Class: Compliance
The Compliance object contains information about Industry and Regulatory
Framework standards, controls and requirements or details about custom
assessments utilized in a compliance evaluation. Standards define broad
security frameworks, controls represent specific security requirements within
those frameworks, and checks are the testable verification points used to
determine if controls are properly implemented.
URI: ocsf:Compliance
classDiagram
class Compliance
click Compliance href "../Compliance/"
Object <|-- Compliance
click Object href "../Object/"
Compliance : assessments
Compliance --> "*" Assessment : assessments
click Assessment href "../Assessment/"
Compliance : category
Compliance : checks
Compliance --> "*" Check : checks
click Check href "../Check/"
Compliance : compliance_references
Compliance --> "*" KbArticle : compliance_references
click KbArticle href "../KbArticle/"
Compliance : compliance_standards
Compliance --> "*" KbArticle : compliance_standards
click KbArticle href "../KbArticle/"
Compliance : control
Compliance : control_parameters
Compliance --> "*" KeyValueObject : control_parameters
click KeyValueObject href "../KeyValueObject/"
Compliance : desc
Compliance : requirements
Compliance : standards
Compliance : status
Compliance : status_code
Compliance : status_detail
Compliance : status_details
Compliance : status_id
Compliance --> "0..1 _recommended_" ComplianceStatusIdEnum : status_id
click ComplianceStatusIdEnum href "../ComplianceStatusIdEnum/"
Inheritance
- OcsfObject
- Object
- Compliance
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| assessments | * Assessment |
A list of assessments associated with the compliance requirements evaluation | direct |
| category | 0..1 String |
The category a control framework pertains to, as reported by the source tool, | direct |
| checks | * Check |
A list of compliance checks associated with specific industry standards or | direct |
| compliance_references | * KbArticle |
A list of reference KB articles that provide information to help organization... | direct |
| compliance_standards | * KbArticle |
A list of established guidelines or criteria that define specific requirement... | direct |
| control | 0..1 recommended String |
A Control is a prescriptive, actionable set of specifications that strengthen... | direct |
| control_parameters | * KeyValueObject |
The list of control parameters evaluated in a Compliance check | direct |
| desc | 0..1 String |
The description or criteria of a control | direct |
| requirements | * String |
The specific compliance requirements being evaluated | direct |
| standards | * recommended String |
The regulatory or industry standards being evaluated for compliance | direct |
| status | 0..1 recommended String |
The resultant status of the compliance check normalized to the caption of the | direct |
| status_code | 0..1 String |
The resultant status code of the compliance check | direct |
| status_detail | 0..1 String |
The contextual description of the status, status_code values |
direct |
| status_details | * String |
A list of contextual descriptions of the status, status_code |
direct |
| status_id | 0..1 recommended ComplianceStatusIdEnum |
The normalized status identifier of the compliance check | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| ApplicationSecurityPostureFinding | compliance | range | Compliance |
| ComplianceFinding | compliance | range | Compliance |
| SecurityFinding | compliance | range | Compliance |
In Subsets
Aliases
- Compliance
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Compliance |
| native | ocsf:Compliance |
| close | iso27001:SecurityControl |
LinkML Source
Direct
name: Compliance
description: 'The Compliance object contains information about Industry and Regulatory
Framework standards, controls and requirements or details about custom
assessments utilized in a compliance evaluation. Standards define broad
security frameworks, controls represent specific security requirements within
those frameworks, and checks are the testable verification points used to
determine if controls are properly implemented.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Compliance
close_mappings:
- iso27001:SecurityControl
is_a: Object
slots:
- assessments
- category
- checks
- compliance_references
- compliance_standards
- control
- control_parameters
- desc
- requirements
- standards
- status
- status_code
- status_detail
- status_details
- status_id
slot_usage:
assessments:
name: assessments
description: A list of assessments associated with the compliance requirements
evaluation.
category:
name: category
description: 'The category a control framework pertains to, as reported by the
source tool,
such as <code>Asset Management</code> or <code>Risk Assessment</code>.'
checks:
name: checks
description: 'A list of compliance checks associated with specific industry standards
or
frameworks. Each check represents an individual rule or requirement that has
been evaluated against a target device. Checks typically include details such
as the check name (e.g., CIS: ''Ensure mounting of cramfs filesystems is
disabled'' or DISA STIG descriptive titles), unique identifiers (such as CIS
identifier ''1.1.1.1'' or DISA STIG identifier ''V-230234''), descriptions
(detailed explanations of security requirements or vulnerability discussions),
and version information.'
compliance_references:
name: compliance_references
deprecated: Use the Compliance object with Check array instead.
compliance_standards:
name: compliance_standards
deprecated: Use the Compliance object with Check array instead.
control:
name: control
description: 'A Control is a prescriptive, actionable set of specifications that
strengthens
device posture. The control specifies required security measures, while the
specific implementation values are defined in control_parameters. E.g., CIS
AWS
Foundations Benchmark 1.2.0 - Control 2.1 - Ensure CloudTrail is enabled in
all
regions'
recommended: true
control_parameters:
name: control_parameters
description: 'The list of control parameters evaluated in a Compliance check.
E.g.,
parameters for CloudTrail configuration might include
<code>multiRegionTrailEnabled: true</code>, <code>logFileValidationEnabled:
true</code>, and <code>requiredRegions: [us-east-1, us-west-2]</code>'
desc:
name: desc
description: The description or criteria of a control.
requirements:
name: requirements
description: 'The specific compliance requirements being evaluated. E.g., <code>PCI
DSS
Requirement 8.2.3 - Passwords must meet minimum complexity requirements</code>
or <code>HIPAA Security Rule 164.312(a)(2)(iv) - Implement encryption and
decryption mechanisms</code>'
standards:
name: standards
description: The regulatory or industry standards being evaluated for compliance.
recommended: true
status:
name: status
description: 'The resultant status of the compliance check normalized to the caption
of the
<code>status_id</code> value. In the case of ''Other'', it is defined by the
event source.'
recommended: true
status_code:
name: status_code
description: The resultant status code of the compliance check.
status_detail:
name: status_detail
description: The contextual description of the <code>status, status_code</code>
values.
deprecated: Use the <code> status_details </code> attribute instead.
status_details:
name: status_details
description: 'A list of contextual descriptions of the <code>status, status_code</code>
values.'
status_id:
name: status_id
description: The normalized status identifier of the compliance check.
range: ComplianceStatusIdEnum
recommended: true
Induced
name: Compliance
description: 'The Compliance object contains information about Industry and Regulatory
Framework standards, controls and requirements or details about custom
assessments utilized in a compliance evaluation. Standards define broad
security frameworks, controls represent specific security requirements within
those frameworks, and checks are the testable verification points used to
determine if controls are properly implemented.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Compliance
close_mappings:
- iso27001:SecurityControl
is_a: Object
slot_usage:
assessments:
name: assessments
description: A list of assessments associated with the compliance requirements
evaluation.
category:
name: category
description: 'The category a control framework pertains to, as reported by the
source tool,
such as <code>Asset Management</code> or <code>Risk Assessment</code>.'
checks:
name: checks
description: 'A list of compliance checks associated with specific industry standards
or
frameworks. Each check represents an individual rule or requirement that has
been evaluated against a target device. Checks typically include details such
as the check name (e.g., CIS: ''Ensure mounting of cramfs filesystems is
disabled'' or DISA STIG descriptive titles), unique identifiers (such as CIS
identifier ''1.1.1.1'' or DISA STIG identifier ''V-230234''), descriptions
(detailed explanations of security requirements or vulnerability discussions),
and version information.'
compliance_references:
name: compliance_references
deprecated: Use the Compliance object with Check array instead.
compliance_standards:
name: compliance_standards
deprecated: Use the Compliance object with Check array instead.
control:
name: control
description: 'A Control is a prescriptive, actionable set of specifications that
strengthens
device posture. The control specifies required security measures, while the
specific implementation values are defined in control_parameters. E.g., CIS
AWS
Foundations Benchmark 1.2.0 - Control 2.1 - Ensure CloudTrail is enabled in
all
regions'
recommended: true
control_parameters:
name: control_parameters
description: 'The list of control parameters evaluated in a Compliance check.
E.g.,
parameters for CloudTrail configuration might include
<code>multiRegionTrailEnabled: true</code>, <code>logFileValidationEnabled:
true</code>, and <code>requiredRegions: [us-east-1, us-west-2]</code>'
desc:
name: desc
description: The description or criteria of a control.
requirements:
name: requirements
description: 'The specific compliance requirements being evaluated. E.g., <code>PCI
DSS
Requirement 8.2.3 - Passwords must meet minimum complexity requirements</code>
or <code>HIPAA Security Rule 164.312(a)(2)(iv) - Implement encryption and
decryption mechanisms</code>'
standards:
name: standards
description: The regulatory or industry standards being evaluated for compliance.
recommended: true
status:
name: status
description: 'The resultant status of the compliance check normalized to the caption
of the
<code>status_id</code> value. In the case of ''Other'', it is defined by the
event source.'
recommended: true
status_code:
name: status_code
description: The resultant status code of the compliance check.
status_detail:
name: status_detail
description: The contextual description of the <code>status, status_code</code>
values.
deprecated: Use the <code> status_details </code> attribute instead.
status_details:
name: status_details
description: 'A list of contextual descriptions of the <code>status, status_code</code>
values.'
status_id:
name: status_id
description: The normalized status identifier of the compliance check.
range: ComplianceStatusIdEnum
recommended: true
attributes:
assessments:
name: assessments
description: A list of assessments associated with the compliance requirements
evaluation.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Assessments
rank: 1000
alias: assessments
owner: Compliance
domain_of:
- Compliance
- ConfigState
range: Assessment
multivalued: true
category:
name: category
description: 'The category a control framework pertains to, as reported by the
source tool,
such as <code>Asset Management</code> or <code>Risk Assessment</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Category
rank: 1000
alias: category
owner: Compliance
domain_of:
- Osint
- Vulnerability
- Analytic
- Assessment
- Compliance
- DataClassification
- Rule
- Trait
range: string
checks:
name: checks
description: 'A list of compliance checks associated with specific industry standards
or
frameworks. Each check represents an individual rule or requirement that has
been evaluated against a target device. Checks typically include details such
as the check name (e.g., CIS: ''Ensure mounting of cramfs filesystems is
disabled'' or DISA STIG descriptive titles), unique identifiers (such as CIS
identifier ''1.1.1.1'' or DISA STIG identifier ''V-230234''), descriptions
(detailed explanations of security requirements or vulnerability discussions),
and version information.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Compliance Checks
rank: 1000
alias: checks
owner: Compliance
domain_of:
- Compliance
range: Check
multivalued: true
compliance_references:
name: compliance_references
description: 'A list of reference KB articles that provide information to help
organizations
understand, interpret, and implement compliance standards. They provide
guidance, best practices, and examples.'
deprecated: Use the Compliance object with Check array instead.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Compliance Standard References
rank: 1000
alias: compliance_references
owner: Compliance
domain_of:
- Compliance
range: KbArticle
multivalued: true
compliance_standards:
name: compliance_standards
description: 'A list of established guidelines or criteria that define specific
requirements
an organization must follow.'
deprecated: Use the Compliance object with Check array instead.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- 'Compliance Standards: Details'
rank: 1000
alias: compliance_standards
owner: Compliance
domain_of:
- Compliance
range: KbArticle
multivalued: true
control:
name: control
description: 'A Control is a prescriptive, actionable set of specifications that
strengthens
device posture. The control specifies required security measures, while the
specific implementation values are defined in control_parameters. E.g., CIS
AWS
Foundations Benchmark 1.2.0 - Control 2.1 - Ensure CloudTrail is enabled in
all
regions'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Security Control
rank: 1000
alias: control
owner: Compliance
domain_of:
- CisCsc
- Compliance
range: string
recommended: true
control_parameters:
name: control_parameters
description: 'The list of control parameters evaluated in a Compliance check.
E.g.,
parameters for CloudTrail configuration might include
<code>multiRegionTrailEnabled: true</code>, <code>logFileValidationEnabled:
true</code>, and <code>requiredRegions: [us-east-1, us-west-2]</code>'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Control Parameters
rank: 1000
alias: control_parameters
owner: Compliance
domain_of:
- Compliance
range: KeyValueObject
multivalued: true
desc:
name: desc
description: The description or criteria of a control.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Description
rank: 1000
alias: desc
owner: Compliance
domain_of:
- Osint
- RelatedEvent
- Remediation
- Vulnerability
- Advisory
- Analytic
- ApplicationObject
- Assessment
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- Compliance
- Cve
- Database
- Databucket
- Enrichment
- File
- FindingObject
- FindingInfo
- Graph
- Group
- Job
- Location
- Node
- Policy
- Rule
- Table
- WebResource
- Device
- IncidentFinding
range: string
requirements:
name: requirements
description: 'The specific compliance requirements being evaluated. E.g., <code>PCI
DSS
Requirement 8.2.3 - Passwords must meet minimum complexity requirements</code>
or <code>HIPAA Security Rule 164.312(a)(2)(iv) - Implement encryption and
decryption mechanisms</code>'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Compliance Requirements
rank: 1000
alias: requirements
owner: Compliance
domain_of:
- Compliance
range: string
multivalued: true
standards:
name: standards
description: The regulatory or industry standards being evaluated for compliance.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- 'Compliance Standards: List'
rank: 1000
alias: standards
owner: Compliance
domain_of:
- Check
- Compliance
range: string
recommended: true
multivalued: true
status:
name: status
description: 'The resultant status of the compliance check normalized to the caption
of the
<code>status_id</code> value. In the case of ''Other'', it is defined by the
event source.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Status
rank: 1000
alias: status
owner: Compliance
domain_of:
- RelatedEvent
- Ticket
- Whois
- AdditionalRestriction
- Check
- Compliance
- DataClassification
- HttpResponse
- BaseEvent
- Finding
- IncidentFinding
- DroneFlightsActivity
range: string
recommended: true
status_code:
name: status_code
description: The resultant status code of the compliance check.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Status Code
rank: 1000
alias: status_code
owner: Compliance
domain_of:
- Span
- Compliance
- BaseEvent
- EventLogActvity
range: string
status_detail:
name: status_detail
description: The contextual description of the <code>status, status_code</code>
values.
deprecated: Use the <code> status_details </code> attribute instead.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Status Detail
rank: 1000
alias: status_detail
owner: Compliance
domain_of:
- Compliance
- LoadBalancer
- BaseEvent
- Authentication
- EventLogActvity
range: string
status_details:
name: status_details
description: 'A list of contextual descriptions of the <code>status, status_code</code>
values.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Status Details
rank: 1000
alias: status_details
owner: Compliance
domain_of:
- Ticket
- Compliance
- DataClassification
range: string
multivalued: true
status_id:
name: status_id
annotations:
sibling:
tag: sibling
value: status
description: The normalized status identifier of the compliance check.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Status ID
rank: 1000
alias: status_id
owner: Compliance
domain_of:
- Ticket
- AdditionalRestriction
- Check
- Compliance
- DataClassification
- BaseEvent
- Finding
- IncidentFinding
- RemediationActivity
- DroneFlightsActivity
range: ComplianceStatusIdEnum
recommended: true