Attachments

The following OSCAL representation of a FedRAMP SSP attachment demonstrates the back-matter and resource approach that must be implemented for classic SSP attachments that are not machine-readable, such as policies, procedures, plans, guidance, and rules of behavior documents. For each attachment, an SSP should provide a publication date where possible. However, in some cases, a back matter attachment may not have a specific publication date. In that case, an SSP may define a last accessed property with a value of a datetime with a timezone that represents when that resource was last viewed or referenced, with a value that conforms with RFC3339's "full-date" format.

Attachment Representation

  back-matter:
    resources:

    - uuid: 11111111-2222-4000-8000-001000000001
      title: Attachment Title
      description: Linked attachment.
      props:
      - name: type
        value: policy
      rlinks:
      - href: ./attachments/policy.pdf
        media-type: application/pdf


    - uuid: 11111111-2222-4000-8000-001000000002
      title: Logo
      description: A Base 64 embeded logo.
      props:
      - name: type
        value: logo
      base64:
        filename: logo.png
        media-type: application/png
        value: '00000000'