| Observation |
Describes an individual observation |
no |
| RequiredAsset |
Identifies an asset required to achieve remediation |
no |
| PoamItem |
Describes an individual POA&M item |
yes |
| Step |
Identifies an individual step in a series of steps related to an activity, su... |
no |
| AssessmentPlatform |
Used to represent the toolset used to perform aspects of the assessment |
no |
| AssessmentLogEntry |
Identifies the result of an action and/or task that occurred as part of execu... |
no |
| Protocol |
Information about the protocol used to provide a service |
no |
| Role |
Defines a function, which might be assigned to a party in a specific situatio... |
yes |
| Revision |
An entry in a sequential list of revisions to the containing document |
no |
| Part |
An annotated, markup-based textual element of a control's or catalog group's ... |
yes |
| Location |
A physical point of presence, which may be associated with people, organizati... |
no |
| Finding |
Describes an individual finding |
yes |
| ControlPart |
An annotated, markup-based textual element of a control's or catalog group's ... |
no |
| InformationType |
Contains details about one information type that is stored, processed, or tra... |
yes |
| TermsAndConditionsPart |
A terms-and-conditions scoped assessment part |
no |
| AuthorizedPrivilege |
Identifies a specific system privilege held by the user, along with an associ... |
yes |
| AssessmentPart |
A partition of an assessment plan or results or a child of another part |
no |
| SystemComponent |
A defined component that can be part of an implemented system |
yes |
| RiskLogEntry |
Identifies an individual risk response that occurred as part of managing an i... |
no |
| Risk |
An identified risk |
yes |
| ProfileGroup |
A group of (selected) controls or of groups of controls within a profile cust... |
yes |
| FindingTarget |
Captures an assessor's conclusions regarding the degree to which an objective... |
no |
| Response |
Describes either recommended or an actual plan for addressing the risk |
yes |
| SystemUser |
A type of user that interacts with the system based on an associated role |
no |
| Metadata |
Provides information about the containing document, and defines concepts shar... |
yes |
| DefinedComponent |
A defined component that can be part of an implemented system |
yes |
| LeveragedAuthorization |
A description of another authorized system from which this system inherits ca... |
yes |
| Result |
Identifies all of the assessment observations and findings, initial and resid... |
yes |
| SubjectReference |
A human-oriented identifier reference to a resource |
no |
| Resource |
A resource associated with content in the containing document instance |
yes |
| Control |
A structured object representing a requirement or guideline, which when imple... |
yes |
| Addition |
Specifies content to be added into controls in resolution |
no |
| Group |
A group of controls, or of groups of controls |
yes |
| Activity |
Identifies an assessment or related process that can be performed |
no |
| Task |
Represents a scheduled event or milestone, which may be associated with a ser... |
yes |
| SspSystemComponent |
SSP-scoped system component with allows-authenticated-scan property typing |
no |