Required Root Information

Core OSCAL requires somne content to be present all OSCAL artifacts. This is crtical to consistent processing.

Root Element and Root-Level Universally Unique Identifier

The root element must be one of the case-sensitive OSCAL model names:

catalog
profile
mapping-collection (OSCAL version >=1.2.0)
component-definition
system-security-plan
plan-of-action-and-milestones
assessment-plan
assessment-results

It must be immediately followed by root-level (document-level) UUID.

In JSON and YAML, the UUID is a child of the root element. In XML it is an attribute of the root element.

Additional XML Requirement

OSCAL XML artifacts must include an XML declaration above the root element, and XML namespace declaration as an attribute of the root element.

XML Example

<?xml version="1.0" encoding="UTF-8"?>
<system-security-plan 
     xmlns="http://csrc.nist.gov/ns/oscal/1.0" 
     uuid="11111111-2222-4000-8000-000000000000">
</catalog>

JSON Example

{
  "system-security-plan": {
    "uuid": "11111111-2222-4000-8000-000000000000"
    }
}

YAML Example

system-security-plan:
  uuid: 11111111-2222-4000-8000-000000000000