Legal pillar · v0.7.1
control SecurityControl
Security control implementation aligned with OSCAL component definition model.
$id · https://corpospec.com/schemas/v0.7.1/control.schema.json
Fields
| Field | Type | Required | Description |
|---|---|---|---|
| catalog | string | yes | |
| control_id | string | yes | |
| id | PathRef | yes | Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$` |
| status | ControlStatus | yes | Control implementation status. |
| title | string | yes | |
| assessor | string? | — | |
| evidence | Evidence[] | — | |
| implementation | ControlImplementation? | — | |
| iso27001_mapping | Iso27001Mapping[] | — | |
| last_assessed | IsoDate? | — | |
| soc2_mapping | Soc2Mapping[] | — |
Definitions
Shared types referenced within this schema.
ComponentType
Component type in a control implementation.
enum: "service", "process", "policy", "hardware", "software"
ControlComponent
Component of a control implementation.
type: object
ControlImplementation
Control implementation details.
type: object
ControlStatus
Control implementation status.
enum: "planned", "implemented", "partial", "not-applicable"
Evidence
Evidence record.
type: object
EvidenceType
Evidence type.
enum: "configuration", "process", "document", "screenshot", "log"
Iso27001Mapping
ISO 27001 mapping entry.
type: object
IsoDate
ISO 8601 date (YYYY-MM-DD).
type: string
PathRef
Path-based cross-reference relative to .corpospec/ root.
Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`
pattern: ^[a-z0-9_-]+(/[a-z0-9_.-]+)+$
Soc2Mapping
SOC2 mapping entry.
type: object
Reference in your YAML
# yaml-language-server: $schema=https://corpospec.com/schemas/v0.7.1/control.schema.json