1// SPDX-License-Identifier: Apache-2.0
2
3// Schema lifecycle: experimental | stable | deprecated
4@status("stable")
5package gemara
6
7@go(gemara)
8
9// EvaluationLog contains the results of evaluating a set of Layer 2 controls.
10#EvaluationLog: {
11 #Log
12 metadata: type: "EvaluationLog"
13 // result is the aggregate outcome across all evaluations in this log
14 result: #Result
15 evaluations: [#ControlEvaluation, ...#ControlEvaluation] @go(Evaluations,type=[]*ControlEvaluation)
16}
17
18// ControlEvaluation contains the results of evaluating a single Layer 5 control.
19#ControlEvaluation: {
20 name: string
21 result: #Result
22 message: string
23 control: #EntryMapping
24 "assessment-logs": [#AssessmentLog, ...#AssessmentLog] @go(AssessmentLogs,type=[]*AssessmentLog)
25 // Enforce that control reference and the assessments' references match
26 // This formulation uses the control's reference if the assessment doesn't include a reference
27 "assessment-logs": [...{
28 requirement: "reference-id": (control."reference-id")
29 }]
30}
31
32// AssessmentLog contains the results of executing a single assessment procedure for a control requirement.
33#AssessmentLog: {
34 // Requirement should map to the assessment requirement for this assessment.
35 requirement: #EntryMapping
36 // Plan maps to the policy assessment plan being executed.
37 plan?: #EntryMapping @go(Plan,optional=nillable)
38 // Description provides a summary of the assessment procedure.
39 description: string
40 // Result is the overall outcome of the assessment procedure, matching the result of the last step that was run.
41 result: #Result
42 // Message provides additional context about the assessment result.
43 message: string
44 // Applicability is elevated from the Layer 2 Assessment Requirement to aid in execution and reporting.
45 applicability: [string, ...string] @go(Applicability,type=[]string)
46 // Steps are sequential actions taken as part of the assessment, which may halt the assessment if a failure occurs.
47 steps: [#AssessmentStep, ...#AssessmentStep]
48 // Steps-executed is the number of steps that were executed as part of the assessment.
49 "steps-executed"?: int @go(StepsExecuted)
50 // Start is the timestamp when the assessment began.
51 start: #Datetime
52 // End is the timestamp when the assessment concluded.
53 end?: #Datetime
54 // Recommendation provides guidance on how to address a failed assessment.
55 recommendation?: string
56 // ConfidenceLevel indicates the evaluator's confidence level in this specific assessment result.
57 "confidence-level"?: #ConfidenceLevel @go(ConfidenceLevel)
58 // Evidence records the raw data cited to support this assessment's opinion.
59 evidence?: [#Evidence, ...#Evidence] @go(Evidence)
60}
61
62#AssessmentStep: string @go(-)
63
64#Result: "Not Run" | "Passed" | "Failed" | "Needs Review" | "Not Applicable" | "Unknown" @go(-)