{"assessment-plan":{"assessment-assets":{"assessment-platforms":[{"props":[{"name":"tool-type","value":"scanner"},{"name":"tool-version","value":"1.3.x"}],"title":"OpenSCAP Scanner","uuid":"def08522-7bbc-4fd5-b06a-e8150c8d2a58"},{"props":[{"name":"tool-type","value":"analysis"},{"name":"tool-version","value":"1.0"}],"title":"Evidence Review Toolkit","uuid":"f08b051d-1354-4a9b-ac96-cf012ef4dec9"}]},"assessment-subjects":[{"description":"System inventory items","include-subjects":[{"subject-uuid":"64372a9e-9bbd-4b83-adab-873993d0ddf3","type":"inventory-item"},{"subject-uuid":"882853ea-ccef-497b-a548-cd24df9e21ea","type":"inventory-item"},{"subject-uuid":"34a7aaef-8ada-404b-a067-fb5131853f2b","type":"inventory-item"},{"subject-uuid":"69dd0bb5-ef44-4d78-9830-e2e337458d56","type":"inventory-item"},{"subject-uuid":"c89a8516-832e-47b1-bc15-9f05a6eca17f","type":"inventory-item"},{"subject-uuid":"3cf4a686-4866-4875-a703-0bfd2757c854","type":"inventory-item"}],"type":"inventory-item"}],"import-ssp":{"href":"../system-security-plans/Ubuntu-System-ssp-dora/system-security-plan.json"},"local-definitions":{"activities":[{"description":"Automated vulnerability scanning and configuration compliance checks using OSCAP","props":[{"name":"method","value":"TEST"},{"name":"assessment-type","value":"automated"}],"steps":[{"description":"Execute security compliance scan against the inventory items","title":"Run Security Compliance Scan","uuid":"478147ab-a8ac-46ee-968e-b1dd1b9f4f33"},{"description":"Review scan results and identify non-compliant controls","title":"Analyze Results","uuid":"615f90a1-4d23-493d-9823-1b5aa2a16089"}],"title":"Automated Security Scanning","uuid":"5ad2ab12-db82-4753-a01d-d72638028893"},{"description":"Manual review and testing of security controls that cannot be automated","props":[{"name":"method","value":"EXAMINE"},{"name":"assessment-type","value":"manual"}],"steps":[{"description":"Review security policies, procedures, configurations, and evidence artifacts","title":"Document Review","uuid":"2edc3f94-6766-42a5-9189-97cd8a3a2e1b"},{"description":"Interview system administrators and security personnel","title":"Interview Personnel","uuid":"9e347a5e-10d2-4872-ae54-8271892aa0de"}],"title":"Manual Control Testing","uuid":"23e90b1d-713e-4960-8458-0e2d3a920758"},{"description":"Validate operational resilience, response, and recovery capabilities across the Ubuntu fleet","props":[{"name":"method","value":"TEST"},{"name":"assessment-type","value":"scenario-based"}],"steps":[{"description":"Review incident, disruption, and recovery scenarios applicable to the system","title":"Scenario Walkthrough","uuid":"b7fd9374-2fcd-42ac-b0d5-5562f701284f"},{"description":"Correlate technical evidence with implemented controls and procedures","title":"Evidence Correlation","uuid":"b8098bfc-7a59-4dcd-a286-3b70cb7dffac"}],"title":"Resilience and Response Validation","uuid":"753b278a-479a-48de-bffd-38cc4d42dfb0"}]},"metadata":{"last-modified":"2026-05-09T08:08:27.727997","oscal-version":"1.2.1","props":[{"name":"assessment-type","value":"security-assessment"},{"name":"assessment-scope","value":"host-assessment"},{"name":"assessment-frequency","value":"annual"},{"name":"regulation","value":"EU DORA"},{"name":"platform","value":"Ubuntu 24.04 LTS"},{"name":"subject-count","value":"6"}],"published":"2026-05-09T08:08:27.727997","title":"Ubuntu System Assessment Plan - DORA","version":"1.0"},"reviewed-controls":{"control-selections":[{"description":"All controls imported by the referenced SSP will be assessed","include-all":{}}],"description":"Assessment of controls for the EU DORA baseline","props":[{"name":"assessment-baseline","value":"EU DORA"},{"name":"control-selection","value":"all-imported-controls"}]},"tasks":[{"description":"Schedule and conduct the assessment kickoff meeting","timing":{"on-date":{"date":"2026-05-16T08:08:27.727997"}},"title":"Assessment Kickoff","type":"action","uuid":"d5667604-2cd3-4b31-9202-e77f835b13d3"},{"description":"Perform automated scans, document review, interviews, and validation activities","timing":{"within-date-range":{"end":"2026-06-13T08:08:27.727997","start":"2026-05-23T08:08:27.727997"}},"title":"Execute Automated and Manual Assessment Activities","type":"action","uuid":"89d1ef6e-726f-4735-9133-ca35c921c105"},{"description":"Complete evidence review and prepare assessment results","timing":{"on-date":{"date":"2026-06-23T08:08:27.727997"}},"title":"Assessment Results Ready","type":"milestone","uuid":"a4c897b9-63dd-497a-a452-4aa092d7fcde"}],"uuid":"e2dc869d-5cb5-4876-8f4b-ff630f68f995"}}