Skip to main content

Flat Approach

ssp-figure-25.png

Flat Representation
system-security-plan:
  uuid: 11111111-2222-4000-8000-000000000000
  system-implementation:
    inventory-items:
    - uuid: 11111111-2222-4000-8000-011000000001
      description: Legacy Example (No implemented-component).
      props:
      - name: asset-id
        value: unique-asset-ID-01
      - name: ipv4-address
        value: 10.1.1.1
      - name: ipv6-address
        value: 2001:db8:3333:4444:5555:6666:7777:8888
      - name: virtual
        value: 'no'
      - name: public
        value: 'no'
      - name: fqdn
        value: dns.name
      - name: uri
        value: uniform.resource.identifier
      - name: netbios-name
        value: netbios-name
      - name: mac-address
        value: 00:00:00:00:00:00
      - name: asset-type
        value: operating-system
      - name: serial-number
        value: 'Serial #'
      - name: asset-tag
        value: Asset Tag
      - name: vlan-id
        value: VLAN Identifier
      - name: network-id
        value: Network Identifier
      - name: scan-type
        ns: http://fedramp.gov/ns/oscal
        value: infrastructure
      - name: vendor-name
        ns: http://fedramp.gov/ns/oscal
        value: Big Vendor, Inc.
      - name: scan-type
        ns: http://fedramp.gov/ns/oscal
        value: database
      - name: allows-authenticated-scan
        value: 'no'
        remarks: If no, explain why. If yes, omit remarks field.
      - name: physical-location
        value: Physical location of Asset
      - name: is-scanned
        value: 'yes'
        remarks: If no, explain why. If yes, omit remarks field.
      - name: function
        value: Required brief, text-based description.
        remarks: Optional, longer, formatted description.
      links:
      - href: '#11111111-2222-4000-8000-009000000002'
        rel: validation
      - href: '#11111111-2222-4000-8000-001000000059'
        rel: baseline
      responsible-parties:
      - role-id: asset-owner
        party-uuids:
        - 11111111-2222-4000-8000-004000000016
      - role-id: asset-administrator
        party-uuids:
        - 11111111-2222-4000-8000-004000000017
      remarks: 'COMMENTS: Additional information about this item.

        This links to a FIPS 140-2 validated software component that is used by this
        inventory item. This type of linkage to a validation through the component
        is preferable to the link[rel=''validation''] example above.'

Notes:

The value of asset-type determines whether the identified asset-administrator is managing a system or an application. Currently, any FedRAMP-defined asset-type implies the management of a system, and therefore, is to be scanned as infrastructure.

Back to top