Legacy Approach
Flat-File Representation
<!-system-security-plan:
uuid: 11111111-2222-4000-8000-000000000000
system-implementation:
inventory-items:
- cutuuid: -->11111111-2222-4000-8000-011000000001
<system-implementation>description: <!-- interconnection -->
<system-inventory>
<inventory-item uuid="uuid-value">
<description><p>Flat-FileLegacy Example (No implemented-component).</p></description>
<propprops:
name="- name: asset-id"id
value="value: unique-asset-id"/>ID-01
<prop- name="name: ipv4-address"address
value="0.0.0.0"/>value: <prop10.1.1.1
name="- name: ipv6-address"address
value="0000:0000:0000:0000"/>value: <prop2001:db8:3333:4444:5555:6666:7777:8888
name="virtual"- value="no"/>name: <propvirtual
name="public"value: value="no"/>'no'
<prop- name="fqdn"name: value="example.com"/>public
<propvalue: name="uri"'no'
value="https://example/query?key=value#anchor"/>- <propname: name="fqdn
value: dns.name
- name: uri
value: uniform.resource.identifier
- name: netbios-name"name
value="value: netbios-name"/>name
<prop- name="name: mac-address"address
value="value: 00:00:00:00:00:00"/>00
<prop- name="software-name"name: value="software-name"/>asset-type
<propvalue: name="version"operating-system
value="V- 0.0.0"/>name: <propserial-number
name="asset-type"value: value="os"/>
<prop name="vendor-name" value="Vendor Name"/>
<prop name="model" value="Model Number"/>
<prop name="patch-level" value="Patch-Level"/>
<prop name="serial-number" value="'Serial #"/>#'
<prop- name="name: asset-tag"tag
value="value: Asset Tag"/>Tag
<prop- name="name: vlan-id"id
value="value: VLAN Identifier"/>Identifier
<prop- name="name: network-id"id
value="value: Network Identifier"/>Identifier
<prop- name="name: scan-type"type
ns="ns: http://fedramp.gov/ns/oscal"oscal
value="infrastructure"value: infrastructure
- name: vendor-name
ns: http:/>/fedramp.gov/ns/oscal
<propvalue: name="Big Vendor, Inc.
- name: scan-type
ns: http://fedramp.gov/ns/oscal
value: database
- name: allows-authenticated-scan"scan
value="no">value: <remarks><p>'no'
remarks: If no, explain why. If yes, omit remarks field.</p></remarks>
</prop>- <propname: name="baseline-configuration-name"physical-location
value="Baselinevalue: Config. Name" />
<prop name="physical-location" value="Physical location of Asset"Asset
/>- <propname: name="is-scanned"scanned
value="yes"/>value: <prop'yes'
name="function"remarks: value="If no, explain why. If yes, omit remarks field.
- name: function
value: Required brief, text-based description."/>
<linkremarks: rel="validation"Optional, href="#uuid-of-validation-component"longer, />formatted <statusdescription.
state="operational"/>links:
<- href: '#11111111-2222-4000-8000-009000000002'
rel: validation
- href: '#11111111-2222-4000-8000-001000000059'
rel: baseline
responsible-partyparties:
- role-id="id: asset-owner">owner
<party-id>person-7</party-id>uuids:
</responsible-party>- <responsible-party11111111-2222-4000-8000-004000000016
- role-id="id: asset-administrator">administrator
<party-id>it-dept</party-id>uuids:
</responsible-party>- <implemented-component11111111-2222-4000-8000-004000000017
component-uuid="component-uuid-valueremarks: " />
<remarks><p>'COMMENTS: Additional information about this item.</p></remarks>
</inventory-item>This <!--links Repeatto a FIPS 140-2 validated software component that is used by this
inventory item. This type of linkage to a validation through the inventory-itemcomponent
assemblyis forpreferable each item into the inventorylink[rel=''validation''] -->example </system-inventory>
<!-- system-implementation remarks -->
</system-implementation>above.'
Notes:
The value of asset-type determines whether the identified asset-administrator is managing a system or an application. Currently, any FedRAMP-defined asset-type implies the management of a system, and therefore, is to be scanned as infrastructure.