Documentation
¶
Overview ¶
Code generated by https://github.com/GoComply/metaschema; DO NOT EDIT.
Code generated by https://github.com/GoComply/metaschema; DO NOT EDIT. Multiplexers are indirect models needed for serialization/deserialization as json and xml files differ materially in their structure.
Index ¶
- type ActivityUuid
- type All
- type Annotation
- type AssessmentActivities
- type AssessmentCommon
- type AssessmentMethod
- type Assessor
- type Assets
- type ClosureActions
- type Collected
- type CompareTo
- type Component
- type ComponentMultiplexer
- type ControlObjectives
- type Controls
- type DateTimeStamp
- type Description
- type End
- type ExcludeActivity
- type ExcludeControl
- type ExcludeObjective
- type ExcludeSubject
- type Expires
- type Finding
- type ImplementationStatementUuid
- type ImplementationStatus
- type ImportAp
- type ImportSsp
- type IncludeActivity
- type IncludeControl
- type IncludeObjective
- type IncludeSubject
- type Link
- type LocationUuid
- type Markup
- type Method
- type MitigatingFactor
- type Objective
- type ObjectiveMultiplexer
- type ObjectiveStatus
- type Objectives
- type Observation
- type ObservationMethod
- type ObservationType
- type Origin
- type Origination
- type Part
- type PartyUuid
- type Prop
- type Prose
- type RelevantEvidence
- type Remarks
- type Remediation
- type RemediationDeadline
- type RemediationOrigin
- type RemediationTracking
- type Required
- type Result
- type Results
- type Risk
- type RiskMetric
- type RiskStatement
- type RiskStatus
- type RoleId
- type Schedule
- type Sequence
- type Start
- type SubjectReference
- type Task
- type TestMethod
- type TestStep
- type ThreatId
- type Title
- type Tools
- type TrackingEntry
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ActivityUuid ¶
type ActivityUuid string
type Annotation ¶
type Annotation = validation_root.Annotation
type AssessmentActivities ¶
type AssessmentActivities struct {
// Identifies an individual test method.
TestMethods []TestMethod `xml:"test-method,omitempty" json:"test-methods,omitempty"`
// Identifies the schedule for the assessment activities.
Schedule *Schedule `xml:"schedule,omitempty" json:"schedule,omitempty"`
// Identifies an assessment activity. In the assessment plan, this is an intended/in-scope activity. In the assessment results, this identifies an activity that was actually performed.
IncludeActivities []IncludeActivity `xml:"include-activity,omitempty" json:"include-activities,omitempty"`
// Identifies an activity explicitly excluded from the assessment. In the assessment plan, this clarifies activities that are out-of-scope or prohibited. In the assessment results, this could be used to explicitly identify an activity that was planned, but not performed.
ExcludeActivities []ExcludeActivity `xml:"exclude-activity,omitempty" json:"exclude-activities,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Identifies the assessment activities and schedule. In the assessment plan, these are planned activities. In the assessment results, these are the actual activities performed.
type AssessmentCommon ¶
type AssessmentCommon struct {
// Used by the assessment plan and POA&M to import information about the system.
ImportSsp *ImportSsp `xml:"import-ssp,omitempty" json:"import-ssp,omitempty"`
// Used by assessment-results to import information about the original plan for assessing the system.
ImportAp *ImportAp `xml:"import-ap,omitempty" json:"import-ap,omitempty"`
// Identifies the controls and control being assessed and their control objectives. In the assessment plans, these are the planned controls and objectives. In the assessment results, these are the actual controls and objectives, and reflects any changes from the plan.
Objectives *Objectives `xml:"objectives,omitempty" json:"objectives,omitempty"`
// Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.
Assets *Assets `xml:"assets,omitempty" json:"assets,omitempty"`
// Identifies the assessment activities and schedule. In the assessment plan, these are planned activities. In the assessment results, these are the actual activities performed.
AssessmentActivities *AssessmentActivities `xml:"assessment-activities,omitempty" json:"assessment-activities,omitempty"`
// Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.
Results *Results `xml:"results,omitempty" json:"results,omitempty"`
}
NOT TO BE USED FOR A BASE METASCHEMA ONLY FOR A MODULE
type AssessmentMethod ¶
type AssessmentMethod struct {
// Identifies the assessment method.
MethodUuid string `xml:"method-uuid,attr,omitempty" json:"method-uuid,omitempty"`
Value string `xml:",chardata" json:"value,omitempty"`
}
Identifies a method for assessing the satisfaction of this objective.
type Assessor ¶
type Assessor struct {
// The UUID of the assessor who collected the evidence or made the observation.
PartyUuid string `xml:"party-uuid,attr,omitempty" json:"party-uuid,omitempty"`
Value string `xml:",chardata" json:"value,omitempty"`
}
Identifies an individual who gathered the evidence resulting in the observation or risk identification.
type Assets ¶
type Assets struct {
// The technology tools used by the assessor to perform the assessment, such as vulnerability scanners. In the assessment plan these are the intended tools. In the assessment results, these are the actual tools used, including any differences from the assessment plan.
Tools *Tools `xml:"tools,omitempty" json:"tools,omitempty"`
// Identifies the origination of network-based assessment activities, such as the IP address of the tool performing assessment scans.
Origination *Origination `xml:"origination,omitempty" json:"origination,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// Provided to allow content such as assumptions and disclosures.
Parts []Part `xml:"part,omitempty" json:"parts,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.
type ClosureActions ¶
type ClosureActions = Markup
Describes the actions taken that resulted in the closure of the identified risk.
type Component ¶
type Component = system_security_plan.Component
type ComponentMultiplexer ¶
type ComponentMultiplexer = system_security_plan.ComponentMultiplexer
type ControlObjectives ¶
type ControlObjectives struct {
// A human-readable description of assessment objectives specified for assessment.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// A key word to indicate all
All All `xml:"all,omitempty" json:"all,omitempty"`
// Identifies a specific control to include.
IncludeObjectives []IncludeObjective `xml:"include-objective,omitempty" json:"include-objectives,omitempty"`
// Identifies a specific control to include.
ExcludeObjectives []ExcludeObjective `xml:"exclude-objective,omitempty" json:"exclude-objectives,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the actual objectives, and reflects any changes from the plan.
type Controls ¶
type Controls struct {
// A human-readable description of controls specified for assessment.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// A key word to indicate all
All All `xml:"all,omitempty" json:"all,omitempty"`
// Identifies a specific control to include.
IncludeControls []IncludeControl `xml:"include-control,omitempty" json:"include-controls,omitempty"`
// Identifies a specific control to include.
ExcludeControls []ExcludeControl `xml:"exclude-control,omitempty" json:"exclude-controls,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.
type DateTimeStamp ¶
type DateTimeStamp string
type Description ¶
type Description = validation_root.Description
type ExcludeActivity ¶
type ExcludeActivity struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// Identifies roles associated with this activity exclusion.
RoleIds []RoleId `xml:"role-id,omitempty" json:"role-ids,omitempty"`
// Identifies people or organizations associated with this activity exclusion.
PartyUuids []PartyUuid `xml:"party-uuid,omitempty" json:"party-uuids,omitempty"`
// Identifies locations associated with this activity exclusion.
LocationUuids []LocationUuid `xml:"location-uuid,omitempty" json:"location-uuids,omitempty"`
// Typically used in when copying content from the assessment plan to the assessment results. The uuid should be changed in the assessment results file, and the compare-to field should be set to the original assessment plan uuid value. This enables the plan and results to be compared later to identify what changed between the two.
CompareTo CompareTo `xml:"compare-to,omitempty" json:"compare-to,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Identifies an activity explicitly excluded from the assessment. In the assessment plan, this clarifies activities that are out-of-scope or prohibited. In the assessment results, this could be used to explicitly identify an activity that was planned, but not performed.
type ExcludeControl ¶
type ExcludeControl struct {
// A reference to a control identifier.
ControlId string `xml:"control-id,attr,omitempty" json:"control-id,omitempty"`
Value string `xml:",chardata" json:"value,omitempty"`
}
Identifies an individual control to exclude.
type ExcludeObjective ¶
type ExcludeObjective struct {
// Points to an assessment objective.
ObjectiveId string `xml:"objective-id,attr,omitempty" json:"objective-id,omitempty"`
Value string `xml:",chardata" json:"value,omitempty"`
}
Identifies an individual control objective to exclude.
type ExcludeSubject ¶
type ExcludeSubject struct {
// Identifying the purpose and intended use of the property, part or other object.
Name string `xml:"name,attr,omitempty" json:"name,omitempty"`
// Indicating the type or classification of the containing object
Class string `xml:"class,attr,omitempty" json:"class,omitempty"`
// A human-readable description of subjects being excluded.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// A key word to indicate all
All All `xml:"all,omitempty" json:"all,omitempty"`
// A pointer to a resource based on its ID. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.
SubjectReferences []SubjectReference `xml:"subject-reference,omitempty" json:"subject-references,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Identifies what is explicitly excluded from this assessment. Used to remove a subset of items from groups of explicitly included items. Also used to explicitly clarify off-limit items, such as hosts to avoid scanning.
type Finding ¶
type Finding struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// Date/time stamp identifying when the finding information was collected.
Collected Collected `xml:"collected,omitempty" json:"collected,omitempty"`
// Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.
Expires Expires `xml:"expires,omitempty" json:"expires,omitempty"`
// Captures an assessors conclusions as to whether an objective is fully satisfied.
ObjectiveStatus *ObjectiveStatus `xml:"objective-status,omitempty" json:"objective-status,omitempty"`
// Identifies the implementation statement in the SSP to which this finding is related.
ImplementationStatementUuid ImplementationStatementUuid `xml:"implementation-statement-uuid,omitempty" json:"implementation-statement-uuid,omitempty"`
// Describes an individual observation.
Observations []Observation `xml:"observation,omitempty" json:"observations,omitempty"`
// A pointer, by ID, to an externally-defined threat.
ThreatIds []ThreatId `xml:"threat-id,omitempty" json:"threat-ids,omitempty"`
// An identified risk.
Risks []Risk `xml:"risk,omitempty" json:"risks,omitempty"`
// The person who collected the evidence or made the observation.
PartyUuids []PartyUuid `xml:"party-uuid,omitempty" json:"party-uuids,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Describes an individual finding.
type ImplementationStatementUuid ¶
type ImplementationStatementUuid string
type ImplementationStatus ¶
type ImplementationStatus struct {
// Identifies the framework or rules to which this value conforms.
System string `xml:"system,attr,omitempty" json:"system,omitempty"`
Value string `xml:",chardata" json:"value,omitempty"`
}
Identifies the implementation status of the control or control objective.
type ImportAp ¶
type ImportAp struct {
// A link to a document or document fragment (actual, nominal or projected)
Href string `xml:"href,attr,omitempty" json:"href,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Used by assessment-results to import information about the original plan for assessing the system.
type ImportSsp ¶
type ImportSsp struct {
// A link to a document or document fragment (actual, nominal or projected)
Href string `xml:"href,attr,omitempty" json:"href,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Used by the assessment plan and POA&M to import information about the system.
type IncludeActivity ¶
type IncludeActivity struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// Identifies roles associated with performing this activity.
RoleIds []RoleId `xml:"role-id,omitempty" json:"role-ids,omitempty"`
// Identifies people or organizations associated with performing this activity.
PartyUuids []PartyUuid `xml:"party-uuid,omitempty" json:"party-uuids,omitempty"`
// Identifies locations associated with performing this activity.
LocationUuids []LocationUuid `xml:"location-uuid,omitempty" json:"location-uuids,omitempty"`
// Typically used in when copying content from the assessment plan to the assessment results. The uuid should be changed in the assessment results file, and the compare-to field should be set to the original assessment plan uuid value. This enables the plan and results to be compared later to identify what changed between the two.
CompareTo CompareTo `xml:"compare-to,omitempty" json:"compare-to,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Identifies an assessment activity. In the assessment plan, this is an intended/in-scope activity. In the assessment results, this identifies an activity that was actually performed.
type IncludeControl ¶
type IncludeControl struct {
// A reference to a control identifier.
ControlId string `xml:"control-id,attr,omitempty" json:"control-id,omitempty"`
Value string `xml:",chardata" json:"value,omitempty"`
}
Identifies an individual control to include.
type IncludeObjective ¶
type IncludeObjective struct {
// Points to an assessment objective.
ObjectiveId string `xml:"objective-id,attr,omitempty" json:"objective-id,omitempty"`
Value string `xml:",chardata" json:"value,omitempty"`
}
Identifies an individual control objective to include.
type IncludeSubject ¶
type IncludeSubject struct {
// Identifying the purpose and intended use of the property, part or other object.
Name string `xml:"name,attr,omitempty" json:"name,omitempty"`
// Indicating the type or classification of the containing object
Class string `xml:"class,attr,omitempty" json:"class,omitempty"`
// A human-readable description of subjects being included.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// A key word to indicate all
All All `xml:"all,omitempty" json:"all,omitempty"`
// A pointer to a resource based on its ID. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.
SubjectReferences []SubjectReference `xml:"subject-reference,omitempty" json:"subject-references,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Identifies exactly what will be the focus of this assessment. Anything not explicitly defined is out-of-scope.
type Link ¶
type Link = validation_root.Link
type LocationUuid ¶
type LocationUuid = validation_root.LocationUuid
type Markup ¶
type Markup = validation_root.Markup
type Method ¶
type Method struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// A human-readable description of the defined method.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// A partition or component of a control or part
Part *Part `xml:"part,omitempty" json:"part,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
A local definition of a control objective. Uses catalog syntax for control objective and assessment actions.
type MitigatingFactor ¶
type MitigatingFactor struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// Points to an implementation statement in the SSP.
ImplementationUuid string `xml:"implementation-uuid,attr,omitempty" json:"implementation-uuid,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Links identifiable elements of the system to this mitigating factor, such as an inventory-item or component.
SubjectReferences []SubjectReference `xml:"subject-reference,omitempty" json:"subject-references,omitempty"`
}
Describes a mitigating factor with an optional link to an implementation statement in the SSP.
type Objective ¶
type Objective struct {
// Unique identifier of the containing object
Id string `xml:"id,attr,omitempty" json:"id,omitempty"`
// A reference to a control identifier.
ControlId string `xml:"control-id,attr,omitempty" json:"control-id,omitempty"`
// A human-readable description of the defined objective.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// A partition or component of a control or part
Part *Part `xml:"part,omitempty" json:"part,omitempty"`
// Identifies a method for assessing the satisfaction of this objective.
Methods []AssessmentMethod `xml:"assessment-method,omitempty" json:"methods,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
A local definition of a control objective. Uses catalog syntax for control objective and assessment actions.
type ObjectiveMultiplexer ¶
type ObjectiveMultiplexer []Objective
func (*ObjectiveMultiplexer) MarshalJSON ¶
func (mplex *ObjectiveMultiplexer) MarshalJSON() ([]byte, error)
func (*ObjectiveMultiplexer) UnmarshalJSON ¶
func (mplex *ObjectiveMultiplexer) UnmarshalJSON(b []byte) error
type ObjectiveStatus ¶
type ObjectiveStatus struct {
// Points to an assessment objective.
ObjectiveId string `xml:"objective-id,attr,omitempty" json:"objective-id,omitempty"`
// A reference to a control identifier.
ControlId string `xml:"control-id,attr,omitempty" json:"control-id,omitempty"`
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// A brief indication as to whether the objective is satisfied or not.
Result *Result `xml:"result,omitempty" json:"result,omitempty"`
// Identifies the implementation status of the control or control objective.
ImplementationStatus *ImplementationStatus `xml:"implementation-status,omitempty" json:"implementation-status,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Captures an assessors conclusions as to whether an objective is fully satisfied.
type Objectives ¶
type Objectives struct {
// A human-readable description of assessment objectives.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.
ControlGroup []Controls `xml:"controls,omitempty" json:"control-group,omitempty"`
// Identifies the control objectives of the assessment. In the assessment plan, these are the planned objectives. In the assessment results, these are the actual objectives, and reflects any changes from the plan.
ControlObjectiveGroup []ControlObjectives `xml:"control-objectives,omitempty" json:"control-objective-group,omitempty"`
// A local definition of a control objective. Uses catalog syntax for control objective and assessment actions.
Objectives ObjectiveMultiplexer `xml:"objective,omitempty" json:"objectives,omitempty"`
// A local definition of a control objective. Uses catalog syntax for control objective and assessment actions.
MethodDefinitions []Method `xml:"method,omitempty" json:"method-definitions,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Identifies the controls and control being assessed and their control objectives. In the assessment plans, these are the planned controls and objectives. In the assessment results, these are the actual controls and objectives, and reflects any changes from the plan.
type Observation ¶
type Observation struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// Identifies how the observation was made.
ObservationMethods []ObservationMethod `xml:"observation-method,omitempty" json:"observation-methods,omitempty"`
// Identifies the nature of the observation. More than one may be used to further qualify and enable filtering.
ObservationTypes []ObservationType `xml:"observation-type,omitempty" json:"observation-types,omitempty"`
// Identifies an individual who gathered the evidence resulting in the observation or risk identification.
Assessors []Assessor `xml:"assessor,omitempty" json:"assessors,omitempty"`
// Identifies who was interviewed, or what was tested or inspected.
SubjectReferences []SubjectReference `xml:"subject-reference,omitempty" json:"subject-references,omitempty"`
// Identifies the source of the finding, such as a tool, interviewed person, or activity.
Origins []Origin `xml:"origin,omitempty" json:"origins,omitempty"`
// Links this observation to relevant evidence.
EvidenceGroup []RelevantEvidence `xml:"relevant-evidence,omitempty" json:"evidence-group,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Describes an individual observation.
type ObservationMethod ¶
type ObservationMethod string
type ObservationType ¶
type ObservationType string
type Origin ¶
type Origin struct {
// A pointer to a relevant item, using it's UUID.
UuidRef string `xml:"uuid-ref,attr,omitempty" json:"uuid-ref,omitempty"`
// Indicating the type of identifier, address, email or other data item.
Type string `xml:"type,attr,omitempty" json:"type,omitempty"`
Value string `xml:",chardata" json:"value,omitempty"`
}
Identifies the tool or activity that resulted in the observation.
type Origination ¶
type Origination struct {
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// A value with a name, attributed to the containing control, part, or group.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
}
Identifies the origination of network-based assessment activities, such as the IP address of the tool performing assessment scans.
type Part ¶
type Part struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// Identifying the purpose and intended use of the property, part or other object.
Name string `xml:"name,attr,omitempty" json:"name,omitempty"`
// A namespace qualifying the name.
Ns string `xml:"ns,attr,omitempty" json:"ns,omitempty"`
// Indicating the type or classification of the containing object
Class string `xml:"class,attr,omitempty" json:"class,omitempty"`
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A value with a name, attributed to the containing control, part, or group.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Prose permits multiple paragraphs, lists, tables etc.
Prose *Prose `xml:",any" json:"prose,omitempty"`
// A partition or component of a control or part
Parts []Part `xml:"part,omitempty" json:"parts,omitempty"`
// A reference to a local or remote resource
Links []Link `xml:"link,omitempty" json:"links,omitempty"`
}
A partition or component of a control or part
type PartyUuid ¶
type PartyUuid = validation_root.PartyUuid
type Prop ¶
type Prop = validation_root.Prop
type Prose ¶
type Prose = nominal_catalog.Prose
type RelevantEvidence ¶
type RelevantEvidence struct {
// Links to evidence as URI. May use a URI fragment to point to a resource in the back-matter.
Href string `xml:"href,attr,omitempty" json:"href,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Links this observation to relevant evidence.
type Remarks ¶
type Remarks = validation_root.Remarks
type Remediation ¶
type Remediation struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// Indicating the type of identifier, address, email or other data item.
Type string `xml:"type,attr,omitempty" json:"type,omitempty"`
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// Points to the source of the recommendation
Origins []RemediationOrigin `xml:"remediation-origin,omitempty" json:"origins,omitempty"`
// Identifies something required to achieve remediation.
Requirements []Required `xml:"required,omitempty" json:"requirements,omitempty"`
// Identifies the schedule for the assessment activities.
Schedule *Schedule `xml:"schedule,omitempty" json:"schedule,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Describes either recommendation or an actual plan for remediating the risk.
type RemediationDeadline ¶
type RemediationDeadline string
type RemediationOrigin ¶
type RemediationOrigin struct {
// A pointer to a relevant item, using it's UUID.
UuidRef string `xml:"uuid-ref,attr,omitempty" json:"uuid-ref,omitempty"`
// Indicating the type of identifier, address, email or other data item.
Type string `xml:"type,attr,omitempty" json:"type,omitempty"`
Value string `xml:",chardata" json:"value,omitempty"`
}
Points to the source of the remediation recommendation or plan
type RemediationTracking ¶
type RemediationTracking struct {
// Individual remediation tracking entry, which logs an event or action taken towards the remediation of the associated risk.
TrackingEntries []TrackingEntry `xml:"tracking-entry,omitempty" json:"tracking-entries,omitempty"`
}
A log of events and actions taken towards the remediation of the associated risk.
type Required ¶
type Required struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// Identifies a subject associated with this requirement, such as a party, system component, or inventory-item.
SubjectReferences []SubjectReference `xml:"subject-reference,omitempty" json:"subject-references,omitempty"`
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Identifies something required to achieve remediation.
type Result ¶
type Result struct {
// Identifies the framework or rules to which this value conforms.
System string `xml:"system,attr,omitempty" json:"system,omitempty"`
Value string `xml:",chardata" json:"value,omitempty"`
}
A brief indication as to whether the objective is satisfied or not.
type Results ¶
type Results struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// Date/time stamp identifying the start of the evidence collection reflected in these results.
Start Start `xml:"start,omitempty" json:"start,omitempty"`
// Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.
End End `xml:"end,omitempty" json:"end,omitempty"`
// Describes an individual finding.
Findings []Finding `xml:"finding,omitempty" json:"findings,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.
type Risk ¶
type Risk struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// An individual risk metric from a specified system.
RiskMetrics []RiskMetric `xml:"risk-metric,omitempty" json:"risk-metrics,omitempty"`
// Describes the risk.
RiskStatement *RiskStatement `xml:"risk-statement,omitempty" json:"risk-statement,omitempty"`
// Describes a mitigating factor with an optional link to an implementation statement in the SSP.
MitigatingFactors []MitigatingFactor `xml:"mitigating-factor,omitempty" json:"mitigating-factors,omitempty"`
// The date/time by which the risk must be closed.
RemediationDeadline RemediationDeadline `xml:"remediation-deadline,omitempty" json:"remediation-deadline,omitempty"`
// Describes either recommendation or an actual plan for remediating the risk.
RemediationGroup []Remediation `xml:"remediation,omitempty" json:"remediation-group,omitempty"`
// Describes the status of the associated risk.
RiskStatus RiskStatus `xml:"risk-status,omitempty" json:"risk-status,omitempty"`
// Describes the actions taken that resulted in the closure of the identified risk.
ClosureActions *ClosureActions `xml:"closure-actions,omitempty" json:"closure-actions,omitempty"`
// A log of events and actions taken towards the remediation of the associated risk.
RemediationTracking *RemediationTracking `xml:"remediation-tracking,omitempty" json:"remediation-tracking,omitempty"`
// References a defined in .
PartyUuids []PartyUuid `xml:"party-uuid,omitempty" json:"party-uuids,omitempty"`
}
An identified risk.
type RiskMetric ¶
type RiskMetric struct {
// Identifying the purpose and intended use of the property, part or other object.
Name string `xml:"name,attr,omitempty" json:"name,omitempty"`
// Indicating the type or classification of the containing object
Class string `xml:"class,attr,omitempty" json:"class,omitempty"`
// Specifies the system represented by this risk metric.
System string `xml:"system,attr,omitempty" json:"system,omitempty"`
Value string `xml:",chardata" json:"value,omitempty"`
}
An individual risk metric from a specified system.
type RiskStatus ¶
type RiskStatus string
type RoleId ¶
type RoleId = system_security_plan.RoleId
type Schedule ¶
type Schedule struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// Identifies an individual task.
Tasks []Task `xml:"task,omitempty" json:"tasks,omitempty"`
}
Identifies the schedule for the assessment activities.
type SubjectReference ¶
type SubjectReference struct {
// A pointer to a component, inventory-item, location, party, user, or resource using it's UUID.
UuidRef string `xml:"uuid-ref,attr,omitempty" json:"uuid-ref,omitempty"`
// Indicating the type of identifier, address, email or other data item.
Type string `xml:"type,attr,omitempty" json:"type,omitempty"`
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A value with a name, attributed to the containing control, part, or group.
Props []Prop `xml:"prop,omitempty" json:"props,omitempty"`
}
A pointer to a resource based on its ID. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.
type Task ¶
type Task struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// Identifies the start of a task.
Start Start `xml:"start,omitempty" json:"start,omitempty"`
// Identifies the end of a task.
End End `xml:"end,omitempty" json:"end,omitempty"`
// Links the task to a defined activity.
ActivityUuids []ActivityUuid `xml:"activity-uuid,omitempty" json:"activity-uuids,omitempty"`
// Identifies roles associated with performing this task.
RoleIds []RoleId `xml:"role-id,omitempty" json:"role-ids,omitempty"`
// Identifies people or organizations associated with performing this task.
PartyUuids []PartyUuid `xml:"party-uuid,omitempty" json:"party-uuids,omitempty"`
// Identifies locations associated with performing this task.
LocationUuids []LocationUuid `xml:"location-uuid,omitempty" json:"location-uuids,omitempty"`
// Typically used in when copying content from the assessment plan to the assessment results. The uuid should be changed in the assessment results file, and the compare-to field should be set to the original assessment plan uuid value. This enables the plan and results to be compared later to identify what changed between the two.
CompareTo CompareTo `xml:"compare-to,omitempty" json:"compare-to,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Identifies an individual task.
type TestMethod ¶
type TestMethod struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// A reference to a local or remote resource
Links []Link `xml:"link,omitempty" json:"links,omitempty"`
// Identifies an individual test step.
TestSteps []TestStep `xml:"test-step,omitempty" json:"test-steps,omitempty"`
// Typically used in when copying content from the assessment plan to the assessment results. The uuid should be changed in the assessment results file, and the compare-to field should be set to the original assessment plan uuid value. This enables the plan and results to be compared later to identify what changed between the two.
CompareTo CompareTo `xml:"compare-to,omitempty" json:"compare-to,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Identifies an individual test method.
type TestStep ¶
type TestStep struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// Identifies the sequence number for the test step.
Sequence Sequence `xml:"sequence,omitempty" json:"sequence,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// A reference to the roles served by the user.
RoleIds []RoleId `xml:"role-id,omitempty" json:"role-ids,omitempty"`
// References a defined in .
PartyUuids []PartyUuid `xml:"party-uuid,omitempty" json:"party-uuids,omitempty"`
// Typically used in when copying content from the assessment plan to the assessment results. The uuid should be changed in the assessment results file, and the compare-to field should be set to the original assessment plan uuid value. This enables the plan and results to be compared later to identify what changed between the two.
CompareTo CompareTo `xml:"compare-to,omitempty" json:"compare-to,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Identifies an individual test step.
type ThreatId ¶
type ThreatId struct {
// Specifies the source of the threat information.
System string `xml:"system,attr,omitempty" json:"system,omitempty"`
// An optional location for the threat data, from which this ID originates.
Uri string `xml:"uri,attr,omitempty" json:"uri,omitempty"`
Value string `xml:",chardata" json:"value,omitempty"`
}
A pointer, by ID, to an externally-defined threat.
type Title ¶
type Title = validation_root.Title
type Tools ¶
type Tools struct {
// A defined component that can be part of an implemented system.
Components ComponentMultiplexer `xml:"component,omitempty" json:"components,omitempty"`
}
The technology tools used by the assessor to perform the assessment, such as vulnerability scanners. In the assessment plan these are the intended tools. In the assessment results, these are the actual tools used, including any differences from the assessment plan.
type TrackingEntry ¶
type TrackingEntry struct {
// A RFC 4122 version 4 Universally Unique Identifier (UUID) for the containing object.
Uuid string `xml:"uuid,attr,omitempty" json:"uuid,omitempty"`
// Indicating the type of identifier, address, email or other data item.
Type string `xml:"type,attr,omitempty" json:"type,omitempty"`
// Date/time stamp of the associated information.
DateTimeStamp DateTimeStamp `xml:"date-time-stamp,omitempty" json:"date-time-stamp,omitempty"`
// A title for display and navigation
Title *Title `xml:"title,omitempty" json:"title,omitempty"`
// A description supporting the parent item.
Description *Description `xml:"description,omitempty" json:"description,omitempty"`
// Provided as means of extending the OSCAL syntax.
Properties []Prop `xml:"prop,omitempty" json:"properties,omitempty"`
// Provided as means of extending the OSCAL syntax.
Annotations []Annotation `xml:"annotation,omitempty" json:"annotations,omitempty"`
// Additional commentary on the parent item.
Remarks *Remarks `xml:"remarks,omitempty" json:"remarks,omitempty"`
}
Individual remediation tracking entry, which logs an event or action taken towards the remediation of the associated risk.
Source Files
Click to show internal directories.
Click to hide internal directories.