--> ]>

Extensions Model

1.0.4

extensions

http://csrc.nist.gov/ns/oscal/1.0

http://csrc.nist.gov/ns/oscal

The Extensions model can be used to describe special properties (prop) added by organiations to extend OSCAL's syntax. This model can also be used to enumerable the values allowed by an organization on any field within the OSCAL models, including the extended properties. The root of the Extensions model is extensions.

OSCAL Extentions

Extended OSCAL Properties and Allowed Values.

extensions

Extensions File Globally Unique Identifier

A machine-oriented, globally unique identifier with cross-instance scope.

Extension Namespace

Identifies the namespace within which all defined property extensions exist.

Extension Namespace

The uniform resource identifier representing the namespace.

Title

A title for the collection of defined extensions.

title

Source

Identifies the individual/organization who defined this extension or constraint.

Party Reference

Identifies the source for the collection of defined extensions.

Description

Provides a description to be displayed to the developer about the property extension or constraint.

description

Property Extension

Defines a property extension to the OSCAL syntax.

Extension Globally Unique Identifier

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined extension elsewhere in this or other OSCAL instances. The locally defined UUID of the extension can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Extension Name

The property name (prop[@name="extension-name"]) used within the OSCAL syntax to represent the extension.

Extension Formal Name

A human-readable label for the extended property.

Binding

Identifies the specific location of the property extension or constraint.

Binding Pattern

Uses basic xPath syntax to define the exact location of the extended property or constraint within the OSCAL syntax structure.

To specify a property in the metadata of the profile model use, <binding pattern="/profile/metadata/prop" />. To specify a property in the metadata of all OSCAL models use, <binding pattern="/*/metadata/prop" /> or <binding pattern="//metadata/prop" />. To specify a property in the metadata of the assessment-plan and assessment-results models use two binding entries, <binding pattern="/assessment-plan/metadata/prop" /> and <binding pattern="/assessment-results/metadata/prop" />.

Example

Example(s) of the extension's use in context.

Constraint Extension

Defines additional constraints on the OSCAL syntax.

Constraint Definition Universally Unique Identifier

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined constraint definition elsewhere in this or other OSCAL instances. The locally defined UUID of the constraint-definition can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Constraint

Defines limits to the values of OSCAL fields, attributes, property values and extensions.

Constraint Universally Unique Identifier

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this defined constraint elsewhere in this or other OSCAL instances. The locally defined UUID of the constraint can be used to reference the data item locally or globally (e.g., from an importing OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Matches

Constrains the allowed values based on the provided regex pattern or checks that the value is conformant to the specified datatype.

Regular Expression

A regex subset that is conformant to both https://www.w3.org/TR/xmlschema11-2/#regexes and https://www.ecma-international.org/ecma-262/11.0/index.html#sec-patterns.

Datatype

Specifies the datatype for which the value must conform to.

A boolean value. A string with no leading or trailing whitespace. A real number expressed using decimal numerals. An integer value An integer value that is equal to or greater than 0. A positive integer value. A string representing arbitrary Base64-encoded binary data. A string representing a 24-hour period in a given timezone, formatted according to "full-date" as defined by RFC-3339. A string representing a 24-hour period in a given timezone, formatted according to "date-time" as defined by RFC-3339. A string representing a 24-hour period in a given timezone, formatted according to "date-time" as defined by RFC-3339, except the time zone portion is optional. A string representing a 24-hour period in a given timezone, formatted according to "full-date" as defined by RFC-3339, except the time zone portion is optional. An email address string formatted according to RFC 6531. An internationalized Internet host name string formatted according to section 2.3.2.3 of RFC 5890. An Internet Protocol version 4 address in dotted-quad ABNF syntax as defined in section 3.2 of RFC 2673. An Internet Protocol version 6 address in dotted-quad ABNF syntax as defined in section 2.2 of RFC 3513. A non-colonized name as defined by XML Schema Part 2: Datatypes Second Edition. A universal resource identifier (URI) formatted according to RFC3986. A URI Reference (either a URI or a relative-reference) formatted according to section 4.1 of RFC3986. A version 4 or 5 Universally Unique Identifier (UUID) as defined by RFC 4122.

Constraint Level

Identifies the level of severity if the constraint is not satisfied.

A violation of the constraint represents a serious fault in the content that will prevent typical use of the content. A violation of the constraint represents a fault in the content. This may include issues around compatibility, integrity, consistency, etc. A violation of the constraint represents a point of interest. A violation of the constraint represents a potential issue with the content.

Has Cardinality

Checks that the specified binding match the provided cardinality.

Minimum Occurances

The minimum required occurances of the defined assembly or field.

Optional At least one required

Maximum Occurances

The maximum allowed occurances of the defined assembly or field.

At most one allowed No upper limit to the number allowed

Allowed Values

Constrains the allowed values for the flag or field referenced by the binding.

Allow Other

Indicates whether values are allowed beyond those enumerated.

Other values may be used beyond the provided values Only the provided values may be used

Enumerated Value

An enumerated value for. The value is indicated by the 'value' attribute and a short label is indicated by the 'label' attribute, while the element contents describe the intended semantics for documentation.

Allowed Value

The allowed value itself, which may be any case-sensitive string.

Value Label

A human-readable label for the allowed value.