{"assessment-plan":{"assessment-assets":{"assessment-platforms":[{"props":[{"name":"tool-type","value":"scanner"},{"name":"tool-version","value":"1.3.x"}],"title":"OpenSCAP Scanner","uuid":"2c30d511-fe3d-4637-bd03-9ab51a88736d"},{"props":[{"name":"tool-type","value":"analysis"},{"name":"tool-version","value":"1.0"}],"title":"Evidence Review Toolkit","uuid":"a8a28d9a-9452-4db6-a305-3e56057cde85"}]},"assessment-subjects":[{"description":"System inventory items","include-subjects":[{"subject-uuid":"81eeb04b-174a-4dd6-9341-83d0dbb68e48","type":"inventory-item"},{"subject-uuid":"0bf82faf-25d9-4376-a8b7-a89549eaea69","type":"inventory-item"},{"subject-uuid":"31b486c9-9c3e-456c-aa13-0c704cbe9e91","type":"inventory-item"},{"subject-uuid":"57ceca5c-87e1-46f2-80e7-505b63d77990","type":"inventory-item"},{"subject-uuid":"a3a56487-ab2f-4bea-9c1e-09c3212ec516","type":"inventory-item"},{"subject-uuid":"285b88bb-48ff-47ac-ab00-8dfb0068e0ec","type":"inventory-item"}],"type":"inventory-item"}],"import-ssp":{"href":"../system-security-plans/Ubuntu-System-ssp-fedramp-low/system-security-plan.json"},"local-definitions":{"activities":[{"description":"Automated vulnerability scanning and configuration compliance checks using OSCAP","props":[{"name":"method","value":"TEST"},{"name":"assessment-type","value":"automated"}],"steps":[{"description":"Execute security compliance scan against the inventory items","title":"Run Security Compliance Scan","uuid":"5cce306b-2d92-42df-b8f6-4a56c2cf3db6"},{"description":"Review scan results and identify non-compliant controls","title":"Analyze Results","uuid":"ac028752-5054-459a-862c-bf0b80bb1925"}],"title":"Automated Security Scanning","uuid":"67f9f849-276c-4672-9ef6-081f1c0911c9"},{"description":"Manual review and testing of security controls that cannot be automated","props":[{"name":"method","value":"EXAMINE"},{"name":"assessment-type","value":"manual"}],"steps":[{"description":"Review security policies, procedures, configurations, and evidence artifacts","title":"Document Review","uuid":"d08630e7-e270-482a-ba98-283448bf3c26"},{"description":"Interview system administrators and security personnel","title":"Interview Personnel","uuid":"2fc2b71c-d264-4bdf-8813-a4030f0ac34f"}],"title":"Manual Control Testing","uuid":"fa540021-445e-475c-9706-9b149ab3ad1a"},{"description":"Validate operational resilience, response, and recovery capabilities across the Ubuntu fleet","props":[{"name":"method","value":"TEST"},{"name":"assessment-type","value":"scenario-based"}],"steps":[{"description":"Review incident, disruption, and recovery scenarios applicable to the system","title":"Scenario Walkthrough","uuid":"225c3d92-2132-422c-b2a1-9d78d1c92f27"},{"description":"Correlate technical evidence with implemented controls and procedures","title":"Evidence Correlation","uuid":"40915981-2e74-468a-ac90-95b4557a6b38"}],"title":"Resilience and Response Validation","uuid":"6f0bcb6f-70d9-4815-b9dd-8fa6a35e842a"}]},"metadata":{"last-modified":"2026-05-09T08:08:27.701254","oscal-version":"1.2.1","props":[{"name":"assessment-type","value":"security-assessment"},{"name":"assessment-scope","value":"host-assessment"},{"name":"assessment-frequency","value":"annual"},{"name":"regulation","value":"FedRAMP Rev 5 Low"},{"name":"platform","value":"Ubuntu 24.04 LTS"},{"name":"subject-count","value":"6"}],"published":"2026-05-09T08:08:27.701254","title":"Ubuntu System Assessment Plan - FedRAMP Low","version":"1.0"},"reviewed-controls":{"control-selections":[{"description":"All controls imported by the referenced SSP will be assessed","include-all":{}}],"description":"Assessment of controls for the FedRAMP Rev 5 Low baseline","props":[{"name":"assessment-baseline","value":"FedRAMP Rev 5 Low"},{"name":"control-selection","value":"all-imported-controls"}]},"tasks":[{"description":"Schedule and conduct the assessment kickoff meeting","timing":{"on-date":{"date":"2026-05-16T08:08:27.701254"}},"title":"Assessment Kickoff","type":"action","uuid":"881acaaf-a869-467a-9baa-d2af469ea5db"},{"description":"Perform automated scans, document review, interviews, and validation activities","timing":{"within-date-range":{"end":"2026-06-13T08:08:27.701254","start":"2026-05-23T08:08:27.701254"}},"title":"Execute Automated and Manual Assessment Activities","type":"action","uuid":"94d250d0-1100-40a0-9c31-7b2459953e08"},{"description":"Complete evidence review and prepare assessment results","timing":{"on-date":{"date":"2026-06-23T08:08:27.701254"}},"title":"Assessment Results Ready","type":"milestone","uuid":"ff13bbac-1af3-4d5a-9e83-b8c4b8e423a2"}],"uuid":"64f8e495-424e-4631-a95f-19191a142b66"}}