| Observation |
Describes an individual observation |
yes |
| AuthorizationBoundary |
A description of this system's authorization boundary, optionally supplemente... |
yes |
| RequiredAsset |
Identifies an asset required to achieve remediation |
yes |
| ProvidedControlImplementation |
Describes a capability which may be inherited by a leveraging system |
yes |
| ControlImplementationSet |
Defines how the component or capability supports a set of controls |
yes |
| DataFlow |
A description of the logical flow of information within the system and across... |
yes |
| IncorporatesComponent |
The collection of components comprising a capability |
yes |
| ControlObjectiveSelection |
Identifies the control objectives of the assessment |
no |
| PoamItem |
Describes an individual POA&M item |
yes |
| AssessmentMethod |
A local definition of a control objective |
no |
| Step |
Identifies an individual step in a series of steps related to an activity, su... |
yes |
| InventoryItem |
A single managed inventory item within the system |
yes |
| NetworkArchitecture |
A description of the system's network architecture, optionally supplemented w... |
yes |
| AssessmentLogEntry |
Identifies the result of an action and/or task that occurred as part of execu... |
no |
| AssessmentSubjectPlaceholder |
Used when the assessment subjects will be determined as part of one or more o... |
no |
| Role |
Defines a function, which might be assigned to a party in a specific situatio... |
no |
| Export |
Defines a set of control implementations that are provided as reference imple... |
no |
| ParameterConstraint |
A formal or informal expression of a constraint or test |
yes |
| Finding |
Describes an individual finding |
yes |
| InformationType |
Contains details about one information type that is stored, processed, or tra... |
yes |
| RelevantEvidence |
Links this observation to relevant evidence |
yes |
| AuthorizedPrivilege |
Identifies a specific system privilege held by the user, along with an associ... |
no |
| Capability |
A grouping of other components and/or capabilities |
yes |
| QualifierItem |
A qualifier describing requirements or incompatibilities |
yes |
| SystemComponent |
A defined component that can be part of an implemented system |
yes |
| RiskLogEntry |
Identifies an individual risk response that occurred as part of managing an i... |
no |
| Diagram |
A graphic that provides a visual representation the system, or some aspect of... |
no |
| ReviewedControls |
Identifies the controls being assessed and their control objectives |
no |
| Risk |
An identified risk |
yes |
| FindingTarget |
Captures an assessor's conclusions regarding the degree to which an objective... |
no |
| SspControlImplementation |
Describes how the system satisfies a set of controls |
yes |
| Response |
Describes either recommended or an actual plan for addressing the risk |
yes |
| ControlSelection |
Identifies the controls being assessed |
no |
| MitigatingFactor |
Describes an existing mitigating factor that may affect the overall determina... |
yes |
| SystemUser |
A type of user that interacts with the system based on an associated role |
no |
| DefinedComponent |
A defined component that can be part of an implemented system |
yes |
| Result |
Identifies all of the assessment observations and findings, initial and resid... |
yes |
| Resource |
A resource associated with content in the containing document instance |
yes |
| InheritedControlImplementation |
Describes a control implementation inherited by a leveraging system |
yes |
| LocalObjective |
A local definition of a control objective for this assessment |
no |
| ByComponent |
Defines how the referenced component implements a set of controls |
yes |
| ControlResponsibility |
Describes a control implementation responsibility imposed on a leveraging sys... |
yes |
| SspInventoryItem |
SSP-scoped inventory item with allows-authenticated-scan property typing |
no |
| AssessmentSubject |
Identifies system elements being assessed, such as components, inventory item... |
no |
| ImplementedRequirement |
Describes how the containing component or capability implements an individual... |
yes |
| ImplementedControlStatement |
Identifies which statements within a control are addressed |
yes |
| Activity |
Identifies an assessment or related process that can be performed |
yes |
| Task |
Represents a scheduled event or milestone, which may be associated with a ser... |
no |
| SystemCharacteristics |
Contains the characteristics of the system, such as its name, purpose, and se... |
yes |
| SatisfiedControlImplementation |
Describes how this system satisfies a responsibility imposed by a leveraged s... |
yes |
| SspSystemComponent |
SSP-scoped system component with allows-authenticated-scan property typing |
no |