{
    "$schema": "http://json-schema.org/draft-07/schema#",
    "$id": "#ControlPolicy",
    "description": "An technical or operational policy with rules that govern (or enforce, evaluate, monitor) a security control.",
    "type": "object",
    "allOf": [
        {
            "$ref": "#Entity"
        },
        {
            "properties": {
                "category": {
                    "description": "The category of policy.",
                    "type": "string",
                    "enum": ["compliance", "config", "password", "other"]
                },
                "rules": {
                    "description": "Rules of policy.",
                    "type": "array",
                    "items": {
                        "type": "string"
                    }
                },
                "content": {
                    "description": "Contents of the raw rules, if applicable.",
                    "type": "string"
                }
            },
            "required": []
        }
    ]
}