PT.json
1 { 2 "$schema": "http://json-schema.org/draft-07/schema", 3 "$id": "http://example.com/example.json", 4 "type": "object", 5 "title": "Pentest Plan and Report", 6 "description": "The purpose of this document is to report on the penetration tests that have been carried out in an attempt to exploit some of the vulnerabilities analyzed.", 7 "default": {}, 8 "examples": [ 9 { 10 "pt": { 11 "changelog": [ 12 { 13 "version": "1.0", 14 "date": "2021-11-18", 15 "authors": [ 16 "AGJ" 17 ], 18 "reason": "Initial version", 19 "changes": [ 20 "Creation of the document" 21 ] 22 }, 23 { 24 "version": "2.0", 25 "date": "2021-11-19", 26 "authors": [ 27 "AGJ" 28 ], 29 "reason": "New version of ST", 30 "changes": [ 31 "Update" 32 ] 33 } 34 ], 35 "information": { 36 "dossierCode": "2021-001", 37 "authors": [ 38 "AGJ", 39 "DAT" 40 ], 41 "reviewedBy": "JTG", 42 "approvedBy": "JTG", 43 "projectCode": "CC_MANUFACTURER_PROJECT" 44 }, 45 "penetrationTests": [ 46 { 47 "name": "CC_MANUFACTURER_PROJECT-PT-0010", 48 "vulnerability": "CC_MANUFACTURER_PROJECT-VUL-0010", 49 "objective": "This is the objective", 50 "scenario": "Scenario 01", 51 "preconditions": "This is the preconditions", 52 "evaluator": "AGJ", 53 "expectedResults": "This is the expected results", 54 "obtainedResults": "This is the obtained results", 55 "description": "This is the description of the test. Probably HTML will be needed...", 56 "results": [ 57 { 58 "version": "1.0", 59 "evidences": [ 60 "TOE-11", 61 "ST-11" 62 ], 63 "reasoning": "This is the reasoning of the given verdict.", 64 "verdict": "PASS" 65 }, 66 { 67 "version": "0.1", 68 "evidences": [ 69 "TOE-10", 70 "ST-10" 71 ], 72 "reasoning": "This is the reasoning of the given verdict.", 73 "verdict": "FAIL" 74 } 75 ] 76 }, 77 { 78 "name": "CC_MANUFACTURER_PROJECT-PT-0020", 79 "vulnerability": "CC_MANUFACTURER_PROJECT-VUL-0020", 80 "objective": "This is the objective", 81 "scenario": "Scenario 02", 82 "preconditions": "This is the preconditions", 83 "evaluator": "AGJ", 84 "expectedResults": "This is the expected results", 85 "obtainedResults": "This is the obtained results", 86 "description": "This is the description of the test. Probably HTML will be needed...", 87 "results": [ 88 { 89 "version": "1.0", 90 "evidences": [ 91 "TOE-11", 92 "ST-11" 93 ], 94 "reasoning": "This is the reasoning of the given verdict.", 95 "verdict": "PASS" 96 } 97 ] 98 } 99 ], 100 "acronyms": [ 101 { 102 "acronym": "PP", 103 "meaning": "Protection Profile" 104 }, 105 { 106 "acronym": "CC", 107 "meaning": "Common Criteria" 108 }, 109 { 110 "acronym": "TOE", 111 "meaning": "Target of Evaluation" 112 }, 113 { 114 "acronym": "TSF", 115 "meaning": "TOE Security Functionality" 116 }, 117 { 118 "acronym": "TSFi", 119 "meaning": "TSF interface" 120 }, 121 { 122 "acronym": "OSP", 123 "meaning": "Organisational Security Policies" 124 }, 125 { 126 "acronym": "EAL", 127 "meaning": "Evaluation Assurance Level" 128 }, 129 { 130 "acronym": "ST", 131 "meaning": "Security Target" 132 }, 133 { 134 "acronym": "IT", 135 "meaning": "Information Technology" 136 } 137 ], 138 "documentReferences": [ 139 { 140 "reference": "CC31R5P1", 141 "document": "Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, Part 1: Introduction and general model" 142 }, 143 { 144 "reference": "CC31R5P2", 145 "document": "Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, Part 2: Security functional components" 146 }, 147 { 148 "reference": "CC31R5P3", 149 "document": "Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, Part 3: Security assurance components" 150 }, 151 { 152 "reference": "CEM31R5P3", 153 "document": "Common Criteria Evaluation methodology, Version 3.1, Revision 5" 154 }, 155 { 156 "reference": "PRE-2740-2007", 157 "document": "Reglamento de Evaluación y Certificación de la Seguridad de las Tecnologías de la Información 19/09/2007" 158 }, 159 { 160 "reference": "INT10", 161 "document": "Organismo de Certificación. Centro Criptológico Nacional. Evaluación de la clase ASE en Common Criteria v0.6" 162 }, 163 { 164 "reference": "EVIDENCELIST", 165 "document": "Evidence List last version" 166 }, 167 { 168 "reference": "ORLIST", 169 "document": "Observation Report list last version" 170 }, 171 { 172 "reference": "ASE", 173 "document": "ASE Evaluation partial report last version" 174 }, 175 { 176 "reference": "AGD", 177 "document": "AGD Evaluation partial report last version" 178 }, 179 { 180 "reference": "ADV", 181 "document": "ADV Evaluation partial report last version" 182 }, 183 { 184 "reference": "ALC", 185 "document": "ALC Evaluation partial report last version" 186 }, 187 { 188 "reference": "ATE", 189 "document": "ATE Evaluation partial report last version" 190 }, 191 { 192 "reference": "AVA", 193 "document": "AVA Evaluation partial report last version" 194 }, 195 { 196 "reference": "VA", 197 "document": "Vulnerability Analysis last version" 198 }, 199 { 200 "reference": "PT", 201 "document": "Pentest Plan and Report last version" 202 }, 203 { 204 "reference": "TP", 205 "document": "Independent Test Plan and Report last version" 206 }, 207 { 208 "reference": "TS", 209 "document": "Test Scenarios last version" 210 } 211 ] 212 } 213 } 214 ], 215 "required": [ 216 "pt" 217 ], 218 "properties": { 219 "pt": { 220 "$id": "#/properties/pt", 221 "type": "object", 222 "title": "PT", 223 "description": "Pentest Plan and Report", 224 "default": {}, 225 "examples": [ 226 { 227 "changelog": [ 228 { 229 "version": "1.0", 230 "date": "2021-11-18", 231 "authors": [ 232 "AGJ" 233 ], 234 "reason": "Initial version", 235 "changes": [ 236 "Creation of the document" 237 ] 238 }, 239 { 240 "version": "2.0", 241 "date": "2021-11-19", 242 "authors": [ 243 "AGJ" 244 ], 245 "reason": "New version of ST", 246 "changes": [ 247 "Update" 248 ] 249 } 250 ], 251 "information": { 252 "dossierCode": "2021-001", 253 "authors": [ 254 "AGJ", 255 "DAT" 256 ], 257 "reviewedBy": "JTG", 258 "approvedBy": "JTG", 259 "projectCode": "CC_MANUFACTURER_PROJECT" 260 }, 261 "penetrationTests": [ 262 { 263 "name": "CC_MANUFACTURER_PROJECT-PT-0010", 264 "vulnerability": "CC_MANUFACTURER_PROJECT-VUL-0010", 265 "objective": "This is the objective", 266 "scenario": "Scenario 01", 267 "preconditions": "This is the preconditions", 268 "evaluator": "AGJ", 269 "expectedResults": "This is the expected results", 270 "obtainedResults": "This is the obtained results", 271 "description": "This is the description of the test. Probably HTML will be needed...", 272 "results": [ 273 { 274 "version": "1.0", 275 "evidences": [ 276 "TOE-11", 277 "ST-11" 278 ], 279 "reasoning": "This is the reasoning of the given verdict.", 280 "verdict": "PASS" 281 }, 282 { 283 "version": "0.1", 284 "evidences": [ 285 "TOE-10", 286 "ST-10" 287 ], 288 "reasoning": "This is the reasoning of the given verdict.", 289 "verdict": "FAIL" 290 } 291 ] 292 }, 293 { 294 "name": "CC_MANUFACTURER_PROJECT-PT-0020", 295 "vulnerability": "CC_MANUFACTURER_PROJECT-VUL-0020", 296 "objective": "This is the objective", 297 "scenario": "Scenario 02", 298 "preconditions": "This is the preconditions", 299 "evaluator": "AGJ", 300 "expectedResults": "This is the expected results", 301 "obtainedResults": "This is the obtained results", 302 "description": "This is the description of the test. Probably HTML will be needed...", 303 "results": [ 304 { 305 "version": "1.0", 306 "evidences": [ 307 "TOE-11", 308 "ST-11" 309 ], 310 "reasoning": "This is the reasoning of the given verdict.", 311 "verdict": "PASS" 312 } 313 ] 314 } 315 ], 316 "acronyms": [ 317 { 318 "acronym": "PP", 319 "meaning": "Protection Profile" 320 }, 321 { 322 "acronym": "CC", 323 "meaning": "Common Criteria" 324 }, 325 { 326 "acronym": "TOE", 327 "meaning": "Target of Evaluation" 328 }, 329 { 330 "acronym": "TSF", 331 "meaning": "TOE Security Functionality" 332 }, 333 { 334 "acronym": "TSFi", 335 "meaning": "TSF interface" 336 }, 337 { 338 "acronym": "OSP", 339 "meaning": "Organisational Security Policies" 340 }, 341 { 342 "acronym": "EAL", 343 "meaning": "Evaluation Assurance Level" 344 }, 345 { 346 "acronym": "ST", 347 "meaning": "Security Target" 348 }, 349 { 350 "acronym": "IT", 351 "meaning": "Information Technology" 352 } 353 ], 354 "documentReferences": [ 355 { 356 "reference": "CC31R5P1", 357 "document": "Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, Part 1: Introduction and general model" 358 }, 359 { 360 "reference": "CC31R5P2", 361 "document": "Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, Part 2: Security functional components" 362 }, 363 { 364 "reference": "CC31R5P3", 365 "document": "Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, Part 3: Security assurance components" 366 }, 367 { 368 "reference": "CEM31R5P3", 369 "document": "Common Criteria Evaluation methodology, Version 3.1, Revision 5" 370 }, 371 { 372 "reference": "PRE-2740-2007", 373 "document": "Reglamento de Evaluación y Certificación de la Seguridad de las Tecnologías de la Información 19/09/2007" 374 }, 375 { 376 "reference": "INT10", 377 "document": "Organismo de Certificación. Centro Criptológico Nacional. Evaluación de la clase ASE en Common Criteria v0.6" 378 }, 379 { 380 "reference": "EVIDENCELIST", 381 "document": "Evidence List last version" 382 }, 383 { 384 "reference": "ORLIST", 385 "document": "Observation Report list last version" 386 }, 387 { 388 "reference": "ASE", 389 "document": "ASE Evaluation partial report last version" 390 }, 391 { 392 "reference": "AGD", 393 "document": "AGD Evaluation partial report last version" 394 }, 395 { 396 "reference": "ADV", 397 "document": "ADV Evaluation partial report last version" 398 }, 399 { 400 "reference": "ALC", 401 "document": "ALC Evaluation partial report last version" 402 }, 403 { 404 "reference": "ATE", 405 "document": "ATE Evaluation partial report last version" 406 }, 407 { 408 "reference": "AVA", 409 "document": "AVA Evaluation partial report last version" 410 }, 411 { 412 "reference": "VA", 413 "document": "Vulnerability Analysis last version" 414 }, 415 { 416 "reference": "PT", 417 "document": "Pentest Plan and Report last version" 418 }, 419 { 420 "reference": "TP", 421 "document": "Independent Test Plan and Report last version" 422 }, 423 { 424 "reference": "TS", 425 "document": "Test Scenarios last version" 426 } 427 ] 428 } 429 ], 430 "required": [ 431 "changelog", 432 "information", 433 "penetrationTests", 434 "acronyms", 435 "documentReferences" 436 ], 437 "properties": { 438 "changelog": { 439 "$id": "#/properties/pt/properties/changelog", 440 "type": "array", 441 "title": "Changelog", 442 "description": "Information is not immutable. It is common that during the course of an evaluation some details may change (e.g. TOE version). It is important to track every change so CBs understand the context of the assessment.", 443 "default": [], 444 "examples": [ 445 [ 446 { 447 "version": "1.0", 448 "date": "2021-11-18", 449 "authors": [ 450 "AGJ" 451 ], 452 "reason": "Initial version", 453 "changes": [ 454 "Creation of the document" 455 ] 456 }, 457 { 458 "version": "2.0", 459 "date": "2021-11-19", 460 "authors": [ 461 "AGJ" 462 ], 463 "reason": "New version of ST", 464 "changes": [ 465 "Update" 466 ] 467 } 468 ] 469 ], 470 "additionalItems": true, 471 "items": { 472 "$id": "#/properties/pt/properties/changelog/items", 473 "type": "object", 474 "default": {}, 475 "examples": [ 476 [ 477 { 478 "version": "1.0", 479 "date": "2021-11-18", 480 "authors": [ 481 "AGJ" 482 ], 483 "reason": "Initial version", 484 "changes": [ 485 "Creation of the document" 486 ] 487 }, 488 { 489 "version": "2.0", 490 "date": "2021-11-19", 491 "authors": [ 492 "AGJ" 493 ], 494 "reason": "New version of ST", 495 "changes": [ 496 "Update" 497 ] 498 } 499 ] 500 ], 501 "required": [ 502 "version", 503 "date", 504 "authors", 505 "reason", 506 "changes" 507 ], 508 "properties": { 509 "version": { 510 "$id": "#/properties/pt/properties/changelog/items/properties/version", 511 "type": "string", 512 "title": "Version", 513 "description": "Version of the document in 1.0 format.", 514 "pattern": "^\\d\\.\\d$", 515 "default": "", 516 "examples": [ 517 "1.0" 518 ] 519 }, 520 "date": { 521 "$id": "#/properties/pt/properties/changelog/items/properties/date", 522 "type": "string", 523 "title": "Date", 524 "description": "Issue date of the version.", 525 "format": "date", 526 "default": "", 527 "examples": [ 528 "2021-11-18" 529 ] 530 }, 531 "authors": { 532 "$id": "#/properties/pt/properties/changelog/items/properties/authors", 533 "type": "array", 534 "title": "Authors", 535 "description": "Who made the changes.", 536 "default": [], 537 "examples": [ 538 [ 539 "AGJ" 540 ] 541 ], 542 "additionalItems": true, 543 "items": { 544 "$id": "#/properties/pt/properties/changelog/items/properties/authors/items", 545 "type": "string", 546 "default": "", 547 "examples": [ 548 [ 549 "AGJ" 550 ] 551 ] 552 } 553 }, 554 "reason": { 555 "$id": "#/properties/pt/properties/changelog/items/properties/reason", 556 "type": "string", 557 "title": "Reason", 558 "description": "Why these changes were necessary.", 559 "default": "", 560 "examples": [ 561 "Initial version" 562 ] 563 }, 564 "changes": { 565 "$id": "#/properties/pt/properties/changelog/items/properties/changes", 566 "type": "array", 567 "title": "Changes", 568 "description": "Changes that have been applied to the document.", 569 "default": [], 570 "examples": [ 571 [ 572 "Creation of the document" 573 ] 574 ], 575 "additionalItems": true, 576 "items": { 577 "$id": "#/properties/pt/properties/changelog/items/properties/changes/items", 578 "type": "string", 579 "default": "", 580 "examples": [ 581 [ 582 "Creation of the document" 583 ] 584 ] 585 } 586 } 587 }, 588 "additionalProperties": true 589 } 590 }, 591 "information": { 592 "$id": "#/properties/pt/properties/information", 593 "type": "object", 594 "title": "The information schema", 595 "description": "An explanation about the purpose of this instance.", 596 "default": {}, 597 "examples": [ 598 { 599 "dossierCode": "2021-001", 600 "authors": [ 601 "AGJ", 602 "DAT" 603 ], 604 "reviewedBy": "JTG", 605 "approvedBy": "JTG", 606 "projectCode": "CC_MANUFACTURER_PROJECT" 607 } 608 ], 609 "required": [ 610 "dossierCode", 611 "authors", 612 "reviewedBy", 613 "approvedBy", 614 "projectCode" 615 ], 616 "properties": { 617 "dossierCode": { 618 "$id": "#/properties/pt/properties/information/properties/dossierCode", 619 "type": "string", 620 "title": "Dossier code", 621 "description": "Reference to the evaluation dossier.", 622 "default": "", 623 "examples": [ 624 "2021-001" 625 ] 626 }, 627 "authors": { 628 "$id": "#/properties/pt/properties/information/properties/authors", 629 "type": "array", 630 "title": "Authors", 631 "description": "Indicate who were the evaluators who authored the document. It can be one or several.", 632 "default": [], 633 "examples": [ 634 [ 635 "AGJ", 636 "DAT" 637 ] 638 ], 639 "additionalItems": true, 640 "items": { 641 "$id": "#/properties/pt/properties/information/properties/authors/items", 642 "type": "string", 643 "title": "The items schema", 644 "description": "An explanation about the purpose of this instance.", 645 "default": "", 646 "examples": [ 647 [ 648 "AGJ", 649 "DAT" 650 ] 651 ] 652 } 653 }, 654 "reviewedBy": { 655 "$id": "#/properties/pt/properties/information/properties/reviewedBy", 656 "type": "string", 657 "title": "Reviewed by", 658 "description": "Indicates who has reviewed the document.", 659 "default": "", 660 "examples": [ 661 "JTG" 662 ] 663 }, 664 "approvedBy": { 665 "$id": "#/properties/pt/properties/information/properties/approvedBy", 666 "type": "string", 667 "title": "Approved by", 668 "description": "Indicates who has approved the document.", 669 "default": "", 670 "examples": [ 671 "JTG" 672 ] 673 }, 674 "projectCode": { 675 "$id": "#/properties/pt/properties/information/properties/projectCode", 676 "type": "string", 677 "title": "Project code", 678 "description": "It allows ITSEF to identify the project without using the same identifier as the CB.", 679 "default": "", 680 "examples": [ 681 "CC_MANUFACTURER_PROJECT" 682 ] 683 } 684 }, 685 "additionalProperties": true 686 }, 687 "penetrationTests": { 688 "$id": "#/properties/pt/properties/penetrationTests", 689 "type": "array", 690 "title": "Penetration tests", 691 "description": "It is necessary to document in detail how the penetration tests have been carried out. It must include the vulnerability to be exploited, the scenario where it has been performed, expected and obtained results, which tester has done it...", 692 "default": [], 693 "examples": [ 694 [ 695 { 696 "name": "CC_MANUFACTURER_PROJECT-PT-0010", 697 "vulnerability": "CC_MANUFACTURER_PROJECT-VUL-0010", 698 "objective": "This is the objective", 699 "scenario": "Scenario 01", 700 "preconditions": "This is the preconditions", 701 "evaluator": "AGJ", 702 "expectedResults": "This is the expected results", 703 "obtainedResults": "This is the obtained results", 704 "description": "This is the description of the test. Probably HTML will be needed...", 705 "results": [ 706 { 707 "version": "1.0", 708 "evidences": [ 709 "TOE-11", 710 "ST-11" 711 ], 712 "reasoning": "This is the reasoning of the given verdict.", 713 "verdict": "PASS" 714 }, 715 { 716 "version": "0.1", 717 "evidences": [ 718 "TOE-10", 719 "ST-10" 720 ], 721 "reasoning": "This is the reasoning of the given verdict.", 722 "verdict": "FAIL" 723 } 724 ] 725 }, 726 { 727 "name": "CC_MANUFACTURER_PROJECT-PT-0020", 728 "vulnerability": "CC_MANUFACTURER_PROJECT-VUL-0020", 729 "objective": "This is the objective", 730 "scenario": "Scenario 02", 731 "preconditions": "This is the preconditions", 732 "evaluator": "AGJ", 733 "expectedResults": "This is the expected results", 734 "obtainedResults": "This is the obtained results", 735 "description": "This is the description of the test. Probably HTML will be needed...", 736 "results": [ 737 { 738 "version": "1.0", 739 "evidences": [ 740 "TOE-11", 741 "ST-11" 742 ], 743 "reasoning": "This is the reasoning of the given verdict.", 744 "verdict": "PASS" 745 } 746 ] 747 } 748 ] 749 ], 750 "additionalItems": true, 751 "items": { 752 "$id": "#/properties/pt/properties/penetrationTests/items", 753 "type": "object", 754 "title": "The items schema", 755 "description": "An explanation about the purpose of this instance.", 756 "default": {}, 757 "examples": [ 758 [ 759 { 760 "name": "CC_MANUFACTURER_PROJECT-PT-0010", 761 "vulnerability": "CC_MANUFACTURER_PROJECT-VUL-0010", 762 "objective": "This is the objective", 763 "scenario": "Scenario 01", 764 "preconditions": "This is the preconditions", 765 "evaluator": "AGJ", 766 "expectedResults": "This is the expected results", 767 "obtainedResults": "This is the obtained results", 768 "description": "This is the description of the test. Probably HTML will be needed...", 769 "results": [ 770 { 771 "version": "1.0", 772 "evidences": [ 773 "TOE-11", 774 "ST-11" 775 ], 776 "reasoning": "This is the reasoning of the given verdict.", 777 "verdict": "PASS" 778 }, 779 { 780 "version": "0.1", 781 "evidences": [ 782 "TOE-10", 783 "ST-10" 784 ], 785 "reasoning": "This is the reasoning of the given verdict.", 786 "verdict": "FAIL" 787 } 788 ] 789 }, 790 { 791 "name": "CC_MANUFACTURER_PROJECT-PT-0020", 792 "vulnerability": "CC_MANUFACTURER_PROJECT-VUL-0020", 793 "objective": "This is the objective", 794 "scenario": "Scenario 02", 795 "preconditions": "This is the preconditions", 796 "evaluator": "AGJ", 797 "expectedResults": "This is the expected results", 798 "obtainedResults": "This is the obtained results", 799 "description": "This is the description of the test. Probably HTML will be needed...", 800 "results": [ 801 { 802 "version": "1.0", 803 "evidences": [ 804 "TOE-11", 805 "ST-11" 806 ], 807 "reasoning": "This is the reasoning of the given verdict.", 808 "verdict": "PASS" 809 } 810 ] 811 } 812 ] 813 ], 814 "required": [ 815 "name", 816 "vulnerability", 817 "objective", 818 "scenario", 819 "preconditions", 820 "evaluator", 821 "expectedResults", 822 "obtainedResults", 823 "description", 824 "results" 825 ], 826 "properties": { 827 "name": { 828 "$id": "#/properties/pt/properties/penetrationTests/items/properties/name", 829 "type": "string", 830 "title": "Name", 831 "description": "Identifier of the penetration test.", 832 "default": "", 833 "examples": [ 834 "CC_MANUFACTURER_PROJECT-PT-0010" 835 ] 836 }, 837 "vulnerability": { 838 "$id": "#/properties/pt/properties/penetrationTests/items/properties/vulnerability", 839 "type": "string", 840 "title": "Vulnerability", 841 "description": "Identifier of the related vulnerability.", 842 "default": "", 843 "examples": [ 844 "CC_MANUFACTURER_PROJECT-VUL-0010" 845 ] 846 }, 847 "objective": { 848 "$id": "#/properties/pt/properties/penetrationTests/items/properties/objective", 849 "type": "string", 850 "title": "Objective", 851 "description": "Objective of the test.", 852 "default": "", 853 "examples": [ 854 "This is the objective" 855 ] 856 }, 857 "scenario": { 858 "$id": "#/properties/pt/properties/penetrationTests/items/properties/scenario", 859 "type": "string", 860 "title": "Scenario", 861 "description": "Identifier of the scenario where the test has been performed.", 862 "default": "", 863 "examples": [ 864 "Scenario 01" 865 ] 866 }, 867 "preconditions": { 868 "$id": "#/properties/pt/properties/penetrationTests/items/properties/preconditions", 869 "type": "string", 870 "title": "Preconditions", 871 "description": "Conditions to meet before the test.", 872 "default": "", 873 "examples": [ 874 "This is the preconditions" 875 ] 876 }, 877 "evaluator": { 878 "$id": "#/properties/pt/properties/penetrationTests/items/properties/evaluator", 879 "type": "string", 880 "title": "Evaluator", 881 "description": "Who has performed the test.", 882 "default": "", 883 "examples": [ 884 "AGJ" 885 ] 886 }, 887 "expectedResults": { 888 "$id": "#/properties/pt/properties/penetrationTests/items/properties/expectedResults", 889 "type": "string", 890 "title": "Expected results", 891 "description": "Before performing the test, what results is the expected one.", 892 "default": "", 893 "examples": [ 894 "This is the expected results" 895 ] 896 }, 897 "obtainedResults": { 898 "$id": "#/properties/pt/properties/penetrationTests/items/properties/obtainedResults", 899 "type": "string", 900 "title": "Obtained results", 901 "description": "After performing the test, what is the real result.", 902 "default": "", 903 "examples": [ 904 "This is the obtained results" 905 ] 906 }, 907 "description": { 908 "$id": "#/properties/pt/properties/penetrationTests/items/properties/description", 909 "type": "string", 910 "title": "Description", 911 "description": "Steps to perform the test.", 912 "default": "", 913 "examples": [ 914 "This is the description of the test. Probably HTML will be needed..." 915 ] 916 }, 917 "results": { 918 "$id": "#/properties/pt/properties/penetrationTests/items/properties/results", 919 "type": "array", 920 "title": "Results", 921 "description": "History of the verdict of the test.", 922 "default": [], 923 "examples": [ 924 [ 925 { 926 "version": "1.0", 927 "evidences": [ 928 "TOE-11", 929 "ST-11" 930 ], 931 "reasoning": "This is the reasoning of the given verdict.", 932 "verdict": "PASS" 933 }, 934 { 935 "version": "0.1", 936 "evidences": [ 937 "TOE-10", 938 "ST-10" 939 ], 940 "reasoning": "This is the reasoning of the given verdict.", 941 "verdict": "FAIL" 942 } 943 ] 944 ], 945 "additionalItems": true, 946 "items": { 947 "$id": "#/properties/pt/properties/penetrationTests/items/properties/results/items", 948 "type": "object", 949 "default": {}, 950 "examples": [ 951 [ 952 { 953 "version": "1.0", 954 "evidences": [ 955 "TOE-11", 956 "ST-11" 957 ], 958 "reasoning": "This is the reasoning of the given verdict.", 959 "verdict": "PASS" 960 }, 961 { 962 "version": "0.1", 963 "evidences": [ 964 "TOE-10", 965 "ST-10" 966 ], 967 "reasoning": "This is the reasoning of the given verdict.", 968 "verdict": "FAIL" 969 } 970 ] 971 ], 972 "required": [ 973 "version", 974 "evidences", 975 "reasoning", 976 "verdict" 977 ], 978 "properties": { 979 "version": { 980 "$id": "#/properties/pt/properties/penetrationTests/items/properties/results/items/properties/version", 981 "type": "string", 982 "title": "Version", 983 "description": "Version of the test.", 984 "pattern": "^\\d\\.\\d$", 985 "default": "", 986 "examples": [ 987 "1.0" 988 ] 989 }, 990 "evidences": { 991 "$id": "#/properties/pt/properties/penetrationTests/items/properties/results/items/properties/evidences", 992 "type": "array", 993 "title": "Evidences", 994 "description": "Evidences under evaluation.", 995 "default": [], 996 "examples": [ 997 [ 998 "TOE-11", 999 "ST-11" 1000 ] 1001 ], 1002 "additionalItems": true, 1003 "items": { 1004 "$id": "#/properties/pt/properties/penetrationTests/items/properties/results/items/properties/evidences/items", 1005 "type": "string", 1006 "default": "", 1007 "examples": [ 1008 [ 1009 "TOE-11", 1010 "ST-11" 1011 ] 1012 ] 1013 } 1014 }, 1015 "reasoning": { 1016 "$id": "#/properties/pt/properties/penetrationTests/items/properties/results/items/properties/reasoning", 1017 "type": "string", 1018 "title": "Reasoning", 1019 "description": "This is the reasoning of the given verdict.", 1020 "default": "", 1021 "examples": [ 1022 "This is the reasoning of the given verdict." 1023 ] 1024 }, 1025 "verdict": { 1026 "$id": "#/properties/pt/properties/penetrationTests/items/properties/results/items/properties/verdict", 1027 "type": "string", 1028 "title": "Verdict", 1029 "description": "Indicates if the test has passed or failed.", 1030 "enum": [ 1031 "PASS", 1032 "FAIL" 1033 ], 1034 "default": "", 1035 "examples": [ 1036 "PASS" 1037 ] 1038 } 1039 }, 1040 "additionalProperties": true 1041 } 1042 } 1043 }, 1044 "additionalProperties": true 1045 } 1046 }, 1047 "acronyms": { 1048 "$id": "#/properties/pt/properties/acronyms", 1049 "type": "array", 1050 "title": "Acronyms", 1051 "description": "In many cases, it is necessary to refer to different concepts or technologies by their acronyms. To avoid possible confusion and to make life easier for those readers who do not know the meaning of an abbreviation, it is necessary to include a field to indicate its meaning.", 1052 "default": [], 1053 "examples": [ 1054 [ 1055 { 1056 "acronym": "PP", 1057 "meaning": "Protection Profile" 1058 }, 1059 { 1060 "acronym": "CC", 1061 "meaning": "Common Criteria" 1062 } 1063 ] 1064 ], 1065 "additionalItems": true, 1066 "items": { 1067 "$id": "#/properties/pt/properties/acronyms/items", 1068 "type": "object", 1069 "default": {}, 1070 "examples": [ 1071 [ 1072 { 1073 "acronym": "PP", 1074 "meaning": "Protection Profile" 1075 }, 1076 { 1077 "acronym": "CC", 1078 "meaning": "Common Criteria" 1079 }, 1080 { 1081 "acronym": "TOE", 1082 "meaning": "Target of Evaluation" 1083 }, 1084 { 1085 "acronym": "TSF", 1086 "meaning": "TOE Security Functionality" 1087 }, 1088 { 1089 "acronym": "TSFi", 1090 "meaning": "TSF interface" 1091 }, 1092 { 1093 "acronym": "OSP", 1094 "meaning": "Organisational Security Policies" 1095 }, 1096 { 1097 "acronym": "EAL", 1098 "meaning": "Evaluation Assurance Level" 1099 }, 1100 { 1101 "acronym": "ST", 1102 "meaning": "Security Target" 1103 }, 1104 { 1105 "acronym": "IT", 1106 "meaning": "Information Technology" 1107 } 1108 ] 1109 ], 1110 "required": [ 1111 "acronym", 1112 "meaning" 1113 ], 1114 "properties": { 1115 "acronym": { 1116 "$id": "#/properties/pt/properties/acronyms/items/properties/acronym", 1117 "type": "string", 1118 "title": "Acronym", 1119 "description": "Abbreviation.", 1120 "default": "", 1121 "examples": [ 1122 "PP" 1123 ] 1124 }, 1125 "meaning": { 1126 "$id": "#/properties/pt/properties/acronyms/items/properties/meaning", 1127 "type": "string", 1128 "title": "Meaning", 1129 "description": "Meaning of the acronym.", 1130 "default": "", 1131 "examples": [ 1132 "Protection Profile" 1133 ] 1134 } 1135 }, 1136 "additionalProperties": true 1137 } 1138 }, 1139 "documentReferences": { 1140 "$id": "#/properties/pt/properties/documentReferences", 1141 "type": "array", 1142 "title": "Document references", 1143 "description": "On many occasions, during the drafting of a document, reference is made to other documents. For this reason, a field is needed to collect the documents cited. The aim is to be able to reference them throughout the document with the same name to avoid inconsistencies, while the name and version are declared in this section.", 1144 "default": [], 1145 "examples": [ 1146 [ 1147 { 1148 "reference": "CC31R5P1", 1149 "document": "Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, Part 1: Introduction and general model" 1150 }, 1151 { 1152 "reference": "CC31R5P2", 1153 "document": "Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, Part 2: Security functional components" 1154 } 1155 ] 1156 ], 1157 "additionalItems": true, 1158 "items": { 1159 "$id": "#/properties/pt/properties/documentReferences/items", 1160 "type": "object", 1161 "default": {}, 1162 "examples": [ 1163 [ 1164 { 1165 "reference": "CC31R5P1", 1166 "document": "Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, Part 1: Introduction and general model" 1167 }, 1168 { 1169 "reference": "CC31R5P2", 1170 "document": "Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, Part 2: Security functional components" 1171 }, 1172 { 1173 "reference": "CC31R5P3", 1174 "document": "Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, Part 3: Security assurance components" 1175 }, 1176 { 1177 "reference": "CEM31R5P3", 1178 "document": "Common Criteria Evaluation methodology, Version 3.1, Revision 5" 1179 }, 1180 { 1181 "reference": "PRE-2740-2007", 1182 "document": "Reglamento de Evaluación y Certificación de la Seguridad de las Tecnologías de la Información 19/09/2007" 1183 }, 1184 { 1185 "reference": "INT10", 1186 "document": "Organismo de Certificación. Centro Criptológico Nacional. Evaluación de la clase ASE en Common Criteria v0.6" 1187 }, 1188 { 1189 "reference": "EVIDENCELIST", 1190 "document": "Evidence List last version" 1191 }, 1192 { 1193 "reference": "ORLIST", 1194 "document": "Observation Report list last version" 1195 }, 1196 { 1197 "reference": "ASE", 1198 "document": "ASE Evaluation partial report last version" 1199 }, 1200 { 1201 "reference": "AGD", 1202 "document": "AGD Evaluation partial report last version" 1203 }, 1204 { 1205 "reference": "ADV", 1206 "document": "ADV Evaluation partial report last version" 1207 }, 1208 { 1209 "reference": "ALC", 1210 "document": "ALC Evaluation partial report last version" 1211 }, 1212 { 1213 "reference": "ATE", 1214 "document": "ATE Evaluation partial report last version" 1215 }, 1216 { 1217 "reference": "AVA", 1218 "document": "AVA Evaluation partial report last version" 1219 }, 1220 { 1221 "reference": "VA", 1222 "document": "Vulnerability Analysis last version" 1223 }, 1224 { 1225 "reference": "PT", 1226 "document": "Pentest Plan and Report last version" 1227 }, 1228 { 1229 "reference": "TP", 1230 "document": "Independent Test Plan and Report last version" 1231 }, 1232 { 1233 "reference": "TS", 1234 "document": "Test Scenarios last version" 1235 } 1236 ] 1237 ], 1238 "required": [ 1239 "reference", 1240 "document" 1241 ], 1242 "properties": { 1243 "reference": { 1244 "$id": "#/properties/pt/properties/documentReferences/items/properties/reference", 1245 "type": "string", 1246 "title": "Reference", 1247 "description": "Used document reference.", 1248 "default": "", 1249 "examples": [ 1250 "CC31R5P1" 1251 ] 1252 }, 1253 "document": { 1254 "$id": "#/properties/pt/properties/documentReferences/items/properties/document", 1255 "type": "string", 1256 "title": "Document", 1257 "description": "Title and version of the referenced document.", 1258 "default": "", 1259 "examples": [ 1260 "Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, Part 1: Introduction and general model" 1261 ] 1262 } 1263 }, 1264 "additionalProperties": true 1265 } 1266 } 1267 }, 1268 "additionalProperties": true 1269 } 1270 }, 1271 "additionalProperties": true 1272 }