{"assessment-plan":{"assessment-assets":{"assessment-platforms":[{"props":[{"name":"tool-type","value":"scanner"},{"name":"tool-version","value":"1.3.x"}],"title":"OpenSCAP Scanner","uuid":"e045b73d-00d7-4687-b163-69bd43661ce5"},{"props":[{"name":"tool-type","value":"analysis"},{"name":"tool-version","value":"1.0"}],"title":"Evidence Review Toolkit","uuid":"8dba8f16-eaf2-4dc1-9b4a-09321b2c78e2"}]},"assessment-subjects":[{"description":"System inventory items","include-subjects":[{"subject-uuid":"307454ed-9802-459e-b6a9-37065f93162a","type":"inventory-item"},{"subject-uuid":"9ebe2c37-81a5-4148-9ea5-4c10c74df56f","type":"inventory-item"},{"subject-uuid":"f3620e2a-e520-417a-a255-0e90a55ea982","type":"inventory-item"},{"subject-uuid":"c889e3da-5c02-41c3-be8a-0ff20e3629c7","type":"inventory-item"},{"subject-uuid":"4b591e47-c939-45a0-8319-d502cd719125","type":"inventory-item"},{"subject-uuid":"8efdb9cd-6f3b-4063-8f30-a261ca530edc","type":"inventory-item"}],"type":"inventory-item"}],"import-ssp":{"href":"../system-security-plans/Ubuntu-System-ssp-fedramp-moderate/system-security-plan.json"},"local-definitions":{"activities":[{"description":"Automated vulnerability scanning and configuration compliance checks using OSCAP","props":[{"name":"method","value":"TEST"},{"name":"assessment-type","value":"automated"}],"steps":[{"description":"Execute security compliance scan against the inventory items","title":"Run Security Compliance Scan","uuid":"78a768d8-02c3-4698-ac41-ba2567e8d5a5"},{"description":"Review scan results and identify non-compliant controls","title":"Analyze Results","uuid":"8fbc6b4a-3c53-4a75-b009-3f1f76d1eb2a"}],"title":"Automated Security Scanning","uuid":"af68d62d-7ada-4a28-9441-8936105a3d7f"},{"description":"Manual review and testing of security controls that cannot be automated","props":[{"name":"method","value":"EXAMINE"},{"name":"assessment-type","value":"manual"}],"steps":[{"description":"Review security policies, procedures, configurations, and evidence artifacts","title":"Document Review","uuid":"cda869ff-9c93-4f62-8bca-946101d3aac5"},{"description":"Interview system administrators and security personnel","title":"Interview Personnel","uuid":"39cf51bb-38a5-4379-8259-486f6af8f2b1"}],"title":"Manual Control Testing","uuid":"7ac0dba1-4c00-4f10-80fb-eb85d8a1df85"},{"description":"Validate operational resilience, response, and recovery capabilities across the Ubuntu fleet","props":[{"name":"method","value":"TEST"},{"name":"assessment-type","value":"scenario-based"}],"steps":[{"description":"Review incident, disruption, and recovery scenarios applicable to the system","title":"Scenario Walkthrough","uuid":"f6ef5ba3-fd37-4054-b80e-383ba31618df"},{"description":"Correlate technical evidence with implemented controls and procedures","title":"Evidence Correlation","uuid":"eb42591c-e013-4e86-88ba-6e946280ccb2"}],"title":"Resilience and Response Validation","uuid":"dbef7b03-db17-487d-9e3c-8c583986766f"}]},"metadata":{"last-modified":"2026-05-09T08:08:27.710082","oscal-version":"1.2.1","props":[{"name":"assessment-type","value":"security-assessment"},{"name":"assessment-scope","value":"host-assessment"},{"name":"assessment-frequency","value":"annual"},{"name":"regulation","value":"FedRAMP Rev 5 Moderate"},{"name":"platform","value":"Ubuntu 24.04 LTS"},{"name":"subject-count","value":"6"}],"published":"2026-05-09T08:08:27.710082","title":"Ubuntu System Assessment Plan - FedRAMP Moderate","version":"1.0"},"reviewed-controls":{"control-selections":[{"description":"All controls imported by the referenced SSP will be assessed","include-all":{}}],"description":"Assessment of controls for the FedRAMP Rev 5 Moderate baseline","props":[{"name":"assessment-baseline","value":"FedRAMP Rev 5 Moderate"},{"name":"control-selection","value":"all-imported-controls"}]},"tasks":[{"description":"Schedule and conduct the assessment kickoff meeting","timing":{"on-date":{"date":"2026-05-16T08:08:27.710082"}},"title":"Assessment Kickoff","type":"action","uuid":"94e7e88c-faa1-437c-a211-0da27ef01653"},{"description":"Perform automated scans, document review, interviews, and validation activities","timing":{"within-date-range":{"end":"2026-06-13T08:08:27.710082","start":"2026-05-23T08:08:27.710082"}},"title":"Execute Automated and Manual Assessment Activities","type":"action","uuid":"a6aac705-72f3-4199-ab17-1cd0ab5a548f"},{"description":"Complete evidence review and prepare assessment results","timing":{"on-date":{"date":"2026-06-23T08:08:27.710082"}},"title":"Assessment Results Ready","type":"milestone","uuid":"01b29c94-bcb9-4332-9565-831758d936c4"}],"uuid":"59bfca3f-b0e9-4c33-8c01-7f061106499a"}}