| Observation |
Describes an individual observation |
yes |
| RequiredAsset |
Identifies an asset required to achieve remediation |
yes |
| ProvidedControlImplementation |
Describes a capability which may be inherited by a leveraging system |
yes |
| ControlImplementationSet |
Defines how the component or capability supports a set of controls |
yes |
| PartProperty |
Control-common part-scoped OSCAL property |
no |
| PoamItem |
Describes an individual POA&M item |
no |
| AssessmentMethod |
A local definition of a control objective |
yes |
| Step |
Identifies an individual step in a series of steps related to an activity, su... |
yes |
| Task |
Represents a scheduled event or milestone, which may be associated with a ser... |
yes |
| AssessmentPlatform |
Used to represent the toolset used to perform aspects of the assessment |
yes |
| InventoryItem |
A single managed inventory item within the system |
yes |
| AssessmentLogEntry |
Identifies the result of an action and/or task that occurred as part of execu... |
yes |
| LocationProperty |
Location-scoped OSCAL property |
no |
| AssessmentSubjectPlaceholder |
Used when the assessment subjects will be determined as part of one or more o... |
yes |
| Protocol |
Information about the protocol used to provide a service |
no |
| ProfileAlterationProperty |
OSCAL property entries allowed in profile modify additions |
no |
| MetadataProperty |
Metadata-scoped OSCAL property |
no |
| SspControlOriginationProp |
SSP-scoped property used in implemented requirement and by-component contexts |
no |
| PlanOfActionAndMilestones |
A plan of action and milestones that identifies initial and residual risks, d... |
yes |
| ComponentDefinition |
A collection of component descriptions, which may optionally be grouped by ca... |
yes |
| Finding |
Describes an individual finding |
yes |
| Location |
A physical point of presence, which may be associated with people, organizati... |
yes |
| RevisionProperty |
Revision-scoped OSCAL property |
no |
| ImplementationCommonProperty |
Implementation-common scoped OSCAL property |
no |
| InformationType |
Contains details about one information type that is stored, processed, or tra... |
no |
| TermsAndConditionsPart |
A terms-and-conditions scoped assessment part |
no |
| Capability |
A grouping of other components and/or capabilities |
yes |
| Party |
An organization or person, which may be associated with roles or other concep... |
yes |
| AssessmentPart |
A partition of an assessment plan or results or a child of another part |
no |
| SystemComponent |
A defined component that can be part of an implemented system |
yes |
| Property |
An attribute, characteristic, or quality of the containing object expressed a... |
yes |
| RiskLogEntry |
Identifies an individual risk response that occurred as part of managing an i... |
yes |
| Diagram |
A graphic that provides a visual representation the system, or some aspect of... |
yes |
| Mapping |
A mapping between two mapped resources |
yes |
| SspAllowsAuthenticatedScanProp |
SSP-scoped property used for component and inventory allows-authenticated-sca... |
no |
| AssessmentResults |
Security assessment results, such as those provided by a FedRAMP assessor in ... |
yes |
| Risk |
An identified risk |
yes |
| Response |
Describes either recommended or an actual plan for addressing the risk |
yes |
| SspImplementedRequirement |
Describes how the system satisfies an individual control |
yes |
| MitigatingFactor |
Describes an existing mitigating factor that may affect the overall determina... |
yes |
| SystemUser |
A type of user that interacts with the system based on an associated role |
yes |
| DefinedComponent |
A defined component that can be part of an implemented system |
yes |
| LeveragedAuthorization |
A description of another authorized system from which this system inherits ca... |
yes |
| GapSummary |
A summary of controls that were not mapped |
yes |
| SspSystemCharacteristicsProp |
SSP-scoped property used in system characteristics |
no |
| Result |
Identifies all of the assessment observations and findings, initial and resid... |
yes |
| Resource |
A resource associated with content in the containing document instance |
yes |
| InheritedControlImplementation |
Describes a control implementation inherited by a leveraging system |
yes |
| SspSystemInformationProp |
SSP-scoped property used in system information |
no |
| PartyProperty |
Party-scoped OSCAL property |
no |
| ByComponent |
Defines how the referenced component implements a set of controls |
yes |
| ControlResponsibility |
Describes a control implementation responsibility imposed on a leveraging sys... |
yes |
| Action |
An action applied by a role within a given party to the content |
yes |
| SspInventoryItem |
SSP-scoped inventory item with allows-authenticated-scan property typing |
no |
| ImplementedRequirement |
Describes how the containing component or capability implements an individual... |
yes |
| ImplementedControlStatement |
Identifies which statements within a control are addressed |
yes |
| ParameterProperty |
Control-common parameter-scoped OSCAL property |
no |
| SystemSecurityPlan |
A system security plan, such as those described in NIST SP 800-18 |
yes |
| Profile |
An OSCAL Profile that designates a set of controls from one or more catalogs ... |
yes |
| MappingCollection |
A collection of control mappings between source and target resources |
yes |
| Map |
A relationship-based mapping entry between source and target sets |
yes |
| AssessmentPlan |
An assessment plan, such as those provided by a FedRAMP assessor |
yes |
| ResourceProperty |
Back-matter resource-scoped OSCAL property |
no |
| Activity |
Identifies an assessment or related process that can be performed |
yes |
| Catalog |
A structured, organized collection of control information |
yes |
| SatisfiedControlImplementation |
Describes how this system satisfies a responsibility imposed by a leveraged s... |
yes |
| SspStatement |
Identifies which statements within a control are addressed |
yes |
| SspSystemComponent |
SSP-scoped system component with allows-authenticated-scan property typing |
no |