[corpospec]
Legal pillar · v0.16.0

security-control SecurityControlRecord

Security control record.

$id · https://corpospec.com/schemas/v0.16.0/security-control.schema.json

View raw JSON → ← all schemas

Fields

Field Type Required Description
category ControlCategory yes Control category.
control_type SecurityControlType yes Control type (preventive / detective / corrective).
description string yes
entity PathRef yes Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`
framework_mappings ControlFrameworkMapping[] yes
id PathRef yes Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`
last_tested IsoDate yes ISO 8601 date (YYYY-MM-DD).
maturity ControlMaturity yes Maturity (CMMI-style 1–5).
name string yes
next_test_due IsoDate yes ISO 8601 date (YYYY-MM-DD).
owner PathRef yes PathRef into the owning team / role.
short_id string yes Short identifier (e.g. "AC-1", "IR-1") for internal reference.
status ImplementationStatus yes Implementation status.
test_cadence string yes Test cadence ISO 8601 duration (e.g. "P3M" — quarterly).
evidence_refs PathRef[] PathRefs to evidence collected for this control.
procedure_refs PathRef[] PathRefs into SOPs / runbooks that operationalise this control.
risk_refs PathRef[] Risk treated (PathRef to a risk register entry, if used).

Definitions

Shared types referenced within this schema.

ControlCategory
Control category.
ControlFrameworkMapping
External framework mapping.
type: object
ControlMaturity
Maturity (CMMI-style 1–5).
ImplementationStatus
Implementation status.
IsoDate
ISO 8601 date (YYYY-MM-DD).
type: string
PathRef
Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`
pattern: ^[a-z0-9_-]+(/[a-z0-9_.-]+)+$
SecurityControlType
Control type (preventive / detective / corrective).

Reference in your YAML

# yaml-language-server: $schema=https://corpospec.com/schemas/v0.16.0/security-control.schema.json