9. Services, Ports and Protocols
Entries in the services, ports, and protocols table are represented as component assemblies, with the component-type flag set to "service". Use a protocol assembly for each protocol associated with the service. For a single port, set the port-range start flag and end flag to the same value.
OSCAL Representation
<system-implementation>security-plan:
<!-uuid: 11111111-2222-4000-8000-000000000000
system-implementation:
components:
- useruuid: -->11111111-2222-4000-8000-009000500004
<componenttype: uuid="uuid-of-service"service
type="service">title: <title>[SAMPLE]API Service
Name</title>description: <description><p>'A service offered by this system to external systems, such as
an API. As a result, communication crosses the boundary.
Describe the service</p></description> <purpose>Describeand thewhat purpose for which the serviceit is needed.</purpose>used <linkfor.'
href="uuid-of-component-used-by"props:
rel="used-by" />
<link href="uuid-of-component-provided-by" rel="provided-by" />
<status state="operational" />
<protocol name="http">
<port-range start="80" end="80" transport="TCP"/>
</protocol>
<protocol name="https">
<port-range start="443" end="443" transport="TCP"/>
</protocol>
</component>
<!-- Repeatname: theimplementation-point
componentvalue: assemblyinternal
for- eachname: rowpublic
invalue: Table'yes'
9.- name: information-type
ns: http://fedramp.gov/ns/oscal
value: C.3.5.1
-->class: <!-incoming
- system-inventoryname: information-type
ns: http://fedramp.gov/ns/oscal
value: C.3.5.8
class: outgoing
- name: connection-security
ns: http://fedramp.gov/ns/oscal
value: tls-1.3
-> <name: authentication-method
ns: http:/system-implementation>/fedramp.gov/ns/oscal
value: 'yes'
- name: nature-of-agreement
ns: http://fedramp.gov/ns/oscal
value: other
- name: allows-authenticated-scan
value: 'no'
- name: scan-type
ns: http://fedramp.gov/ns/oscal
value: infrastructure
links:
- href: '#11111111-2222-4000-8000-009000100003'
rel: used-by
- href: '#11111111-2222-4000-8000-009000100004'
rel: used-by
- href: '#11111111-2222-4000-8000-001000000048'
rel: poam-item
resource-fragment: 11111111-3333-4000-8000-000000000004
- href: https://api.example.com/v1
rel: api
status:
state: operational
responsible-roles:
- role-id: administrator
props:
- name: privilege-uuid
ns: http://fedramp.gov/ns/oscal
value: 11111111-2222-4000-8000-008000000004
party-uuids:
- 11111111-2222-4000-8000-004000000010
- 11111111-2222-4000-8000-004000000011
- 11111111-2222-4000-8000-004000000012
- role-id: provider
party-uuids:
- 11111111-2222-4000-8000-004000000001
protocols:
- uuid: 11111111-2222-4000-8000-010000000002
name: tls
title: API Service
port-ranges:
- start: '443'
end: '443'
transport: TCP
XPath Queries
Service (1st service):
/*/system-implementation/component[@type='service'][1]/title
Ports: Start (1st service, 1st protocol, 1st port range):
/*/system-implementation/component[@type='service'][1]/protocol[1]/port-range[1]/@start
Ports: End (1st service, 1st protocol, 1st port range):
/*/system-implementation/component[@type='service'][1]/protocol[1]/port-range[1]/@end
Ports: Transport (1st service, 1st protocol, 1st port range):
/*/system-implementation/component[@type='service'][1]/protocol[1]/port-range[1]/@transport
Protocol (1st service, 1st protocol):
/*/system-implementation/component[@type='service'][1]/protocol[1]/@name
Purpose (1st service):
/*/system-implementation/component[@type='service'][1]/purpose
Used By (1st service):
/*/system-implementation/component[@uuid='uuid-of-component-used-by']/title
Replace XPath predicate "[1]" with "[2]", "[3]", etc.