ResultType classifies the nature of an audit result
AuditResult records a single result with supporting evidence and recommendations.
description explains the result in detail
criteria-reference maps this result to specific criteria entries
recommendations records corrective actions for this result
Evidence records what was cited to support an opinion for a specific activity: raw data for the evaluation layer, evaluation and enforcement artifacts for the audit layer.
collected-at is the timestamp when the evidence was gathered
description explains what this evidence represents
EvidenceType categorizes the kind of evidence. It remains an open enum: recommended values include artifact types already known to Gemara (e.g. EvaluationLog, EnforcementLog) plus categories for common evidence forms.
Capability describes a system capability such as a feature, component or object.
description provides a detailed overview of this capability
Catalog describes a set of topically-associated entries
Lifecycle represents the lifecycle state of a guideline, control, or assessment requirement
ConfidenceLevel indicates the evaluator's confidence level in an assessment result.
Control describes a safeguard or countermeasure with a clear objective and assessment requirements
assessment-requirements is a list of requirements that must be verified to confirm the control objective has been met
guidelines documents relationships between this control and Layer 1 guideline artifacts
replaced-by references the control that supersedes this one when deprecated or retired
AssessmentRequirement describes a tightly scoped, verifiable condition that must be satisfied and confirmed by an evaluator
applicability is a list of strings describing the situations where this text functions as a requirement for its parent control
recommendation provides readers with non-binding suggestions to aid in evaluation or enforcement of the requirement
replaced-by references the assessment requirement that supersedes this one when deprecated or retired
EnforcementLog records actions taken in response to noncompliance findings from Layer 5 evaluations.
disposition is the aggregate enforcement disposition across all actions in this log
ActionResult captures a performed enforcement action.
disposition is the enforcement action taken
justification links the action to its assessment findings and any applicable exceptions
EnforcementStep is a reference to the code that performed an enforcement action
Justification provides the assessment data and exception references that justify an enforcement action.
assessments links the action to one or more Assessment Findings
exceptions references approved Policy exceptions that authorize the action
AssessmentFinding maps an enforcement action to its originating assessment data across Layer 2, Layer 3, and Layer 5.
requirement maps to the Layer 2 assessment requirement that was evaluated
// Enforcement outcome could not be determined. "Undetermined" | // Findings existed and actions were taken. "Enforced" | // Findings existed but were accepted without action. "Tolerated" | // No findings, nothing to act on. "Clear"
Disposition enumerates the possible enforcement outcomes.
Entity represents a human or tool
description provides additional context about the entity
Resource represents an entity that exists in the system and can be evaluated
environment describes where the resource exists (e.g., production, staging, development, specific region)
EntityType specifies what entity is interacting in the workflow
Contact is the contact information for a person or group
affiliation is the organization with which the contact entity is associated, such as a team, school, or employer
RACI defines the roles responsible for managing an artifact
responsible identifies the entities responsible for executing work to manage or mitigate the artifact
accountable identifies the entity ultimately accountable for the outcome
consulted identifies entities whose input is required when assessing or responding to the artifact
ControlEvaluation contains the results of evaluating a single Layer 5 control.
Enforce that control reference and the assessments' references match This formulation uses the control's reference if the assessment doesn't include a reference
AssessmentLog contains the results of executing a single assessment procedure for a control requirement.
Requirement should map to the assessment requirement for this assessment.
Description provides a summary of the assessment procedure.
Applicability is elevated from the Layer 2 Assessment Requirement to aid in execution and reporting.
Steps-executed is the number of steps that were executed as part of the assessment.
Recommendation provides guidance on how to address a failed assessment.
ConfidenceLevel indicates the evaluator's confidence level in this specific assessment result.
GuidanceCatalog represents a concerted documentation effort to help bring about an optimal future without foreknowledge of the implementation details
front-matter provides introductory text for the document to be used during rendering
guidelines is a list of unique guidelines defined by this catalog
exemptions provides information about situations where this guidance is not applicable
GuidanceType restricts the possible types that a catalog may be listed as
Exemption describes a single scenario where the catalog is not applicable
description identifies who or what is exempt from the full guidance
Guideline provides explanatory context and recommendations for designing optimal outcomes
recommendations is a list of non-binding suggestions to aid in evaluation or enforcement of the guideline
applicability specifies the contexts in which this guideline applies
rationale provides the context for this guideline
statements is a list of structural sub-requirements within a guideline
principles documents the relationship between this guideline and one or more principles
vector-mappings documents the relationship between this guideline and one or more vectors
see-also lists related guideline IDs within the same GuidanceCatalog
replaced-by references the guideline that supersedes this one when deprecated or retired
Statement represents a structural sub-requirement within a guideline; They do not increase strictness and all statements within a guideline apply together
recommendations is a list of non-binding suggestions to aid in evaluation or enforcement of the statement
Rationale provides a structured way to communicate a guideline author's intent
importance is an explanation of why this guideline matters
Lexicon is a controlled vocabulary or glossary artifact referenced by Metadata.lexicon
LexiconTerm is a single definition within a lexicon
definition explains the meaning of the term
references cites external authorities supporting the definition
MappingReference represents a reference to an external document with full metadata.
description is prose regarding the artifact's purpose or content
ArtifactMapping represents a mapping to an external artifact or artifact entry
reference-id identifies an element from a MappingReference in the artifact's metadata
EntryMapping represents how a specific entry maps to a MappingReference.
reference-id is the id for a MappingReference entry in the artifact's metadata
entry-id is the identifier being mapped to in the referenced artifact
MappingDocument captures the user's intent for how entries in a source artifact relate to entries in a target artifact
source-reference identifies the artifact being mapped from; must match a mapping-reference id
target-reference identifies the artifact being mapped to; must match a mapping-reference id
TypedMapping extends ArtifactMapping with a required entry-type for all entries in this direction
entry-type identifies the type of atomic unit entries in this direction
{
@go(-)
} & #Mapping & {
relationship: #RelationshipType
if relationship != "no-match" {
targets: [#MappingTarget, ...#MappingTarget]
}
}_MappingStrict layers the "targets required when not no-match" rule on top of #Mapping
MappingTarget identifies a target entry with optional per-target metadata
entry-id identifies the specific entry in the target artifact
applicability constrains the contexts in which this target mapping holds
rationale explains why this relationship exists for this target
Mapping represents a relationship between a source entry and one or more target entries
relationship describes the nature of the mapping between source and all targets
// source fulfills the target's objective "implements" | // target fulfills the source's objective (requirements-to-implementation direction) "implemented-by" | // source contributes to, but does not fully satisfy, the target "supports" | // target contributes to, but does not fully satisfy, the source "supported-by" | // source and target express the same intent "equivalent" | // source fully contains the target's scope and more "subsumes" | // source has no counterpart in the target artifact "no-match" | // source and target are related but the nature is unspecified "relates-to"
RelationshipType enumerates the nature of the mapping between entries.
"Guideline" | "Statement" | "Control" | "AssessmentRequirement" | "Capability" | "Threat" | "Risk" | "Vector" | "Principle"
EntryType enumerates the atomic units within Gemara artifacts that can participate in mappings
Group represents a classification or grouping that can be used in different contexts with semantic meaning derived from its usage
description explains the significance and traits of entries to this group
Metadata represents common metadata fields shared across all layers
gemara-version declares which version of the Gemara specification this artifact conforms to
description provides a high-level summary of the artifact's purpose and scope
mapping-references is a list of external documents referenced within this artifact
applicability-groups is a list of groups used to classify within this artifact to specify scope
"CapabilityCatalog" | "ControlCatalog" | "GuidanceCatalog" | "ThreatCatalog" | "RiskCatalog" | "Policy" | "MappingDocument" | "Lexicon" | "EvaluationLog" | "EnforcementLog" | "VectorCatalog" | "PrincipleCatalog" | "AuditLog"
ArtifactType identifies the kind of Gemara artifact for unambiguous parsing
Policy represents a policy document with metadata, contacts, scope, imports, implementation plan, risks, and adherence requirements.
Dimensions specify the applicability criteria for a policy
technologies is an optional list of technology categories or services
geopolitical is an optional list of geopolitical regions
sensitivity is an optional list of data classification levels
ImplementationPlan defines when and how the policy becomes active.
Risks defines mitigated and accepted risks addressed by this policy.
Mitigated risks only need reference-id and risk-id (no justification required)
AcceptedRisk documents a risk the organization has chosen to accept, optionally linking it to a mitigated risk when the acceptance covers residual risk after partial mitigation.
target-id optionally links this acceptance to a mitigated risk entry
justification explains why the risk is accepted
Adherence defines evaluation methods, assessment plans, enforcement methods, and non-compliance notifications.
AssessmentPlan defines how a specific assessment requirement is evaluated.
Parameter defines a configurable parameter for assessment or enforcement activities.
GuidanceImport defines how to import guidance documents with optional exclusions and constraints.
Constraints allow policy authors to define ad hoc minimum requirements (e.g., "review at least annually").
CatalogImport defines how to import control catalogs with optional exclusions, constraints, and assessment requirement modifications.
Constraint defines a prescriptive requirement that applies to a specific guidance or control.
Links to the specific Guidance or Control being constrained
AssessmentRequirementModifier allows organizations to customize assessment requirements based on how an organization wants to gather evidence for the objective.
The updated applicability of the assessment requirement
The updated recommendation for the assessment requirement
Principle represents a foundational value or tenet that guides governance, design, and operational decisions
description explains the principle and its expected outcomes
rationale provides the context for this principle
A RiskCatalog is a structured collection of documented risks that may affect an organization, system, or service. It provides a centralized reference for risks that can be mapped to threats and referenced by policies when documenting how those risks are mitigated or accepted.
RiskCategory describes a grouping of risks and defines appetite boundaries
max-severity defines the risk tolerance boundary: the highest severity the organization will accept within this category
// minor consequence if realized; manageable within normal operations "Low" | // moderate consequence if realized; may impair specific functions or objectives "Medium" | // severe consequence if realized; likely to disrupt core operations or objectives "High" | // extreme consequence if realized; threatens organizational viability or mission "Critical"
Severity defines the assessed level of a risk based on its potential impact and likelihood
// organization is willing to accept higher cost to minimize risk "Minimal" | // organization favors caution but permits limited risk "Low" | // organization tolerates residual risk when justified by value "Moderate" | // organization is willing to operate with less restrictive controls "High"
RiskAppetite defines the acceptable level of exposure for a risk category
A Risk represents the potential for negative impact resulting from one or more threats.
description explains the risk scenario
threats link this risk to Layer 2 threats
Threat describes a specifically-scoped opportunity for a negative impact to the organization
description provides a detailed explanation of an opportunity for negative impact
capabilities documents the relationship between this threat and a system capability
A Vector represents a method, pathway, or technique through which a threat may be realized or an attack may be carried out.
description explains how the attack vector works
applicability specifies the contexts in which this vector can manifest
AuditLog records results from an audit performed against a target resource