| ImplementationResponsibleRole |
Implementation-common scoped responsible role |
no |
| AuthorizationBoundary |
A description of this system's authorization boundary, optionally supplemente... |
no |
| RequiredAsset |
Identifies an asset required to achieve remediation |
no |
| PoamItem |
Describes an individual POA&M item |
no |
| NetworkArchitecture |
A description of the system's network architecture, optionally supplemented w... |
no |
| Role |
Defines a function, which might be assigned to a party in a specific situatio... |
no |
| SystemComponent |
A defined component that can be part of an implemented system |
yes |
| ProfileGroup |
A group of (selected) controls or of groups of controls within a profile cust... |
no |
| ImplementedComponent |
The set of components that are implemented in a given system inventory item |
yes |
| SspImplementedRequirement |
Describes how the system satisfies an individual control |
no |
| Result |
Identifies all of the assessment observations and findings, initial and resid... |
no |
| InheritedControlImplementation |
Describes a control implementation inherited by a leveraging system |
no |
| RelatedTask |
Identifies an individual task for which the containing object is a consequenc... |
no |
| LocalObjective |
A local definition of a control objective for this assessment |
no |
| ResponsibleParty |
A reference to a set of persons and/or organizations that have responsibility... |
no |
| AssociatedActivity |
Identifies an individual activity to be performed as part of a task |
no |
| Parameter |
Parameters provide a mechanism for the dynamic assignment of value(s) in a co... |
no |
| SatisfiedControlImplementation |
Describes how this system satisfies a responsibility imposed by a leveraged s... |
no |
| Characterization |
A collection of descriptive data about the containing object from a specific ... |
no |
| OscalCommon |
Mixin providing props, links, and remarks slots common to most OSCAL objects |
no |
| RiskResponseReference |
Identifies an individual risk response that this log entry is for |
no |
| AssessmentPlatform |
Used to represent the toolset used to perform aspects of the assessment |
no |
| AssessmentLogEntry |
Identifies the result of an action and/or task that occurred as part of execu... |
no |
| Export |
Defines a set of control implementations that are provided as reference imple... |
no |
| Location |
A physical point of presence, which may be associated with people, organizati... |
no |
| InformationType |
Contains details about one information type that is stored, processed, or tra... |
no |
| AssessmentPart |
A partition of an assessment plan or results or a child of another part |
no |
| RiskLogEntry |
Identifies an individual risk response that occurred as part of managing an i... |
no |
| SspByComponentResponsibleRole |
SSP-scoped responsible role used by by-component contexts |
no |
| Mapping |
A mapping between two mapped resources |
no |
| ParameterSetting |
A parameter setting to be propagated to points of insertion in a resolved pro... |
no |
| Response |
Describes either recommended or an actual plan for addressing the risk |
no |
| SystemUser |
A type of user that interacts with the system based on an associated role |
yes |
| LeveragedAuthorization |
A description of another authorized system from which this system inherits ca... |
yes |
| ImpactLevel |
The expected level of impact resulting from the described information's confi... |
no |
| Control |
A structured object representing a requirement or guideline, which when imple... |
no |
| SspSystemCharacteristicsResponsibleParty |
SSP-scoped responsible party for system characteristics |
no |
| SspImplementedRequirementResponsibleRole |
SSP-scoped responsible role used by implemented requirement and statement con... |
no |
| Action |
An action applied by a role within a given party to the content |
no |
| AssessmentSubject |
Identifies system elements being assessed, such as components, inventory item... |
no |
| Addition |
Specifies content to be added into controls in resolution |
no |
| Map |
A relationship-based mapping entry between source and target sets |
no |
| HasPropsAndLinks |
Mixin providing the props and links slots that are common to many OSCAL objec... |
no |
| Group |
A group of controls, or of groups of controls |
no |
| Activity |
Identifies an assessment or related process that can be performed |
no |
| Task |
Represents a scheduled event or milestone, which may be associated with a ser... |
no |
| ControlImplementationSet |
Defines how the component or capability supports a set of controls |
no |
| ImplementedRequirement |
Describes how the containing component or capability implements an individual... |
no |
| Observation |
Describes an individual observation |
no |
| ProvidedControlImplementation |
Describes a capability which may be inherited by a leveraging system |
no |
| UsesComponent |
The set of components that are used by the assessment platform |
no |
| DataFlow |
A description of the logical flow of information within the system and across... |
no |
| InventoryItem |
A single managed inventory item within the system |
yes |
| Revision |
An entry in a sequential list of revisions to the containing document |
yes |
| Part |
An annotated, markup-based textual element of a control's or catalog group's ... |
no |
| RelevantEvidence |
Links this observation to relevant evidence |
no |
| Capability |
A grouping of other components and/or capabilities |
no |
| ReviewedControls |
Identifies the controls being assessed and their control objectives |
no |
| SystemImplementation |
Provides information as to how the system is implemented |
no |
| Risk |
An identified risk |
no |
| MitigatingFactor |
Describes an existing mitigating factor that may affect the overall determina... |
no |
| DefinedComponent |
A defined component that can be part of an implemented system |
no |
| Citation |
An optional citation consisting of end note text using structured markup |
yes |
| OriginActor |
The actor that produces an observation, a finding, or a risk |
no |
| SubjectReference |
A human-oriented identifier reference to a resource |
no |
| ImplementationResponsibleParty |
Implementation-common scoped responsible party |
no |
| ControlResponsibility |
Describes a control implementation responsibility imposed on a leveraging sys... |
no |
| ResponsibleRole |
A reference to a role with responsibility for performing a function relative ... |
no |
| Facet |
An individual characteristic that is part of a larger set produced by the sam... |
no |
| MappingResourceReference |
A reference to the source or target resource for a mapping |
no |
| SelectSubjectById |
Identifies a set of assessment subjects to include/exclude by UUID |
no |
| ControlObjectiveSelection |
Identifies the control objectives of the assessment |
no |
| AssessmentMethod |
A local definition of a control objective |
no |
| Step |
Identifies an individual step in a series of steps related to an activity, su... |
no |
| AssessmentSubjectPlaceholder |
Used when the assessment subjects will be determined as part of one or more o... |
no |
| SystemInformation |
Contains details about all information types that are stored, processed, or t... |
yes |
| Finding |
Describes an individual finding |
no |
| MappingItem |
A source or target item participating in a mapping entry |
no |
| ControlPart |
An annotated, markup-based textual element of a control's or catalog group's ... |
no |
| MappingProvenance |
Mapping-level provenance details and mapping defaults |
no |
| Party |
An organization or person, which may be associated with roles or other concep... |
no |
| Diagram |
A graphic that provides a visual representation the system, or some aspect of... |
yes |
| FindingTarget |
Captures an assessor's conclusions regarding the degree to which an objective... |
no |
| ControlSelection |
Identifies the controls being assessed |
no |
| Metadata |
Provides information about the containing document, and defines concepts shar... |
yes |
| ByComponent |
Defines how the referenced component implements a set of controls |
yes |
| SspInventoryItem |
SSP-scoped inventory item with allows-authenticated-scan property typing |
no |
| ImplementedControlStatement |
Identifies which statements within a control are addressed |
no |
| TermsAndConditionsPart |
A terms-and-conditions scoped assessment part |
no |
| SspStatement |
Identifies which statements within a control are addressed |
no |
| SspSystemComponent |
SSP-scoped system component with allows-authenticated-scan property typing |
no |