "title" : "Modify Controls", + "description" : "Set parameters or amend controls in resolution.", "$id" : "#assembly_oscal-profile_modify", "type" : "object", "properties" : @@ -168,19 +168,19 @@ "minItems" : 1, "items" : { "title" : "Parameter Setting", - "description" : "A parameter setting, to be propagated to points of insertion", + "description" : "A parameter setting, to be propagated to points of insertion.", "type" : "object", "properties" : { "param-id" : { "title" : "Parameter ID", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "An identifier for the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", "description" : "A textual label that provides a characterization of the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : - { "title" : "Depends on", + { "title" : "Depends On", "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", "$ref" : "#/definitions/TokenDatatype" }, "props" : @@ -199,25 +199,25 @@ "type" : "string" }, "usage" : { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", + "description" : "Describes the purpose and use of a parameter.", "type" : "string" }, "constraints" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, "guidelines" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, "values" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, + { "$ref" : "#field_oscal-control-common_parameter-value" } }, "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-selection" } }, "required" : [ "param-id" ], "additionalProperties" : false } }, @@ -226,12 +226,12 @@ "minItems" : 1, "items" : { "title" : "Alteration", - "description" : "An Alter element specifies changes to be made to an included control when a profile is resolved.", + "description" : "Specifies changes to be made to an included control when a profile is resolved.", "type" : "object", "properties" : { "control-id" : { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", "$ref" : "#/definitions/TokenDatatype" }, "removes" : { "type" : "array", @@ -243,7 +243,7 @@ "properties" : { "by-name" : { "title" : "Reference by (assigned) name", - "description" : "Identify items to remove by matching their assigned name", + "description" : "Identify items remove by matching their assigned name.", "$ref" : "#/definitions/TokenDatatype" }, "by-class" : { "title" : "Reference by class", @@ -255,7 +255,7 @@ "$ref" : "#/definitions/TokenDatatype" }, "by-item-name" : { "title" : "Item Name Reference", - "description" : "Identify items to remove by the name of the item's information element name, e.g. title or prop", + "description" : "Identify items to remove by the name of the item's information object name, e.g. title or prop.", "allOf" : [ { "$ref" : "#/definitions/TokenDatatype" }, @@ -277,12 +277,12 @@ "minItems" : 1, "items" : { "title" : "Addition", - "description" : "Specifies contents to be added into controls, in resolution", + "description" : "Specifies contents to be added into controls, in resolution.", "type" : "object", "properties" : { "position" : { "title" : "Position", - "description" : "Where to add the new content with respect to the targeted element (beside it or inside it)", + "description" : "Where to add the new content with respect to the targeted element (beside it or inside it).", "allOf" : [ { "$ref" : "#/definitions/TokenDatatype" }, @@ -304,7 +304,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter" } }, + { "$ref" : "#assembly_oscal-control-common_parameter" } }, "props" : { "type" : "array", "minItems" : 1, @@ -319,14 +319,14 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } } }, + { "$ref" : "#assembly_oscal-control-common_part" } } }, "additionalProperties" : false } } }, "required" : [ "control-id" ], "additionalProperties" : false } } }, "additionalProperties" : false }, "oscal-profile-oscal-profile:insert-controls" : - { "title" : "Select controls", + { "title" : "Select Controls", "description" : "Specifies which controls to use in the containing context.", "$id" : "#assembly_oscal-profile_insert-controls", "type" : "object", @@ -343,7 +343,7 @@ "ascending", "descending" ] } ] }, "include-all" : - { "$ref" : "#assembly_oscal-catalog-common_include-all" }, + { "$ref" : "#assembly_oscal-control-common_include-all" }, "include-controls" : { "type" : "array", "minItems" : 1, @@ -356,13 +356,13 @@ { "$ref" : "#assembly_oscal-profile_select-control-by-id" } } }, "additionalProperties" : false }, "oscal-profile-oscal-profile:select-control-by-id" : - { "title" : "Call", - "description" : "Call a control by its ID", + { "title" : "Select Control", + "description" : "Select a control or controls from an imported control set.", "$id" : "#assembly_oscal-profile_select-control-by-id", "type" : "object", "properties" : { "with-child-controls" : - { "title" : "Include contained controls with control", + { "title" : "Include Contained Controls with Control", "description" : "When a control is included, whether its child (dependent) controls are also included.", "allOf" : [ @@ -376,14 +376,14 @@ "minItems" : 1, "items" : { "title" : "Match Controls by Identifier", - "description" : "", + "description" : "Selecting a control by its ID given as a literal.", "$ref" : "#/definitions/TokenDatatype" } }, "matching" : { "type" : "array", "minItems" : 1, "items" : { "title" : "Match Controls by Pattern", - "description" : "Select controls by (regular expression) match on ID", + "description" : "Selecting a set of controls by matching their IDs with a wildcard pattern.", "type" : "object", "properties" : { "pattern" : @@ -393,8 +393,8 @@ "additionalProperties" : false } } }, "additionalProperties" : false }, "oscal-profile-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", "$id" : "#assembly_oscal-metadata_metadata", "type" : "object", "properties" : @@ -414,7 +414,37 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, "document-ids" : { "type" : "array", "minItems" : 1, @@ -434,17 +464,183 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, "locations" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, + { "title" : "Location", + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, "parties" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "$ref" : "#/definitions/URIDatatype" }, + "id" : + { "type" : "string" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, "responsible-parties" : { "type" : "array", "minItems" : 1, @@ -463,233 +659,24 @@ "version", "oscal-version" ], "additionalProperties" : false }, - "oscal-profile-oscal-metadata:revision" : - { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-profile-oscal-metadata:location" : - { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, "oscal-profile-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", "$id" : "#field_oscal-metadata_location-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-profile-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "$ref" : "#/definitions/URIDatatype" }, - "id" : - { "type" : "string" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, "oscal-profile-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", "$id" : "#field_oscal-metadata_party-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-profile-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, "oscal-profile-oscal-metadata:role-id" : { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "Reference to a role by UUID.", "$id" : "#field_oscal-metadata_role-id", "$ref" : "#/definitions/TokenDatatype" }, "oscal-profile-oscal-metadata:back-matter" : { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", "$id" : "#assembly_oscal-metadata_back-matter", "type" : "object", "properties" : @@ -698,20 +685,20 @@ "minItems" : 1, "items" : { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", "type" : "object", "properties" : { "uuid" : { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a resource.", "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", "type" : "string" }, "description" : { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", "type" : "string" }, "props" : { "type" : "array", @@ -725,7 +712,7 @@ { "$ref" : "#field_oscal-metadata_document-id" } }, "citation" : { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", + "description" : "An optional citation consisting of end note text using structured markup.", "type" : "object", "properties" : { "text" : @@ -750,16 +737,16 @@ "minItems" : 1, "items" : { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", "type" : "object", "properties" : { "href" : { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", + "description" : "A resolvable URL pointing to the referenced resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", @@ -771,16 +758,16 @@ "additionalProperties" : false } }, "base64" : { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", "type" : "object", "properties" : { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, + "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -795,17 +782,22 @@ "additionalProperties" : false }, "oscal-profile-oscal-metadata:property" : { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", "$id" : "#assembly_oscal-metadata_property", "type" : "object", "properties" : { "name" : { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "$ref" : "#/definitions/TokenDatatype" }, + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a property.", "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", @@ -817,7 +809,7 @@ "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", "$ref" : "#/definitions/TokenDatatype" }, "group" : { "title" : "Property Group", @@ -831,7 +823,7 @@ "additionalProperties" : false }, "oscal-profile-oscal-metadata:link" : { "title" : "Link", - "description" : "A reference to a local or remote resource", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", "$id" : "#assembly_oscal-metadata_link", "type" : "object", "properties" : @@ -840,12 +832,12 @@ "description" : "A resolvable URL reference to a resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", @@ -856,13 +848,13 @@ "additionalProperties" : false }, "oscal-profile-oscal-metadata:responsible-party" : { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", "$id" : "#assembly_oscal-metadata_responsible-party", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "A reference to a role performed by a party.", "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", @@ -931,13 +923,13 @@ "additionalProperties" : false }, "oscal-profile-oscal-metadata:responsible-role" : { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", "$id" : "#assembly_oscal-metadata_responsible-role", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", + "description" : "A human-oriented identifier reference to a role performed.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -967,7 +959,7 @@ "properties" : { "algorithm" : { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", + "description" : "The digest method by which a hash is derived.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -977,27 +969,27 @@ "additionalProperties" : false }, "oscal-profile-oscal-metadata:remarks" : { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", + "description" : "Additional commentary about the containing object.", "$id" : "#field_oscal-metadata_remarks", "type" : "string" }, "oscal-profile-oscal-metadata:published" : { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last made available.", "$id" : "#field_oscal-metadata_published", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-profile-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last stored for later retrieval.", "$id" : "#field_oscal-metadata_last-modified", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-profile-oscal-metadata:version" : { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", "$id" : "#field_oscal-metadata_version", "$ref" : "#/definitions/StringDatatype" }, "oscal-profile-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", "$id" : "#field_oscal-metadata_oscal-version", "$ref" : "#/definitions/StringDatatype" }, "oscal-profile-oscal-metadata:email-address" : @@ -1007,7 +999,7 @@ "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-profile-oscal-metadata:telephone-number" : { "title" : "Telephone Number", - "description" : "Contact number by telephone.", + "description" : "A telephone service number as defined by ITU-T E.164.", "$id" : "#field_oscal-metadata_telephone-number", "type" : "object", "properties" : @@ -1041,11 +1033,11 @@ "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", + "description" : "State, province or analogous geographical region for a mailing address.", "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", + "description" : "Postal or ZIP code for mailing address.", "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", @@ -1059,7 +1051,7 @@ "$ref" : "#/definitions/StringDatatype" }, "oscal-profile-oscal-metadata:document-id" : { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", + "description" : "A document identifier qualified by an identifier scheme.", "$id" : "#field_oscal-metadata_document-id", "type" : "object", "properties" : @@ -1072,31 +1064,31 @@ "required" : [ "identifier" ], "additionalProperties" : false }, - "oscal-profile-oscal-catalog-common:part" : + "oscal-profile-oscal-control-common:part" : { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", "type" : "object", "properties" : { "id" : { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the part.", "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", "type" : "string" }, "props" : { "type" : "array", @@ -1111,7 +1103,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "links" : { "type" : "array", "minItems" : 1, @@ -1120,23 +1112,23 @@ "required" : [ "name" ], "additionalProperties" : false }, - "oscal-profile-oscal-catalog-common:parameter" : + "oscal-profile-oscal-control-common:parameter" : { "title" : "Parameter", "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", + "$id" : "#assembly_oscal-control-common_parameter", "type" : "object", "properties" : { "id" : { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -1154,34 +1146,34 @@ "type" : "string" }, "usage" : { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", + "description" : "Describes the purpose and use of a parameter.", "type" : "string" }, "constraints" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, "guidelines" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, "values" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, + { "$ref" : "#field_oscal-control-common_parameter-value" } }, "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : [ "id" ], "additionalProperties" : false }, - "oscal-profile-oscal-catalog-common:parameter-constraint" : + "oscal-profile-oscal-control-common:parameter-constraint" : { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", "type" : "object", "properties" : { "description" : @@ -1198,7 +1190,7 @@ "properties" : { "expression" : { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", + "description" : "A formal (executable) expression of a constraint.", "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, @@ -1206,10 +1198,10 @@ [ "expression" ], "additionalProperties" : false } } }, "additionalProperties" : false }, - "oscal-profile-oscal-catalog-common:parameter-guideline" : + "oscal-profile-oscal-control-common:parameter-guideline" : { "title" : "Guideline", "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", + "$id" : "#assembly_oscal-control-common_parameter-guideline", "type" : "object", "properties" : { "prose" : @@ -1219,15 +1211,15 @@ "required" : [ "prose" ], "additionalProperties" : false }, - "oscal-profile-oscal-catalog-common:parameter-value" : + "oscal-profile-oscal-control-common:parameter-value" : { "title" : "Parameter Value", "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", + "$id" : "#field_oscal-control-common_parameter-value", "$ref" : "#/definitions/StringDatatype" }, - "oscal-profile-oscal-catalog-common:parameter-selection" : + "oscal-profile-oscal-control-common:parameter-selection" : { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", "type" : "object", "properties" : { "how-many" : @@ -1245,13 +1237,13 @@ "minItems" : 1, "items" : { "title" : "Choice", - "description" : "A value selection among several such options", + "description" : "A value selection among several such options.", "type" : "string" } } }, "additionalProperties" : false }, - "oscal-profile-oscal-catalog-common:include-all" : + "oscal-profile-oscal-control-common:include-all" : { "title" : "Include All", "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", + "$id" : "#assembly_oscal-control-common_include-all", "type" : "object", "additionalProperties" : false }, "Base64Datatype" : diff --git a/json/schema/oscal_ssp_schema.json b/json/schema/oscal_ssp_schema.json index e8dafb317c..7a29c31d31 100644 --- a/json/schema/oscal_ssp_schema.json +++ b/json/schema/oscal_ssp_schema.json @@ -526,7 +526,7 @@ "$ref" : "#/definitions/UUIDDatatype" }, "control-id" : { "title" : "Control Identifier Reference", - "description" : "A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", + "description" : "A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -832,8 +832,8 @@ "description" ], "additionalProperties" : false }, "oscal-ssp-oscal-metadata:metadata" : - { "title" : "Publication metadata", - "description" : "Provides information about the publication and availability of the containing document.", + { "title" : "Document Metadata", + "description" : "Provides information about the containing document, and defines concepts that are shared across the document.", "$id" : "#assembly_oscal-metadata_metadata", "type" : "object", "properties" : @@ -853,7 +853,37 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_revision" } }, + { "title" : "Revision History Entry", + "description" : "An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first).", + "type" : "object", + "properties" : + { "title" : + { "title" : "Document Title", + "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", + "type" : "string" }, + "published" : + { "$ref" : "#field_oscal-metadata_published" }, + "last-modified" : + { "$ref" : "#field_oscal-metadata_last-modified" }, + "version" : + { "$ref" : "#field_oscal-metadata_version" }, + "oscal-version" : + { "$ref" : "#field_oscal-metadata_oscal-version" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "version" ], + "additionalProperties" : false } }, "document-ids" : { "type" : "array", "minItems" : 1, @@ -873,17 +903,183 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_role" } }, + { "title" : "Role", + "description" : "Defines a function, which might be assigned to a party in a specific situation.", + "type" : "object", + "properties" : + { "id" : + { "title" : "Role Identifier", + "description" : "A unique identifier for the role.", + "$ref" : "#/definitions/TokenDatatype" }, + "title" : + { "title" : "Role Title", + "description" : "A name given to the role, which may be used by a tool for display and navigation.", + "type" : "string" }, + "short-name" : + { "title" : "Role Short Name", + "description" : "A short common name, abbreviation, or acronym for the role.", + "$ref" : "#/definitions/StringDatatype" }, + "description" : + { "title" : "Role Description", + "description" : "A summary of the role's purpose and associated responsibilities.", + "type" : "string" }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "id", + "title" ], + "additionalProperties" : false } }, "locations" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_location" } }, + { "title" : "Location", + "description" : "A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Location Universally Unique Identifier", + "description" : "A unique ID for the location, for reference.", + "$ref" : "#/definitions/UUIDDatatype" }, + "title" : + { "title" : "Location Title", + "description" : "A name given to the location, which may be used by a tool for display and navigation.", + "type" : "string" }, + "address" : + { "$ref" : "#assembly_oscal-metadata_address" }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "urls" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Location URL", + "description" : "The uniform resource locator (URL) for a web site or other resource associated with the location.", + "$ref" : "#/definitions/URIDatatype" } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid" ], + "additionalProperties" : false } }, "parties" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-metadata_party" } }, + { "title" : "Party", + "description" : "An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document.", + "type" : "object", + "properties" : + { "uuid" : + { "title" : "Party Universally Unique Identifier", + "description" : "A unique identifier for the party.", + "$ref" : "#/definitions/UUIDDatatype" }, + "type" : + { "title" : "Party Type", + "description" : "A category describing the kind of party the object describes.", + "allOf" : + [ + { "$ref" : "#/definitions/StringDatatype" }, + + { "enum" : + [ "person", + "organization" ] } ] }, + "name" : + { "title" : "Party Name", + "description" : "The full name of the party. This is typically the legal name associated with the party.", + "$ref" : "#/definitions/StringDatatype" }, + "short-name" : + { "title" : "Party Short Name", + "description" : "A short common name, abbreviation, or acronym for the party.", + "$ref" : "#/definitions/StringDatatype" }, + "external-ids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Party External Identifier", + "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID).", + "type" : "object", + "properties" : + { "scheme" : + { "title" : "External Identifier Schema", + "description" : "Indicates the type of external identifier.", + "$ref" : "#/definitions/URIDatatype" }, + "id" : + { "type" : "string" } }, + "required" : + [ "id", + "scheme" ], + "additionalProperties" : false } }, + "props" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_property" } }, + "links" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_link" } }, + "email-addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_email-address" } }, + "telephone-numbers" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_telephone-number" } }, + "addresses" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#assembly_oscal-metadata_address" } }, + "location-uuids" : + { "type" : "array", + "minItems" : 1, + "items" : + { "$ref" : "#field_oscal-metadata_location-uuid" } }, + "member-of-organizations" : + { "type" : "array", + "minItems" : 1, + "items" : + { "title" : "Organizational Affiliation", + "description" : "A reference to another party by UUID, typically an organization, that this subject is associated with.", + "$ref" : "#/definitions/UUIDDatatype" } }, + "remarks" : + { "$ref" : "#field_oscal-metadata_remarks" } }, + "required" : + [ "uuid", + "type" ], + "additionalProperties" : false } }, "responsible-parties" : { "type" : "array", "minItems" : 1, @@ -902,233 +1098,24 @@ "version", "oscal-version" ], "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:revision" : - { "title" : "Revision History Entry", - "description" : "An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first).", - "$id" : "#assembly_oscal-metadata_revision", - "type" : "object", - "properties" : - { "title" : - { "title" : "Document Title", - "description" : "A name given to the document revision, which may be used by a tool for display and navigation.", - "type" : "string" }, - "published" : - { "$ref" : "#field_oscal-metadata_published" }, - "last-modified" : - { "$ref" : "#field_oscal-metadata_last-modified" }, - "version" : - { "$ref" : "#field_oscal-metadata_version" }, - "oscal-version" : - { "$ref" : "#field_oscal-metadata_oscal-version" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "version" ], - "additionalProperties" : false }, - "oscal-ssp-oscal-metadata:location" : - { "title" : "Location", - "description" : "A location, with associated metadata that can be referenced.", - "$id" : "#assembly_oscal-metadata_location", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Location Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "title" : - { "title" : "Location Title", - "description" : "A name given to the location, which may be used by a tool for display and navigation.", - "type" : "string" }, - "address" : - { "$ref" : "#assembly_oscal-metadata_address" }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "urls" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Location URL", - "description" : "The uniform resource locator (URL) for a web site or Internet presence associated with the location.", - "$ref" : "#/definitions/URIDatatype" } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "address" ], - "additionalProperties" : false }, "oscal-ssp-oscal-metadata:location-uuid" : - { "title" : "Location Reference", - "description" : "A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Location Universally Unique Identifier Reference", + "description" : "Reference to a location by UUID.", "$id" : "#field_oscal-metadata_location-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-ssp-oscal-metadata:party" : - { "title" : "Party (organization or person)", - "description" : "A responsible entity which is either a person or an organization.", - "$id" : "#assembly_oscal-metadata_party", - "type" : "object", - "properties" : - { "uuid" : - { "title" : "Party Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/UUIDDatatype" }, - "type" : - { "title" : "Party Type", - "description" : "A category describing the kind of party the object describes.", - "allOf" : - [ - { "$ref" : "#/definitions/StringDatatype" }, - - { "enum" : - [ "person", - "organization" ] } ] }, - "name" : - { "title" : "Party Name", - "description" : "The full name of the party. This is typically the legal name associated with the party.", - "$ref" : "#/definitions/StringDatatype" }, - "short-name" : - { "title" : "Party Short Name", - "description" : "A short common name, abbreviation, or acronym for the party.", - "$ref" : "#/definitions/StringDatatype" }, - "external-ids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Party External Identifier", - "description" : "An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID)", - "type" : "object", - "properties" : - { "scheme" : - { "title" : "External Identifier Schema", - "description" : "Indicates the type of external identifier.", - "$ref" : "#/definitions/URIDatatype" }, - "id" : - { "type" : "string" } }, - "required" : - [ "id", - "scheme" ], - "additionalProperties" : false } }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "email-addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_email-address" } }, - "telephone-numbers" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_telephone-number" } }, - "addresses" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_address" } }, - "location-uuids" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#field_oscal-metadata_location-uuid" } }, - "member-of-organizations" : - { "type" : "array", - "minItems" : 1, - "items" : - { "title" : "Organizational Affiliation", - "description" : "A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", - "$ref" : "#/definitions/UUIDDatatype" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "uuid", - "type" ], - "additionalProperties" : false }, "oscal-ssp-oscal-metadata:party-uuid" : - { "title" : "Party Reference", - "description" : "A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", + { "title" : "Party Universally Unique Identifier Reference", + "description" : "Reference to a party by UUID.", "$id" : "#field_oscal-metadata_party-uuid", "$ref" : "#/definitions/UUIDDatatype" }, - "oscal-ssp-oscal-metadata:role" : - { "title" : "Role", - "description" : "Defines a function assumed or expected to be assumed by a party in a specific situation.", - "$id" : "#assembly_oscal-metadata_role", - "type" : "object", - "properties" : - { "id" : - { "title" : "Role Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", - "$ref" : "#/definitions/TokenDatatype" }, - "title" : - { "title" : "Role Title", - "description" : "A name given to the role, which may be used by a tool for display and navigation.", - "type" : "string" }, - "short-name" : - { "title" : "Role Short Name", - "description" : "A short common name, abbreviation, or acronym for the role.", - "$ref" : "#/definitions/StringDatatype" }, - "description" : - { "title" : "Role Description", - "description" : "A summary of the role's purpose and associated responsibilities.", - "type" : "string" }, - "props" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_property" } }, - "links" : - { "type" : "array", - "minItems" : 1, - "items" : - { "$ref" : "#assembly_oscal-metadata_link" } }, - "remarks" : - { "$ref" : "#field_oscal-metadata_remarks" } }, - "required" : - [ "id", - "title" ], - "additionalProperties" : false }, "oscal-ssp-oscal-metadata:role-id" : { "title" : "Role Identifier Reference", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "Reference to a role by UUID.", "$id" : "#field_oscal-metadata_role-id", "$ref" : "#/definitions/TokenDatatype" }, "oscal-ssp-oscal-metadata:back-matter" : { "title" : "Back matter", - "description" : "A collection of resources, which may be included directly or by reference.", + "description" : "A collection of resources that may be referenced from within the OSCAL document instance.", "$id" : "#assembly_oscal-metadata_back-matter", "type" : "object", "properties" : @@ -1137,20 +1124,20 @@ "minItems" : 1, "items" : { "title" : "Resource", - "description" : "A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources.", + "description" : "A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources.", "type" : "object", "properties" : { "uuid" : { "title" : "Resource Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a resource.", "$ref" : "#/definitions/UUIDDatatype" }, "title" : { "title" : "Resource Title", - "description" : "A name given to the resource, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the resource, which may be used by a tool for display and navigation.", "type" : "string" }, "description" : { "title" : "Resource Description", - "description" : "A short summary of the resource used to indicate the purpose of the resource.", + "description" : "An optional short summary of the resource used to indicate the purpose of the resource.", "type" : "string" }, "props" : { "type" : "array", @@ -1164,7 +1151,7 @@ { "$ref" : "#field_oscal-metadata_document-id" } }, "citation" : { "title" : "Citation", - "description" : "A citation consisting of end note text and optional structured bibliographic data.", + "description" : "An optional citation consisting of end note text using structured markup.", "type" : "object", "properties" : { "text" : @@ -1189,16 +1176,16 @@ "minItems" : 1, "items" : { "title" : "Resource link", - "description" : "A pointer to an external resource with an optional hash for verification and change detection.", + "description" : "A URL-based pointer to an external resource with an optional hash for verification and change detection.", "type" : "object", "properties" : { "href" : { "title" : "Hypertext Reference", - "description" : "A resolvable URI reference to a resource.", + "description" : "A resolvable URL pointing to the referenced resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "hashes" : { "type" : "array", @@ -1210,16 +1197,16 @@ "additionalProperties" : false } }, "base64" : { "title" : "Base64", - "description" : "The Base64 alphabet in RFC 2045 - aligned with XSD.", + "description" : "A resource encoded using the Base64 alphabet defined by RFC 2045.", "type" : "object", "properties" : { "filename" : { "title" : "File Name", "description" : "Name of the file before it was encoded as Base64 to be embedded in a resource. This is the name that will be assigned to the file when the file is decoded.", - "$ref" : "#/definitions/URIReferenceDatatype" }, + "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -1234,17 +1221,22 @@ "additionalProperties" : false }, "oscal-ssp-oscal-metadata:property" : { "title" : "Property", - "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values.", + "description" : "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", "$id" : "#assembly_oscal-metadata_property", "type" : "object", "properties" : { "name" : { "title" : "Property Name", - "description" : "A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", - "$ref" : "#/definitions/TokenDatatype" }, + "description" : "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.", + "allOf" : + [ + { "$ref" : "#/definitions/TokenDatatype" }, + + { "enum" : + [ "marking" ] } ] }, "uuid" : { "title" : "Property Universally Unique Identifier", - "description" : "A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for a property.", "$ref" : "#/definitions/UUIDDatatype" }, "ns" : { "title" : "Property Namespace", @@ -1256,7 +1248,7 @@ "$ref" : "#/definitions/StringDatatype" }, "class" : { "title" : "Property Class", - "description" : "A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns.", + "description" : "A textual label that provides a sub-type or characterization of the property's name.", "$ref" : "#/definitions/TokenDatatype" }, "group" : { "title" : "Property Group", @@ -1270,7 +1262,7 @@ "additionalProperties" : false }, "oscal-ssp-oscal-metadata:link" : { "title" : "Link", - "description" : "A reference to a local or remote resource", + "description" : "A reference to a local or remote resource, that has a specific relation to the containing object.", "$id" : "#assembly_oscal-metadata_link", "type" : "object", "properties" : @@ -1279,12 +1271,12 @@ "description" : "A resolvable URL reference to a resource.", "$ref" : "#/definitions/URIReferenceDatatype" }, "rel" : - { "title" : "Relation", - "description" : "Describes the type of relationship provided by the link. This can be an indicator of the link's purpose.", + { "title" : "Link Relation Type", + "description" : "Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose.", "$ref" : "#/definitions/TokenDatatype" }, "media-type" : { "title" : "Media Type", - "description" : "Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry.", + "description" : "A label that indicates the nature of a resource, as a data serialization or format.", "$ref" : "#/definitions/StringDatatype" }, "text" : { "title" : "Link Text", @@ -1295,13 +1287,13 @@ "additionalProperties" : false }, "oscal-ssp-oscal-metadata:responsible-party" : { "title" : "Responsible Party", - "description" : "A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object.", + "description" : "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.", "$id" : "#assembly_oscal-metadata_responsible-party", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role", - "description" : "A human-oriented identifier reference to roles served by the user.", + "description" : "A reference to a role performed by a party.", "$ref" : "#/definitions/TokenDatatype" }, "party-uuids" : { "type" : "array", @@ -1370,13 +1362,13 @@ "additionalProperties" : false }, "oscal-ssp-oscal-metadata:responsible-role" : { "title" : "Responsible Role", - "description" : "A reference to one or more roles with responsibility for performing a function relative to the containing object.", + "description" : "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", "$id" : "#assembly_oscal-metadata_responsible-role", "type" : "object", "properties" : { "role-id" : { "title" : "Responsible Role ID", - "description" : "A human-oriented identifier reference to roles responsible for the business function.", + "description" : "A human-oriented identifier reference to a role performed.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -1406,7 +1398,7 @@ "properties" : { "algorithm" : { "title" : "Hash algorithm", - "description" : "Method by which a hash is derived", + "description" : "The digest method by which a hash is derived.", "$ref" : "#/definitions/StringDatatype" }, "value" : { "type" : "string" } }, @@ -1416,27 +1408,27 @@ "additionalProperties" : false }, "oscal-ssp-oscal-metadata:remarks" : { "title" : "Remarks", - "description" : "Additional commentary on the containing object.", + "description" : "Additional commentary about the containing object.", "$id" : "#field_oscal-metadata_remarks", "type" : "string" }, "oscal-ssp-oscal-metadata:published" : { "title" : "Publication Timestamp", - "description" : "The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last made available.", "$id" : "#field_oscal-metadata_published", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-ssp-oscal-metadata:last-modified" : { "title" : "Last Modified Timestamp", - "description" : "The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included.", + "description" : "The date and time the document was last stored for later retrieval.", "$id" : "#field_oscal-metadata_last-modified", "$ref" : "#/definitions/DateTimeWithTimezoneDatatype" }, "oscal-ssp-oscal-metadata:version" : { "title" : "Document Version", - "description" : "A string used to distinguish the current version of the document from other previous (and future) versions.", + "description" : "Used to distinguish a specific revision of an OSCAL document from other previous and future versions.", "$id" : "#field_oscal-metadata_version", "$ref" : "#/definitions/StringDatatype" }, "oscal-ssp-oscal-metadata:oscal-version" : - { "title" : "OSCAL version", - "description" : "The OSCAL model version the document was authored against.", + { "title" : "OSCAL Version", + "description" : "The OSCAL model version the document was authored against and will conform to as valid.", "$id" : "#field_oscal-metadata_oscal-version", "$ref" : "#/definitions/StringDatatype" }, "oscal-ssp-oscal-metadata:email-address" : @@ -1446,7 +1438,7 @@ "$ref" : "#/definitions/EmailAddressDatatype" }, "oscal-ssp-oscal-metadata:telephone-number" : { "title" : "Telephone Number", - "description" : "Contact number by telephone.", + "description" : "A telephone service number as defined by ITU-T E.164.", "$id" : "#field_oscal-metadata_telephone-number", "type" : "object", "properties" : @@ -1480,11 +1472,11 @@ "$ref" : "#/definitions/StringDatatype" }, "state" : { "title" : "State", - "description" : "State, province or analogous geographical region for mailing address", + "description" : "State, province or analogous geographical region for a mailing address.", "$ref" : "#/definitions/StringDatatype" }, "postal-code" : { "title" : "Postal Code", - "description" : "Postal or ZIP code for mailing address", + "description" : "Postal or ZIP code for mailing address.", "$ref" : "#/definitions/StringDatatype" }, "country" : { "title" : "Country Code", @@ -1498,7 +1490,7 @@ "$ref" : "#/definitions/StringDatatype" }, "oscal-ssp-oscal-metadata:document-id" : { "title" : "Document Identifier", - "description" : "A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of \"document-id\" is equal to the value of the \"uuid\" flag of the top-level root element.", + "description" : "A document identifier qualified by an identifier scheme.", "$id" : "#field_oscal-metadata_document-id", "type" : "object", "properties" : @@ -1834,31 +1826,31 @@ "required" : [ "id" ], "additionalProperties" : false }, - "oscal-ssp-oscal-catalog-common:part" : + "oscal-ssp-oscal-control-common:part" : { "title" : "Part", - "description" : "A partition of a control's definition or a child of another part.", - "$id" : "#assembly_oscal-catalog-common_part", + "description" : "An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part.", + "$id" : "#assembly_oscal-control-common_part", "type" : "object", "properties" : { "id" : { "title" : "Part Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the part.", "$ref" : "#/definitions/TokenDatatype" }, "name" : { "title" : "Part Name", - "description" : "A textual label that uniquely identifies the part's semantic type.", + "description" : "A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns.", "$ref" : "#/definitions/TokenDatatype" }, "ns" : { "title" : "Part Namespace", - "description" : "A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", + "description" : "An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name.", "$ref" : "#/definitions/URIDatatype" }, "class" : { "title" : "Part Class", - "description" : "A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns.", + "description" : "An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs.", "$ref" : "#/definitions/TokenDatatype" }, "title" : { "title" : "Part Title", - "description" : "A name given to the part, which may be used by a tool for display and navigation.", + "description" : "An optional name given to the part, which may be used by a tool for display and navigation.", "type" : "string" }, "props" : { "type" : "array", @@ -1873,7 +1865,7 @@ { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_part" } }, + { "$ref" : "#assembly_oscal-control-common_part" } }, "links" : { "type" : "array", "minItems" : 1, @@ -1882,23 +1874,23 @@ "required" : [ "name" ], "additionalProperties" : false }, - "oscal-ssp-oscal-catalog-common:parameter" : + "oscal-ssp-oscal-control-common:parameter" : { "title" : "Parameter", "description" : "Parameters provide a mechanism for the dynamic assignment of value(s) in a control.", - "$id" : "#assembly_oscal-catalog-common_parameter", + "$id" : "#assembly_oscal-control-common_parameter", "type" : "object", "properties" : { "id" : { "title" : "Parameter Identifier", - "description" : "A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.", + "description" : "A unique identifier for the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "class" : { "title" : "Parameter Class", - "description" : "A textual label that provides a characterization of the parameter.", + "description" : "A textual label that provides a characterization of the type, purpose, use or scope of the parameter.", "$ref" : "#/definitions/TokenDatatype" }, "depends-on" : { "title" : "Depends on", - "description" : "**(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used.", + "description" : "(deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used.", "$ref" : "#/definitions/TokenDatatype" }, "props" : { "type" : "array", @@ -1916,34 +1908,34 @@ "type" : "string" }, "usage" : { "title" : "Parameter Usage Description", - "description" : "Describes the purpose and use of a parameter", + "description" : "Describes the purpose and use of a parameter.", "type" : "string" }, "constraints" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-constraint" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-constraint" } }, "guidelines" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-guideline" } }, + { "$ref" : "#assembly_oscal-control-common_parameter-guideline" } }, "values" : { "type" : "array", "minItems" : 1, "items" : - { "$ref" : "#field_oscal-catalog-common_parameter-value" } }, + { "$ref" : "#field_oscal-control-common_parameter-value" } }, "select" : - { "$ref" : "#assembly_oscal-catalog-common_parameter-selection" }, + { "$ref" : "#assembly_oscal-control-common_parameter-selection" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, "required" : [ "id" ], "additionalProperties" : false }, - "oscal-ssp-oscal-catalog-common:parameter-constraint" : + "oscal-ssp-oscal-control-common:parameter-constraint" : { "title" : "Constraint", - "description" : "A formal or informal expression of a constraint or test", - "$id" : "#assembly_oscal-catalog-common_parameter-constraint", + "description" : "A formal or informal expression of a constraint or test.", + "$id" : "#assembly_oscal-control-common_parameter-constraint", "type" : "object", "properties" : { "description" : @@ -1960,7 +1952,7 @@ "properties" : { "expression" : { "title" : "Constraint test", - "description" : "A formal (executable) expression of a constraint", + "description" : "A formal (executable) expression of a constraint.", "$ref" : "#/definitions/StringDatatype" }, "remarks" : { "$ref" : "#field_oscal-metadata_remarks" } }, @@ -1968,10 +1960,10 @@ [ "expression" ], "additionalProperties" : false } } }, "additionalProperties" : false }, - "oscal-ssp-oscal-catalog-common:parameter-guideline" : + "oscal-ssp-oscal-control-common:parameter-guideline" : { "title" : "Guideline", "description" : "A prose statement that provides a recommendation for the use of a parameter.", - "$id" : "#assembly_oscal-catalog-common_parameter-guideline", + "$id" : "#assembly_oscal-control-common_parameter-guideline", "type" : "object", "properties" : { "prose" : @@ -1981,15 +1973,15 @@ "required" : [ "prose" ], "additionalProperties" : false }, - "oscal-ssp-oscal-catalog-common:parameter-value" : + "oscal-ssp-oscal-control-common:parameter-value" : { "title" : "Parameter Value", "description" : "A parameter value or set of values.", - "$id" : "#field_oscal-catalog-common_parameter-value", + "$id" : "#field_oscal-control-common_parameter-value", "$ref" : "#/definitions/StringDatatype" }, - "oscal-ssp-oscal-catalog-common:parameter-selection" : + "oscal-ssp-oscal-control-common:parameter-selection" : { "title" : "Selection", - "description" : "Presenting a choice among alternatives", - "$id" : "#assembly_oscal-catalog-common_parameter-selection", + "description" : "Presenting a choice among alternatives.", + "$id" : "#assembly_oscal-control-common_parameter-selection", "type" : "object", "properties" : { "how-many" : @@ -2007,13 +1999,13 @@ "minItems" : 1, "items" : { "title" : "Choice", - "description" : "A value selection among several such options", + "description" : "A value selection among several such options.", "type" : "string" } } }, "additionalProperties" : false }, - "oscal-ssp-oscal-catalog-common:include-all" : + "oscal-ssp-oscal-control-common:include-all" : { "title" : "Include All", "description" : "Include all controls from the imported catalog or profile resources.", - "$id" : "#assembly_oscal-catalog-common_include-all", + "$id" : "#assembly_oscal-control-common_include-all", "type" : "object", "additionalProperties" : false }, "Base64Datatype" : diff --git a/xml/convert/oscal_assessment-plan_json-to-xml-converter.xsl b/xml/convert/oscal_assessment-plan_json-to-xml-converter.xsl index f4c472c2de..3ea58b7e68 100644 --- a/xml/convert/oscal_assessment-plan_json-to-xml-converter.xsl +++ b/xml/convert/oscal_assessment-plan_json-to-xml-converter.xsl @@ -157,53 +157,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -684,7 +637,12 @@ mode="keep-value-property" priority="8"> - + @@ -776,16 +734,17 @@ - + - - + - @@ -822,8 +781,8 @@ - + - - + - - + @@ -1219,7 +1183,12 @@ mode="keep-value-property" priority="6"> - + @@ -1470,7 +1439,7 @@ @@ -1817,6 +1786,20 @@ + + + + + + + + + + + + + @@ -1910,6 +1893,22 @@ + + + + + + + + + + + + + + + @@ -2105,6 +2104,7 @@ @@ -2140,6 +2140,26 @@ + + + + + + + + + + + + + + + + + + + @@ -2991,8 +3011,8 @@ diff --git a/xml/convert/oscal_assessment-results_json-to-xml-converter.xsl b/xml/convert/oscal_assessment-results_json-to-xml-converter.xsl index 90bc188ae7..a53c949601 100644 --- a/xml/convert/oscal_assessment-results_json-to-xml-converter.xsl +++ b/xml/convert/oscal_assessment-results_json-to-xml-converter.xsl @@ -155,53 +155,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -910,7 +863,12 @@ mode="keep-value-property" priority="8"> - + @@ -1002,16 +960,17 @@ - + - - + - @@ -1048,8 +1007,8 @@ - + - - + - - + @@ -1638,7 +1602,12 @@ mode="keep-value-property" priority="9"> - + @@ -2147,7 +2116,7 @@ @@ -2494,6 +2463,20 @@ + + + + + + + + + + + + + @@ -2587,6 +2570,22 @@ + + + + + + + + + + + + + + + @@ -2782,6 +2781,7 @@ @@ -2817,6 +2817,26 @@ + + + + + + + + + + + + + + + + + + + @@ -3246,8 +3266,8 @@ diff --git a/xml/convert/oscal_catalog_json-to-xml-converter.xsl b/xml/convert/oscal_catalog_json-to-xml-converter.xsl index f6f5f7c206..982ac5fd90 100644 --- a/xml/convert/oscal_catalog_json-to-xml-converter.xsl +++ b/xml/convert/oscal_catalog_json-to-xml-converter.xsl @@ -153,53 +153,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -503,7 +456,12 @@ mode="keep-value-property" priority="8"> - + @@ -595,16 +553,17 @@ - + - - + - @@ -641,8 +600,8 @@ - + - - + - - + @@ -906,7 +870,12 @@ priority="8"> - + @@ -1014,7 +983,7 @@ @@ -1361,6 +1330,20 @@ + + + + + + + + + + + + + @@ -1454,6 +1437,22 @@ + + + + + + + + + + + + + + + @@ -1649,6 +1648,7 @@ @@ -1684,6 +1684,26 @@ + + + + + + + + + + + + + + + + + + + @@ -2154,8 +2174,8 @@ @@ -2346,8 +2366,8 @@ @@ -2435,8 +2455,8 @@ @@ -2759,8 +2779,8 @@ @@ -2848,8 +2868,8 @@ @@ -3044,8 +3064,8 @@ @@ -3133,8 +3153,8 @@ diff --git a/xml/convert/oscal_complete_json-to-xml-converter.xsl b/xml/convert/oscal_complete_json-to-xml-converter.xsl index dce9d0061d..1333edc312 100644 --- a/xml/convert/oscal_complete_json-to-xml-converter.xsl +++ b/xml/convert/oscal_complete_json-to-xml-converter.xsl @@ -153,53 +153,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -1615,7 +1568,12 @@ mode="keep-value-property" priority="8"> - + @@ -1707,16 +1665,17 @@ - + - - + - @@ -1753,8 +1712,8 @@ - + - - + - - + @@ -2018,7 +1982,12 @@ priority="8"> - + @@ -2126,7 +2095,7 @@ @@ -2556,7 +2525,8 @@ - + - + @@ -4176,6 +4151,20 @@ + + + + + + + + + + + + + @@ -4269,6 +4258,22 @@ + + + + + + + + + + + + + + + @@ -4464,6 +4469,7 @@ @@ -4499,6 +4505,26 @@ + + + + + + + + + + + + + + + + + + + @@ -4969,8 +4995,8 @@ @@ -5161,8 +5187,8 @@ @@ -5250,8 +5276,8 @@ @@ -5574,8 +5600,8 @@ @@ -5663,8 +5689,8 @@ @@ -5859,8 +5885,8 @@ @@ -5948,8 +5974,8 @@ @@ -6617,6 +6643,20 @@ + + + + + + + + + + + + + @@ -6710,6 +6750,22 @@ + + + + + + + + + + + + + + + @@ -6905,6 +6961,7 @@ @@ -6940,6 +6997,26 @@ + + + + + + + + + + + + + + + + + + + @@ -7916,6 +7993,20 @@ + + + + + + + + + + + + + @@ -8009,6 +8100,22 @@ + + + + + + + + + + + + + + + @@ -8204,6 +8311,7 @@ @@ -8239,6 +8347,26 @@ + + + + + + + + + + + + + + + + + + + @@ -8862,8 +8990,8 @@ @@ -8951,8 +9079,8 @@ @@ -9290,8 +9418,8 @@ @@ -9518,8 +9646,8 @@ @@ -9607,8 +9735,8 @@ @@ -10148,6 +10276,20 @@ + + + + + + + + + + + + + @@ -10241,6 +10383,22 @@ + + + + + + + + + + + + + + + @@ -10436,6 +10594,7 @@ @@ -10471,6 +10630,26 @@ + + + + + + + + + + + + + + + + + + + @@ -12057,6 +12236,20 @@ + + + + + + + + + + + + + @@ -12150,6 +12343,22 @@ + + + + + + + + + + + + + + + @@ -12345,6 +12554,7 @@ @@ -12380,6 +12590,26 @@ + + + + + + + + + + + + + + + + + + + @@ -15947,6 +16177,20 @@ + + + + + + + + + + + + + @@ -16040,6 +16284,22 @@ + + + + + + + + + + + + + + + @@ -16235,6 +16495,7 @@ @@ -16270,6 +16531,26 @@ + + + + + + + + + + + + + + + + + + + @@ -17121,8 +17402,8 @@ @@ -19383,6 +19664,20 @@ + + + + + + + + + + + + + @@ -19476,6 +19771,22 @@ + + + + + + + + + + + + + + + @@ -19671,6 +19982,7 @@ @@ -19706,6 +20018,26 @@ + + + + + + + + + + + + + + + + + + + @@ -20135,8 +20467,8 @@ @@ -26434,6 +26766,20 @@ + + + + + + + + + + + + + @@ -26527,6 +26873,22 @@ + + + + + + + + + + + + + + + @@ -26722,6 +27084,7 @@ @@ -26757,6 +27120,26 @@ + + + + + + + + + + + + + + + + + + + diff --git a/xml/convert/oscal_component_json-to-xml-converter.xsl b/xml/convert/oscal_component_json-to-xml-converter.xsl index 4456e868db..51ff9548ea 100644 --- a/xml/convert/oscal_component_json-to-xml-converter.xsl +++ b/xml/convert/oscal_component_json-to-xml-converter.xsl @@ -155,53 +155,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -435,7 +388,12 @@ mode="keep-value-property" priority="8"> - + @@ -527,16 +485,17 @@ - + - - + - @@ -573,8 +532,8 @@ - + - - + - - + @@ -1320,6 +1280,20 @@ + + + + + + + + + + + + + @@ -1413,6 +1387,22 @@ + + + + + + + + + + + + + + + @@ -1608,6 +1598,7 @@ @@ -1643,6 +1634,26 @@ + + + + + + + + + + + + + + + + + + + diff --git a/xml/convert/oscal_mapping_json-to-xml-converter.xsl b/xml/convert/oscal_mapping_json-to-xml-converter.xsl index 59b1a7e9aa..3a42621df6 100644 --- a/xml/convert/oscal_mapping_json-to-xml-converter.xsl +++ b/xml/convert/oscal_mapping_json-to-xml-converter.xsl @@ -153,53 +153,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -426,7 +379,12 @@ mode="keep-value-property" priority="8"> - + @@ -518,16 +476,17 @@ - + - - + - @@ -564,8 +523,8 @@ - + - - + - - + @@ -808,7 +772,7 @@ @@ -1155,6 +1119,20 @@ + + + + + + + + + + + + + @@ -1248,6 +1226,22 @@ + + + + + + + + + + + + + + + @@ -1443,6 +1437,7 @@ @@ -1478,6 +1473,26 @@ + + + + + + + + + + + + + + + + + + + diff --git a/xml/convert/oscal_poam_json-to-xml-converter.xsl b/xml/convert/oscal_poam_json-to-xml-converter.xsl index 11f7eb6123..bbd803fc3b 100644 --- a/xml/convert/oscal_poam_json-to-xml-converter.xsl +++ b/xml/convert/oscal_poam_json-to-xml-converter.xsl @@ -158,53 +158,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -705,7 +658,12 @@ mode="keep-value-property" priority="8"> - + @@ -797,16 +755,17 @@ - + - - + - @@ -843,8 +802,8 @@ - + - - + - @@ -2053,6 +2012,20 @@ + + + + + + + + + + + + + @@ -2146,6 +2119,22 @@ + + + + + + + + + + + + + + + @@ -2341,6 +2330,7 @@ @@ -2376,6 +2366,26 @@ + + + + + + + + + + + + + + + + + + + diff --git a/xml/convert/oscal_profile_json-to-xml-converter.xsl b/xml/convert/oscal_profile_json-to-xml-converter.xsl index d689c90fd7..fb31481beb 100644 --- a/xml/convert/oscal_profile_json-to-xml-converter.xsl +++ b/xml/convert/oscal_profile_json-to-xml-converter.xsl @@ -153,53 +153,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -493,7 +446,12 @@ mode="keep-value-property" priority="8"> - + @@ -585,16 +543,17 @@ - + - - + - @@ -631,8 +590,8 @@ - + - - + - - + @@ -1104,7 +1068,7 @@ @@ -1451,6 +1415,20 @@ + + + + + + + + + + + + + @@ -1544,6 +1522,22 @@ + + + + + + + + + + + + + + + @@ -1739,6 +1733,7 @@ @@ -1774,6 +1769,26 @@ + + + + + + + + + + + + + + + + + + + @@ -2397,8 +2412,8 @@ @@ -2486,8 +2501,8 @@ @@ -2825,8 +2840,8 @@ @@ -3053,8 +3068,8 @@ @@ -3142,8 +3157,8 @@ diff --git a/xml/convert/oscal_ssp_json-to-xml-converter.xsl b/xml/convert/oscal_ssp_json-to-xml-converter.xsl index ba410a11ce..b90d3f9652 100644 --- a/xml/convert/oscal_ssp_json-to-xml-converter.xsl +++ b/xml/convert/oscal_ssp_json-to-xml-converter.xsl @@ -156,53 +156,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -712,7 +665,12 @@ mode="keep-value-property" priority="8"> - + @@ -804,16 +762,17 @@ - + - - + - @@ -850,8 +809,8 @@ - + - - + - @@ -1788,6 +1747,20 @@ + + + + + + + + + + + + + @@ -1881,6 +1854,22 @@ + + + + + + + + + + + + + + + @@ -2076,6 +2065,7 @@ @@ -2111,6 +2101,26 @@ + + + + + + + + + + + + + + + + + + + diff --git a/xml/schema/oscal_assessment-plan_schema.xsd b/xml/schema/oscal_assessment-plan_schema.xsd index 7a4e2dacea..caa1f553b8 100644 --- a/xml/schema/oscal_assessment-plan_schema.xsd +++ b/xml/schema/oscal_assessment-plan_schema.xsd @@ -72,10 +72,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -137,11 +137,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -176,176 +176,89 @@ minOccurs="1" maxOccurs="1"/> - - - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. + revisions + A group of 'revision' elements - Remarks: Additional commentary on the containing object. + revisions: A group of 'revision' elements - - - - - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. - - - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - - - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. - - - Location Title: A name given to the location, which may be used by a tool for display and navigation. - - - - + + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. + Role + Defines a function, which might be assigned to a party in a specific situation. - Party Name: The full name of the party. This is typically the legal name associated with the party. + Role: Defines a function, which might be assigned to a party in a specific situation. - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + + - - + + - Party Short Name - A short common name, abbreviation, or acronym for the party. + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Party Short Name: A short common name, abbreviation, or acronym for the party. + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + + - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - - + + + - External Identifier Schema - Indicates the type of external identifier. + Party Name + The full name of the party. This is typically the legal name associated with the party. - External Identifier Schema: Indicates the type of external identifier. + Party Name: The full name of the party. This is typically the legal name associated with the party. - - - + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + + + + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. + + + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + - - - - - - - - - - - - - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -638,10 +638,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -649,10 +649,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -660,10 +660,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -675,10 +675,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -698,10 +698,10 @@ Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -735,10 +735,10 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -773,14 +773,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -794,10 +794,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -808,10 +808,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -822,10 +822,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -836,20 +836,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -860,20 +860,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -900,10 +900,10 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Class: A textual label that provides a sub-type or characterization of the property's name. @@ -921,10 +921,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -956,21 +956,21 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -978,10 +978,10 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1014,10 +1014,10 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Responsible Role: A reference to a role performed by a party. @@ -1047,10 +1047,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1102,10 +1102,10 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1138,10 +1138,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -1160,10 +1160,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -1173,10 +1173,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1186,10 +1186,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -1197,10 +1197,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -1208,21 +1208,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -1230,10 +1230,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -1241,10 +1241,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -1293,10 +1293,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -1306,10 +1306,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -1354,10 +1354,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -1365,10 +1365,10 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. @@ -1388,10 +1388,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1443,17 +1443,17 @@ minOccurs="0" maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1464,10 +1464,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -1512,10 +1512,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1642,10 +1642,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1676,10 +1676,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1862,10 +1862,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1919,10 +1919,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1953,10 +1953,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2053,7 +2053,7 @@ maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2119,7 +2119,7 @@ maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2151,10 +2151,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2190,10 +2190,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -2276,10 +2276,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2332,7 +2332,7 @@ maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2391,10 +2391,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2459,10 +2459,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2565,10 +2565,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2591,10 +2591,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2678,10 +2678,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2718,10 +2718,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2869,10 +2869,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2921,10 +2921,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3070,10 +3070,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3403,10 +3403,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3429,10 +3429,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3574,10 +3574,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3727,10 +3727,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3757,10 +3757,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3868,14 +3868,14 @@ - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -3883,10 +3883,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -3899,7 +3899,7 @@ maxOccurs="unbounded"/> Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -3986,10 +3986,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -3997,20 +3997,20 @@ @@ -4018,10 +4018,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4032,41 +4032,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -4100,10 +4101,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -4112,10 +4113,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4126,7 +4127,7 @@ - + Guideline @@ -4139,7 +4140,7 @@ - + Parameter Value @@ -4150,14 +4151,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -4165,10 +4166,10 @@ Choice - A value selection among several such options + A value selection among several such options. - Choice: A value selection among several such options + Choice: A value selection among several such options. @@ -4187,7 +4188,7 @@ - + Include All @@ -4275,10 +4276,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4309,10 +4310,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4445,10 +4446,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4539,10 +4540,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4681,10 +4682,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4707,10 +4708,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4755,10 +4756,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. diff --git a/xml/schema/oscal_assessment-results_schema.xsd b/xml/schema/oscal_assessment-results_schema.xsd index d0a0627e73..4ad4f9bd44 100644 --- a/xml/schema/oscal_assessment-results_schema.xsd +++ b/xml/schema/oscal_assessment-results_schema.xsd @@ -60,10 +60,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -324,10 +324,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -365,10 +365,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -503,10 +503,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -538,10 +538,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -562,11 +562,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -601,176 +601,89 @@ minOccurs="1" maxOccurs="1"/> - - - - - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. - - - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. + revisions + A group of 'revision' elements - Remarks: Additional commentary on the containing object. + revisions: A group of 'revision' elements - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. - - - Location Title: A name given to the location, which may be used by a tool for display and navigation. - - - - + + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. + Role + Defines a function, which might be assigned to a party in a specific situation. - Party Name: The full name of the party. This is typically the legal name associated with the party. + Role: Defines a function, which might be assigned to a party in a specific situation. - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + + - - + + - Party Short Name - A short common name, abbreviation, or acronym for the party. + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Party Short Name: A short common name, abbreviation, or acronym for the party. + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + + - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - - + + + + + + Party Name + The full name of the party. This is typically the legal name associated with the party. + + + Party Name: The full name of the party. This is typically the legal name associated with the party. + + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + - External Identifier Schema - Indicates the type of external identifier. + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. - External Identifier Schema: Indicates the type of external identifier. + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. - - - + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + - - - - - - - - - - - - - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -1063,10 +1063,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -1074,10 +1074,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -1085,10 +1085,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -1100,10 +1100,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -1123,10 +1123,10 @@ Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -1160,10 +1160,10 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1198,14 +1198,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -1219,10 +1219,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1233,10 +1233,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1247,10 +1247,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -1261,20 +1261,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1285,20 +1285,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -1325,10 +1325,10 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Class: A textual label that provides a sub-type or characterization of the property's name. @@ -1346,10 +1346,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -1381,21 +1381,21 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1403,10 +1403,10 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1439,10 +1439,10 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Responsible Role: A reference to a role performed by a party. @@ -1472,10 +1472,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1527,10 +1527,10 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1563,10 +1563,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -1585,10 +1585,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -1598,10 +1598,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1611,10 +1611,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -1622,10 +1622,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -1633,21 +1633,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -1655,10 +1655,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -1666,10 +1666,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -1718,10 +1718,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -1731,10 +1731,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -1779,10 +1779,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -1790,10 +1790,10 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. @@ -1813,10 +1813,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1868,17 +1868,17 @@ minOccurs="0" maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1889,10 +1889,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -1937,10 +1937,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2067,10 +2067,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2101,10 +2101,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2287,10 +2287,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2344,10 +2344,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2378,10 +2378,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2478,7 +2478,7 @@ maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2544,7 +2544,7 @@ maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2576,10 +2576,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2615,10 +2615,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -2701,10 +2701,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2757,7 +2757,7 @@ maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2816,10 +2816,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2884,10 +2884,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2990,10 +2990,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3016,10 +3016,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3103,10 +3103,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3143,10 +3143,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3294,10 +3294,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3346,10 +3346,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3495,10 +3495,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3828,10 +3828,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3854,10 +3854,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3999,10 +3999,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4152,10 +4152,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4182,10 +4182,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4293,14 +4293,14 @@ - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -4308,10 +4308,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -4324,7 +4324,7 @@ maxOccurs="unbounded"/> Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -4411,10 +4411,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -4422,20 +4422,20 @@ @@ -4443,10 +4443,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4457,41 +4457,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -4525,10 +4526,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -4537,10 +4538,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4551,7 +4552,7 @@ - + Guideline @@ -4564,7 +4565,7 @@ - + Parameter Value @@ -4575,14 +4576,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -4590,10 +4591,10 @@ Choice - A value selection among several such options + A value selection among several such options. - Choice: A value selection among several such options + Choice: A value selection among several such options. @@ -4612,7 +4613,7 @@ - + Include All @@ -4700,10 +4701,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4734,10 +4735,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4870,10 +4871,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4964,10 +4965,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5106,10 +5107,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5132,10 +5133,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5180,10 +5181,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. diff --git a/xml/schema/oscal_catalog_schema.xsd b/xml/schema/oscal_catalog_schema.xsd index 775a36110b..f813d2b42c 100644 --- a/xml/schema/oscal_catalog_schema.xsd +++ b/xml/schema/oscal_catalog_schema.xsd @@ -12,7 +12,7 @@ 1.0.4 oscal-catalog -

The OSCAL Control Catalog format can be used to describe a collection of security controls and related control enhancements, along with contextualizing documentation and metadata. The root of the Control Catalog format is catalog.

+

The OSCAL Control Catalog format can be used to describe a collection of security controls and related control enhancements, along with contextualizing documentation and metadata. The root of the Control Catalog format is catalog.

 catalog @@ -22,10 +22,10 @@ Catalog - A collection of controls. + A structured, organized collection of control information. - Catalog: A collection of controls. + Catalog: A structured, organized collection of control information. Catalog Universally Unique Identifier - A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised. + Provides a globally unique means to identify a given catalog instance. - Catalog Universally Unique Identifier: A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised. + Catalog Universally Unique Identifier: Provides a globally unique means to identify a given catalog instance. @@ -86,7 +86,7 @@ @@ -116,10 +116,10 @@ Group Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Identifies the group for the purpose of cross-linking within the defining instance or from other instances that reference the catalog. - Group Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Group Identifier: Identifies the group for the purpose of cross-linking within the defining instance or from other instances that reference the catalog. @@ -137,10 +137,10 @@ Control - A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance. + A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information. - Control: A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance. + Control: A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information. @@ -159,7 +159,7 @@ @@ -215,10 +215,10 @@ Control Identifier - A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document. + Identifies a control such that it can be referenced in the defining catalog and other OSCAL instances (e.g., profiles). - Control Identifier: A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document. + Control Identifier: Identifies a control such that it can be referenced in the defining catalog and other OSCAL instances (e.g., profiles). @@ -232,14 +232,14 @@ - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -247,10 +247,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -263,7 +263,7 @@ maxOccurs="unbounded"/> Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -350,10 +350,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -361,20 +361,20 @@ @@ -382,10 +382,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -396,41 +396,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -464,10 +465,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -476,10 +477,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -490,7 +491,7 @@ - + Guideline @@ -503,7 +504,7 @@ - + Parameter Value @@ -514,14 +515,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -529,10 +530,10 @@ Choice - A value selection among several such options + A value selection among several such options. - Choice: A value selection among several such options + Choice: A value selection among several such options. @@ -551,7 +552,7 @@ - + Include All @@ -564,11 +565,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -603,12 +604,82 @@ minOccurs="1" maxOccurs="1"/> + + + revisions + A group of 'revision' elements + + + revisions: A group of 'revision' elements + - + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + @@ -624,440 +695,370 @@ type="oscal-metadata-link-ASSEMBLY" minOccurs="0" maxOccurs="unbounded"/> - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. + Role + Defines a function, which might be assigned to a party in a specific situation. - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + Role: Defines a function, which might be assigned to a party in a specific situation. - - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Location Title: A name given to the location, which may be used by a tool for display and navigation. + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - - - - - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. - - - Party Name: The full name of the party. This is typically the legal name associated with the party. - - - - - - - - - Party Short Name - A short common name, abbreviation, or acronym for the party. - - - Party Short Name: A short common name, abbreviation, or acronym for the party. - - - - - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - - + + + - External Identifier Schema - Indicates the type of external identifier. + Party Name + The full name of the party. This is typically the legal name associated with the party. - External Identifier Schema: Indicates the type of external identifier. + Party Name: The full name of the party. This is typically the legal name associated with the party. - - - + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + + + + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. + + + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + - - - - - - - - - - - - - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -1065,10 +1066,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -1076,10 +1077,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -1087,10 +1088,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -1102,10 +1103,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -1125,10 +1126,10 @@ Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -1162,10 +1163,10 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1200,14 +1201,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -1221,10 +1222,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1235,10 +1236,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1249,10 +1250,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -1263,20 +1264,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1287,20 +1288,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -1327,10 +1328,10 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Class: A textual label that provides a sub-type or characterization of the property's name. @@ -1348,10 +1349,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -1383,21 +1384,21 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1405,10 +1406,10 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1441,10 +1442,10 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Responsible Role: A reference to a role performed by a party. @@ -1474,10 +1475,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1529,10 +1530,10 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1565,10 +1566,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -1587,10 +1588,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -1600,10 +1601,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1613,10 +1614,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -1624,10 +1625,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -1635,21 +1636,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -1657,10 +1658,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -1668,10 +1669,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -1720,10 +1721,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -1733,10 +1734,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -1781,10 +1782,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -1792,10 +1793,10 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. @@ -1857,10 +1858,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1900,10 +1901,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1935,10 +1936,10 @@ Mapped Resource Reference - A reference to a back-matter resource that is either the source or target of a mapping. + A reference to a resource that is either the source or target of a mapping. - Mapped Resource Reference: A reference to a back-matter resource that is either the source or target of a mapping. + Mapped Resource Reference: A reference to a resource that is either the source or target of a mapping. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. diff --git a/xml/schema/oscal_complete_schema.xsd b/xml/schema/oscal_complete_schema.xsd index cbb4607978..6d999a5dab 100644 --- a/xml/schema/oscal_complete_schema.xsd +++ b/xml/schema/oscal_complete_schema.xsd @@ -29,10 +29,10 @@ Catalog - A collection of controls. + A structured, organized collection of control information. - Catalog: A collection of controls. + Catalog: A structured, organized collection of control information. Catalog Universally Unique Identifier - A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised. + Provides a globally unique means to identify a given catalog instance. - Catalog Universally Unique Identifier: A globally unique identifier with cross-instance scope for this catalog instance. This UUID should be changed when this document is revised. + Catalog Universally Unique Identifier: Provides a globally unique means to identify a given catalog instance. @@ -93,7 +93,7 @@ @@ -123,10 +123,10 @@ Group Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Identifies the group for the purpose of cross-linking within the defining instance or from other instances that reference the catalog. - Group Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Group Identifier: Identifies the group for the purpose of cross-linking within the defining instance or from other instances that reference the catalog. @@ -144,10 +144,10 @@ Control - A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance. + A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information. - Control: A structured information object representing a security or privacy control. Each security or privacy control within the Catalog is defined by a distinct control instance. + Control: A structured object representing a requirement or guideline, which when implemented will reduce an aspect of risk related to an information system and its information. @@ -166,7 +166,7 @@ @@ -222,10 +222,10 @@ Control Identifier - A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document. + Identifies a control such that it can be referenced in the defining catalog and other OSCAL instances (e.g., profiles). - Control Identifier: A human-oriented, locally unique identifier with instance scope that can be used to reference this control elsewhere in this and other OSCAL instances (e.g., profiles). This id should be assigned per-subject, which means it should be consistently used to identify the same control across revisions of the document. + Control Identifier: Identifies a control such that it can be referenced in the defining catalog and other OSCAL instances (e.g., profiles). @@ -239,14 +239,14 @@ - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -254,10 +254,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -270,7 +270,7 @@ maxOccurs="unbounded"/> Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -357,10 +357,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -368,20 +368,20 @@ @@ -389,10 +389,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -403,41 +403,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -471,10 +472,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -483,10 +484,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -497,7 +498,7 @@ - + Guideline @@ -510,7 +511,7 @@ - + Parameter Value @@ -521,14 +522,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -536,10 +537,10 @@ Choice - A value selection among several such options + A value selection among several such options. - Choice: A value selection among several such options + Choice: A value selection among several such options. @@ -558,7 +559,7 @@ - + Include All @@ -571,11 +572,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -610,12 +611,82 @@ minOccurs="1" maxOccurs="1"/> + + + revisions + A group of 'revision' elements + + + revisions: A group of 'revision' elements + - + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + @@ -631,440 +702,370 @@ type="oscal-metadata-link-ASSEMBLY" minOccurs="0" maxOccurs="unbounded"/> - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. + Role + Defines a function, which might be assigned to a party in a specific situation. - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + Role: Defines a function, which might be assigned to a party in a specific situation. - - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. - - - Location Title: A name given to the location, which may be used by a tool for display and navigation. - - - - - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. - - - Party Name: The full name of the party. This is typically the legal name associated with the party. - - - - - - - - - Party Short Name - A short common name, abbreviation, or acronym for the party. - - - Party Short Name: A short common name, abbreviation, or acronym for the party. - - - - - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - - + + + - External Identifier Schema - Indicates the type of external identifier. + Party Name + The full name of the party. This is typically the legal name associated with the party. - External Identifier Schema: Indicates the type of external identifier. + Party Name: The full name of the party. This is typically the legal name associated with the party. - - - + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + + + + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. + + + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + - - - - - - - - - - - - - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -1072,10 +1073,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -1083,10 +1084,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -1094,10 +1095,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -1109,10 +1110,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -1132,10 +1133,10 @@ Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -1169,10 +1170,10 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1207,14 +1208,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -1228,10 +1229,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1242,10 +1243,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1256,10 +1257,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -1270,20 +1271,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1294,20 +1295,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -1334,10 +1335,10 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Class: A textual label that provides a sub-type or characterization of the property's name. @@ -1355,10 +1356,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -1390,21 +1391,21 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1412,10 +1413,10 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1448,10 +1449,10 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Responsible Role: A reference to a role performed by a party. @@ -1481,10 +1482,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1536,10 +1537,10 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1572,10 +1573,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -1594,10 +1595,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -1607,10 +1608,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1620,10 +1621,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -1631,10 +1632,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -1642,21 +1643,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -1664,10 +1665,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -1675,10 +1676,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -1727,10 +1728,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -1740,10 +1741,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -1788,10 +1789,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -1799,10 +1800,10 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. @@ -1864,10 +1865,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1907,10 +1908,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1942,10 +1943,10 @@ Mapped Resource Reference - A reference to a back-matter resource that is either the source or target of a mapping. + A reference to a resource that is either the source or target of a mapping. - Mapped Resource Reference: A reference to a back-matter resource that is either the source or target of a mapping. + Mapped Resource Reference: A reference to a resource that is either the source or target of a mapping. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2066,10 +2067,10 @@ Profile - Each OSCAL profile is defined by a Profile element + Each OSCAL profile is defined by a profile element. - Profile: Each OSCAL profile is defined by a Profile element + Profile: Each OSCAL profile is defined by a profile element. Profile Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document. + Provides a globally unique means to identify a given profile instance. - Profile Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document. + Profile Universally Unique Identifier: Provides a globally unique means to identify a given profile instance. - Import resource - The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives. + Import Resource + Designates a referenced source catalog or profile that provides a source of control information for use in creating a new overlay or baseline. - Import resource: The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives. + Import Resource: Designates a referenced source catalog or profile that provides a source of control information for use in creating a new overlay or baseline. - Merge controls - A Merge element provides structuring directives that drive how controls are organized after resolution. + Merge Controls + Provides structuring directives that instruct how controls are organized after profile resolution. - Merge controls: A Merge element provides structuring directives that drive how controls are organized after resolution. + Merge Controls: Provides structuring directives that instruct how controls are organized after profile resolution. - Combination rule - A Combine element defines how to combine multiple (competing) versions of the same control. + Combination Rule + A Combine element defines how to resolve duplicate instances of the same control (e.g., controls with the same ID). - Combination rule: A Combine element defines how to combine multiple (competing) versions of the same control. + Combination Rule: A Combine element defines how to resolve duplicate instances of the same control (e.g., controls with the same ID). - Combination method - How clashing controls should be handled + Combination Method + Declare how clashing controls should be handled. - Combination method: How clashing controls should be handled + Combination Method: Declare how clashing controls should be handled. @@ -2177,11 +2178,11 @@ - Flat - Use the flat structuring method. + Flat Without Grouping + Directs that controls appear without any grouping structure. - Flat: Use the flat structuring method. + Flat Without Grouping: Directs that controls appear without any grouping structure. @@ -2189,11 +2190,11 @@ - As-Is Structuring Directive - An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes. + Group As-Is + Indicates that the controls selected should retain their original grouping as defined in the import source. - As-Is Structuring Directive: An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes. + Group As-Is: Indicates that the controls selected should retain their original grouping as defined in the import source. @@ -2202,11 +2203,11 @@ - Custom grouping - A Custom element frames a structure for embedding represented controls in resolution. + Custom Grouping + Provides an alternate grouping structure that selected controls will be placed in. - Custom grouping: A Custom element frames a structure for embedding represented controls in resolution. + Custom Grouping: Provides an alternate grouping structure that selected controls will be placed in. - Control group - A group of (selected) controls or of groups of controls + Control Group + A group of (selected) controls or of groups of controls. - Control group: A group of (selected) controls or of groups of controls + Control Group: A group of (selected) controls or of groups of controls. @@ -2238,10 +2239,10 @@ Group Title - A name given to the group, which may be used by a tool for display and navigation. + A name to be given to the group for use in display. - Group Title: A name given to the group, which may be used by a tool for display and navigation. + Group Title: A name to be given to the group for use in display. @@ -2249,7 +2250,7 @@ @@ -2279,10 +2280,10 @@ Group Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Identifies the group. - Group Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Group Identifier: Identifies the group. @@ -2299,11 +2300,11 @@ - Modify controls - Set parameters or amend controls in resolution + Modify Controls + Set parameters or amend controls in resolution. - Modify controls: Set parameters or amend controls in resolution + Modify Controls: Set parameters or amend controls in resolution. @@ -2311,10 +2312,10 @@ Parameter Setting - A parameter setting, to be propagated to points of insertion + A parameter setting, to be propagated to points of insertion. - Parameter Setting: A parameter setting, to be propagated to points of insertion + Parameter Setting: A parameter setting, to be propagated to points of insertion. Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -2356,20 +2357,20 @@ @@ -2378,10 +2379,10 @@ Parameter ID - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + An identifier for the parameter. - Parameter ID: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter ID: An identifier for the parameter. @@ -2397,11 +2398,11 @@ - Depends on + Depends On **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends On: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. @@ -2411,10 +2412,10 @@ Alteration - An Alter element specifies changes to be made to an included control when a profile is resolved. + Specifies changes to be made to an included control when a profile is resolved. - Alteration: An Alter element specifies changes to be made to an included control when a profile is resolved. + Alteration: Specifies changes to be made to an included control when a profile is resolved. @@ -2431,10 +2432,10 @@ Reference by (assigned) name - Identify items to remove by matching their assigned name + Identify items remove by matching their assigned name. - Reference by (assigned) name: Identify items to remove by matching their assigned name + Reference by (assigned) name: Identify items remove by matching their assigned name. @@ -2461,11 +2462,10 @@ Item Name Reference - Identify items to remove by the name of the item's information element name, e.g. title or prop - + Identify items to remove by the name of the item's information object name, e.g. title or prop. - Item Name Reference: Identify items to remove by the name of the item's information element name, e.g. title or prop + Item Name Reference: Identify items to remove by the name of the item's information object name, e.g. title or prop. @@ -2485,10 +2485,10 @@ Addition - Specifies contents to be added into controls, in resolution + Specifies contents to be added into controls, in resolution. - Addition: Specifies contents to be added into controls, in resolution + Addition: Specifies contents to be added into controls, in resolution. @@ -2507,7 +2507,7 @@ @@ -2527,10 +2527,10 @@ Position - Where to add the new content with respect to the targeted element (beside it or inside it) + Where to add the new content with respect to the targeted element (beside it or inside it). - Position: Where to add the new content with respect to the targeted element (beside it or inside it) + Position: Where to add the new content with respect to the targeted element (beside it or inside it). @@ -2550,10 +2550,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -2563,16 +2563,16 @@ - Select controls + Select Controls Specifies which controls to use in the containing context. - Select controls: Specifies which controls to use in the containing context. + Select Controls: Specifies which controls to use in the containing context. - Call - Call a control by its ID + Select Control + Select a control or controls from an imported control set. - Call: Call a control by its ID + Select Control: Select a control or controls from an imported control set. @@ -2611,10 +2611,10 @@ Match Controls by Identifier - + Selecting a control by its ID given as a literal. - Match Controls by Identifier: + Match Controls by Identifier: Selecting a control by its ID given as a literal. @@ -2624,10 +2624,10 @@ Match Controls by Pattern - Select controls by (regular expression) match on ID + Selecting a set of controls by matching their IDs with a wildcard pattern. - Match Controls by Pattern: Select controls by (regular expression) match on ID + Match Controls by Pattern: Selecting a set of controls by matching their IDs with a wildcard pattern. @@ -2645,11 +2645,11 @@ - Include contained controls with control + Include Contained Controls with Control When a control is included, whether its child (dependent) controls are also included. - Include contained controls with control: When a control is included, whether its child (dependent) controls are also included. + Include Contained Controls with Control: When a control is included, whether its child (dependent) controls are also included. @@ -2690,10 +2690,10 @@ Component Definition Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given component definition instance. - Component Definition Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Component Definition Universally Unique Identifier: Provides a globally unique means to identify a given component definition instance. @@ -2796,10 +2796,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2810,10 +2810,10 @@ Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given component. - Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Component Identifier: Provides a globally unique means to identify a given component. @@ -2872,10 +2872,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2886,10 +2886,10 @@ Capability Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given capability. - Capability Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Capability Identifier: Provides a globally unique means to identify a given capability. @@ -2907,10 +2907,10 @@ Incorporates Component - TBD + The collection of components comprising this capability. - Incorporates Component: TBD + Incorporates Component: The collection of components comprising this capability. @@ -2986,10 +2986,10 @@ Control Implementation Set Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a means to identify a set of control implementations that are supported by a given component or capability. - Control Implementation Set Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Control Implementation Set Identifier: Provides a means to identify a set of control implementations that are supported by a given component or capability. @@ -3018,10 +3018,10 @@ Control Implementation Description - A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. + A suggestion from the supplier (e.g., component vendor or author) for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. - Control Implementation Description: A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. + Control Implementation Description: A suggestion from the supplier (e.g., component vendor or author) for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. @@ -3052,10 +3052,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3066,20 +3066,20 @@ Control Implementation Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given control implementation by a component. - Control Implementation Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Control Implementation Identifier: Provides a globally unique means to identify a given control implementation by a component. Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -3124,10 +3124,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3233,10 +3233,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3267,10 +3267,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3403,10 +3403,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3497,10 +3497,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3639,10 +3639,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3665,10 +3665,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3713,10 +3713,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3820,10 +3820,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3953,10 +3953,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4238,10 +4238,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4311,10 +4311,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4374,10 +4374,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4436,10 +4436,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4488,10 +4488,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4572,10 +4572,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4610,10 +4610,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4694,10 +4694,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4718,10 +4718,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -4755,10 +4755,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4903,10 +4903,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4967,10 +4967,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5003,10 +5003,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5118,10 +5118,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5158,10 +5158,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5243,10 +5243,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5319,10 +5319,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5374,17 +5374,17 @@ minOccurs="0" maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5395,10 +5395,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -5443,10 +5443,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5573,10 +5573,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5607,10 +5607,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5793,10 +5793,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5850,10 +5850,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5884,10 +5884,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -5984,7 +5984,7 @@ maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6050,7 +6050,7 @@ maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6082,10 +6082,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6121,10 +6121,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -6207,10 +6207,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6263,7 +6263,7 @@ maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6322,10 +6322,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6390,10 +6390,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6496,10 +6496,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6522,10 +6522,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6609,10 +6609,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6649,10 +6649,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6800,10 +6800,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -6852,10 +6852,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7001,10 +7001,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7334,10 +7334,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7360,10 +7360,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7505,10 +7505,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7658,10 +7658,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7688,10 +7688,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -7841,10 +7841,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -8105,10 +8105,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -8146,10 +8146,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -8284,10 +8284,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -8319,10 +8319,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -8422,10 +8422,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -8547,10 +8547,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. diff --git a/xml/schema/oscal_component_schema.xsd b/xml/schema/oscal_component_schema.xsd index bb681ba11c..5d2fcf812c 100644 --- a/xml/schema/oscal_component_schema.xsd +++ b/xml/schema/oscal_component_schema.xsd @@ -12,9 +12,11 @@ 1.0.4 oscal-component-definition -

The OSCAL Component Definition Model can be used to describe the implementation of controls in a component or a set of components grouped as a capability. A component can be either a technical component, or a documentary component. A technical component is a component that is implemented in hardware (physical or virtual) or software. A documentary component is a component implemented in a document, such as a process, procedure, or policy.

-

The root of the OSCAL Implementation Component format is component-definition.

-

NOTE: This documentation is a work in progress. As a result, documentation for many of the information elements is missing or incomplete.

+

The OSCAL Component Definition Model can be used to describe the implementation of controls in a component or a set of components grouped as a capability. A component can be either a technical component, or a documentary component.

+

A technical component is a component that is implemented in hardware (physical or virtual) or software. Suppliers may document components in an OSCAL component definition that describes the implementation of controls in their hardware and software.

+

A documentary component is a component implemented for a documented process, procedure, or policy. Suppliers may document components in an OSCAL component definition that describes the implementation of controls in their process, procedure, or policy.

+

The information provided by a technical or documentary component can be used by component consumers to provide starting narratives for documenting control implementations in an OSCAL SSP.

+

The root of the OSCAL Implementation Layer Component Definition model is component-definition.

 component-definition @@ -56,10 +58,10 @@ Component Definition Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given component definition instance. - Component Definition Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component definition elsewhere in this or other OSCAL instances. The locally defined UUID of the component definition can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Component Definition Universally Unique Identifier: Provides a globally unique means to identify a given component definition instance. @@ -162,10 +164,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -176,10 +178,10 @@ Component Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given component. - Component Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Component Identifier: Provides a globally unique means to identify a given component. @@ -238,10 +240,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -252,10 +254,10 @@ Capability Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given capability. - Capability Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this capability elsewhere in this or other OSCAL instances. The locally defined UUID of the capability can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Capability Identifier: Provides a globally unique means to identify a given capability. @@ -273,10 +275,10 @@ Incorporates Component - TBD + The collection of components comprising this capability. - Incorporates Component: TBD + Incorporates Component: The collection of components comprising this capability. @@ -352,10 +354,10 @@ Control Implementation Set Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a means to identify a set of control implementations that are supported by a given component or capability. - Control Implementation Set Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a set of implemented controls elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation set can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Control Implementation Set Identifier: Provides a means to identify a set of control implementations that are supported by a given component or capability. @@ -384,10 +386,10 @@ Control Implementation Description - A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. + A suggestion from the supplier (e.g., component vendor or author) for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. - Control Implementation Description: A suggestion for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. + Control Implementation Description: A suggestion from the supplier (e.g., component vendor or author) for how the specified control may be implemented if the containing component or capability is instantiated in a system security plan. @@ -418,10 +420,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -432,20 +434,20 @@ Control Implementation Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Provides a globally unique means to identify a given control implementation by a component. - Control Implementation Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference a specific control implementation elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Control Implementation Identifier: Provides a globally unique means to identify a given control implementation by a component. Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -490,10 +492,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -599,10 +601,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -633,10 +635,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -769,10 +771,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -863,10 +865,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1005,10 +1007,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1031,10 +1033,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1079,10 +1081,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1127,11 +1129,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -1166,12 +1168,82 @@ minOccurs="1" maxOccurs="1"/> + + + revisions + A group of 'revision' elements + + + revisions: A group of 'revision' elements + - + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + @@ -1187,440 +1259,370 @@ type="oscal-metadata-link-ASSEMBLY" minOccurs="0" maxOccurs="unbounded"/> - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. + Role + Defines a function, which might be assigned to a party in a specific situation. - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + Role: Defines a function, which might be assigned to a party in a specific situation. - - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. - - - Location Title: A name given to the location, which may be used by a tool for display and navigation. - - - - - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. - - - Party Name: The full name of the party. This is typically the legal name associated with the party. - - - - - - - - - Party Short Name - A short common name, abbreviation, or acronym for the party. - - - Party Short Name: A short common name, abbreviation, or acronym for the party. - - - - - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - - + + + + + + Party Name + The full name of the party. This is typically the legal name associated with the party. + + + Party Name: The full name of the party. This is typically the legal name associated with the party. + + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + - External Identifier Schema - Indicates the type of external identifier. + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. - External Identifier Schema: Indicates the type of external identifier. + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. - - - + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + - - - - - - - - - - - - - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -1628,10 +1630,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -1639,10 +1641,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -1650,10 +1652,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -1665,10 +1667,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -1688,10 +1690,10 @@ Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -1725,10 +1727,10 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1763,14 +1765,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -1784,10 +1786,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1798,10 +1800,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1812,10 +1814,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -1826,20 +1828,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1850,20 +1852,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -1890,10 +1892,10 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Class: A textual label that provides a sub-type or characterization of the property's name. @@ -1911,10 +1913,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -1946,21 +1948,21 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1968,10 +1970,10 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2004,10 +2006,10 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Responsible Role: A reference to a role performed by a party. @@ -2037,10 +2039,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2092,10 +2094,10 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2128,10 +2130,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -2150,10 +2152,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -2163,10 +2165,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2176,10 +2178,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -2187,10 +2189,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -2198,21 +2200,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -2220,10 +2222,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -2231,10 +2233,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -2283,10 +2285,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -2296,10 +2298,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -2344,10 +2346,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -2355,23 +2357,23 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -2379,10 +2381,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -2395,7 +2397,7 @@ maxOccurs="unbounded"/> Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -2482,10 +2484,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -2493,20 +2495,20 @@ @@ -2514,10 +2516,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2528,41 +2530,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -2596,10 +2599,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -2608,10 +2611,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2622,7 +2625,7 @@ - + Guideline @@ -2635,7 +2638,7 @@ - + Parameter Value @@ -2646,14 +2649,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -2661,10 +2664,10 @@ Choice - A value selection among several such options + A value selection among several such options. - Choice: A value selection among several such options + Choice: A value selection among several such options. @@ -2683,7 +2686,7 @@ - + Include All diff --git a/xml/schema/oscal_mapping_schema.xsd b/xml/schema/oscal_mapping_schema.xsd index ba93103230..954b4239c2 100644 --- a/xml/schema/oscal_mapping_schema.xsd +++ b/xml/schema/oscal_mapping_schema.xsd @@ -90,11 +90,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -129,12 +129,82 @@ minOccurs="1" maxOccurs="1"/> + + + revisions + A group of 'revision' elements + + + revisions: A group of 'revision' elements + - + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + @@ -150,440 +220,370 @@ type="oscal-metadata-link-ASSEMBLY" minOccurs="0" maxOccurs="unbounded"/> - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. + Role + Defines a function, which might be assigned to a party in a specific situation. - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + Role: Defines a function, which might be assigned to a party in a specific situation. - - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Location Title: A name given to the location, which may be used by a tool for display and navigation. + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - - - - - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. - - - Party Name: The full name of the party. This is typically the legal name associated with the party. - - - - - - - - - Party Short Name - A short common name, abbreviation, or acronym for the party. - - - Party Short Name: A short common name, abbreviation, or acronym for the party. - - - - - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - - + + + - External Identifier Schema - Indicates the type of external identifier. + Party Name + The full name of the party. This is typically the legal name associated with the party. - External Identifier Schema: Indicates the type of external identifier. + Party Name: The full name of the party. This is typically the legal name associated with the party. - - - + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + + + + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. + + + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + - - - - - - - - - - - - - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -591,10 +591,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -602,10 +602,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -613,10 +613,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -628,10 +628,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -651,10 +651,10 @@ Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -688,10 +688,10 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -726,14 +726,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -747,10 +747,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -761,10 +761,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -775,10 +775,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -789,20 +789,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -813,20 +813,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -853,10 +853,10 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Class: A textual label that provides a sub-type or characterization of the property's name. @@ -874,10 +874,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -909,21 +909,21 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -931,10 +931,10 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -967,10 +967,10 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Responsible Role: A reference to a role performed by a party. @@ -1000,10 +1000,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1055,10 +1055,10 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1091,10 +1091,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -1113,10 +1113,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -1126,10 +1126,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1139,10 +1139,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -1150,10 +1150,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -1161,21 +1161,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -1183,10 +1183,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -1194,10 +1194,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -1246,10 +1246,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -1259,10 +1259,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -1307,10 +1307,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -1318,10 +1318,10 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. @@ -1383,10 +1383,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1426,10 +1426,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1461,10 +1461,10 @@ Mapped Resource Reference - A reference to a back-matter resource that is either the source or target of a mapping. + A reference to a resource that is either the source or target of a mapping. - Mapped Resource Reference: A reference to a back-matter resource that is either the source or target of a mapping. + Mapped Resource Reference: A reference to a resource that is either the source or target of a mapping. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. diff --git a/xml/schema/oscal_poam_schema.xsd b/xml/schema/oscal_poam_schema.xsd index 0410c0125a..13a168a887 100644 --- a/xml/schema/oscal_poam_schema.xsd +++ b/xml/schema/oscal_poam_schema.xsd @@ -100,10 +100,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -225,10 +225,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -249,11 +249,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -288,176 +288,89 @@ minOccurs="1" maxOccurs="1"/> - - - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. + revisions + A group of 'revision' elements - Remarks: Additional commentary on the containing object. + revisions: A group of 'revision' elements - - - - - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. - - - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. - - - - - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. - - - Location Title: A name given to the location, which may be used by a tool for display and navigation. - - - - + + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. + Role + Defines a function, which might be assigned to a party in a specific situation. - Party Name: The full name of the party. This is typically the legal name associated with the party. + Role: Defines a function, which might be assigned to a party in a specific situation. - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + + - - + + - Party Short Name - A short common name, abbreviation, or acronym for the party. + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Party Short Name: A short common name, abbreviation, or acronym for the party. + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + + - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - - + + + - External Identifier Schema - Indicates the type of external identifier. + Party Name + The full name of the party. This is typically the legal name associated with the party. - External Identifier Schema: Indicates the type of external identifier. + Party Name: The full name of the party. This is typically the legal name associated with the party. - - - + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + + + + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. + + + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + - - - - - - - - - - - - - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -750,10 +750,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -761,10 +761,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -772,10 +772,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -787,10 +787,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -810,10 +810,10 @@ Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -847,10 +847,10 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -885,14 +885,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -906,10 +906,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -920,10 +920,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -934,10 +934,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -948,20 +948,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -972,20 +972,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -1012,10 +1012,10 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Class: A textual label that provides a sub-type or characterization of the property's name. @@ -1033,10 +1033,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -1068,21 +1068,21 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1090,10 +1090,10 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1126,10 +1126,10 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Responsible Role: A reference to a role performed by a party. @@ -1159,10 +1159,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1214,10 +1214,10 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1250,10 +1250,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -1272,10 +1272,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -1285,10 +1285,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1298,10 +1298,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -1309,10 +1309,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -1320,21 +1320,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -1342,10 +1342,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -1353,10 +1353,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -1405,10 +1405,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -1418,10 +1418,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -1466,10 +1466,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -1477,10 +1477,10 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. @@ -1564,10 +1564,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1598,10 +1598,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1734,10 +1734,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1828,10 +1828,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1970,10 +1970,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1996,10 +1996,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2044,10 +2044,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2089,14 +2089,14 @@ - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -2104,10 +2104,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -2120,7 +2120,7 @@ maxOccurs="unbounded"/> Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -2207,10 +2207,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -2218,20 +2218,20 @@ @@ -2239,10 +2239,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2253,41 +2253,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -2321,10 +2322,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -2333,10 +2334,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2347,7 +2348,7 @@ - + Guideline @@ -2360,7 +2361,7 @@ - + Parameter Value @@ -2371,14 +2372,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -2386,10 +2387,10 @@ Choice - A value selection among several such options + A value selection among several such options. - Choice: A value selection among several such options + Choice: A value selection among several such options. @@ -2408,7 +2409,7 @@ - + Include All @@ -2432,10 +2433,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2487,17 +2488,17 @@ minOccurs="0" maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2508,10 +2509,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -2556,10 +2557,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2686,10 +2687,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2720,10 +2721,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2906,10 +2907,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2963,10 +2964,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2997,10 +2998,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3097,7 +3098,7 @@ maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3163,7 +3164,7 @@ maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3195,10 +3196,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3234,10 +3235,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -3320,10 +3321,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3376,7 +3377,7 @@ maxOccurs="unbounded"/> Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3435,10 +3436,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3503,10 +3504,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3609,10 +3610,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3635,10 +3636,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3722,10 +3723,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3762,10 +3763,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3913,10 +3914,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3965,10 +3966,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4114,10 +4115,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4447,10 +4448,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4473,10 +4474,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4618,10 +4619,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4771,10 +4772,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -4801,10 +4802,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. diff --git a/xml/schema/oscal_profile_schema.xsd b/xml/schema/oscal_profile_schema.xsd index 8ab3673dcb..05ab719b33 100644 --- a/xml/schema/oscal_profile_schema.xsd +++ b/xml/schema/oscal_profile_schema.xsd @@ -12,7 +12,9 @@ 1.0.4 oscal-profile -

A profile designates a selection and configuration of controls from one or more catalogs, along with a series of operations over them. The topmost element in the OSCAL profile XML schema is profile.

+

In OSCAL a profile represents a set of selected controls from one or more control catalogs. Such a set of controls can be referenced by an OSCAL system security plan (SSP) to establish a control baseline. This effective set of controls is produced from an OSCAL profile using a deterministic, predictable process called profile resolution.

+

A profile references one or more OSCAL catalogs or profiles to import controls for control selection and tailoring. A profile can also describe how a resulting catalog is structured. When the profile is resolved, these selections and modifications are processed to produce a resulting OSCAL catalog.

+

OSCAL profiles have uses beyond establishing control baselines, such as documentation generation or as reference tables for validations.

 profile @@ -22,10 +24,10 @@ Profile - Each OSCAL profile is defined by a Profile element + Each OSCAL profile is defined by a profile element. - Profile: Each OSCAL profile is defined by a Profile element + Profile: Each OSCAL profile is defined by a profile element. Profile Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document. + Provides a globally unique means to identify a given profile instance. - Profile Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this profile elsewhere in this or other OSCAL instances. The locally defined UUID of the profile can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This identifier should be assigned per-subject, which means it should be consistently used to identify the same profile across revisions of the document. + Profile Universally Unique Identifier: Provides a globally unique means to identify a given profile instance. - Import resource - The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives. + Import Resource + Designates a referenced source catalog or profile that provides a source of control information for use in creating a new overlay or baseline. - Import resource: The import designates a catalog or profile to be included (referenced and potentially modified) by this profile. The import also identifies which controls to select using the include-all, include-controls, and exclude-controls directives. + Import Resource: Designates a referenced source catalog or profile that provides a source of control information for use in creating a new overlay or baseline. - Merge controls - A Merge element provides structuring directives that drive how controls are organized after resolution. + Merge Controls + Provides structuring directives that instruct how controls are organized after profile resolution. - Merge controls: A Merge element provides structuring directives that drive how controls are organized after resolution. + Merge Controls: Provides structuring directives that instruct how controls are organized after profile resolution. - Combination rule - A Combine element defines how to combine multiple (competing) versions of the same control. + Combination Rule + A Combine element defines how to resolve duplicate instances of the same control (e.g., controls with the same ID). - Combination rule: A Combine element defines how to combine multiple (competing) versions of the same control. + Combination Rule: A Combine element defines how to resolve duplicate instances of the same control (e.g., controls with the same ID). - Combination method - How clashing controls should be handled + Combination Method + Declare how clashing controls should be handled. - Combination method: How clashing controls should be handled + Combination Method: Declare how clashing controls should be handled. @@ -133,11 +135,11 @@ - Flat - Use the flat structuring method. + Flat Without Grouping + Directs that controls appear without any grouping structure. - Flat: Use the flat structuring method. + Flat Without Grouping: Directs that controls appear without any grouping structure. @@ -145,11 +147,11 @@ - As-Is Structuring Directive - An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes. + Group As-Is + Indicates that the controls selected should retain their original grouping as defined in the import source. - As-Is Structuring Directive: An As-is element indicates that the controls should be structured in resolution as they are structured in their source catalogs. It does not contain any elements or attributes. + Group As-Is: Indicates that the controls selected should retain their original grouping as defined in the import source. @@ -158,11 +160,11 @@ - Custom grouping - A Custom element frames a structure for embedding represented controls in resolution. + Custom Grouping + Provides an alternate grouping structure that selected controls will be placed in. - Custom grouping: A Custom element frames a structure for embedding represented controls in resolution. + Custom Grouping: Provides an alternate grouping structure that selected controls will be placed in. - Control group - A group of (selected) controls or of groups of controls + Control Group + A group of (selected) controls or of groups of controls. - Control group: A group of (selected) controls or of groups of controls + Control Group: A group of (selected) controls or of groups of controls. @@ -194,10 +196,10 @@ Group Title - A name given to the group, which may be used by a tool for display and navigation. + A name to be given to the group for use in display. - Group Title: A name given to the group, which may be used by a tool for display and navigation. + Group Title: A name to be given to the group for use in display. @@ -205,7 +207,7 @@ @@ -235,10 +237,10 @@ Group Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Identifies the group. - Group Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined group elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same group across revisions of the document. + Group Identifier: Identifies the group. @@ -255,11 +257,11 @@ - Modify controls - Set parameters or amend controls in resolution + Modify Controls + Set parameters or amend controls in resolution. - Modify controls: Set parameters or amend controls in resolution + Modify Controls: Set parameters or amend controls in resolution. @@ -267,10 +269,10 @@ Parameter Setting - A parameter setting, to be propagated to points of insertion + A parameter setting, to be propagated to points of insertion. - Parameter Setting: A parameter setting, to be propagated to points of insertion + Parameter Setting: A parameter setting, to be propagated to points of insertion. Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -312,20 +314,20 @@ @@ -334,10 +336,10 @@ Parameter ID - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + An identifier for the parameter. - Parameter ID: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter ID: An identifier for the parameter. @@ -353,11 +355,11 @@ - Depends on + Depends On **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends On: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. @@ -367,10 +369,10 @@ Alteration - An Alter element specifies changes to be made to an included control when a profile is resolved. + Specifies changes to be made to an included control when a profile is resolved. - Alteration: An Alter element specifies changes to be made to an included control when a profile is resolved. + Alteration: Specifies changes to be made to an included control when a profile is resolved. @@ -387,10 +389,10 @@ Reference by (assigned) name - Identify items to remove by matching their assigned name + Identify items remove by matching their assigned name. - Reference by (assigned) name: Identify items to remove by matching their assigned name + Reference by (assigned) name: Identify items remove by matching their assigned name. @@ -417,11 +419,10 @@ Item Name Reference - Identify items to remove by the name of the item's information element name, e.g. title or prop - + Identify items to remove by the name of the item's information object name, e.g. title or prop. - Item Name Reference: Identify items to remove by the name of the item's information element name, e.g. title or prop + Item Name Reference: Identify items to remove by the name of the item's information object name, e.g. title or prop. @@ -441,10 +442,10 @@ Addition - Specifies contents to be added into controls, in resolution + Specifies contents to be added into controls, in resolution. - Addition: Specifies contents to be added into controls, in resolution + Addition: Specifies contents to be added into controls, in resolution. @@ -463,7 +464,7 @@ @@ -483,10 +484,10 @@ Position - Where to add the new content with respect to the targeted element (beside it or inside it) + Where to add the new content with respect to the targeted element (beside it or inside it). - Position: Where to add the new content with respect to the targeted element (beside it or inside it) + Position: Where to add the new content with respect to the targeted element (beside it or inside it). @@ -506,10 +507,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -519,16 +520,16 @@ - Select controls + Select Controls Specifies which controls to use in the containing context. - Select controls: Specifies which controls to use in the containing context. + Select Controls: Specifies which controls to use in the containing context. - Call - Call a control by its ID + Select Control + Select a control or controls from an imported control set. - Call: Call a control by its ID + Select Control: Select a control or controls from an imported control set. @@ -567,10 +568,10 @@ Match Controls by Identifier - + Selecting a control by its ID given as a literal. - Match Controls by Identifier: + Match Controls by Identifier: Selecting a control by its ID given as a literal. @@ -580,10 +581,10 @@ Match Controls by Pattern - Select controls by (regular expression) match on ID + Selecting a set of controls by matching their IDs with a wildcard pattern. - Match Controls by Pattern: Select controls by (regular expression) match on ID + Match Controls by Pattern: Selecting a set of controls by matching their IDs with a wildcard pattern. @@ -601,22 +602,22 @@ - Include contained controls with control + Include Contained Controls with Control When a control is included, whether its child (dependent) controls are also included. - Include contained controls with control: When a control is included, whether its child (dependent) controls are also included. + Include Contained Controls with Control: When a control is included, whether its child (dependent) controls are also included. - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -651,12 +652,82 @@ minOccurs="1" maxOccurs="1"/> + + + revisions + A group of 'revision' elements + + + revisions: A group of 'revision' elements + - + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + @@ -672,440 +743,370 @@ type="oscal-metadata-link-ASSEMBLY" minOccurs="0" maxOccurs="unbounded"/> - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. + Role + Defines a function, which might be assigned to a party in a specific situation. - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + Role: Defines a function, which might be assigned to a party in a specific situation. - - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Location Title: A name given to the location, which may be used by a tool for display and navigation. + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - - - - - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. - - - Party Name: The full name of the party. This is typically the legal name associated with the party. - - - - - - - - - Party Short Name - A short common name, abbreviation, or acronym for the party. - - - Party Short Name: A short common name, abbreviation, or acronym for the party. - - - - - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - - + + + + + + Party Name + The full name of the party. This is typically the legal name associated with the party. + + + Party Name: The full name of the party. This is typically the legal name associated with the party. + + + + + + + + + Party Short Name + A short common name, abbreviation, or acronym for the party. + + + Party Short Name: A short common name, abbreviation, or acronym for the party. + + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + - External Identifier Schema - Indicates the type of external identifier. + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. - External Identifier Schema: Indicates the type of external identifier. + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. - - - + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + - - - - - - - - - - - - - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -1113,10 +1114,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -1124,10 +1125,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -1135,10 +1136,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -1150,10 +1151,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -1173,10 +1174,10 @@ Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -1210,10 +1211,10 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1248,14 +1249,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -1269,10 +1270,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1283,10 +1284,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1297,10 +1298,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -1311,20 +1312,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1335,20 +1336,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -1375,10 +1376,10 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Class: A textual label that provides a sub-type or characterization of the property's name. @@ -1396,10 +1397,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -1431,21 +1432,21 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -1453,10 +1454,10 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1489,10 +1490,10 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Responsible Role: A reference to a role performed by a party. @@ -1522,10 +1523,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1577,10 +1578,10 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1613,10 +1614,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -1635,10 +1636,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -1648,10 +1649,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1661,10 +1662,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -1672,10 +1673,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -1683,21 +1684,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -1705,10 +1706,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -1716,10 +1717,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -1768,10 +1769,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -1781,10 +1782,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -1829,10 +1830,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -1840,23 +1841,23 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -1864,10 +1865,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -1880,7 +1881,7 @@ maxOccurs="unbounded"/> Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -1967,10 +1968,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -1978,20 +1979,20 @@ @@ -1999,10 +2000,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2013,41 +2014,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -2081,10 +2083,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -2093,10 +2095,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2107,7 +2109,7 @@ - + Guideline @@ -2120,7 +2122,7 @@ - + Parameter Value @@ -2131,14 +2133,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -2146,10 +2148,10 @@ Choice - A value selection among several such options + A value selection among several such options. - Choice: A value selection among several such options + Choice: A value selection among several such options. @@ -2168,7 +2170,7 @@ - + Include All diff --git a/xml/schema/oscal_ssp_schema.xsd b/xml/schema/oscal_ssp_schema.xsd index bff4945996..448301112a 100644 --- a/xml/schema/oscal_ssp_schema.xsd +++ b/xml/schema/oscal_ssp_schema.xsd @@ -80,10 +80,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -213,10 +213,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -498,10 +498,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -571,10 +571,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -634,10 +634,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -696,10 +696,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -748,10 +748,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -832,10 +832,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -870,10 +870,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -954,10 +954,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -978,10 +978,10 @@ Control Identifier Reference - A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). - Control Identifier Reference: A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). + Control Identifier Reference: A reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). @@ -1015,10 +1015,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1163,10 +1163,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1227,10 +1227,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1263,10 +1263,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1378,10 +1378,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1418,10 +1418,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -1452,11 +1452,11 @@ - Publication metadata - Provides information about the publication and availability of the containing document. + Document Metadata + Provides information about the containing document, and defines concepts that are shared across the document. - Publication metadata: Provides information about the publication and availability of the containing document. + Document Metadata: Provides information about the containing document, and defines concepts that are shared across the document. @@ -1491,12 +1491,82 @@ minOccurs="1" maxOccurs="1"/> + + + revisions + A group of 'revision' elements + + + revisions: A group of 'revision' elements + - + + + + + Revision History Entry + An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + Revision History Entry: An entry in a sequential list of revisions to the containing document, expected to be in reverse chronological order (i.e. latest first). + + + + + + + Document Title + A name given to the document revision, which may be used by a tool for display and navigation. + + + Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + @@ -1512,440 +1582,370 @@ type="oscal-metadata-link-ASSEMBLY" minOccurs="0" maxOccurs="unbounded"/> - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - - Revision History Entry - An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - Revision History Entry: An entry in a sequential list of revisions to the containing document in reverse chronological order (i.e., most recent previous revision first). - - - - - Document Title - A name given to the document revision, which may be used by a tool for display and navigation. + Role + Defines a function, which might be assigned to a party in a specific situation. - Document Title: A name given to the document revision, which may be used by a tool for display and navigation. + Role: Defines a function, which might be assigned to a party in a specific situation. - - - + + + + + + Role Title + A name given to the role, which may be used by a tool for display and navigation. + + + Role Title: A name given to the role, which may be used by a tool for display and navigation. + + + + + + + + + + + Role Short Name + A short common name, abbreviation, or acronym for the role. + + + Role Short Name: A short common name, abbreviation, or acronym for the role. + + + + + + + + + Role Description + A summary of the role's purpose and associated responsibilities. + + + Role Description: A summary of the role's purpose and associated responsibilities. + + + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Role Identifier + A unique identifier for the role. + + + Role Identifier: A unique identifier for the role. + + - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - + - - - - - - - - - Location - A location, with associated metadata that can be referenced. - - - Location: A location, with associated metadata that can be referenced. - - - - - Location Title - A name given to the location, which may be used by a tool for display and navigation. + Location + A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - Location Title: A name given to the location, which may be used by a tool for display and navigation. + Location: A physical point of presence, which may be associated with people, organizations, or other concepts within the current or linked OSCAL document. - - - - - - - - - - - - - Location URL - The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - Location URL: The uniform resource locator (URL) for a web site or Internet presence associated with the location. - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - + + + + + + Location Title + A name given to the location, which may be used by a tool for display and navigation. + + + Location Title: A name given to the location, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + Location URL + The uniform resource locator (URL) for a web site or other resource associated with the location. + + + Location URL: The uniform resource locator (URL) for a web site or other resource associated with the location. + + + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Location Universally Unique Identifier + A unique ID for the location, for reference. + + + Location Universally Unique Identifier: A unique ID for the location, for reference. + + - - - - - Location Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Location Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined location elsewhere in this or other OSCAL instances. The locally defined UUID of the location can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - - Location Reference - A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Location Reference: A machine-oriented identifier reference to a location defined in the metadata section of this or another OSCAL instance. The UUID of the location in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - - - - Party (organization or person) - A responsible entity which is either a person or an organization. - - - Party (organization or person): A responsible entity which is either a person or an organization. - - - - - - - Party Name - The full name of the party. This is typically the legal name associated with the party. - - - Party Name: The full name of the party. This is typically the legal name associated with the party. - - - - - - - - - Party Short Name - A short common name, abbreviation, or acronym for the party. - - - Party Short Name: A short common name, abbreviation, or acronym for the party. - - - - - + - Party External Identifier - An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party + An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID) + Party: An organization or person, which may be associated with roles or other concepts within the current or linked OSCAL document. - - - + + + + + + Party Name + The full name of the party. This is typically the legal name associated with the party. + + + Party Name: The full name of the party. This is typically the legal name associated with the party. + + + + + + - External Identifier Schema - Indicates the type of external identifier. + Party Short Name + A short common name, abbreviation, or acronym for the party. - External Identifier Schema: Indicates the type of external identifier. + Party Short Name: A short common name, abbreviation, or acronym for the party. - - - + + + + + + + + Party External Identifier + An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + Party External Identifier: An identifier for a person or organization using a designated scheme. e.g. an Open Researcher and Contributor ID (ORCID). + + + + + + + External Identifier Schema + Indicates the type of external identifier. + + + External Identifier Schema: Indicates the type of external identifier. + + + + + + + + + + + + + + + + + + + Organizational Affiliation + A reference to another party by UUID, typically an organization, that this subject is associated with. + + + Organizational Affiliation: A reference to another party by UUID, typically an organization, that this subject is associated with. + + + + + + + + Remarks + Additional commentary about the containing object. + + + Remarks: Additional commentary about the containing object. + + + + + + + + + + Party Universally Unique Identifier + A unique identifier for the party. + + + Party Universally Unique Identifier: A unique identifier for the party. + + + + + + Party Type + A category describing the kind of party the object describes. + + + Party Type: A category describing the kind of party the object describes. + + - - - - - - - - - - - - - Organizational Affiliation - A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - Organizational Affiliation: A machine-oriented identifier reference to another party (person or organization) that this subject is associated with. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). - - - - Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. - - - - Party Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Party Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined party elsewhere in this or other OSCAL instances. The locally defined UUID of the party can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - - - - Party Type - A category describing the kind of party the object describes. - - - Party Type: A category describing the kind of party the object describes. - - - + - Party Reference - A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference + Reference to a location by UUID. - Party Reference: A machine-oriented identifier reference to another party defined in metadata. The UUID of the party in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance). + Location Universally Unique Identifier Reference: Reference to a location by UUID. - + - Role - Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference + Reference to a party by UUID. - Role: Defines a function assumed or expected to be assumed by a party in a specific situation. + Party Universally Unique Identifier Reference: Reference to a party by UUID. - - - - - - Role Title - A name given to the role, which may be used by a tool for display and navigation. - - - Role Title: A name given to the role, which may be used by a tool for display and navigation. - - - - - - - - - - - Role Short Name - A short common name, abbreviation, or acronym for the role. - - - Role Short Name: A short common name, abbreviation, or acronym for the role. - - - - - - - - - Role Description - A summary of the role's purpose and associated responsibilities. - - - Role Description: A summary of the role's purpose and associated responsibilities. - - - - - - - - - - - - Remarks - Additional commentary on the containing object. - - - Remarks: Additional commentary on the containing object. - - - - - - - - - - Role Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - Role Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined role elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, the locally defined ID of the Role from the imported OSCAL instance must be referenced in the context of the containing resource (e.g., import, import-component-definition, import-profile, import-ssp or import-ap). This ID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. - - - + + Role Identifier Reference - A human-oriented identifier reference to roles served by the user. + Reference to a role by UUID. - Role Identifier Reference: A human-oriented identifier reference to roles served by the user. + Role Identifier Reference: Reference to a role by UUID. @@ -1953,10 +1953,10 @@ Back matter - A collection of resources, which may be included directly or by reference. + A collection of resources that may be referenced from within the OSCAL document instance. - Back matter: A collection of resources, which may be included directly or by reference. + Back matter: A collection of resources that may be referenced from within the OSCAL document instance. @@ -1964,10 +1964,10 @@ Resource - A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. - Resource: A resource associated with content in the containing document. A resource may be directly included in the document base64 encoded or may point to one or more equivalent internet resources. + Resource: A resource associated with content in the containing document instance. A resource may be directly included in the document using base64 encoding or may point to one or more equivalent internet resources. @@ -1975,10 +1975,10 @@ Resource Title - A name given to the resource, which may be used by a tool for display and navigation. + An optional name given to the resource, which may be used by a tool for display and navigation. - Resource Title: A name given to the resource, which may be used by a tool for display and navigation. + Resource Title: An optional name given to the resource, which may be used by a tool for display and navigation. @@ -1990,10 +1990,10 @@ Resource Description - A short summary of the resource used to indicate the purpose of the resource. + An optional short summary of the resource used to indicate the purpose of the resource. - Resource Description: A short summary of the resource used to indicate the purpose of the resource. + Resource Description: An optional short summary of the resource used to indicate the purpose of the resource. @@ -2013,10 +2013,10 @@ Citation - A citation consisting of end note text and optional structured bibliographic data. + An optional citation consisting of end note text using structured markup. - Citation: A citation consisting of end note text and optional structured bibliographic data. + Citation: An optional citation consisting of end note text using structured markup. @@ -2050,10 +2050,10 @@ Resource link - A pointer to an external resource with an optional hash for verification and change detection. + A URL-based pointer to an external resource with an optional hash for verification and change detection. - Resource link: A pointer to an external resource with an optional hash for verification and change detection. + Resource link: A URL-based pointer to an external resource with an optional hash for verification and change detection. Hypertext Reference - A resolvable URI reference to a resource. + A resolvable URL pointing to the referenced resource. - Hypertext Reference: A resolvable URI reference to a resource. + Hypertext Reference: A resolvable URL pointing to the referenced resource. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -2088,14 +2088,14 @@ Base64 - The Base64 alphabet in RFC 2045 - aligned with XSD. + A resource encoded using the Base64 alphabet defined by RFC 2045. - Base64: The Base64 alphabet in RFC 2045 - aligned with XSD. + Base64: A resource encoded using the Base64 alphabet defined by RFC 2045. - + File Name @@ -2109,10 +2109,10 @@ Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -2123,10 +2123,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2137,10 +2137,10 @@ Resource Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a resource. - Resource Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined resource elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Resource Universally Unique Identifier: A unique identifier for a resource. @@ -2151,20 +2151,20 @@ Property - An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. - Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. The value of a property is a simple scalar value, which may be expressed as a list of values. + Property: An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2175,20 +2175,20 @@ Property Name - A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. - Property Name: A textual label that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. + Property Name: A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object. Property Universally Unique Identifier - A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for a property. - Property Universally Unique Identifier: A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined property elsewhere in this or other OSCAL instances. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Property Universally Unique Identifier: A unique identifier for a property. @@ -2215,10 +2215,10 @@ Property Class - A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + A textual label that provides a sub-type or characterization of the property's name. - Property Class: A textual label that provides a sub-type or characterization of the property's name. This can be used to further distinguish or discriminate between the semantics of multiple properties of the same object with the same name and ns. + Property Class: A textual label that provides a sub-type or characterization of the property's name. @@ -2236,10 +2236,10 @@ Link - A reference to a local or remote resource + A reference to a local or remote resource, that has a specific relation to the containing object. - Link: A reference to a local or remote resource + Link: A reference to a local or remote resource, that has a specific relation to the containing object. @@ -2271,21 +2271,21 @@ - Relation - Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type + Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. - Relation: Describes the type of relationship provided by the link. This can be an indicator of the link's purpose. + Link Relation Type: Describes the type of relationship provided by the link's hypertext reference. This can be an indicator of the link's purpose. Media Type - Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + A label that indicates the nature of a resource, as a data serialization or format. - Media Type: Specifies a media type as defined by the Internet Assigned Numbers Authority (IANA) Media Types Registry. + Media Type: A label that indicates the nature of a resource, as a data serialization or format. @@ -2293,10 +2293,10 @@ Responsible Party - A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. - Responsible Party: A reference to a set of organizations or persons that have responsibility for performing a referenced role in the context of the containing object. + Responsible Party: A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2329,10 +2329,10 @@ Responsible Role - A human-oriented identifier reference to roles served by the user. + A reference to a role performed by a party. - Responsible Role: A human-oriented identifier reference to roles served by the user. + Responsible Role: A reference to a role performed by a party. @@ -2362,10 +2362,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2417,10 +2417,10 @@ Responsible Role - A reference to one or more roles with responsibility for performing a function relative to the containing object. + A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. - Responsible Role: A reference to one or more roles with responsibility for performing a function relative to the containing object. + Responsible Role: A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role. Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2453,10 +2453,10 @@ Responsible Role ID - A human-oriented identifier reference to roles responsible for the business function. + A human-oriented identifier reference to a role performed. - Responsible Role ID: A human-oriented identifier reference to roles responsible for the business function. + Responsible Role ID: A human-oriented identifier reference to a role performed. @@ -2475,10 +2475,10 @@ Hash algorithm - Method by which a hash is derived + The digest method by which a hash is derived. - Hash algorithm: Method by which a hash is derived + Hash algorithm: The digest method by which a hash is derived. @@ -2488,10 +2488,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2501,10 +2501,10 @@ Publication Timestamp - The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last made available. - Publication Timestamp: The date and time the document was published. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Publication Timestamp: The date and time the document was last made available. @@ -2512,10 +2512,10 @@ Last Modified Timestamp - The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + The date and time the document was last stored for later retrieval. - Last Modified Timestamp: The date and time the document was last modified. The date-time value must be formatted according to RFC 3339 with full time and time zone included. + Last Modified Timestamp: The date and time the document was last stored for later retrieval. @@ -2523,21 +2523,21 @@ Document Version - A string used to distinguish the current version of the document from other previous (and future) versions. + Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - Document Version: A string used to distinguish the current version of the document from other previous (and future) versions. + Document Version: Used to distinguish a specific revision of an OSCAL document from other previous and future versions. - OSCAL version - The OSCAL model version the document was authored against. + OSCAL Version + The OSCAL model version the document was authored against and will conform to as valid. - OSCAL version: The OSCAL model version the document was authored against. + OSCAL Version: The OSCAL model version the document was authored against and will conform to as valid. @@ -2545,10 +2545,10 @@ Email Address - An email address as defined by RFC 5322 Section 3.4.1. + An email address as defined by RFC 5322 Section 3.4.1. - Email Address: An email address as defined by RFC 5322 Section 3.4.1. + Email Address: An email address as defined by RFC 5322 Section 3.4.1. @@ -2556,10 +2556,10 @@ Telephone Number - Contact number by telephone. + A telephone service number as defined by ITU-T E.164. - Telephone Number: Contact number by telephone. + Telephone Number: A telephone service number as defined by ITU-T E.164. @@ -2608,10 +2608,10 @@ State - State, province or analogous geographical region for mailing address + State, province or analogous geographical region for a mailing address. - State: State, province or analogous geographical region for mailing address + State: State, province or analogous geographical region for a mailing address. @@ -2621,10 +2621,10 @@ Postal Code - Postal or ZIP code for mailing address + Postal or ZIP code for mailing address. - Postal Code: Postal or ZIP code for mailing address + Postal Code: Postal or ZIP code for mailing address. @@ -2669,10 +2669,10 @@ Document Identifier - A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + A document identifier qualified by an identifier scheme. - Document Identifier: A document identifier qualified by an identifier scheme. A document identifier provides a globally unique identifier with a cross-instance scope that is used for a group of documents that are to be treated as different versions of the same document. If this element does not appear, or if the value of this element is empty, the value of "document-id" is equal to the value of the "uuid" flag of the top-level root element. + Document Identifier: A document identifier qualified by an identifier scheme. @@ -2680,10 +2680,10 @@ Document Identification Scheme - Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. - Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. + Document Identification Scheme: Qualifies the kind of document identifier using a URI. If the scheme is not provided the value of the element will be interpreted as a string of characters. @@ -2767,10 +2767,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2801,10 +2801,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -2937,10 +2937,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3031,10 +3031,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3173,10 +3173,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3199,10 +3199,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3247,10 +3247,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3292,14 +3292,14 @@ - + Part - A partition of a control's definition or a child of another part. + An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. - Part: A partition of a control's definition or a child of another part. + Part: An annotated, markup-based textual element of a control's or catalog group's definition, or a child of another part. @@ -3307,10 +3307,10 @@ Part Title - A name given to the part, which may be used by a tool for display and navigation. + An optional name given to the part, which may be used by a tool for display and navigation. - Part Title: A name given to the part, which may be used by a tool for display and navigation. + Part Title: An optional name given to the part, which may be used by a tool for display and navigation. @@ -3323,7 +3323,7 @@ maxOccurs="unbounded"/> Part Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the part. - Part Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined part elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Part Identifier: A unique identifier for the part. Part Name - A textual label that uniquely identifies the part's semantic type. + A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. - Part Name: A textual label that uniquely identifies the part's semantic type. + Part Name: A textual label that uniquely identifies the part's semantic type, which exists in a value space qualified by the ns. Part Namespace - A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. - Part Namespace: A namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. + Part Namespace: An optional namespace qualifying the part's name. This allows different organizations to associate distinct semantics with the same name. Part Class - A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - Part Class: A textual label that provides a sub-type or characterization of the part's name. This can be used to further distinguish or discriminate between the semantics of multiple parts of the same control with the same name and ns. + Part Class: An optional textual providing a sub-type or characterization of the part's name, or a category to which the part belongs. - + Parameter @@ -3410,10 +3410,10 @@ Parameter Usage Description - Describes the purpose and use of a parameter + Describes the purpose and use of a parameter. - Parameter Usage Description: Describes the purpose and use of a parameter + Parameter Usage Description: Describes the purpose and use of a parameter. @@ -3421,20 +3421,20 @@ @@ -3442,10 +3442,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3456,41 +3456,42 @@ Parameter Identifier - A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + A unique identifier for the parameter. - Parameter Identifier: A human-oriented, locally unique identifier with cross-instance scope that can be used to reference this defined parameter elsewhere in this or other OSCAL instances. When referenced from another OSCAL instance, this identifier must be referenced in the context of the containing resource (e.g., import-profile). This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document. + Parameter Identifier: A unique identifier for the parameter. Parameter Class - A textual label that provides a characterization of the parameter. + A textual label that provides a characterization of the type, purpose, use or scope of the parameter. - Parameter Class: A textual label that provides a characterization of the parameter. + Parameter Class: A textual label that provides a characterization of the type, purpose, use or scope of the parameter. Depends on - **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + + (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - Depends on: **(deprecated)** Another parameter invoking this one. This construct has been deprecated and should not be used. + Depends on: (deprecated) Another parameter invoking this one. This construct has been deprecated and should not be used. - + Constraint - A formal or informal expression of a constraint or test + A formal or informal expression of a constraint or test. - Constraint: A formal or informal expression of a constraint or test + Constraint: A formal or informal expression of a constraint or test. @@ -3524,10 +3525,10 @@ Constraint test - A formal (executable) expression of a constraint + A formal (executable) expression of a constraint. - Constraint test: A formal (executable) expression of a constraint + Constraint test: A formal (executable) expression of a constraint. @@ -3536,10 +3537,10 @@ Remarks - Additional commentary on the containing object. + Additional commentary about the containing object. - Remarks: Additional commentary on the containing object. + Remarks: Additional commentary about the containing object. @@ -3550,7 +3551,7 @@ - + Guideline @@ -3563,7 +3564,7 @@ - + Parameter Value @@ -3574,14 +3575,14 @@ - + Selection - Presenting a choice among alternatives + Presenting a choice among alternatives. - Selection: Presenting a choice among alternatives + Selection: Presenting a choice among alternatives. @@ -3589,10 +3590,10 @@ Choice - A value selection among several such options + A value selection among several such options. - Choice: A value selection among several such options + Choice: A value selection among several such options. @@ -3611,7 +3612,7 @@ - + Include All