{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "#Assessment", "description": "An object to represent an assessment, including both compliance assessment such as a HIPAA Risk Assessment or a technical assessment such as a Penetration Testing. Each assessment should have findings (e.g. Vulnerability or Risk) associated.", "type": "object", "allOf": [ { "$ref": "#Entity" }, { "properties": { "category": { "description": "The category of the Assessment.", "type": "string", "examples": [ "Risk Assessment", "Readiness Assessment", "Gap Assessment", "Validation Assessment", "Compliance Assessment", "Self Assessment", "Certification", "Audit", "Technical Review", "Operational Review", "Penetration Testing", "Vulnerability Scan", "Other" ] }, "summary": { "description": "The summary description of the Assessment.", "type": "string" }, "internal": { "description": "Indicates if this is an internal or external assessment/audit. Defaults to true.", "type": "boolean", "default": true }, "startedOn": { "description": "The timestamp (in milliseconds since epoch) when the Assessment was started.", "type": "number", "format": "date-time" }, "completedOn": { "description": "The timestamp (in milliseconds since epoch) when the Assessment was completed.", "type": "number", "format": "date-time" }, "reportURL": { "description": "Link to the assessment report, if available.", "type": "string", "format": "uri" }, "assessor": { "description": "Email or name or ID of the assessor", "type": "string" }, "assessors": { "description": "List of email or name or ID of the assessors", "type": "array", "items": { "type": "string" } } }, "required": ["category", "summary", "internal"] } ] }