Class: Risk
An identified risk.
URI: oscal:Risk
classDiagram
class Risk
click Risk href "../Risk/"
HasPropsAndLinks <|-- Risk
click HasPropsAndLinks href "../HasPropsAndLinks/"
Risk : characterizations
Risk --> "*" Characterization : characterizations
click Characterization href "../Characterization/"
Risk : deadline
Risk : description
Risk : links
Risk --> "*" Link : links
click Link href "../Link/"
Risk : mitigating_factors
Risk --> "*" MitigatingFactor : mitigating_factors
click MitigatingFactor href "../MitigatingFactor/"
Risk : origins
Risk --> "*" Origin : origins
click Origin href "../Origin/"
Risk : props
Risk --> "*" Property : props
click Property href "../Property/"
Risk : related_observations
Risk --> "*" RelatedObservation : related_observations
click RelatedObservation href "../RelatedObservation/"
Risk : remediations
Risk --> "*" Response : remediations
click Response href "../Response/"
Risk : risk_log
Risk --> "0..1" RiskLog : risk_log
click RiskLog href "../RiskLog/"
Risk : statement
Risk : status
Risk : threat_ids
Risk --> "*" ThreatId : threat_ids
click ThreatId href "../ThreatId/"
Risk : title
Risk : uuid
Inheritance
- Risk [ HasPropsAndLinks]
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| uuid | 1 UUIDType |
A machine-oriented, globally unique identifier with a cross-instance scope | direct |
| title | 1 MarkupLineType |
A human-readable name or title | direct |
| description | 1 MarkupMultilineType |
A human-readable description | direct |
| statement | 1 MarkupMultilineType |
An assessor's summary of the risk, in narrative form | direct |
| origins | * Origin |
Identifies the source of observations, findings, or risks | direct |
| threat_ids | * ThreatId |
The referenced threat identifiers | direct |
| characterizations | * Characterization |
Supporting information about the risk and how it relates to the system | direct |
| mitigating_factors | * MitigatingFactor |
Describes existing mitigating factors that may affect the overall determinati... | direct |
| deadline | 0..1 DateTimeWithTimezoneType |
The date/time by which the risk must be resolved | direct |
| remediations | * Response |
Describes either recommended or actual responses to a risk | direct |
| risk_log | 0..1 RiskLog |
A log of all risk-related tasks taken | direct |
| related_observations | * RelatedObservation |
Relates the containing object to a set of referenced observations | direct |
| status | 1 RiskStatusEnum or String |
Status indicator used by the containing OSCAL context | direct |
| props | * Property |
A list of properties | HasPropsAndLinks |
| links | * Link |
A list of links | HasPropsAndLinks |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Result | risks | range | Risk |
| PlanOfActionAndMilestones | risks | range | Risk |
In Subsets
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/oscal
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | oscal:Risk |
| native | oscal:Risk |
LinkML Source
Direct
name: Risk
description: An identified risk.
in_subset:
- assessment_common
from_schema: https://w3id.org/lmodel/oscal
mixins:
- HasPropsAndLinks
slots:
- uuid
- title
- description
- statement
- origins
- threat-ids
- characterizations
- mitigating-factors
- deadline
- remediations
- risk-log
- related-observations
- status
slot_usage:
uuid:
name: uuid
required: true
title:
name: title
required: true
description:
name: description
required: true
statement:
name: statement
required: true
status:
name: status
required: true
any_of:
- range: RiskStatusEnum
- range: string
Induced
name: Risk
description: An identified risk.
in_subset:
- assessment_common
from_schema: https://w3id.org/lmodel/oscal
mixins:
- HasPropsAndLinks
slot_usage:
uuid:
name: uuid
required: true
title:
name: title
required: true
description:
name: description
required: true
statement:
name: statement
required: true
status:
name: status
required: true
any_of:
- range: RiskStatusEnum
- range: string
attributes:
uuid:
name: uuid
description: A machine-oriented, globally unique identifier with a cross-instance
scope.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: uuid
owner: Risk
domain_of:
- Catalog
- Location
- Party
- Action
- Property
- Resource
- Profile
- AssessmentPlan
- AssessmentSubjectPlaceholder
- AssessmentPlatform
- AssessmentMethod
- Activity
- Step
- Task
- AssessmentPart
- SystemComponent
- Protocol
- SystemUser
- InventoryItem
- Observation
- Finding
- Risk
- MitigatingFactor
- Response
- RequiredAsset
- RiskLogEntry
- SystemSecurityPlan
- InformationType
- Diagram
- LeveragedAuthorization
- SspImplementedRequirement
- SspStatement
- ByComponent
- ProvidedControlImplementation
- ControlResponsibility
- InheritedControlImplementation
- SatisfiedControlImplementation
- AssessmentResults
- Result
- AssessmentLogEntry
- ComponentDefinition
- DefinedComponent
- Capability
- ControlImplementationSet
- ImplementedRequirement
- ImplementedControlStatement
- MappingCollection
- Mapping
- Map
- GapSummary
- PlanOfActionAndMilestones
- PoamItem
range: UUIDType
required: true
title:
name: title
description: A human-readable name or title.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: title
owner: Risk
domain_of:
- Group
- Control
- Metadata
- Revision
- Role
- Location
- Resource
- Part
- ProfileGroup
- Addition
- SubjectReference
- AssessmentPlatform
- Activity
- Step
- Task
- AssessmentPart
- ControlPart
- SystemComponent
- Protocol
- SystemUser
- AuthorizedPrivilege
- Observation
- Finding
- FindingTarget
- Risk
- Response
- RequiredAsset
- RiskLogEntry
- InformationType
- LeveragedAuthorization
- Result
- AssessmentLogEntry
- DefinedComponent
- PoamItem
range: MarkupLineType
required: true
description:
name: description
description: A human-readable description.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: description
owner: Risk
domain_of:
- Role
- Resource
- ParameterConstraint
- ReviewedControls
- ControlSelection
- ControlObjectiveSelection
- AssessmentSubject
- AssessmentSubjectPlaceholder
- LocalObjective
- AssessmentMethod
- Activity
- Step
- Task
- SystemComponent
- SystemUser
- AuthorizedPrivilege
- InventoryItem
- Observation
- RelevantEvidence
- Finding
- FindingTarget
- Risk
- MitigatingFactor
- Response
- RequiredAsset
- RiskLogEntry
- SystemCharacteristics
- InformationType
- AuthorizationBoundary
- Diagram
- NetworkArchitecture
- DataFlow
- SspControlImplementation
- ByComponent
- Export
- ProvidedControlImplementation
- ControlResponsibility
- InheritedControlImplementation
- SatisfiedControlImplementation
- Result
- AssessmentLogEntry
- DefinedComponent
- Capability
- IncorporatesComponent
- ControlImplementationSet
- ImplementedRequirement
- ImplementedControlStatement
- QualifierItem
- PoamItem
range: MarkupMultilineType
required: true
statement:
name: statement
description: An assessor's summary of the risk, in narrative form.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: statement
owner: Risk
domain_of:
- Risk
range: MarkupMultilineType
required: true
origins:
name: origins
description: Identifies the source of observations, findings, or risks.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: origins
owner: Risk
domain_of:
- Observation
- Finding
- Risk
- Response
- PoamItem
range: Origin
multivalued: true
inlined: true
inlined_as_list: true
threat-ids:
name: threat-ids
description: The referenced threat identifiers.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: threat_ids
owner: Risk
domain_of:
- Risk
range: ThreatId
multivalued: true
inlined: true
inlined_as_list: true
characterizations:
name: characterizations
description: Supporting information about the risk and how it relates to the system.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: characterizations
owner: Risk
domain_of:
- Risk
range: Characterization
multivalued: true
inlined: true
inlined_as_list: true
mitigating-factors:
name: mitigating-factors
description: Describes existing mitigating factors that may affect the overall
determination of the risk.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: mitigating_factors
owner: Risk
domain_of:
- Risk
range: MitigatingFactor
multivalued: true
inlined: true
inlined_as_list: true
deadline:
name: deadline
description: The date/time by which the risk must be resolved.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: deadline
owner: Risk
domain_of:
- Risk
range: DateTimeWithTimezoneType
remediations:
name: remediations
description: Describes either recommended or actual responses to a risk.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: remediations
owner: Risk
domain_of:
- Risk
range: Response
multivalued: true
inlined: true
inlined_as_list: true
risk-log:
name: risk-log
description: A log of all risk-related tasks taken.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: risk_log
owner: Risk
domain_of:
- Risk
range: RiskLog
inlined: true
related-observations:
name: related-observations
description: Relates the containing object to a set of referenced observations.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: related_observations
owner: Risk
domain_of:
- Finding
- Risk
- PoamItem
range: RelatedObservation
multivalued: true
inlined: true
inlined_as_list: true
status:
name: status
description: Status indicator used by the containing OSCAL context. Allowed values
are constrained by class-level slot_usage.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: status
owner: Risk
domain_of:
- SystemComponent
- FindingTarget
- Risk
- MappingProvenance
- Mapping
range: string
required: true
any_of:
- range: RiskStatusEnum
- range: string
props:
name: props
description: A list of properties.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: props
owner: Risk
domain_of:
- HasPropsAndLinks
- Resource
- Addition
- SystemInformation
- InformationType
- ImpactLevel
- AuthorizationBoundary
- Diagram
- NetworkArchitecture
- DataFlow
- SystemImplementation
- LeveragedAuthorization
- SspImplementedRequirement
- SspStatement
- ByComponent
- Export
- ProvidedControlImplementation
- ControlResponsibility
- InheritedControlImplementation
- SatisfiedControlImplementation
range: Property
multivalued: true
inlined: true
inlined_as_list: true
links:
name: links
description: A list of links.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: links
owner: Risk
domain_of:
- HasPropsAndLinks
- Addition
- SystemInformation
- InformationType
- ImpactLevel
- AuthorizationBoundary
- Diagram
- NetworkArchitecture
- DataFlow
- SystemImplementation
- LeveragedAuthorization
- SspImplementedRequirement
- SspStatement
- ByComponent
- Export
- ProvidedControlImplementation
- ControlResponsibility
- InheritedControlImplementation
- SatisfiedControlImplementation
range: Link
multivalued: true
inlined: true
inlined_as_list: true