{"assessment-plan":{"assessment-assets":{"assessment-platforms":[{"props":[{"name":"tool-type","value":"scanner"},{"name":"tool-version","value":"1.3.x"}],"title":"OpenSCAP Scanner","uuid":"a4115569-4cf4-4ed8-a7eb-0e075d5a6d09"},{"props":[{"name":"tool-type","value":"analysis"},{"name":"tool-version","value":"1.0"}],"title":"Evidence Review Toolkit","uuid":"36e6859b-38a4-4ff1-9d2b-2ba74c0bc1f9"}]},"assessment-subjects":[{"description":"System inventory items","include-subjects":[{"subject-uuid":"0db6ffe6-cdc9-4fb5-bc66-81c2ca7334a9","type":"inventory-item"},{"subject-uuid":"eff26a82-e8bf-4a07-8a64-994f5a64ffb6","type":"inventory-item"},{"subject-uuid":"105ed03c-427c-4056-94a8-5eb533b28f8c","type":"inventory-item"},{"subject-uuid":"b2a728ab-2302-4723-bc06-5fd50f623170","type":"inventory-item"},{"subject-uuid":"a835ca56-9e63-4bf2-bcf1-566ba62e1a94","type":"inventory-item"},{"subject-uuid":"492f8bb1-7ace-458f-8225-122941125b0c","type":"inventory-item"}],"type":"inventory-item"}],"import-ssp":{"href":"../system-security-plans/Ubuntu-System-ssp-fedramp-high/system-security-plan.json"},"local-definitions":{"activities":[{"description":"Automated vulnerability scanning and configuration compliance checks using OSCAP","props":[{"name":"method","value":"TEST"},{"name":"assessment-type","value":"automated"}],"steps":[{"description":"Execute security compliance scan against the inventory items","title":"Run Security Compliance Scan","uuid":"44e0f1da-3315-40d6-8d74-9d2e1ce5a91a"},{"description":"Review scan results and identify non-compliant controls","title":"Analyze Results","uuid":"9b0fdc65-56f3-4be8-b660-872e87dafca4"}],"title":"Automated Security Scanning","uuid":"39727a36-a6ed-40d6-b20b-b1ed8a1b54c5"},{"description":"Manual review and testing of security controls that cannot be automated","props":[{"name":"method","value":"EXAMINE"},{"name":"assessment-type","value":"manual"}],"steps":[{"description":"Review security policies, procedures, configurations, and evidence artifacts","title":"Document Review","uuid":"d697d82d-944d-44d8-a9b1-56578af9dddc"},{"description":"Interview system administrators and security personnel","title":"Interview Personnel","uuid":"ed3322e8-4901-4045-9020-92e3f9c7eb7b"}],"title":"Manual Control Testing","uuid":"f57d7242-e2db-4150-a17d-89ed06d63229"},{"description":"Validate operational resilience, response, and recovery capabilities across the Ubuntu fleet","props":[{"name":"method","value":"TEST"},{"name":"assessment-type","value":"scenario-based"}],"steps":[{"description":"Review incident, disruption, and recovery scenarios applicable to the system","title":"Scenario Walkthrough","uuid":"93636b0f-359b-4156-a96f-5c9af2960e42"},{"description":"Correlate technical evidence with implemented controls and procedures","title":"Evidence Correlation","uuid":"71f29b3d-9e32-4b81-9e33-b822ad1e9f04"}],"title":"Resilience and Response Validation","uuid":"4a426091-690e-4318-ba36-1bd3e65b5662"}]},"metadata":{"last-modified":"2026-05-09T08:08:27.719089","oscal-version":"1.2.1","props":[{"name":"assessment-type","value":"security-assessment"},{"name":"assessment-scope","value":"host-assessment"},{"name":"assessment-frequency","value":"annual"},{"name":"regulation","value":"FedRAMP Rev 5 High"},{"name":"platform","value":"Ubuntu 24.04 LTS"},{"name":"subject-count","value":"6"}],"published":"2026-05-09T08:08:27.719089","title":"Ubuntu System Assessment Plan - FedRAMP High","version":"1.0"},"reviewed-controls":{"control-selections":[{"description":"All controls imported by the referenced SSP will be assessed","include-all":{}}],"description":"Assessment of controls for the FedRAMP Rev 5 High baseline","props":[{"name":"assessment-baseline","value":"FedRAMP Rev 5 High"},{"name":"control-selection","value":"all-imported-controls"}]},"tasks":[{"description":"Schedule and conduct the assessment kickoff meeting","timing":{"on-date":{"date":"2026-05-16T08:08:27.719089"}},"title":"Assessment Kickoff","type":"action","uuid":"7a93f984-b241-40d2-b879-761f497da474"},{"description":"Perform automated scans, document review, interviews, and validation activities","timing":{"within-date-range":{"end":"2026-06-13T08:08:27.719089","start":"2026-05-23T08:08:27.719089"}},"title":"Execute Automated and Manual Assessment Activities","type":"action","uuid":"f4aef80a-b287-4aae-82ac-63e1c9f79eaf"},{"description":"Complete evidence review and prepare assessment results","timing":{"on-date":{"date":"2026-06-23T08:08:27.719089"}},"title":"Assessment Results Ready","type":"milestone","uuid":"96801fea-4b6b-4e84-9ec8-25f45ab91829"}],"uuid":"71570933-d1b1-4646-bd2d-e8cea3a2a064"}}