Class: Risk
An identified risk.
URI: [oscal:Risk](https://w3id.org/lmodel/oscal/Risk)
[UUIDType](UUIDType.md) | A machine-oriented, globally unique identifier with a cross-instance scope | direct | | [title](title.md) | 1
[MarkupLineType](MarkupLineType.md) | A human-readable name or title | direct | | [description](description.md) | 1
[MarkupMultilineType](MarkupMultilineType.md) | A human-readable description | direct | | [statement](statement.md) | 1
[MarkupMultilineType](MarkupMultilineType.md) | An assessor's summary of the risk, in narrative form | direct | | [origins](origins.md) | *
[Origin](Origin.md) | Identifies the source of observations, findings, or risks | direct | | [threat_ids](threat_ids.md) | *
[ThreatId](ThreatId.md) | The referenced threat identifiers | direct | | [characterizations](characterizations.md) | *
[Characterization](Characterization.md) | Supporting information about the risk and how it relates to the system | direct | | [mitigating_factors](mitigating_factors.md) | *
[MitigatingFactor](MitigatingFactor.md) | Describes existing mitigating factors that may affect the overall determinati... | direct | | [deadline](deadline.md) | 0..1
[DateTimeWithTimezoneType](DateTimeWithTimezoneType.md) | The date/time by which the risk must be resolved | direct | | [remediations](remediations.md) | *
[Response](Response.md) | Describes either recommended or actual responses to a risk | direct | | [risk_log](risk_log.md) | 0..1
[RiskLog](RiskLog.md) | A log of all risk-related tasks taken | direct | | [related_observations](related_observations.md) | *
[RelatedObservation](RelatedObservation.md) | Relates the containing object to a set of referenced observations | direct | | [status](status.md) | 1
[String](String.md) or
[RiskStatusEnum](RiskStatusEnum.md) | Status indicator used by the containing OSCAL context | direct | | [props](props.md) | *
[Property](Property.md) | A list of properties | [HasPropsAndLinks](HasPropsAndLinks.md) | | [links](links.md) | *
[Link](Link.md) | A list of links | [HasPropsAndLinks](HasPropsAndLinks.md) | ## Usages | used by | used in | type | used | | --- | --- | --- | --- | | [Result](Result.md) | [risks](risks.md) | range | [Risk](Risk.md) | | [PlanOfActionAndMilestones](PlanOfActionAndMilestones.md) | [risks](risks.md) | range | [Risk](Risk.md) | ## In Subsets * [AssessmentCommon](AssessmentCommon.md) ## Identifier and Mapping Information ### Schema Source * from schema: https://w3id.org/lmodel/oscal ## Mappings | Mapping Type | Mapped Value | | --- | --- | | self | oscal:Risk | | native | oscal:Risk | ## LinkML Source ### Direct
### Induced
classDiagram
class Risk
click Risk href "../Risk/"
HasPropsAndLinks <|-- Risk
click HasPropsAndLinks href "../HasPropsAndLinks/"
Risk : characterizations
Risk --> "*" Characterization : characterizations
click Characterization href "../Characterization/"
Risk : deadline
Risk : description
Risk : links
Risk --> "*" Link : links
click Link href "../Link/"
Risk : mitigating_factors
Risk --> "*" MitigatingFactor : mitigating_factors
click MitigatingFactor href "../MitigatingFactor/"
Risk : origins
Risk --> "*" Origin : origins
click Origin href "../Origin/"
Risk : props
Risk --> "*" Property : props
click Property href "../Property/"
Risk : related_observations
Risk --> "*" RelatedObservation : related_observations
click RelatedObservation href "../RelatedObservation/"
Risk : remediations
Risk --> "*" Response : remediations
click Response href "../Response/"
Risk : risk_log
Risk --> "0..1" RiskLog : risk_log
click RiskLog href "../RiskLog/"
Risk : statement
Risk : status
Risk : threat_ids
Risk --> "*" ThreatId : threat_ids
click ThreatId href "../ThreatId/"
Risk : title
Risk : uuid
[UUIDType](UUIDType.md) | A machine-oriented, globally unique identifier with a cross-instance scope | direct | | [title](title.md) | 1
[MarkupLineType](MarkupLineType.md) | A human-readable name or title | direct | | [description](description.md) | 1
[MarkupMultilineType](MarkupMultilineType.md) | A human-readable description | direct | | [statement](statement.md) | 1
[MarkupMultilineType](MarkupMultilineType.md) | An assessor's summary of the risk, in narrative form | direct | | [origins](origins.md) | *
[Origin](Origin.md) | Identifies the source of observations, findings, or risks | direct | | [threat_ids](threat_ids.md) | *
[ThreatId](ThreatId.md) | The referenced threat identifiers | direct | | [characterizations](characterizations.md) | *
[Characterization](Characterization.md) | Supporting information about the risk and how it relates to the system | direct | | [mitigating_factors](mitigating_factors.md) | *
[MitigatingFactor](MitigatingFactor.md) | Describes existing mitigating factors that may affect the overall determinati... | direct | | [deadline](deadline.md) | 0..1
[DateTimeWithTimezoneType](DateTimeWithTimezoneType.md) | The date/time by which the risk must be resolved | direct | | [remediations](remediations.md) | *
[Response](Response.md) | Describes either recommended or actual responses to a risk | direct | | [risk_log](risk_log.md) | 0..1
[RiskLog](RiskLog.md) | A log of all risk-related tasks taken | direct | | [related_observations](related_observations.md) | *
[RelatedObservation](RelatedObservation.md) | Relates the containing object to a set of referenced observations | direct | | [status](status.md) | 1
[String](String.md) or
[RiskStatusEnum](RiskStatusEnum.md) | Status indicator used by the containing OSCAL context | direct | | [props](props.md) | *
[Property](Property.md) | A list of properties | [HasPropsAndLinks](HasPropsAndLinks.md) | | [links](links.md) | *
[Link](Link.md) | A list of links | [HasPropsAndLinks](HasPropsAndLinks.md) | ## Usages | used by | used in | type | used | | --- | --- | --- | --- | | [Result](Result.md) | [risks](risks.md) | range | [Risk](Risk.md) | | [PlanOfActionAndMilestones](PlanOfActionAndMilestones.md) | [risks](risks.md) | range | [Risk](Risk.md) | ## In Subsets * [AssessmentCommon](AssessmentCommon.md) ## Identifier and Mapping Information ### Schema Source * from schema: https://w3id.org/lmodel/oscal ## Mappings | Mapping Type | Mapped Value | | --- | --- | | self | oscal:Risk | | native | oscal:Risk | ## LinkML Source ### Direct
name: Risk
description: An identified risk.
in_subset:
- assessment_common
from_schema: https://w3id.org/lmodel/oscal
mixins:
- HasPropsAndLinks
slots:
- uuid
- title
- description
- statement
- origins
- threat-ids
- characterizations
- mitigating-factors
- deadline
- remediations
- risk-log
- related-observations
- status
slot_usage:
uuid:
name: uuid
required: true
title:
name: title
required: true
description:
name: description
required: true
statement:
name: statement
required: true
status:
name: status
required: true
any_of:
- range: RiskStatusEnum
- range: string
name: Risk
description: An identified risk.
in_subset:
- assessment_common
from_schema: https://w3id.org/lmodel/oscal
mixins:
- HasPropsAndLinks
slot_usage:
uuid:
name: uuid
required: true
title:
name: title
required: true
description:
name: description
required: true
statement:
name: statement
required: true
status:
name: status
required: true
any_of:
- range: RiskStatusEnum
- range: string
attributes:
uuid:
name: uuid
description: A machine-oriented, globally unique identifier with a cross-instance
scope.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
owner: Risk
domain_of:
- Catalog
- Location
- Party
- Action
- Property
- Resource
- Profile
- AssessmentPlan
- AssessmentSubjectPlaceholder
- AssessmentPlatform
- AssessmentMethod
- Activity
- Step
- Task
- AssessmentPart
- SystemComponent
- Protocol
- SystemUser
- InventoryItem
- Observation
- Finding
- Risk
- MitigatingFactor
- Response
- RequiredAsset
- RiskLogEntry
- SystemSecurityPlan
- InformationType
- Diagram
- LeveragedAuthorization
- SspImplementedRequirement
- SspStatement
- ByComponent
- ProvidedControlImplementation
- ControlResponsibility
- InheritedControlImplementation
- SatisfiedControlImplementation
- AssessmentResults
- Result
- AssessmentLogEntry
- ComponentDefinition
- DefinedComponent
- Capability
- ControlImplementationSet
- ImplementedRequirement
- ImplementedControlStatement
- MappingCollection
- Mapping
- Map
- GapSummary
- PlanOfActionAndMilestones
- PoamItem
range: UUIDType
required: true
title:
name: title
description: A human-readable name or title.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
owner: Risk
domain_of:
- Group
- Control
- Metadata
- Revision
- Role
- Location
- Resource
- Part
- ProfileGroup
- Addition
- SubjectReference
- AssessmentPlatform
- Activity
- Step
- Task
- AssessmentPart
- ControlPart
- SystemComponent
- Protocol
- SystemUser
- AuthorizedPrivilege
- Observation
- Finding
- FindingTarget
- Risk
- Response
- RequiredAsset
- RiskLogEntry
- InformationType
- LeveragedAuthorization
- Result
- AssessmentLogEntry
- DefinedComponent
- PoamItem
range: MarkupLineType
required: true
description:
name: description
description: A human-readable description.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
owner: Risk
domain_of:
- Role
- Resource
- ParameterConstraint
- ReviewedControls
- ControlSelection
- ControlObjectiveSelection
- AssessmentSubject
- AssessmentSubjectPlaceholder
- LocalObjective
- AssessmentMethod
- Activity
- Step
- Task
- SystemComponent
- SystemUser
- AuthorizedPrivilege
- InventoryItem
- Observation
- RelevantEvidence
- Finding
- FindingTarget
- Risk
- MitigatingFactor
- Response
- RequiredAsset
- RiskLogEntry
- SystemCharacteristics
- InformationType
- AuthorizationBoundary
- Diagram
- NetworkArchitecture
- DataFlow
- SspControlImplementation
- ByComponent
- Export
- ProvidedControlImplementation
- ControlResponsibility
- InheritedControlImplementation
- SatisfiedControlImplementation
- Result
- AssessmentLogEntry
- DefinedComponent
- Capability
- IncorporatesComponent
- ControlImplementationSet
- ImplementedRequirement
- ImplementedControlStatement
- QualifierItem
- PoamItem
range: MarkupMultilineType
required: true
statement:
name: statement
description: An assessor's summary of the risk, in narrative form.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
owner: Risk
domain_of:
- Risk
range: MarkupMultilineType
required: true
origins:
name: origins
description: Identifies the source of observations, findings, or risks.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
owner: Risk
domain_of:
- Observation
- Finding
- Risk
- Response
- PoamItem
range: Origin
multivalued: true
inlined: true
inlined_as_list: true
threat-ids:
name: threat-ids
description: The referenced threat identifiers.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: threat_ids
owner: Risk
domain_of:
- Risk
range: ThreatId
multivalued: true
inlined: true
inlined_as_list: true
characterizations:
name: characterizations
description: Supporting information about the risk and how it relates to the system.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
owner: Risk
domain_of:
- Risk
range: Characterization
multivalued: true
inlined: true
inlined_as_list: true
mitigating-factors:
name: mitigating-factors
description: Describes existing mitigating factors that may affect the overall
determination of the risk.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: mitigating_factors
owner: Risk
domain_of:
- Risk
range: MitigatingFactor
multivalued: true
inlined: true
inlined_as_list: true
deadline:
name: deadline
description: The date/time by which the risk must be resolved.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
owner: Risk
domain_of:
- Risk
range: DateTimeWithTimezoneType
remediations:
name: remediations
description: Describes either recommended or actual responses to a risk.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
owner: Risk
domain_of:
- Risk
range: Response
multivalued: true
inlined: true
inlined_as_list: true
risk-log:
name: risk-log
description: A log of all risk-related tasks taken.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: risk_log
owner: Risk
domain_of:
- Risk
range: RiskLog
inlined: true
related-observations:
name: related-observations
description: Relates the containing object to a set of referenced observations.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
alias: related_observations
owner: Risk
domain_of:
- Finding
- Risk
- PoamItem
range: RelatedObservation
multivalued: true
inlined: true
inlined_as_list: true
status:
name: status
description: Status indicator used by the containing OSCAL context. Allowed values
are constrained by class-level slot_usage.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
owner: Risk
domain_of:
- SystemComponent
- FindingTarget
- Risk
- MappingProvenance
- Mapping
range: string
required: true
any_of:
- range: RiskStatusEnum
- range: string
props:
name: props
description: A list of properties.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
owner: Risk
domain_of:
- HasPropsAndLinks
- Resource
- Addition
- SystemInformation
- InformationType
- ImpactLevel
- AuthorizationBoundary
- Diagram
- NetworkArchitecture
- DataFlow
- SystemImplementation
- LeveragedAuthorization
- SspImplementedRequirement
- SspStatement
- ByComponent
- Export
- ProvidedControlImplementation
- ControlResponsibility
- InheritedControlImplementation
- SatisfiedControlImplementation
range: Property
multivalued: true
inlined: true
inlined_as_list: true
links:
name: links
description: A list of links.
from_schema: https://w3id.org/lmodel/oscal
rank: 1000
owner: Risk
domain_of:
- HasPropsAndLinks
- Addition
- SystemInformation
- InformationType
- ImpactLevel
- AuthorizationBoundary
- Diagram
- NetworkArchitecture
- DataFlow
- SystemImplementation
- LeveragedAuthorization
- SspImplementedRequirement
- SspStatement
- ByComponent
- Export
- ProvidedControlImplementation
- ControlResponsibility
- InheritedControlImplementation
- SatisfiedControlImplementation
range: Link
multivalued: true
inlined: true
inlined_as_list: true