{"assessment-plan":{"assessment-assets":{"assessment-platforms":[{"props":[{"name":"tool-type","value":"scanner"},{"name":"tool-version","value":"1.3.x"}],"title":"OpenSCAP Scanner","uuid":"fcde8009-e3bb-4a7e-a033-837d9147c8bd"},{"props":[{"name":"tool-type","value":"analysis"},{"name":"tool-version","value":"1.0"}],"title":"Evidence Review Toolkit","uuid":"6149ba08-d317-4a67-b763-bff8170f8b01"}]},"assessment-subjects":[{"description":"System inventory items","include-subjects":[{"subject-uuid":"549a7df4-c8b6-475f-86e8-ff09305304b1","type":"inventory-item"},{"subject-uuid":"fb994c1f-659c-45ad-b219-8effbcdba598","type":"inventory-item"},{"subject-uuid":"ddc9debc-92a2-481a-9d85-2f67ca03b7b8","type":"inventory-item"},{"subject-uuid":"fe81215b-0f3f-466c-bc88-a8badfe5dd84","type":"inventory-item"}],"type":"inventory-item"}],"import-ssp":{"href":"../system-security-plans/Kubernetes-System-ssp-fedramp-moderate/system-security-plan.json"},"local-definitions":{"activities":[{"description":"Automated vulnerability scanning and configuration compliance checks using OSCAP","props":[{"name":"method","value":"TEST"},{"name":"assessment-type","value":"automated"}],"steps":[{"description":"Execute security compliance scan against the inventory items","title":"Run Security Compliance Scan","uuid":"8f27b0a9-a2d3-4ca4-9af7-bbae3912f562"},{"description":"Review scan results and identify non-compliant controls","title":"Analyze Results","uuid":"e3129bc7-323e-4a16-9ec0-91661eb68fd7"}],"title":"Automated Security Scanning","uuid":"c805142c-9853-4e14-9cb5-8dd408dcfd75"},{"description":"Manual review and testing of security controls that cannot be automated","props":[{"name":"method","value":"EXAMINE"},{"name":"assessment-type","value":"manual"}],"steps":[{"description":"Review security policies, procedures, configurations, and evidence artifacts","title":"Document Review","uuid":"336a1266-d95b-4ff8-b387-cbbcc48cd270"},{"description":"Interview system administrators and security personnel","title":"Interview Personnel","uuid":"af7f703e-9480-4c9a-a723-290eb89f26b4"}],"title":"Manual Control Testing","uuid":"fd6df124-bd03-4523-b485-9dfec119ab59"},{"description":"Validate operational resilience, response, and recovery capabilities across the Ubuntu fleet","props":[{"name":"method","value":"TEST"},{"name":"assessment-type","value":"scenario-based"}],"steps":[{"description":"Review incident, disruption, and recovery scenarios applicable to the system","title":"Scenario Walkthrough","uuid":"82824014-9f46-4ffd-b106-10d05e81506e"},{"description":"Correlate technical evidence with implemented controls and procedures","title":"Evidence Correlation","uuid":"dcbe4bed-0314-4b6d-bb82-0a6952df88d6"}],"title":"Resilience and Response Validation","uuid":"86fa408b-fd86-4d19-9f90-a63db7570c45"}]},"metadata":{"last-modified":"2026-05-09T08:08:27.733512","oscal-version":"1.2.1","props":[{"name":"assessment-type","value":"security-assessment"},{"name":"assessment-scope","value":"host-assessment"},{"name":"assessment-frequency","value":"annual"},{"name":"regulation","value":"FedRAMP Rev 5 Moderate"},{"name":"platform","value":"Kubernetes 1.28"},{"name":"subject-count","value":"4"}],"published":"2026-05-09T08:08:27.733512","title":"Kubernetes System Assessment Plan - FedRAMP Moderate","version":"1.0"},"reviewed-controls":{"control-selections":[{"description":"All controls imported by the referenced SSP will be assessed","include-all":{}}],"description":"Assessment of controls for the FedRAMP Rev 5 Moderate baseline","props":[{"name":"assessment-baseline","value":"FedRAMP Rev 5 Moderate"},{"name":"control-selection","value":"all-imported-controls"}]},"tasks":[{"description":"Schedule and conduct the assessment kickoff meeting","timing":{"on-date":{"date":"2026-05-16T08:08:27.733512"}},"title":"Assessment Kickoff","type":"action","uuid":"b4943efd-64c8-4a1f-a31e-0616228df694"},{"description":"Perform automated scans, document review, interviews, and validation activities","timing":{"within-date-range":{"end":"2026-06-13T08:08:27.733512","start":"2026-05-23T08:08:27.733512"}},"title":"Execute Automated and Manual Assessment Activities","type":"action","uuid":"0f096bf6-a008-47b9-9cfa-fa4cb5d84b2a"},{"description":"Complete evidence review and prepare assessment results","timing":{"on-date":{"date":"2026-06-23T08:08:27.733512"}},"title":"Assessment Results Ready","type":"milestone","uuid":"3a020dae-4e47-4d3a-9fdc-91dfb1f29b8f"}],"uuid":"67ecdfad-b9eb-456a-b1e8-13ef63074f1e"}}