diff --git a/data/spec/misconfig.md b/data/spec/misconfig.md
index 0d08c6e..639a0b7 100644
--- a/data/spec/misconfig.md
+++ b/data/spec/misconfig.md
@@ -1,3 +1,36 @@
 # Data spec for misconfig
 
-TBD
\ No newline at end of file
+## Mime type
+
+application/vnd.security.misconfig.report; version=1.0
+
+## Report data model
+
+-> described by json schema
+
+```
+{
+  "title": "misconfig report",
+  "type": "object",
+  "properties": {
+    "config_name": {
+      "description": "The config name which being analysed",
+      "type": "string"
+    },
+    "value": {
+      "description": "The config's value",
+      "type": "string"
+    },
+    "risk_level": {
+      "type": "integer",
+      "minimum": 0,
+      "maximum": 3,
+      "description": "The risk level of config value. 0 means safe, 1 means low risk level, 2 means middle risk level, 3 means high risk level"
+    },
+    "suggestion": {
+      "description": "Describe why config's value has riks and provide config suggestion",
+      "type": "string"
+    }
+  }
+}
+```
\ No newline at end of file