{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "JSON Schema for cyberseucrity informed Enterprise Risk Management", "id": "https://csrc.nist.rip/1.1/erm_cybersecurity_risk_register_json.schema", "definitions": { "def_cybersecurity_risk_item": { "description": "Defines a cybersecurity risk.", "type": "object", "properties": { "riskId": {"type": "string"}, "priority": {"type": "string"}, "riskDescription": {"type": "string"}, "riskCategory": {"type": "string"}, "riskImpact": {"type": "string"}, "riskLikelihood": {"type": "string"}, "riskExposureRating": {"type": "string"}, "riskResponseType": {"type": "string", "enum":["Accept","Mitigate","Transfer","Avoid","Realize","Share","Enhance"]}, "riskResponseCost": {"type":"number"}, "riskResponseDescription": {"type": "string"}, "riskOwner": {"type": "string"}, "riskStatus": {"type": "string"}, "riskManager": {"type": "string"}, "riskLastUpdate": {"type":"date-time"}, "riskScenarioDescription": {"type":"string", "enum": ["Actor","Threat Type","Event","Asset","Timing"]}, "riskCauses": {"type":"string"}, "riskIndicators": {"type":"string"}, "riskAffectedStakeholders": {"type":"string"}, "riskRelatedProjects": {"type":"string"}, "required": [ "riskId", "priority", "riskDescription", "riskCategory", "riskImpact", "riskLikelihood", "riskExposureRating", "riskResponseType", "riskResponseDescription", "riskOwner", "riskStatus" ] } }, "type": "object", "cybersecurityRiskRegister": { "name": {"type": "string"}, "version": {"type": "string"}, "description": {"type": "string"}, "author": {"type": "string"}, "date": {"type": "date-time"}, "comments": {"type": "string"}, "contact": {"type": "string"}, "riskToleranceLevel": {"type":"string"}, "cybersecurityRisks": { "description": "Array of cybersecurity risks", "type": "array", "items": {"$ref": "#/definitions/def_cybersecurity_risk_item"} }, "required": ["cybersecurityRisks"] } }