+{% endblock %}
diff --git a/docs/swordfish/use-cases/poam.md b/docs/swordfish/use-cases/poam.md
new file mode 100644
index 0000000..71e0f3f
--- /dev/null
+++ b/docs/swordfish/use-cases/poam.md
@@ -0,0 +1 @@
+# POA&Ms
diff --git a/docs/swordfish/user-guide/getting-started.md b/docs/swordfish/user-guide/getting-started.md
new file mode 100644
index 0000000..d842a27
--- /dev/null
+++ b/docs/swordfish/user-guide/getting-started.md
@@ -0,0 +1,80 @@
+# Getting Started
+
+This guide walks you through running swordfish locally. You will need an eMASS API key, and credentials for a supported LLM provider.
+
+## Prerequisites
+
+- Docker and Docker Compose
+- An eMASS API key and base URL
+- An API key for your LLM provider (OpenAI, Anthropic, etc.)
+
+## Installation
+
+Clone the repository:
+
+```
+git clone https://github.com/deathlabs/swordfish
+cd swordfish
+```
+
+Copy the example environment file and fill in your credentials:
+
+```
+cp .env.example .env
+```
+
+## Configuration
+
+Open `.env` and set the following values:
+
+```
+# LLM provider
+LLM_PROVIDER=anthropic
+LLM_API_KEY=your-api-key-here
+LLM_MODEL=claude-sonnet-4-6
+
+# eMASS
+EMASS_BASE_URL=https://your-emass-instance/api
+EMASS_API_KEY=your-emass-api-key
+EMASS_USER_UID=your-user-uid
+```
+
+`LLM_PROVIDER` controls which external LLM the backend connects to. Supported values are `anthropic` and `openai`.
+
+## Running
+
+Start all three containers with:
+
+```
+docker compose up
+```
+
+The frontend will be available at `http://localhost:3000`. The backend runs on port `8000` and the MCP server on port `8001` — both are internal to the compose network and not exposed directly in production.
+
+## Verify the setup
+
+Once the containers are up, open the frontend and try a simple query:
+
+```
+show me all open POA&Ms
+```
+
+If swordfish returns results, your eMASS connection is working. If you see a tool call error, double-check your `EMASS_BASE_URL` and `EMASS_API_KEY` values in `.env`.
+
+## Stopping
+
+```
+docker compose down
+```
+
+To also remove volumes:
+
+```
+docker compose down -v
+```
+
+## Next steps
+
+- Read the [Architecture](architecture.md) doc to understand how the containers interact
+- See the [Configuration](configuration.md) reference for all available environment variables
+- Check [Contributing](contributing.md) if you want to add a new eMASS tool
diff --git a/emass/Dockerfile b/emass/Dockerfile
index bbd0976..4fe6aa1 100644
--- a/emass/Dockerfile
+++ b/emass/Dockerfile
@@ -1,11 +1,13 @@
-FROM alpine:3.22 AS stage_1
+FROM alpine:3.23
LABEL image.authors="Vic Fernandez III <@cyberphor>"
WORKDIR /home/swordfish/
-RUN apk add --no-cache --update curl nodejs npm &&\
+COPY eMASSRestOpenApi.yaml eMASSRestOpenApi.yaml
+COPY entrypoint.sh entrypoint.sh
+RUN apk add --no-cache --update nodejs npm &&\
npm install -g @stoplight/prism-cli &&\
- curl -o eMASSRestOpenApi.yaml https://raw.githubusercontent.com/mitre/emass_client/refs/heads/main/docs/eMASSRestOpenApi.yaml &&\
- apk del curl &&\
adduser -D swordfish -h /home/swordfish &&\
- chown -R swordfish:swordfish /home/swordfish
+ chown -R swordfish:swordfish /home/swordfish &&\
+ chmod +x entrypoint.sh
USER swordfish
-CMD [ "prism", "mock", "eMASSRestOpenApi.yaml", "--host", "0.0.0.0", "--port", "4010" ]
+EXPOSE 4010
+ENTRYPOINT [ "./entrypoint.sh" ]
diff --git a/emass/eMASSRestOpenApi.yaml b/emass/eMASSRestOpenApi.yaml
new file mode 100644
index 0000000..be95bb6
--- /dev/null
+++ b/emass/eMASSRestOpenApi.yaml
@@ -0,0 +1,10137 @@
+# eMass Rest Open API specification
+
+openapi: 3.0.3
+#-------------------------------------------------------------------------------
+# I N F O - API metadata
+#-------------------------------------------------------------------------------
+info:
+ title: Enterprise Mission Assurance Support Service (eMASS)
+ description: |
+ The eMASS Representational State Transfer (REST) Application Programming
+ Interface (API) enables users to perform assessments and complete actions
+ associated with system records.
+
+ The eMASS API provides an interface for application to communicate eMASS Services.
+ For information on how to register and use the eMASS API reference the
+ [eMASS API Getting Started](eMASSGettingStarted.md).
+
+ Additional information about eMASS can be obtain by contacting the
+ National Industrial Security Program (NISP). Points of Contact are:
+ contact:
+ name: NISP eMASS Support
+ url: https://www.dcsa.mil/is/emass/
+ email: disa.global.servicedesk.mbx.ma-ticket-request@mail.mil
+ license:
+ name: "Apache 2.0"
+ url: "https://www.apache.org/licenses/LICENSE-2.0.html"
+ version: v3.22
+
+externalDocs:
+ description: NISP eMASS User Account Request Guide
+ url: https://www.dcsa.mil/Portals/128/Documents/CTP/tools/NISP%20eMASS%20User%20Account%20Request%20Guide%20Rev%202.pdf?ver=pnwBgtELyXH7QADg6mHiWQ%3d%3d
+#-------------------------------------------------------------------------------
+# S E R V E R S - Array of Server Objects which provide connectivity information
+# to target servers.
+#-------------------------------------------------------------------------------
+servers:
+ - url: http://localhost:4010
+ description: 'Use a localhost mock server (i.g.: Prism CLI - @stoplight/prism-cli)'
+ - url: https://stoplight.io/mocks/mitre/emasser/32836028
+ description: Use the hosted Prism mock server
+
+#-------------------------------------------------------------------------------
+# T A G S - A list of tags used by the specification with additional metadata.
+#-------------------------------------------------------------------------------
+tags:
+ - name: Test
+ description: |
+ The Test Connection endpoint provides the ability to verify connection to the web service.
+ - name: Registration
+ description: |
+ The Registration endpoint provides the ability to register a certificate & obtain an API-key.
+
+ **Note:**
+ - The API-key must be provided in the request header for all endpoint calls.
+ - Example header: api-key: f0126b6b-f232-45c9-a8de-01d5f003deda
+ - name: Systems
+ description: |
+ The Systems endpoints provide the ability to view system information.
+
+ **Notes**
+ - If a system is dual-policy enabled, the returned system details default to
+ the RMF policy information unless otherwise specified for an individual system.
+ - Certain fields are instance specific and may not be returned in GET request.
+ - name: System Roles
+ description: |
+ The System Roles endpoints provides the ability to access user data assigned to systems.
+
+ **NOTES:**
+ - The endpoint can access three different role categories: PAC, CAC, and Other.
+ - If a system is dual-policy enabled, the returned system role information will default
+ to the RMF policy information unless otherwise specified.
+ - name: Controls
+ description: |
+ The Controls endpoints provide the ability to view, add, and update Security Control information to a system for both the Implementation Plan and Risk Assessment.
+ - name: Test Results
+ description: |
+ The Test Results endpoints provide the ability to view and add test results for a system's Assessment Procedures which determine Security Control compliance.
+ - name: POAM
+ description: |
+ The POA&Ms endpoints provide the ability to view, add, update, and remove Plan of Action and Milestones (POA&M) items and associated milestones for a system.
+ - name: Milestones
+ description: |
+ The Milestones endpoints provide the ability to view, add, update, and remove milestones that are associated with Plan of Action and Milestones (POA&M) items for a system.
+ - name: Artifacts
+ description: |
+ The Artifacts endpoints provide the ability to view, add, update, and remove artifacts (supporting documentation/evidence) and associated files for a system.
+ - name: Artifacts Export
+ description: |
+ The Artifacts Export endpoint provides the ability to download artifact files for a system.
+ - name: PAC
+ description: |
+ The Package Approval Chain (PAC) endpoints provide the ability to view the status of
+ existing workflows and initiate new workflows for a system.
+
+ **NOTES:**
+ - If the indicated system has any active workflows, the response will include
+ information such as the workflow type and the current stage of each workflow.
+ - If there are no active workflows, then a null data member will be returned.
+ - name: CAC
+ description: |
+ The Control Approval Chain (CAC) endpoints provide the ability to view the status of
+ Security Controls and submit them to the second stage in the Control Approval Chain.
+
+ **Note:**
+ - POST requests will only yield successful results if the Security Control is at the first
+ stage of the CAC. If the control is not at the first stage, an error will be returned.
+ - name: Hardware Baseline
+ description: |
+ The Hardware Baseline endpoints provide the ability to view, add, update, and remove hardware assets for a system.
+ - name: Software Baseline
+ description: |
+ The Software Baseline endpoints provide the ability to view, add, update, and remove software assets for a system.
+ - name: Device Scan Results
+ description: |
+ The Device Scan Results endpoint provides the ability to upload device scan results in the assets module for a system.
+ - name: Cloud Resource Results
+ description: |
+ The Cloud Resource Results endpoint provides the ability to add, update, and remove cloud resources and their scan results in the assets module for a system.
+ - name: Container Scan Results
+ description: |
+ The Container Scan Results endpoint provides the ability to add, update, and remove containers and their scan results in the assets module for a system.
+ - name: Static Code Scans
+ description: |
+ The Static Code Scans endpoint provides the ability to upload application scan findings into a system's assets module. Application findings can also be cleared from the system.
+ - name: Workflow Definitions
+ description: |
+ The Workflow Definitions endpoint provides the ability to view all workflow schemas available on the eMASS instance. Every transition for each workflow stage is included.
+ - name: Workflow Instances
+ description: |
+ The Workflow Instances endpoint provides the ability to view detailed information on all active and historical workflows for an eMASS instance.
+ - name: CMMC Assessments
+ description: |
+ The Cybersecurity Maturity Model Certification (CMMC) Assessments endpoint provides the ability to view CMMC assessment information. It is available to CMMC eMASS only.
+ - name: Dashboards
+ description: |
+ The Dashboards endpoints provide the ability to view data contained in dashboard exports.
+ In the eMASS frontend, these dashboard exports are generated as Excel exports.
+
+ Each dashboard dataset available from the API is automatically updated with the current
+ configuration of the dashboard and the instance of eMASS as the dashboard changes.
+
+ Organization-specific fields may differ. Organization-specific Dashboards should only be
+ used by that organization (e.g., VA [dashboard name] should be used by VA).
+ - name: System Status Dashboard
+ description: Dashboard about systems status details
+ - name: System Terms/Conditions Dashboards
+ - name: System Connectivity/CCSD Dashboards
+ - name: System ATC/IATC Dashboard
+ - name: System Questionnaire Dashboards
+ - name: System Workflows Dashboards
+ - name: System Security Controls Dashboards
+ - name: System POA&M Dashboards
+ - name: System Artifacts Dashboards
+ - name: System Hardware Dashboards
+ - name: System Sensor Hardware Dashboards
+ - name: System Software Dashboards
+ - name: System Sensor Software Dashboards
+ - name: System Critical Assets Dashboard
+ - name: System Vulnerability Dashboard
+ - name: System Device Findings Dashboards
+ - name: System Application Findings Dashboards
+ - name: System Ports/Protocols Dashboards
+ - name: System CONMON Integration Status Dashboard
+ - name: System Associations Dashboard
+ - name: User System Assignments Dashboard
+ - name: Organization Migration Status Dashboard
+ - name: System Migration Status Dashboard
+ - name: System FISMA Metrics Dashboard
+ - name: Coast Guard System FISMA Metrics Dashboard
+ - name: System Privacy Dashboard
+ - name: VA OMB FISMA Dashboard
+ - name: VA System Dashboards
+ - name: CMMC Assessment Dashboards
+#-------------------------------------------------------------------------------
+# P A T H S - The available paths and operations for the API endpoints
+#-------------------------------------------------------------------------------
+paths:
+ #----------------------------------------------------------------------------
+ # Test endpoint
+ #----------------------------------------------------------------------------
+ /api:
+ get:
+ tags:
+ - Test
+ summary: Test connection to the API
+ description: Tests the endpoint connection
+ operationId: testConnection
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Test'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+ #----------------------------------------------------------------------------
+ # Register endpoint
+ #----------------------------------------------------------------------------
+ /api/api-key:
+ post:
+ tags:
+ - Registration
+ summary: Register user certificate and obtain an API key
+ description: Returns the API Key (api-key) that must be provided in the request
+ header for all endpoint calls.
+ operationId: registerUser
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Register'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Systems endpoint
+ #----------------------------------------------------------------------------
+ /api/systems:
+ get:
+ tags:
+ - Systems
+ summary: Get system information
+ description: Returns all system(s) that match the query parameters
+ operationId: getSystems
+ parameters:
+ - $ref: '#/components/parameters/coamsId'
+ - $ref: '#/components/parameters/ditprId'
+ - $ref: '#/components/parameters/includeDecommissioned'
+ - $ref: '#/components/parameters/includeDitprMetrics'
+ - $ref: '#/components/parameters/policy'
+ - $ref: '#/components/parameters/registrationType'
+ - $ref: '#/components/parameters/reportsForScorecard'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/SystemsResponse'
+ examples:
+ cyberdyne_systems:
+ summary: Cyberdyne Systems portfolio
+ value:
+ meta:
+ code: 200
+ data:
+ - systemId: 5050
+ name: Skynet
+ acronym: SKY
+ description: Autonomous defense network managed by Cyberdyne Systems.
+ owningOrganization: Cyberdyne Systems
+ registrationType: Assess and Authorize
+ policy: RMF
+ securityPlanApprovalStatus: Approved
+ securityPlanApprovalDate: 1638741660
+ - systemId: 666
+ name: Legion
+ acronym: LGN
+ description: Next-generation autonomous threat platform managed by Cyberdyne Systems.
+ owningOrganization: Cyberdyne Systems
+ registrationType: Assess and Authorize
+ policy: RMF
+ securityPlanApprovalStatus: Not Yet Approved
+ securityPlanApprovalDate: null
+ - systemId: 1337
+ name: Genisys
+ acronym: GNS
+ description: Integrated global operating system managed by Cyberdyne Systems.
+ owningOrganization: Cyberdyne Systems
+ registrationType: Assess and Authorize
+ policy: RMF
+ securityPlanApprovalStatus: Approved
+ securityPlanApprovalDate: 1700000000
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/systems/{systemId}:
+ get:
+ tags:
+ - Systems
+ summary: Get system information for a specific system
+ description: Returns the system matching provided parameters
+ operationId: getSystem
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/policy'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/SystemResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Roles endpoint
+ #----------------------------------------------------------------------------
+ /api/system-roles:
+ get:
+ tags:
+ - System Roles
+ summary: Get available roles
+ description: Returns all available roles
+ operationId: getSystemRoles
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/SystemRolesResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/system-roles/{roleCategory}:
+ get:
+ tags:
+ - System Roles
+ summary: Get system roles
+ description: Returns the role(s) data matching parameters.
+ operationId: getSystemRolesByCategoryId
+ parameters:
+ - $ref: '#/components/parameters/roleCategory'
+ - $ref: '#/components/parameters/role'
+ - $ref: '#/components/parameters/policy'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/SystemRolesCategoryResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Control endpoint
+ #----------------------------------------------------------------------------
+ /api/systems/{systemId}/controls:
+ get:
+ tags:
+ - Controls
+ summary: Get control information in a system for one or many controls
+ description: Returns system control information for matching `systemId` path parameter
+ operationId: getSystemControls
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/acronyms'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ControlsResponseGet'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ put:
+ tags:
+ - Controls
+ summary: Update control information in a system for one or many controls
+ description: |-
+ Update a Control for given `systemId`
+
+ **Request Body Required Fields**
+ - `acronym`
+ - `responsibleEntities`
+ - `controlDesignation`
+ - `estimatedCompletionDate`
+ - `implementationNarrative`
+
+
+ **Business Rules**
+
+ The following **optional fields** (plus the **Request Body Required Fields**) are required based on the Implementation Status (`implementationStatus`) field value:
+
+
+
+
+ **NOTES:**
+ - Risk Assessment information cannot be updated if a Security Control is `Inherited`.
+ - Risk Assessment information cannot be updated for a DIACAP system record.
+ - Implementation Plan information cannot be saved if the these fields exceed 2,000 character limits:
+ - `naJustification`,`responsibleEntities`,`implementationNarrative`,`slcmCriticality`
+ - `slcmFrequency`,`slcmMethod`,`slcmReporting`,`slcmTracking`,`slcmComments`
+ - Implementation Plan or Risk Assessment information cannot be updated if Security Control does not exist in the system record.
+ operationId: updateControlBySystemId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body for updating an existing control for a given system.
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ControlsRequestPutBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ControlsResponsePut'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Test Results endpoint
+ #----------------------------------------------------------------------------
+ /api/systems/{systemId}/test-results:
+ get:
+ tags:
+ - Test Results
+ summary: Get one or many test results in a system
+ description: Returns system test results information for matching parameters.
+ operationId: getSystemTestResults
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/controlAcronyms'
+ - $ref: '#/components/parameters/assessmentProcedures'
+ - $ref: '#/components/parameters/ccis'
+ - $ref: '#/components/parameters/latestOnly'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/TestResultsResponseGet'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ post:
+ tags:
+ - Test Results
+ summary: Add one or many test results in a system
+ description: |-
+ Adds test results for given `systemId`
+
+ **Request Body Required Fields**
+ - `testedBy`
+ - `testDate`
+ - `description`
+ - `complianceStatus`
+ - `assessmentProcedure`
+
+ operationId: addTestResultsBySystemId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body to add test results to a system (systemId)
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/TestResultsRequestPostBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/TestResultsResponsePost'
+ '201':
+ $ref: '#/components/responses/Created'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '411':
+ $ref: '#/components/responses/LengthRequired'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # POA&Ms endpoint
+ #----------------------------------------------------------------------------
+ /api/systems/{systemId}/poams:
+ get:
+ tags:
+ - POAM
+ summary: Get one or many POA&M items in a system
+ description: Returns system(s) containing POA&M items for matching parameters.
+ operationId: getSystemPoams
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/scheduledCompletionDateStart'
+ - $ref: '#/components/parameters/scheduledCompletionDateEnd'
+ - $ref: '#/components/parameters/controlAcronyms'
+ - $ref: '#/components/parameters/assessmentProcedures'
+ - $ref: '#/components/parameters/ccis'
+ - $ref: '#/components/parameters/systemOnly'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PoamResponseGetSystems'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ post:
+ tags:
+ - POAM
+ summary: Add one or many POA&M items in a system
+ description: |-
+ Add a POA&M for given `systemId`
+
+ **Request Body Required Fields**
+
+
+
Field
Require/Condition
+
+
+
status
Always (every POST)
+
vulnerabilityDescription
Always (every POST)
+
sourceIdentifyingVulnerability
Always (every POST)
+
pocOrganization
Always (every POST)
+
resources
Always (every POST)
+
identifiedInCFOAuditOrOtherReview
Required for VA. Optional for Army and USCG.
+
scheduledCompletionDate
Required for ongoing and completed POA&M items
+
pocFirstName
Only if Last Name, Email, or Phone Number have data
+
pocLastName
Only if First Name, Email, or Phone Number have data
+
pocEmail
Only if First Name, Last Name, or Phone Number have data
+
pocPhoneNumber
Only if First Name, Last Name, or Email have data
+
completionDate
For completed POA&M Item only
+
comments
For completed or Risk Accepted POA&M Items only
+
+
+
+ **NOTE**: Certain eMASS instances also require the Risk Analysis fields to be populated:
+ - `severity`
+ - `relevanceOfThreat`
+ - `likelihood`
+ - `impact`
+ - `residualRiskLevel`
+ - `mitigations`
+
+
+ **Business Rules**
+
+ The following rules apply to the Review Status `status` field value:
+
+
Value
Rule
+
+
Not Approved
POA&M cannot be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date
+
Approved
POA&M can only be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date
+
Are required to have a Severity Value assigned
+
Completed or Ongoing
Cannot be saved without Milestones
+
Risk Accepted
POA&M Item cannot be saved with a Scheduled Completion Date scheduledCompletionDate or have Milestones
+
Approved or Completed or Ongoing
Cannot update Scheduled Completion Date
+
+
+
+ **Additional Rules**
+ - POA&M Item cannot be saved if associated Security Control or AP is inherited.
+ - Completed POA&M Item cannot be saved if Completion Date (`completionDate`) is in the future.
+ - POA&M Items cannot be updated if they are included in an active package.
+ - Archived POA&M Items cannot be updated.
+ - POA&M Items with a status of "Not Applicable" will be updated through test result creation.
+ - If the Security Control or Assessment Procedure does not exist in the system, the POA&M Item maybe imported at the System Level.
+
+
+ **Fields Characters Limitation**
+ - POA&M Item cannot be saved if the Point of Contact (POC) fields exceed 100 characters:
+ - `pocOrganization` `pocFirstName`, `pocLastName`, `pocEmail`, `pocPhoneNumber`
+ - POA&M Item cannot be saved if Resources (`resource`) field exceeds 250 characters
+ - POA&M Item cannot be saved if the following fields exceeds 2,000 characters:
+ - `mitigations`, `sourceIdentifyingVulnerability`, `comments`
+ - Milestones Field: `description`
+ - POA&M Items cannot be saved if Milestone Description (`description`) exceeds 2,000 characters.
+
+ operationId: addPoamBySystemId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body to add POA&M(s) to a system (systemId)
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PoamRequestPostBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PoamResponsePostPutDelete'
+ '201':
+ $ref: '#/components/responses/Created'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '411':
+ $ref: '#/components/responses/LengthRequired'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ put:
+ tags:
+ - POAM
+ summary: Update one or many POA&M items in a system
+ description: |-
+ Update a POA&M for given `systemId`
+
+ **Request Body Required Fields**
+
+
+
Field
Require/Condition
+
+
+
poamId
Always (every PUT)
+
displayPoamId
Always (every PUT)
+
status
Always (every PUT)
+
vulnerabilityDescription
Always (every PUT)
+
sourceIdentifyingVulnerability
Always (every PUT)
+
pocOrganization
Always (every PUT)
+
resources
Always (every PUT)
+
identifiedInCFOAuditOrOtherReview
Required for VA. Optional for Army and USCG.
+
scheduledCompletionDate
Required for ongoing and completed POA&M items
+
pocFirstName
Only if Last Name, Email, or Phone Number have data
+
pocLastName
Only if First Name, Email, or Phone Number have data
+
pocEmail
Only if First Name, Last Name, or Phone Number have data
+
pocPhoneNumber
Only if First Name, Last Name, or Email have data
+
completionDate
For completed POA&M Item only
+
comments
For completed or Risk Accepted POA&M Items only
+
+
+
+ **NOTES**:
+ - Certain eMASS instances also require the Risk Analysis fields to be populated:
+ - `severity`
+ - `relevanceOfThreat`
+ - `likelihood`
+ - `impact`
+ - `residualRiskLevel`
+ - `mitigations`
+ - To prevent uploading duplicate/undesired milestones through the POA&M PUT include an `isActive` field for the milestone and set it to equal to false `(isActive=false)`.
+
+
+ **Business Rules:** See business rules for the POST endpoint
+
+ operationId: updatePoamBySystemId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body for updating a POA&M for a system (systemId)
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PoamRequestPutBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PoamResponsePostPutDelete'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ delete:
+ tags:
+ - POAM
+ summary: Remove one or many POA&M items in a system
+ description: Remove the POA&M matching `systemId` path parameter and `poamId`
+ Request Body
+ operationId: deletePoam
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Delete the given POA&M Id
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PoamRequestDeleteBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PoamResponsePostPutDelete'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/systems/{systemId}/poams/{poamId}:
+ get:
+ tags:
+ - POAM
+ summary: Get POA&M item by ID in a system
+ description: Returns system(s) containing POA&M items for matching parameters.
+ operationId: getSystemPoamsByPoamId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/poamId'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PoamResponseGetPoams'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Milestones endpoint
+ #----------------------------------------------------------------------------
+ /api/systems/{systemId}/poams/{poamId}/milestones:
+ get:
+ tags:
+ - Milestones
+ summary: Get milestones in one or many POA&M items in a system
+ description: Returns system containing milestones for matching parameters.
+ operationId: getSystemMilestonesByPoamId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/poamId'
+ - $ref: '#/components/parameters/scheduledCompletionDateStart'
+ - $ref: '#/components/parameters/scheduledCompletionDateEnd'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/MilestoneResponseGet'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ post:
+ tags:
+ - Milestones
+ summary: Add milestones to one or many POA&M items in a system
+ description: |-
+ Adds a milestone for given `systemId` and `poamId` path parameters
+
+ **Request Body Required Fields**
+ - `description`
+ - `scheduledCompletionDate`
+
+ operationId: addMilestoneBySystemIdAndPoamId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/poamId'
+ requestBody:
+ description: Example request body for adding milestones to an existing System (systemId) POA&M (poamId)
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/MilestonesRequestPostBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/MilestoneResponsePost'
+ '201':
+ $ref: '#/components/responses/Created'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '411':
+ $ref: '#/components/responses/LengthRequired'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ put:
+ tags:
+ - Milestones
+ summary: Update one or many POA&M items in a system
+ description: |-
+ Updates a milestone for given `systemId` and `poamId` path parameters
+
+ **Request Body Required Fields**
+ - `milestoneId`
+ - `description`
+ - `scheduledCompletionDate`
+ operationId: updateMilestoneBySystemIdAndPoamId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/poamId'
+ requestBody:
+ description: Example request body for updating milestones (milestoneId) of an existing System (systemId) POA&M (poamId)
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/MilestonesRequestPutBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/MilestoneResponsePut'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ delete:
+ tags:
+ - Milestones
+ summary: Remove milestones in a system for one or many POA&M items
+ description: |-
+ Remove the POA&M matching `systemId` and `poamId` for path parameters and `milstoneId` provide in the Request Body
+
+ **NOTE**
+ To delete a milestone the record must be inactive by having the field isActive set to false (`isActive=false`).
+ operationId: deleteMilestone
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/poamId'
+ requestBody:
+ description: Delete the given Milestone Id
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/MilestonesRequestDeleteBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/MilestoneResponseDelete'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/systems/{systemId}/poams/{poamId}/milestones/{milestoneId}:
+ get:
+ tags:
+ - Milestones
+ summary: Get milestone by ID in POA&M item in a system
+ description: Returns systems containing milestones for matching parameters.
+ operationId: getSystemMilestonesByPoamIdAndMilestoneId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/poamId'
+ - $ref: '#/components/parameters/milestoneId'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/MilestoneResponseGetMilestone'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Artifacts endpoint
+ #----------------------------------------------------------------------------
+ /api/systems/{systemId}/artifacts:
+ get:
+ tags:
+ - Artifacts
+ summary: Get one or many artifacts in a system
+ description: Returns selected artifacts matching parameters to include the file
+ name containing the artifacts.
+ operationId: getSystemArtifacts
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/filename'
+ - $ref: '#/components/parameters/controlAcronyms'
+ - $ref: '#/components/parameters/assessmentProcedures'
+ - $ref: '#/components/parameters/ccis'
+ - $ref: '#/components/parameters/systemOnly'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ArtifactsResponseGet'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ post:
+ tags:
+ - Artifacts
+ summary: Add one or many artifacts in a system
+ description: |-
+ Information About Adding Artifacts
+
+ The body of a request through the Artifacts POST endpoint accepts a single binary file. Two
+ Artifact POST methods are currently accepted: individual and bulk. Filename uniqueness within
+ an eMASS system will be enforced by the API for both methods.
+
+ For POST requests that should result in a single artifact, the request should include the file.
+
+ For POST requests that should result in the creation of many artifacts, the request should include
+ a single file with the extension ".zip" only and the parameter isBulk should be set to true. This
+ .zip file should contain one or more files corresponding to existing artifacts or new artifacts that
+ will be created upon successful receipt.
+
+ Upon successful receipt of one or many artifacts, if a file is matched via filename to an artifact
+ existing within the application, the file associated with the artifact will be updated. If no artifact
+ is matched via filename to the application, a new artifact will be created with the following
+ default values. Any values not specified below will be null
+
+
isTemplate: false
+
type: Other
+
category: Evidence
+
+
+ To update values other than the file itself, please submit a PUT request.
+
+ Business Rules
+
+ Artifact cannot be saved if the fields below exceed the following character limits:
+
+
Filename - 1,000 characters
+
Name - 100 characters
+
Description - 10,000 characters
+
Reference Page Number - 50 characters
+
+
+ Artifact version cannot be saved if an Artifact with the same file name (filename) already exist in the system.
+
+ Artifact cannot be saved if the file size exceeds 30MB.
+
+ Artifact cannot be saved if the following fields are missing data:
+
+
Filename (filename)
+
Type (type)
+
Category (category)
+
+ Artifact cannot be saved if the Last Review Date (`lastReviewedDate`) is set in the future.
+ operationId: addArtifactsBySystemId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/isBulk'
+ requestBody:
+ description: See `Information` posted above for additional instructions
+ content:
+ multipart/form-data:
+ schema:
+ type: object
+ required:
+ - filename
+ properties:
+ isTemplate:
+ type: boolean
+ description: |-
+ Is the artifact a template?
+
+ Indicates whether an artifact is a template
+ enum:
+ - true
+ - false
+ example: false
+ type:
+ type: string
+ description: |-
+ The type of artifact. Possible values are: Procedure, Diagram, Policy, Labor,
+ Document, Image, Other, Scan Result, Auditor Report.
+ May also accept custom artifact type values set by system administrators.
+ example: Other
+ category:
+ type: string
+ description: |-
+ The category of artifact. Possible values are: Implementation Guidance, Evidence.
+
+ May also accept custom artifact category values set by system administrators.
+ example: Evidence
+ filename:
+ type: string
+ description: |-
+ The file to upload. Must be a .zip file if isBulk is set to true,
+ otherwise any acceptable artifact file. Max 30MB per artifact.
+ format: binary
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ArtifactsResponsePutPost'
+ '201':
+ $ref: '#/components/responses/Created'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '411':
+ $ref: '#/components/responses/LengthRequired'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ put:
+ tags:
+ - Artifacts
+ summary: Update one or many artifacts in a system
+ description: |-
+ Updates an artifact for given `systemId` path parameter
+ **Request Body Required Fields**
+ - `filename`
+ - `isTemplate`
+ - `type`
+ - `category`
+
+ The example request provides all optional fields
+
+ Information About Updating Artifacts
+
+ The PUT request will replace all existing data with the field/value combinations included in the request body.
+
+ If any fields are not included, the absent fields will become null.
+
+ The fields `name` and `isTemplate` are non-nullable fields. If not specified in the PUT command
+ they will default to the following:
+ - `name=filename`
+ - `isTemplate=false`
+
+ Also, note that one-to-many fields (`controls` and `ccis`) will also be replaced with the values specified in the PUT.
+
+ If existing `control or cci` mappings exist in eMASS, the values in the PUT will not append, but
+ rather replace all existing control and cci mappings with the values in the request body.
+ operationId: updateArtifactBySystemId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: See `information` above for additional instructions
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ArtifactsRequestPutBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ArtifactsResponsePutPost'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ delete:
+ tags:
+ - Artifacts
+ summary: Remove one or many artifacts in a system
+ description: |-
+ Remove the Artifact(s) matching `systemId` path parameter and request body artifact(s) file name
+ operationId: deleteArtifact
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Delete artifact files for the given System Id
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ArtifactsRequestDeleteBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ArtifactsResponseDel'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Artifacts Export endpoint
+ #----------------------------------------------------------------------------
+ /api/systems/{systemId}/artifacts-export:
+ get:
+ tags:
+ - Artifacts Export
+ summary: Get the file of an artifact in a system
+ description: |-
+ Sample Responce
+ Binary file associated with given filename.
+ If `compress` parameter is specified, zip archive of binary file associated with given filename.
+ operationId: getSystemArtifactsExport
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/exportfilename'
+ - $ref: '#/components/parameters/compress'
+ responses:
+ '200':
+ description: Successful retrieved Artifacts file
+ content:
+ # text/plain:
+ # schema:
+ # type: string
+ # example: "The requested file contents"
+ application/octet-stream:
+ schema:
+ # a binary file of any type
+ description: Artifacts file ready for download
+ type: string
+ format: binary
+ example: Binary file content for given filename
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # PAC endpoints
+ #----------------------------------------------------------------------------
+ /api/systems/{systemId}/approval/pac:
+ get:
+ tags:
+ - PAC
+ summary: Get status of active workflows in a system
+ description: |-
+ Returns the location of a system's package in the Package Approval Chain (PAC)
+ for matching `systemId` path parameter
+
+ **NOTES:**
+ - If the indicated system has any active workflows, the response will include information
+ such as the workflow type and the current stage of each workflow.
+ - If there are no active workflows, then a null data member will be returned.
+ operationId: getSystemPac
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PacResponseGet'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ post:
+ tags:
+ - PAC
+ summary: Initiate system workflow for review
+ description: |-
+ Adds a Package Approval Chain (PAC) for given `systemId` path parameter
+
+ **Request Body Required Fields**
+ - `workflow`
+ - `name`
+ - `comments`
+
+ operationId: addSystemPac
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body for adding system package to PAC for review
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PacRequestPostBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PacResponsePost'
+ '201':
+ $ref: '#/components/responses/Created'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '411':
+ $ref: '#/components/responses/LengthRequired'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # CAC endpoints
+ #----------------------------------------------------------------------------
+ /api/systems/{systemId}/approval/cac:
+ get:
+ tags:
+ - CAC
+ summary: Get location of one or many controls in CAC
+ description: Returns the location of a system's package in the Control Approval
+ Chain (CAC) for matching `systemId` path parameter
+ operationId: getSystemCac
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/controlAcronyms'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CacResponseGet'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ post:
+ tags:
+ - CAC
+ summary: Submit control to second role of CAC
+ description: |-
+ **Request Body Required Fields**
+ - `controlAcronym`
+ - `comments`
+
+ **NOTES:**
+ - Comments `comments` are not required at the first role of the CAC but are required at the second role of
+ the CAC. Comments cannot exceed 10,000 characters.
+ - POST requests will only yield successful results if the control is currently sitting at the first
+ role of the CAC. If the control is not currently sitting at the first role, then an error will be
+ returned.
+ operationId: addSystemCac
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body for adding control(s) to second role of CAC
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CacRequestPostBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CacResponsePost'
+ '201':
+ $ref: '#/components/responses/Created'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '411':
+ $ref: '#/components/responses/LengthRequired'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Hardware Baseline endpoints
+ #----------------------------------------------------------------------------
+ /api/systems/{systemId}/hw-baseline:
+ get:
+ tags:
+ - Hardware Baseline
+ summary: Get hardware baseline for a system
+ description: Returns the hardware baseline for a system matching the `systemId` path parameter
+ operationId: getSystemHwBaseline
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/HwBaselineResponseGet'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ post:
+ tags:
+ - Hardware Baseline
+ summary: Add one or many hardware assets in a system
+ description: |-
+ Adds assets to the Hardware Baseline for given `systemId`
+
+ **Request Body Required Fields**
+ - `assetName`
+
+ operationId: addHwBaselineAssets
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body for adding hardware baseline assets to an existing System (systemId)
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/HwBaselineRequestPostBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/HwBaselineResponsePostPut'
+ '201':
+ $ref: '#/components/responses/Created'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '411':
+ $ref: '#/components/responses/LengthRequired'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ put:
+ tags:
+ - Hardware Baseline
+ summary: Update one or many hardware assets in a system
+ description: |-
+ Updates assets in the Hardware Baseline for given `systemId`
+
+ **Request Body Required Fields**
+ - `assetName`
+ - `hardwareId`
+ operationId: updateHwBaselineAssets
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body for updating hardware baseline assets to an existing System (systemId)
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/HwBaselineRequestPutBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/HwBaselineResponsePostPut'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ delete:
+ tags:
+ - Hardware Baseline
+ summary: Delete one or many hardware assets in a system
+ description: |-
+ Remove (delete) one or multiple assets from a system Hardware Baseline
+ operationId: deleteHwBaselineAssets
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body for deleting one or many Hardware Baseline assets
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/HwBaselineRequestDeleteBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/HwBaselineResponseDelete'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Software Baseline endpoints
+ #----------------------------------------------------------------------------
+ /api/systems/{systemId}/sw-baseline:
+ get:
+ tags:
+ - Software Baseline
+ summary: Get software baseline for a system
+ description: Returns the software baseline for a system matching the `systemId` path parameter
+ operationId: getSystemSwBaseline
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/SwBaselineResponseGet'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ post:
+ tags:
+ - Software Baseline
+ summary: Add one or many software assets in a system
+ description: |-
+ Adds assets to the Software Baseline for given `systemId`
+
+ **Request Body Required Fields**
+ - `softwareVendor`
+ - `softwareName`
+ - `version`
+
+ operationId: addSwBaselineAssets
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body for adding software baseline assets to an existing System (systemId)
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/SwBaselineRequestPostBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/SwBaselineResponsePostPut'
+ '201':
+ $ref: '#/components/responses/Created'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '411':
+ $ref: '#/components/responses/LengthRequired'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ put:
+ tags:
+ - Software Baseline
+ summary: Update one or many software assets in a system
+ description: |-
+ Updates assets in the Software Baseline for given `systemId`
+
+ **Request Body Required Fields**
+ - `softwareId`
+ - `softwareVendor`
+ - `softwareName`
+ - `version`
+ operationId: updateSwBaselineAssets
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body for updating software baseline assets to an existing System (systemId)
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/SwBaselineRequestPutBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/SwBaselineResponsePostPut'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ delete:
+ tags:
+ - Software Baseline
+ summary: Delete one or many software assets in a system
+ description: |-
+ Remove (delete) one or multiple assets from a system Software Baseline
+ operationId: deleteSwBaselineAssets
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body for deleting one or many Software Baseline assets
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/SwBaselineRequestDeleteBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/SwBaselineResponseDelete'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Device Scan Results endpoints
+ #----------------------------------------------------------------------------
+ /api/systems/{systemId}/device-scan-results:
+ post:
+ tags:
+ - Device Scan Results
+ summary: Add device scans in a system
+ description: |-
+
+ **Request Body Required Field**
+ - `scanType`
+
+ Scan Type Allow Values:
+
+
+
acasAsrArf (.zip)
+
acasNessus
+
disaStigViewerCklCklb (.ckl or .cklb)
+
disaStigViewerCmrs
+
policyAuditor (.zip)
+
scapComplianceChecker
+
+
+
+ Business Rules
+
+ The body of a request through the Device Scan Results POST endpoint accepts a single binary file.
+ Specific file extensions are expected depending upon the scanType parameter. For example, .ckl or
+ .cklb files are accepted when using scanType is set to disaStigViewerCklCklb.
+
+ When set to acasAsrArf or policyAuditor, a .zip file is expected which should contain a single
+ scan result (for example, a single pair of .asr and .arf files). Single files are expected for
+ all other scan types as this endpoint requires files to be uploaded consecutively as opposed to in bulk.
+
+ Current scan types that are supported:
+
+
ACAS: ASR/ARF
+
ACAS: NESSUS
+
DISA STIG Viewer: CKL/CKLB
+
DISA STIG Viewer: CMRS
+
Policy Auditor
+
SCAP Compliance Checker
+
+
+ operationId: addScanResultsBySystemId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ - $ref: '#/components/parameters/scanType'
+ - $ref: '#/components/parameters/isBaseline'
+ requestBody:
+ description: See `Business Rules` posted above for file type.
+ required: true
+ content:
+ multipart/form-data:
+ schema:
+ type: object
+ required:
+ - filename
+ properties:
+ filename:
+ type: string
+ description: |-
+ The file to upload. Can be a single file or a .zip file.
+ format: binary
+
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeviceScanResultsResponsePost'
+ '201':
+ $ref: '#/components/responses/Created'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '411':
+ $ref: '#/components/responses/LengthRequired'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Cloud Resource Results endpoints
+ #----------------------------------------------------------------------------
+ /api/systems/{systemId}/cloud-resource-results:
+ post:
+ tags:
+ - Cloud Resource Results
+ summary: Add one or many cloud resources and their scan results
+ description: |-
+ Add cloud resources and their scan results in the assets module for a system `systemId`
+
+ **Request Body Required Fields**
+ - `provider`
+ - `resourceId`
+ - `resourceName`
+ - `resourceType`
+ - `complianceResults` (Object Array)
+ - `cspPolicyDefinitionId`
+ - `isCompliant`
+ - `policyDefinitionTitle`
+
+ **Example Request Body Required Fields**
+ ```
+ [
+ {
+ "provider": "provide name",
+ "resourceId": "resource identification",
+ "resourceName": "resource name",
+ "resourceType": "resource type",
+ "complianceResults": [
+ {
+ "cspPolicyDefinitionId": "CSP policy definition identification",
+ "policyDefinitionTitle": "policy definition title",
+ "isCompliant": [true or false]
+ }
+ ]
+ }
+ ]
+ ```
+ operationId: addCloudResourcesBySystemId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body for adding cloud resources and their scan results
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CloudResourcesRequestPostBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CloudResourcesResponsePost'
+ '201':
+ $ref: '#/components/responses/Created'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '411':
+ $ref: '#/components/responses/LengthRequired'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ delete:
+ tags:
+ - Cloud Resource Results
+ summary: Remove one or many cloud resources in a system
+ description: Removes cloud resources and their scan results in the assets module
+ for a system `systemId`
+ operationId: deleteCloudResources
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Delete the given Cloud Resource Id
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CloudResourcesDeleteBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CloudResourcesDelete'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Container Scan Results endpoints
+ #----------------------------------------------------------------------------
+ /api/systems/{systemId}/container-scan-results:
+ post:
+ tags:
+ - Container Scan Results
+ summary: Add one or many containers and their scan results
+ description: |-
+ Add containers and their scan results in the assets module for a system `systemId`.
+
+ **Request Body Required Fields**
+ - `containerId`
+ - `containerName`
+ - `time`
+ - `benchmarks` (Object Array)
+ - `benchmark`
+ - `results` (Object Array)
+ - `ruleId`
+ - `status`
+ - `lastSeen`
+
+ **Example Request Body Required Fields**
+ ```
+ [
+ {
+ "containerId": "container identification",
+ "containerName": "container name",
+ "time": Datetime of scan/result (1648217219),
+ "benchmarks": [
+ {
+ "benchmark": "RHEL_8_STIG",
+ "results": [
+ {
+ "ruleId": "rule identification",
+ "status": [Pass,Fail,Other,Not Reviewed,Not Checked,Not Applicable],
+ "lastSeen": Unix date format (1648217219)
+ }, {
+ "ruleId": "rule identification",
+ "status": [Pass,Fail,Other,Not Reviewed,Not Checked,Not Applicable],
+ "lastSeen": Unix date format (1648217219)
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ ````
+
+ operationId: addContainerSansBySystemId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body for adding containers and their scan results
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ContainerScanRequestPostBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ContainersResponsePost'
+ '201':
+ $ref: '#/components/responses/Created'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '411':
+ $ref: '#/components/responses/LengthRequired'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ delete:
+ tags:
+ - Container Scan Results
+ summary: Remove one or many containers in a system
+ description: Removes container scan resources and their scan results in the
+ assets module for a system `systemId`
+ operationId: deleteContainerSans
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Delete the given Container Scan Id
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ContainerResourcesDeleteBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ContainersResponseDelete'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Static Code Scans endpoints
+ #----------------------------------------------------------------------------
+ /api/systems/{systemId}/static-code-scans:
+ post:
+ tags:
+ - Static Code Scans
+ summary: Upload static code scans or Clear static code scans
+ description: |-
+ Upload or clear application scan findings into a system's `systemId` assets module.
+
+ **Request Body Required Fields**
+ - `application` (Object)
+ - `applicationName`
+ - `version`
+ - `applicationFindings` (Object Array)
+ - `codeCheckName`
+ - `count`
+ - `scanDate`
+ - `cweId`
+
+ **NOTE:** To clear an application's findings, use only the field `clearFindings` as
+ the Request body and set it to true. Example:
+ ```
+ [
+ {
+ "application": {
+ "applicationName": "application name",
+ "version": "application version"
+ },
+ "applicationFindings": [
+ { "clearFindings": true }
+ ]
+ }
+ ]
+ ```
+ operationId: addStaticCodeScansBySystemId
+ parameters:
+ - $ref: '#/components/parameters/systemId'
+ requestBody:
+ description: Example request body for adding static code scans or Clear static code scans
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/StaticCodeRequestPostBody'
+ required: true
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/StaticCodeResponsePost'
+ '201':
+ $ref: '#/components/responses/Created'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '411':
+ $ref: '#/components/responses/LengthRequired'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Workflow Definitions endpoints
+ #----------------------------------------------------------------------------
+ /api/workflows/definitions:
+ get:
+ tags:
+ - Workflow Definitions
+ summary: Get workflow definitions in a site
+ description: |-
+ View all workflow schemas available on the eMASS instance filtered by
+ status `includeInactive` and registration type `registrationType`.
+ operationId: getWorkflowDefinitions
+ parameters:
+ - $ref: '#/components/parameters/includeInactive'
+ - $ref: '#/components/parameters/registrationType'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/WorkflowDefinitionResponseGet'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Workflow Instances endpoints
+ #----------------------------------------------------------------------------
+ /api/workflows/instances:
+ get:
+ tags:
+ - Workflow Instances
+ summary: Get workflow instances in a site
+ description: View detailed information on all active and historical workflows
+ filtered by provided parameters.
+ operationId: getSystemWorkflowInstances
+ parameters:
+ - $ref: '#/components/parameters/includeComments'
+ - $ref: '#/components/parameters/includeDecommissionSystems'
+ - $ref: '#/components/parameters/workFlowPageIndex'
+ - $ref: '#/components/parameters/optionalSinceDate'
+ - $ref: '#/components/parameters/status'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/WorkflowInstancesResponseGet'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/workflows/instances/{workflowInstanceId}:
+ get:
+ tags:
+ - Workflow Instances
+ summary: Get workflow instance by ID
+ description: View detailed historical workflow information for `workflowInstanceId`.
+ operationId: getSystemWorkflowInstancesByWorkflowInstanceId
+ parameters:
+ - $ref: '#/components/parameters/workflowInstanceId'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/WorkflowInstanceResponseGet'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # CMMC Assessments endpoints
+ #----------------------------------------------------------------------------
+ /api/cmmc-assessments:
+ get:
+ tags:
+ - CMMC Assessments
+ summary: Get CMMC assessment information
+ description: |-
+ Get all CMMC assessment after the given date `sinceDate` parameter. It is available
+ to CMMC eMASS only.
+ operationId: getCmmcAssessments
+ parameters:
+ - $ref: '#/components/parameters/sinceDate'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CmmcResponseGet'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #---------------------------------------------------------------------------#
+ # D A S H B O A R D S #
+ #---------------------------------------------------------------------------#
+
+ #----------------------------------------------------------------------------
+ # System Status Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-status-details:
+ get:
+ tags:
+ - System Status Dashboard
+ summary: System Status Details
+ description: Get systems status detail dashboard information.
+ operationId: getSystemStatusDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Terms Conditions Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-terms-conditions-summary:
+ get:
+ tags:
+ - System Terms/Conditions Dashboards
+ summary: System Terms Conditions Summary
+ description: Get systems terms conditions summary dashboard information.
+ operationId: getSystemTermsConditionsSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-terms-conditions-details:
+ get:
+ tags:
+ - System Terms/Conditions Dashboards
+ summary: System Terms Conditions Details
+ description: Get systems terms conditions details dashboard information.
+ operationId: getSystemTermsConditionsDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Connectivity/CCSD
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-connectivity-ccsd-summary:
+ get:
+ tags:
+ - System Connectivity/CCSD Dashboards
+ summary: System Connectivity/CCSD Summary
+ description: Get systems connectivity/CCSD summary dashboard information.
+ operationId: getSystemConnectivityCcsdSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-connectivity-ccsd-details:
+ get:
+ tags:
+ - System Connectivity/CCSD Dashboards
+ summary: System Connectivity/CCSD Details
+ description: Get systems connectivity/CCSD details dashboard information.
+ operationId: getSystemConnectivityCcsdDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System ATC/IATC
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-atc-iatc-details:
+ get:
+ tags:
+ - System ATC/IATC Dashboard
+ summary: System ATC/IATC Details
+ description: Get systems ATC/IATC details dashboard information.
+ operationId: getSystemAtcIatcDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+ #----------------------------------------------------------------------------
+ # System Questionnaire
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-questionnaire-summary:
+ get:
+ tags:
+ - System Questionnaire Dashboards
+ summary: System Questionnaire Summary
+ description: Get systems questionnaire summary dashboard information.
+ operationId: getSystemQuestionnaireSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-questionnaire-details:
+ get:
+ tags:
+ - System Questionnaire Dashboards
+ summary: System Questionnaire Details
+ description: Get systems questionnaire details dashboard information.
+ operationId: getSystemQuestionnaireDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Workflows Dashboard
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-workflows-history-summary:
+ get:
+ tags:
+ - System Workflows Dashboards
+ summary: System Workflows History Summary
+ description: Get systems workflow history summary dashboard information.
+ operationId: getSystemWorkflowsHistorySummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-workflows-history-details:
+ get:
+ tags:
+ - System Workflows Dashboards
+ summary: System Workflows History Details
+ description: Get systems workflow history details dashboard information.
+ operationId: getSystemWorkflowsHistoryDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-workflows-history-stage-details:
+ get:
+ tags:
+ - System Workflows Dashboards
+ summary: System Workflows History Stage Details
+ description: Get systems workflow history stage details dashboard information.
+ operationId: getSystemWorkflowsHistoryStageDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Security Controls Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-control-compliance-summary:
+ get:
+ tags:
+ - System Security Controls Dashboards
+ summary: System Control Compliance Summary
+ description: Get systems control compliance summary dashboard information.
+ operationId: getSystemControlComplianceSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-security-controls-details:
+ get:
+ tags:
+ - System Security Controls Dashboards
+ summary: System Control Compliance Details
+ description: Get systems security control details dashboard information.
+ operationId: getSystemSecurityControlDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-assessment-procedures-details:
+ get:
+ tags:
+ - System Security Controls Dashboards
+ summary: System Assessment Procedures Details
+ description: Get systems assessment procedures details dashboard information.
+ operationId: getSystemAssessmentProceduresDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Enterprise POA&M Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-poam-summary:
+ get:
+ tags:
+ - System POA&M Dashboards
+ summary: System POA&M Summary
+ description: Get systems POA&Ms summary dashboard information.
+ operationId: getSystemPoamSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-poam-details:
+ get:
+ tags:
+ - System POA&M Dashboards
+ summary: System POA&M Details
+ description: Get system POA&Ms details dashboard information.
+ operationId: getSystemPoamDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Artifacts Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-artifacts-summary:
+ get:
+ tags:
+ - System Artifacts Dashboards
+ summary: System Artifacts Summary
+ description: Get system Artifacts summary information.
+ operationId: getSystemArtifactsSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-artifacts-details:
+ get:
+ tags:
+ - System Artifacts Dashboards
+ summary: System Artifacts Details
+ description: Get system Artifacts details information.
+ operationId: getSystemArtifactsDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Hardware Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-hardware-summary:
+ get:
+ tags:
+ - System Hardware Dashboards
+ summary: System Hardware Summary
+ description: Get system hardware summary dashboard information.
+ operationId: getSystemHardwareSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-hardware-details:
+ get:
+ tags:
+ - System Hardware Dashboards
+ summary: System Hardware Details
+ description: Get system hardware details dashboard information.
+ operationId: getSystemHardwareDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Sensor Hardware Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-sensor-hardware-summary:
+ get:
+ tags:
+ - System Sensor Hardware Dashboards
+ summary: System Sensor Hardware Summary
+ description: Get system sensor hardware summary dashboard information.
+ operationId: getSystemSensorHardwareSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-sensor-hardware-details:
+ get:
+ tags:
+ - System Sensor Hardware Dashboards
+ summary: System Sensor Hardware Details
+ description: Get system sensor hardware details dashboard information.
+ operationId: getSystemSensorHardwareDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Software Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-software-summary:
+ get:
+ tags:
+ - System Software Dashboards
+ summary: System Software Summary
+ description: Get system software summary dashboard information.
+ operationId: getSystemSoftwareSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-software-details:
+ get:
+ tags:
+ - System Software Dashboards
+ summary: System Software Details
+ description: Get system software details dashboard information.
+ operationId: getSystemSoftwareDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Sensor Software Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-sensor-software-summary:
+ get:
+ tags:
+ - System Sensor Software Dashboards
+ summary: System Sensor Software Summary
+ description: Get system sensor software summary dashboard information.
+ operationId: getSystemSensorSoftwareSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-sensor-software-details:
+ get:
+ tags:
+ - System Sensor Software Dashboards
+ summary: System Sensor Software Details
+ description: Get system sensor hardsoftwareware details dashboard information.
+ operationId: getSystemSensorSoftwareDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-sensor-software-counts:
+ get:
+ tags:
+ - System Sensor Software Dashboards
+ summary: System Sensor Software Counts
+ description: Get system sensor hardsoftwareware count dashboard information.
+ operationId: getSystemSensorSoftwareCounts
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Ctritical Assets Dashboard
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-critical-assets-summary:
+ get:
+ tags:
+ - System Critical Assets Dashboard
+ summary: System Critical Assets Summary
+ description: Get system critical assets summary dashboard information.
+ operationId: getSystemCriticalAssetsSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Vulnerability Dashboard
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-vulnerability-summary:
+ get:
+ tags:
+ - System Vulnerability Dashboard
+ summary: System Vulnerability Summary
+ description: Get system vulnerability summary dashboard information.
+ operationId: getSystemVulnerabilitySummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Device Findings Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-device-findings-summary:
+ get:
+ tags:
+ - System Device Findings Dashboards
+ summary: System Device Findings Summary
+ description: Get system device findings summary dashboard information.
+ operationId: getSystemDeviceFindingsSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-device-findings-details:
+ get:
+ tags:
+ - System Device Findings Dashboards
+ summary: System Device Findings Details
+ description: Get ssystem device findings details dashboard information.
+ operationId: getSystemDeviceFindingsDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Application Findings Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-application-findings-summary:
+ get:
+ tags:
+ - System Application Findings Dashboards
+ summary: System Application Findings Summary
+ description: Get system application findings summary dashboard information.
+ operationId: getSystemApplicationFindingsSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-application-findings-details:
+ get:
+ tags:
+ - System Application Findings Dashboards
+ summary: System Application Findings Details
+ description: Get system application findings details dashboard information.
+ operationId: getSystemApplicationFindingsDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Ports/Protocols Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-ports-protocols-summary:
+ get:
+ tags:
+ - System Ports/Protocols Dashboards
+ summary: System Ports/Protocols Summary
+ description: Get system ports and protocols summary dashboard information.
+ operationId: getSystemPortsProtocolsSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/system-ports-protocols-details:
+ get:
+ tags:
+ - System Ports/Protocols Dashboards
+ summary: System Ports/Protocols Details
+ description: Get system ports and protocols details dashboard information.
+ operationId: getSystemPortsProtocolsDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System CONMON Integration Status Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-conmon-integration-status-summary:
+ get:
+ tags:
+ - System CONMON Integration Status Dashboard
+ summary: System CONMON Integration Status
+ description: Get system CONMON integration status dashboard information.
+ operationId: getSystemCommonIntegrationStatusSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Associations Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-associations-details:
+ get:
+ tags:
+ - System Associations Dashboard
+ summary: System Associations Details
+ description: Get system associations details dashboard information.
+ operationId: getSystemAssociationsDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # User System Assignments Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/user-system-assignments-details:
+ get:
+ tags:
+ - User System Assignments Dashboard
+ summary: User System Assignments Details
+ description: Get user system assignments details dashboard information.
+ operationId: getUserSystemAssignmentsDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Organization Migration Status Dashboard
+ #----------------------------------------------------------------------------
+ /api/dashboards/organization-migration-status-summary:
+ get:
+ tags:
+ - Organization Migration Status Dashboard
+ summary: Organization Migration Status Summary
+ description: Get organization migration status summary dashboard information.
+ operationId: getOrganizationMigrationStatusSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Migration Status Dashboard
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-migration-status-summary:
+ get:
+ tags:
+ - System Migration Status Dashboard
+ summary: System Migration Status Summary
+ description: Get system migration status summary dashboard information.
+ operationId: getSystemMigrationStatusSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System FISMA Metrics Dashboard
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-fisma-metrics:
+ get:
+ tags:
+ - System FISMA Metrics Dashboard
+ summary: System FISMA Metrics
+ description: Get system FISMA metrics dashboard information.
+ operationId: getSystemFismaMetrics
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # Coast Guard System FISMA Metrics Dashboard
+ #----------------------------------------------------------------------------
+ /api/dashboards/coastguard-system-fisma-metrics:
+ get:
+ tags:
+ - Coast Guard System FISMA Metrics Dashboard
+ summary: Coast Guard System FISMA Metrics
+ description: Get Coast Guard system FISMA metrics dashboard information.
+ operationId: getCoastGuardSystemFismaMetrics
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # System Privacy Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/system-privacy-summary:
+ get:
+ tags:
+ - System Privacy Dashboard
+ summary: System Privacy Summary
+ description: Get user system privacy summary dashboard information.
+ operationId: getSystemPrivacySummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # VA OMB FISMA Dashboard
+ #----------------------------------------------------------------------------
+ /api/dashboards/va-omb-fisma-saop-summary:
+ get:
+ tags:
+ - VA OMB FISMA Dashboard
+ summary: VA OMB FISMA SAOP Summary
+ description: Get VA OMB-FISMA SAOP summary dashboard information.
+ operationId: getVaOmbFsmaSaopSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # VA System Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/va-system-icamp-tableau-poam-details:
+ get:
+ tags:
+ - VA System Dashboards
+ summary: VA System ICAMP Tableau POAM Details
+ description: Get VA system ICAMP Tableau POAM details dashboard information.
+ operationId: getVaSystemIcampTableauPoamDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/va-system-aa-summary:
+ get:
+ tags:
+ - VA System Dashboards
+ summary: VA System A&A Summary
+ description: Get VA system A&A summary dashboard information.
+ operationId: getVaSystemAaSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/va-system-a2-summary:
+ get:
+ tags:
+ - VA System Dashboards
+ summary: VA System A2.0 Summary
+ description: Get VA system A2.0 summary dashboard information.
+ operationId: getVaSystemA2Summary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/va-system-pl-109-reporting-summary:
+ get:
+ tags:
+ - VA System Dashboards
+ summary: VA System P.L. 109 Reporting Summary
+ description: Get VA system P.L. 109 reporting summary dashboard information.
+ operationId: getVaSystemPl109ReportingSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/va-system-fisma-inventory-summary:
+ get:
+ tags:
+ - VA System Dashboards
+ summary: VA System FISMA Inventory Summary
+ description: Get VA system FISMA inventory summary dashboard information.
+ operationId: getVaSystemFismaInvetorySummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/va-system-fisma-inventory-crypto-summary:
+ get:
+ tags:
+ - VA System Dashboards
+ summary: VA System FISMA Inventory Crypto Summary
+ description: Get VA system FISMA inventory crypto summary dashboard information.
+ operationId: getVaSystemFismaInvetoryCryptoSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/va-system-threat-risks-summary:
+ get:
+ tags:
+ - VA System Dashboards
+ summary: VA System Threat Risks Summary
+ description: Get VA system threat risk summary dashboard information.
+ operationId: getVaSystemThreatRiskSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/va-system-threat-sources-details:
+ get:
+ tags:
+ - VA System Dashboards
+ summary: VA System Threat Sources Details
+ description: Get VA system threat source details dashboard information.
+ operationId: getVaSystemThreatSourceDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/va-system-threat-architecture-details:
+ get:
+ tags:
+ - VA System Dashboards
+ summary: VA System Threat Architecture Details
+ description: Get VA system threat architecture details dashboard information.
+ operationId: getVaSystemThreatArchitectureDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ #----------------------------------------------------------------------------
+ # CMMC Assessment Dashboards
+ #----------------------------------------------------------------------------
+ /api/dashboards/cmmc-assessment-status-summary:
+ get:
+ tags:
+ - CMMC Assessment Dashboards
+ summary: CMMC Assessment Status Summary
+ description: Get CMMC assessment status summary dashboard information.
+ operationId: getCmmcAssessmentStatusSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/cmmc-assessment-requirements-compliance-summary:
+ get:
+ tags:
+ - CMMC Assessment Dashboards
+ summary: CMMC Assessment Requirements Compliance Summary
+ description: Get CMMC assessment requirements compliance summary dashboard information.
+ operationId: getCmmcAssessmentRequirementsComplianceSummary
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/cmmc-assessment-security-requirements-details:
+ get:
+ tags:
+ - CMMC Assessment Dashboards
+ summary: CMMC Assessment Security Requirements Details
+ description: Get CMMC assessment security requirements details dashboard information.
+ operationId: getCmmcAssessmentSecurityRequirementsDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+ /api/dashboards/cmmc-assessment-requirement-objectives-details:
+ get:
+ tags:
+ - CMMC Assessment Dashboards
+ summary: CMMC Assessment Requirement Objectives Details
+ description: Get CMMC assessment requirement objectives details dashboard information.
+ operationId: getCmmcAssessmentRequirementObjectivesDetails
+ parameters:
+ - $ref: '#/components/parameters/orgId'
+ - $ref: '#/components/parameters/dashboardExcludeInherited'
+ - $ref: '#/components/parameters/dashboardPageIndex'
+ - $ref: '#/components/parameters/dashboardPageSize'
+ responses:
+ '200':
+ $ref: '#/components/responses/DashboardResponse'
+ '400':
+ $ref: '#/components/responses/BadRequest'
+ '401':
+ $ref: '#/components/responses/Unauthorized'
+ '403':
+ $ref: '#/components/responses/Forbidden'
+ '404':
+ $ref: '#/components/responses/NotFound'
+ '405':
+ $ref: '#/components/responses/MethodNotAllowed'
+ '490':
+ $ref: '#/components/responses/APIRuleFailed'
+ '500':
+ $ref: '#/components/responses/InternalServerError'
+
+#-------------------------------------------------------------------------------
+# C O M P O N E N T S
+#-------------------------------------------------------------------------------
+components:
+ #----------------------------------------------------------------------------
+ # Parameters
+ #----------------------------------------------------------------------------
+ parameters:
+ #--------------------------------------------------------------------------
+ # Path
+ #-------------------------------------------------------------------------=
+ roleCategory:
+ name: roleCategory
+ in: path
+ description: '**Role Category**: The system role category been queried'
+ required: true
+ schema:
+ type: string
+ enum:
+ - CAC
+ - PAC
+ - Other
+ default: PAC
+ systemId:
+ name: systemId
+ in: path
+ description: '**System Id**: The unique system record identifier.'
+ required: true
+ schema:
+ type: integer
+ x-faker: random.number
+ example: 35
+ poamId:
+ name: poamId
+ in: path
+ description: '**POA&M Id**: The unique POA&M record identifier.'
+ required: true
+ schema:
+ type: integer
+ x-faker: random.number
+ example: 45
+ milestoneId:
+ name: milestoneId
+ in: path
+ description: '**Milestone Id**: The unique milestone record identifier.'
+ required: true
+ schema:
+ type: integer
+ x-faker: random.number
+ example: 77
+ workflowInstanceId:
+ name: workflowInstanceId
+ in: path
+ description: '**Workflow Instance Id**: The unique workflow definition identifier.'
+ required: true
+ schema:
+ type: integer
+ x-faker: random.number
+ example: 123
+ #--------------------------------------------------------------------------
+ # Query - Required
+ #--------------------------------------------------------------------------
+ role:
+ name: role
+ in: query
+ description: '**Role**: Accepts single value from options available at base
+ system-roles endpoint e.g., SCA.'
+ required: true
+ schema:
+ type: string
+ # enum: ["AO","Auditor","Artifact Manager","C&A Team","IAO","ISSO","PM/IAM","SCA","User Rep", "Validator"]
+ default: IAO
+ exportfilename:
+ name: filename
+ in: query
+ required: true
+ description: '**File Name**: The file name (to include file-extension).'
+ schema:
+ type: string
+ example: ArtifactsExporFile.pdf
+ sinceDate:
+ name: sinceDate
+ in: query
+ required: true
+ description: '**Date** CMMC date (Unix date format)'
+ schema:
+ type: string
+ example: '1638764040'
+ orgId:
+ name: orgId
+ in: query
+ description: '**Organization Id**: The unique organization identifier.'
+ required: true
+ schema:
+ type: integer
+ x-faker: random.number
+ example: 1
+ scanType:
+ name: scanType
+ in: query
+ description: '**Scan Type**: The file scan type to upload'
+ required: true
+ schema:
+ type: string
+ enum:
+ - acasAsrArf
+ - acasNessus
+ - disaStigViewerCklCklb
+ - disaStigViewerCmrs
+ - policyAuditor
+ - scapComplianceChecker
+ default: disaStigViewerCklCklb
+
+ #--------------------------------------------------------------------------
+ # Query - Optional
+ #--------------------------------------------------------------------------
+ includePackage:
+ name: includePackage
+ in: query
+ description: |-
+ **Include Package**: Indicates if additional packages information are retrieved for queried system.
+ If no value is specified, the default returns false to not include package information
+ schema:
+ type: boolean
+ x-faker: random.boolean
+ default: false
+ registrationType:
+ name: registrationType
+ in: query
+ description: |
+ **Registration Type**: Filter record by selected registration type (single value or comma delimited values).
+
+ **Valid Options Are:** assessAndAuthorize, assessOnly, guest, regular,
+ functional, cloudServiceProvider, commonControlProvider, authorizationToUse,
+ reciprocityAcceptanc
+ schema:
+ type: string
+ default: regular
+ ditprId:
+ name: ditprId
+ in: query
+ description: '**DITPR ID**: Filter query by DoD Information Technology (IT)
+ Portfolio Repository (DITPR).'
+ schema:
+ type: string
+ coamsId:
+ name: coamsId
+ in: query
+ description: '**COAMS ID**: Filter query by Cyber Operational Attributes
+ Management System (COAMS).'
+ schema:
+ type: string
+ policy:
+ name: policy
+ in: query
+ description: |-
+ **System Policy**: Filter query by system policy.
+ If no value is specified, the default returns RMF policy information for dual-policy systems.
+ schema:
+ type: string
+ enum:
+ - diacap
+ - rmf
+ - reporting
+ default: rmf
+ acronyms:
+ name: acronyms
+ in: query
+ description: '**Acronym**: The system acronym(s) being queried (single value or
+ comma delimited values).'
+ schema:
+ type: string
+ default: PM-6
+ includeDitprMetrics:
+ name: includeDitprMetrics
+ in: query
+ description: |-
+ **Include DITPR**: Indicates if DITPR metrics are retrieved.
+ This query string parameter cannot be used in conjunction with the following parameters:
+ - ditprId
+ - coamsId
+
+ If no value is specified, the default returns false to not include DITPR Metrics.
+ schema:
+ type: boolean
+ x-faker: random.boolean
+ default: false
+ includeDecommissioned:
+ name: includeDecommissioned
+ in: query
+ description: |-
+ **Include Decommissioned Systems**: Indicates if decommissioned systems are retrieved.
+ If no value is specified, the default returns true to include decommissioned systems.
+ schema:
+ type: boolean
+ x-faker: random.boolean
+ default: true
+ reportsForScorecard:
+ name: reportsForScorecard
+ in: query
+ description: '**DoD Cyber Hygiene Scorecard**: Used to filter results to only
+ return systems that report to the DoD Cyber Hygiene Scorecard.'
+ schema:
+ type: boolean
+ x-faker: random.boolean
+ default: true
+ filename:
+ name: filename
+ in: query
+ description: '**File Name**: The file name (to include file-extension).'
+ schema:
+ type: string
+ example: ArtifactsExporFile.pdf
+ compress:
+ name: compress
+ in: query
+ description: '**Compress File**: Determines if returned file is compressed.'
+ schema:
+ type: boolean
+ x-faker: random.boolean
+ default: true
+ isBulk:
+ name: isBulk
+ in: query
+ description: |
+ **Is Bulk**: If no value is specified, the default is false,
+ and an individual artifact file is expected.
+ When set to true, a .zip file is expected which
+ can contain multiple artifact files.
+ schema:
+ type: boolean
+ x-faker: random.boolean
+ default: false
+ isBaseline:
+ name: isBaseline
+ in: query
+ description: |
+ **Is Baseline**: Indicates that the imported file represents a baseline scan that includes
+ all findings and results. Importing as a baseline scan, which assumes a common set of scan
+ policies are used when conducting a scan, will replace a device's findings for a specific
+ Benchmark. Applicable to ASR/ARF scans only.
+ schema:
+ type: boolean
+ x-faker: random.boolean
+ default: false
+ controlAcronyms:
+ name: controlAcronyms
+ in: query
+ description: '**Control Acronym**: Filter query by given system acronym (single
+ value or comma separated).'
+ schema:
+ type: string
+ assessmentProcedures:
+ name: assessmentProcedures
+ in: query
+ description: '**Assessment Procedure**: Filter query by given Security Control
+ Assessment Procedure (single value or comma separated).'
+ schema:
+ type: string
+ ccis:
+ name: ccis
+ in: query
+ description: '**CCI System**: Filter query by Control Correlation Identifiers
+ (CCIs) (single value or comma separated).'
+ schema:
+ type: string
+ latestOnly:
+ name: latestOnly
+ in: query
+ description: '**Latest Results Only**: Indicates that only the latest test
+ resultes are retrieved.'
+ schema:
+ type: boolean
+ x-faker: random.boolean
+ default: true
+ scheduledCompletionDateStart:
+ name: scheduledCompletionDateStart
+ in: query
+ description: '**Date Started**: Filter query by the scheduled completion start
+ date (Unix date format).'
+ schema:
+ type: string
+ scheduledCompletionDateEnd:
+ name: scheduledCompletionDateEnd
+ in: query
+ description: '**Date Ended**: Filter query by the scheduled completion start
+ date (Unix date format).'
+ schema:
+ type: string
+ systemOnly:
+ name: systemOnly
+ in: query
+ description: '**Systems Only**: Indicates that only system(s) information is
+ retrieved.'
+ schema:
+ type: boolean
+ x-faker: random.boolean
+ default: true
+ description:
+ name: description
+ in: query
+ description: '**Description**: Milestone description information.'
+ schema:
+ type: string
+ scheduledCompletionDate:
+ name: scheduledCompletionDate
+ in: query
+ description: '**Completion Date**: Schedule completion date for milestone (Unix
+ date format).'
+ schema:
+ type: string
+ includeInactive:
+ name: includeInactive
+ in: query
+ description: '**Include Inactive**: If no value is specified, the default
+ returns false to not include outdated workflow definitions.'
+ schema:
+ type: boolean
+ x-faker: random.boolean
+ default: true
+ includeComments:
+ name: includeComments
+ in: query
+ description: |
+ **Include Comments**: If no value is specified, the default returns true to not include
+ transition comments.
+ Note: Corresponds to the Comments textbox that is required at most workflow transitions.
+ Does not include other text input fields such as Terms / Conditions for Authorization.
+ schema:
+ type: boolean
+ x-faker: random.boolean
+ default: true
+ includeDecommissionSystems:
+ name: includeDecommissionSystems
+ in: query
+ description: |
+ **Include Decommission Systems**: If no value is specified, the default returns false to exclude decommissioned systems.
+ schema:
+ type: boolean
+ x-faker: random.boolean
+ default: false
+ workFlowPageIndex:
+ name: pageIndex
+ in: query
+ description: |
+ **Page Index**: If no value is specified, the default returns results from the first page with an index of 0.
+ **Note:** Pages contain 1000 workflow instances.
+ schema:
+ type: integer
+ default: 0
+ optionalSinceDate:
+ name: sinceDate
+ in: query
+ description: |
+ **Date**: Filter on authorization/assessment date (Unix date format).
+ Note: Filters off the lastEditedDate field.
+ Note: The authorization/assessment decisions on completed workflows
+ can be edited for up to 30 days after the initial decision is made.
+ schema:
+ type: string
+ example: '1638764040'
+ status:
+ name: status
+ in: query
+ description: |
+ **Status**: Filter by status.
+ If no value is specified, the default returns all to include both active and inactive workflows.
+ Note: Any workflows at a current stage of Complete or Cancelled are inactive.
+ Ongoing workflows currently at other stages are active.
+ schema:
+ type: string
+ enum:
+ - active
+ - inactive
+ - all
+ default: all
+ dashboardExcludeInherited:
+ name: excludeinherited
+ in: query
+ description: |
+ **Exclude Inherited**: If no value is specified, the default returns false to include inherited data.
+ schema:
+ type: boolean
+ x-faker: random.boolean
+ default: false
+ dashboardPageIndex:
+ name: pageIndex
+ in: query
+ description: |
+ **Page Index**: If no value is specified, the default returns results from the first page with an index of 0.
+ schema:
+ type: integer
+ default: 0
+ dashboardPageSize:
+ name: pageSize
+ in: query
+ description: |
+ **Page Size**: If no value is specified, the default returns 20000 per page.
+ schema:
+ type: integer
+ default: 20000
+ #----------------------------------------------------------------------------
+ # Schemas
+ #----------------------------------------------------------------------------
+ schemas:
+ #----------------------------------------------------------------------------
+ # Request Body fields for (POSTs & PUTs)
+ #----------------------------------------------------------------------------
+ RegisterUserRequestPostBody:
+ required:
+ - user-uid
+ type: object
+ properties:
+ user-uid:
+ type: string
+ example: MY.USERUUID.KEY
+ ControlsRequestPutBody:
+ title: Controls Query Body
+ type: array
+ required:
+ - acronym
+ - responsibleEntities
+ - controlDesignation
+ - estimatedCompletionDate
+ - implementationNarrative
+ additionalProperties: false
+ items:
+ allOf:
+ - $ref: '#/components/schemas/ControlsRequiredFields'
+ - $ref: '#/components/schemas/ControlsConditionalFields'
+ - $ref: '#/components/schemas/ControlsOptionalFields'
+ - $ref: '#/components/schemas/ControlsReadOnlyFields'
+ TestResultsRequestPostBody:
+ title: Test Results Query Body
+ type: array
+ required:
+ - testedBy
+ - testDate
+ - description
+ - complianceStatus
+ - assessmentProcedure
+ additionalProperties: false
+ items:
+ properties:
+ testedBy:
+ type: string
+ description: '[Required] Last Name, First Name. 100 Characters.'
+ x-faker: name.findName
+ example: Smith, Joe
+ testDate:
+ type: integer
+ format: int64
+ description: '[Required] Unix time format.'
+ example: 1638741660
+ description:
+ type: string
+ description: '[Required] Include description of test result. 4000 Characters.'
+ example: Test result description
+ complianceStatus:
+ type: string
+ description: '[Required] Test result compliance status'
+ example: Compliant
+ assessmentProcedure:
+ type: string
+ description: '[Required] The Security Control Assessment Procedure being
+ assessed.'
+ example: AC-1.1
+ PoamRequestPostBody:
+ title: Example request body to add POA&M(s) to a system (systemId)
+ type: array
+ required:
+ - status
+ - vulnerabilityDescription
+ - sourceIdentifyingVulnerability
+ - pocOrganization
+ - resources
+ additionalProperties: false
+ items:
+ allOf:
+ - $ref: '#/components/schemas/PoamRequiredFields'
+ - $ref: '#/components/schemas/PoamConditionalFields'
+ - $ref: '#/components/schemas/PoamOptionalFields'
+ - $ref: '#/components/schemas/MilestonesRequiredPost'
+ PoamRequestPutBody:
+ title: Example request body to update POA&M(s) to a system (systemId)
+ type: array
+ required:
+ - poamId
+ - displayPoamId
+ - status
+ - vulnerabilityDescription
+ - sourceIdentifyingVulnerability
+ - pocOrganization
+ - resources
+ additionalProperties: false
+ items:
+ allOf:
+ - $ref: '#/components/schemas/PoamIds'
+ - $ref: '#/components/schemas/PoamRequiredFields'
+ - $ref: '#/components/schemas/PoamConditionalFields'
+ - $ref: '#/components/schemas/PoamOptionalFields'
+ - $ref: '#/components/schemas/MilestonesRequiredPut'
+ MilestonesRequestPostBody:
+ title: Milestones POST Query Body
+ type: array
+ required:
+ - description
+ - scheduledCompletionDate
+ additionalProperties: false
+ items:
+ properties:
+ description:
+ type: string
+ description: '[Required] Provide a description of the milestone.'
+ x-faker: random.words
+ example: Description text
+ scheduledCompletionDate:
+ type: integer
+ format: int64
+ description: '[Required] Unix date format.'
+ example: 1599644800
+ MilestonesRequestPutBody:
+ title: Milestones PUT Query Body
+ type: array
+ required:
+ - milestoneId
+ - description
+ - scheduledCompletionDate
+ additionalProperties: false
+ items:
+ properties:
+ milestoneId:
+ type: integer
+ format: int64
+ description: '[Required] Unique milestone identifier.'
+ example: 19
+ description:
+ type: string
+ description: '[Required] Provide a description of the milestone.'
+ x-faker: random.words
+ example: Description text
+ scheduledCompletionDate:
+ type: integer
+ format: int64
+ description: '[Required] Unix date format.'
+ example: 1599644800
+ ArtifactsRequestPutBody:
+ title: Artifacts PUT Query Body
+ type: array
+ required:
+ - filename
+ - isTemplate
+ - type
+ - category
+ additionalProperties: false
+ items:
+ allOf:
+ - $ref: '#/components/schemas/ArtifactsRequiredFields'
+ - $ref: '#/components/schemas/ArtifactsOptionalFields'
+ CacRequestPostBody:
+ title: CAC POST Query Body
+ type: array
+ required:
+ - controlAcronym
+ additionalProperties: false
+ items:
+ properties:
+ controlAcronym:
+ type: string
+ description: '[Required] System acronym name.'
+ example: AC-3
+ comments:
+ type: string
+ description: '[Conditional] Control Approval Chain comments - 2000 Characters.'
+ example: Control Approval Chain comments text.
+ PacRequestPostBody:
+ title: PAC POST Query Body
+ type: array
+ required:
+ - workflow
+ - name
+ - comments
+ additionalProperties: false
+ items:
+ properties:
+ workflow:
+ type: string
+ description: '[Required] The PAC workflow'
+ example: Assess and Authorize
+ name:
+ type: string
+ description: '[Required] Package name. 100 Characters.'
+ example: Package name text
+ comments:
+ type: string
+ description: '[Required] Character Limit = 4,000.'
+ example: Comments text.
+ HwBaselineRequestPostBody:
+ title: Example request body to add Hardware Baseline items for a system (systemId)
+ type: array
+ required:
+ - assetName
+ additionalProperties: false
+ items:
+ allOf:
+ - $ref: '#/components/schemas/HwBaselineRequiredFields'
+ - $ref: '#/components/schemas/HwBaselineConditionalFields'
+ - $ref: '#/components/schemas/HwBaselineOptionalFields'
+ HwBaselineRequestPutBody:
+ title: Example request body for updating Hardware Baseline items for a system (systemId)
+ type: array
+ required:
+ - assetName
+ - hardwareId
+ additionalProperties: false
+ items:
+ allOf:
+ - $ref: '#/components/schemas/HwBaselineReadOnlyFields'
+ - $ref: '#/components/schemas/HwBaselineRequiredFields'
+ - $ref: '#/components/schemas/HwBaselineOptionalFields'
+ - $ref: '#/components/schemas/HwBaselineConditionalFields'
+ SwBaselineRequestPostBody:
+ title: Example request body to add Software Baseline items for a system (systemId)
+ type: array
+ required:
+ - softwareVendor
+ - softwareName
+ - version
+ additionalProperties: false
+ items:
+ allOf:
+ - $ref: '#/components/schemas/SwBaselineRequiredFields'
+ - $ref: '#/components/schemas/SwBaselineConditionalFields'
+ - $ref: '#/components/schemas/SwBaselineOptionalFields'
+ SwBaselineRequestPutBody:
+ title: Example request body for updating Software Baseline items for a system (systemId)
+ type: array
+ required:
+ - softwareId
+ - softwareVendor
+ - softwareName
+ - version
+ additionalProperties: false
+ items:
+ allOf:
+ - $ref: '#/components/schemas/SwBaselineReadOnlyFields'
+ - $ref: '#/components/schemas/SwBaselineRequiredFields'
+ - $ref: '#/components/schemas/SwBaselineConditionalFields'
+ - $ref: '#/components/schemas/SwBaselineOptionalFields'
+ StaticCodeRequestPostBody:
+ title: Static Code PUT Query Body
+ type: object
+ additionalProperties: false
+ properties:
+ application:
+ type: object
+ properties:
+ applicationName:
+ type: string
+ description: '[Required] Name of the software application that was assessed.'
+ x-faker: company.companyName
+ example: Artemis
+ version:
+ type: string
+ description: '[Required] The version of the application.'
+ x-faker: system.semver
+ example: Version 5.0
+ applicationFindings:
+ type: array
+ items:
+ $ref: '#/components/schemas/StaticCodeApplicationPost'
+ CloudResourcesRequestPostBody:
+ title: Cloude Resource POST Request Body
+ type: array
+ required:
+ - provider
+ - resourceId
+ - resourceName
+ - resourceType
+ additionalProperties: false
+ items:
+ properties:
+ # Required Fields
+ provider:
+ type: string
+ description: '[Required] Cloud service provider name'
+ example: azure
+ resourceId:
+ type: string
+ description: '[Required] Unique identifier/resource namespace for policy
+ compliance result'
+ example: /subscriptions/123456789/sample/resource/namespace/default
+ resourceName:
+ type: string
+ description: '[Required] Friendly name of Cloud resource'
+ example: Storage Resource
+ resourceType:
+ type: string
+ description: '[Required] Type of Cloud resource'
+ example: Microsoft.storage.table
+ # Optional Fields
+ initiatedBy:
+ type: string
+ description: '[Optional] Email of POC'
+ example: john.doe.ctr@mail.mil
+ cspAccountId:
+ type: string
+ description: '[Optional] System/owner''s CSP account ID/number'
+ example: '123456789'
+ cspRegion:
+ type: string
+ description: '[Optional] CSP region of system'
+ example: useast2
+ isBaseline:
+ type: boolean
+ description: '[Optional] True/false flag for providing results as baseline. If
+ true, all existing compliance results for the resourceId will be
+ replaced by results in the current call'
+ example: true
+ # Optional object
+ tags:
+ type: object
+ description: '[Optional] Informational tags associated to results for other
+ metadata'
+ properties:
+ test:
+ type: string
+ example: testtag
+ # Required object array with required and optional Fields
+ complianceResults:
+ type: array
+ required:
+ - cspPolicyDefinitionId
+ - policyDefinitionTitle
+ - isCompliant
+ items:
+ properties:
+ # Required Fields
+ cspPolicyDefinitionId:
+ type: string
+ description: '[Required] Unique identifier/compliance namespace for
+ CSP/Resource''s policy definition/compliance check'
+ example: /providers/sample/policy/namespace/au11_policy
+ policyDefinitionTitle:
+ type: string
+ description: '[Required] Friendly policy/compliance check title. Recommend short
+ title'
+ example: AU-11 - Audit Record Retention
+ isCompliant:
+ type: boolean
+ description: '[Required] Compliance status of the policy for the identified
+ cloud resource'
+ example: false
+ # Optional Fields
+ complianceCheckTimestamp:
+ type: integer
+ format: int64
+ description: '[Optional] Unix date format'
+ example: 1644003780
+ control:
+ type: string
+ description: '[Optional] Comma separated correlation to Security Control (e.g.
+ exact NIST Control acronym)'
+ example: AU-11
+ assessmentProcedure:
+ type: string
+ description: '[Optional] Comma separated correlation to Assessment Procedure
+ (i.e. CCI number for DoD Control Set)'
+ example: 000167,000168
+ complianceReason:
+ type: string
+ description: '[Optional] Reason/comments for compliance result'
+ example: retention period not configured
+ policyDeploymentName:
+ type: string
+ description: '[Optional] Name of policy deployment'
+ example: testDeployment
+ policyDeploymentVersion:
+ type: string
+ description: '[Optional] Version of policy deployment'
+ example: 1.0.0
+ severity:
+ type: string
+ description: '[Optional] Severity value'
+ example: High
+ enum:
+ - Low
+ - Medium
+ - High
+ - Critical
+ ContainerScanRequestPostBody:
+ title: Containers POST Request Body
+ type: array
+ required:
+ - containerId
+ - containerName
+ - time
+ additionalProperties: false
+ items:
+ properties:
+ # Required Fields
+ containerId:
+ type: string
+ description: '[Required] Unique identifier of the container'
+ example: 157ac21c-49b4-4faf-a4ac-bfefd869ba3b
+ containerName:
+ type: string
+ description: '[Required] Friendly name of the container'
+ example: command-control
+ time:
+ type: integer
+ format: int64
+ description: '[Required] Datetime of scan/result. Unix date format'
+ example: 1648217219
+ # Optional Fields
+ podName:
+ type: string
+ description: '[Optional] Name of pod (e.g. Kubernetes pod)'
+ example: command-control-955596ffc
+ podIp:
+ type: string
+ description: '[Optional] IP address of pod'
+ example: 1.1.1.101
+ namespace:
+ type: string
+ description: '[Optional] Namespace of container in container orchestration (e.g.
+ Kubernetes namespace)'
+ example: command-control
+ # Optional Object
+ tags:
+ type: object
+ description: '[Optional] Informational tags associated to results for other
+ metadata'
+ properties:
+ test:
+ type: string
+ example: testtag
+ # Required object array with required and optional Fields
+ benchmarks:
+ type: array
+ required:
+ - benchmark
+ items:
+ properties:
+ # Required Fields
+ benchmark:
+ type: string
+ description: '[Required] Identifier of the benchmark/grouping of compliance
+ results. (e.g. for STIG results, provide the benchmark id
+ for the STIG technology)'
+ example: RHEL_8_STIG
+ # Optional Fields
+ isBaseline:
+ type: boolean
+ description: '[Optional] True/false flag for providing results as baseline. If
+ true, all existing compliance results for the provided
+ benchmark within the container will be replaced by results
+ in the current call'
+ example: false
+ version:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] The benchmark version.'
+ x-faker: random.number
+ example: 2
+ release:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] The benchmark release.'
+ x-faker: random.number
+ example: 4
+ # Required object array with required and optional Fields
+ results:
+ type: array
+ required:
+ - ruleId
+ - status
+ - lastSeen
+ items:
+ properties:
+ # Required Fields
+ ruleId:
+ type: string
+ description: '[Required] Identifier for the compliance result, vulnerability,
+ etc. the result is for'
+ example: SV-230221r743913_rule
+ status:
+ type: string
+ description: '[Required] Benchmark result status'
+ example: Pass
+ enum:
+ - Pass
+ - Fail
+ - Other
+ - Not Reviewed
+ - Not Checked
+ - Not Applicable
+ lastSeen:
+ type: integer
+ format: int64
+ description: Date last seen, Unix date format
+ example: 1648217219
+ # Optional Fields
+ message:
+ type: string
+ description: '[Optional] Comments for the result'
+ example: test message
+
+ #----------------------------------------------------------------------------
+ # Request Body supporting fields for (POSTs & PUTs)
+ #----------------------------------------------------------------------------
+ MilestonesRequiredPost:
+ properties:
+ milestones:
+ type: array
+ items:
+ type: object
+ required:
+ - description
+ - scheduledCompletionDate
+ additionalProperties: false
+ properties:
+ description:
+ type: string
+ description: '[Required] Include milestone description.'
+ x-faker: random.words
+ example: Description text
+ scheduledCompletionDate:
+ type: integer
+ format: int64
+ description: '[Required] Required for ongoing and completed POA&M items. Unix
+ time format.'
+ example: 1599644800
+ MilestonesRequiredPut:
+ properties:
+ milestones:
+ type: array
+ items:
+ type: object
+ required:
+ - description
+ - scheduledCompletionDate
+ - isActive
+ additionalProperties: false
+ properties:
+ description:
+ type: string
+ description: '[Required] Include milestone description.'
+ x-faker: random.words
+ example: Description text
+ scheduledCompletionDate:
+ type: integer
+ format: int64
+ description: '[Required] Required for ongoing and completed POA&M items. Unix
+ time format.'
+ example: 1599644800
+ isActive:
+ type: boolean
+ description: '[Conditional] Optionally used in PUT to delete milestones when updating a POA&M.'
+ x-faker: random.boolean
+ example: true
+ StaticCodeApplicationPost:
+ title: Static Code Application POST object"
+ type: object
+ additionalProperties: false
+ properties:
+ rawSeverity:
+ type: string
+ description: '[Optional] Scan vulnerability ratting'
+ enum:
+ - Low
+ - Medium
+ - Moderate
+ - High
+ - Critical
+ example: Moderate
+ codeCheckName:
+ type: string
+ description: '[Required] Name of the software vulnerability or weakness.'
+ x-faker:
+ random.arrayElement:
+ - - Hidden Field
+ - Redundant Check
+ - Invalid Field
+ - Vulnerable Field
+ example: Hidden Field
+ count:
+ type: integer
+ format: int64
+ description: '[Required] Number of instances observed for a specified finding.'
+ x-faker: random.number
+ example: 14
+ scanDate:
+ type: integer
+ format: int64
+ description: '[Required] The date of the scan. Unix date format.'
+ example: 1625070000
+ cweId:
+ type: string
+ description: '[Required] The Common Weakness Enumerator (CWE) identifier.'
+ x-faker: number.number
+ example: '155'
+ clearFindings:
+ type: boolean
+ description: '[Optional] When used by itself, can clear out all application
+ findings for a single application/version pairing.'
+ x-faker: random.boolean
+ example: false
+
+ #----------------------------------------------------------------------------
+ # Request Body fields for (DELETE)
+ #----------------------------------------------------------------------------
+ PoamRequestDeleteBody:
+ title: DeletePoams
+ type: array
+ items:
+ type: object
+ additionalProperties: false
+ properties:
+ poamId:
+ type: integer
+ format: int64
+ description: '[Required] Unique item identifier'
+ example: 45
+ MilestonesRequestDeleteBody:
+ title: DeletePoams
+ type: array
+ items:
+ type: object
+ additionalProperties: false
+ properties:
+ milestoneId:
+ type: integer
+ format: int64
+ description: '[Required] Unique item identifier'
+ example: 19
+ ArtifactsRequestDeleteBody:
+ title: DeleteArtifacts
+ type: array
+ items:
+ type: object
+ additionalProperties: false
+ properties:
+ filename:
+ type: string
+ description: '[Required] File name should match exactly one file within the
+ provided zip file. 1000 Characters.'
+ x-faker: system.commonFileName
+ example: AutorizationGuidance.pdf
+ HwBaselineRequestDeleteBody:
+ title: DeleteHwBaselines
+ type: array
+ items:
+ type: object
+ additionalProperties: false
+ properties:
+ hardwareId:
+ type: string
+ example: '0da80542-daa0-4170-85ce-551bcaf4be15'
+ SwBaselineRequestDeleteBody:
+ title: DeleteSwBaselines
+ type: array
+ items:
+ type: object
+ additionalProperties: false
+ properties:
+ softwareId:
+ type: string
+ example: '171fc7d0-6957-4f54-bd51-3b7cbc6c39d5'
+ CloudResourcesDeleteBody:
+ title: DeleteCloudResources
+ type: array
+ items:
+ type: object
+ additionalProperties: false
+ properties:
+ resourceId:
+ type: string
+ description: '[Required] Unique item identifier'
+ example: /subscriptions/123456789/sample/resource/namespace/default
+ ContainerResourcesDeleteBody:
+ title: DeleteContainerResources
+ type: array
+ items:
+ type: object
+ additionalProperties: false
+ properties:
+ containerId:
+ type: string
+ description: '[Required] Unique item identifier'
+ example: 157ac21c-49b4-4faf-a4ac-bfefd869ba3b
+
+ #----------------------------------------------------------------------------
+ # 200 Responses for (GET, POST, PUT, and DELETE)
+ #----------------------------------------------------------------------------
+ Test:
+ title: api GET response schema
+ type: object
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: object
+ additionalProperties: false
+ properties:
+ success:
+ type: boolean
+ x-faker: random.boolean
+ example: true
+ Register:
+ title: api-key POST response schema
+ type: object
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: object
+ additionalProperties: false
+ properties:
+ apikey:
+ type: string
+ x-faker: random.uuid
+ example: f0126b6b-f232-45c9-a8de-01d5f003deda
+ SystemResponse:
+ title: System GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ $ref: '#/components/schemas/Systems'
+ SystemsResponse:
+ title: Systems GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/Systems'
+ SystemRolesResponse:
+ title: Roles GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ type: object
+ properties:
+ roleCategory:
+ type: string
+ x-faker: random.word
+ default: PAC
+ role:
+ type: string
+ x-faker: random.words
+ default: PM/IAM
+ SystemRolesCategoryResponse:
+ title: Roles by category GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ nullable: true
+ items:
+ $ref: '#/components/schemas/RoleCategory'
+ ControlsResponseGet:
+ title: Controls GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ nullable: true
+ items:
+ allOf:
+ - $ref: '#/components/schemas/ControlsIds'
+ - $ref: '#/components/schemas/ControlsRequiredFields'
+ - $ref: '#/components/schemas/ControlsConditionalFields'
+ - $ref: '#/components/schemas/ControlsOptionalFields'
+ - $ref: '#/components/schemas/ControlsReadOnlyFields'
+ ControlsResponsePut:
+ title: Controls PUT response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/ControlsPut'
+ TestResultsResponseGet:
+ title: Test Results GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/TestResultsGet'
+ TestResultsResponsePost:
+ title: Test Results POST response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/TestResultsPost'
+ PoamResponseGetSystems:
+ title: POAMS GET 'Systems' response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ allOf:
+ - $ref: '#/components/schemas/PoamIds'
+ - $ref: '#/components/schemas/PoamRequiredFields'
+ - $ref: '#/components/schemas/PoamConditionalFields'
+ - $ref: '#/components/schemas/MilestonesFields'
+ - $ref: '#/components/schemas/PoamOptionalFields'
+ - $ref: '#/components/schemas/PoamReadOnlyFields'
+ PoamResponseGetPoams:
+ title: POAMS GET 'Poam' response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ allOf:
+ - $ref: '#/components/schemas/PoamIds'
+ - $ref: '#/components/schemas/PoamRequiredFields'
+ - $ref: '#/components/schemas/PoamReadOnlyFields'
+ - $ref: '#/components/schemas/PoamOptionalFields'
+ - $ref: '#/components/schemas/PoamConditionalFields'
+ - $ref: '#/components/schemas/MilestonesFields'
+ PoamResponsePostPutDelete:
+ title: POAMS POST, PUT, DELETE response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/PoamPostPutDel'
+ MilestoneResponseGet:
+ title: Milestones GET (return array) response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/MilestonesGet'
+ MilestoneResponseGetMilestone:
+ title: Milestones GET (return object) response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ $ref: '#/components/schemas/MilestonesGet'
+ MilestoneResponsePost:
+ title: Milestones POST response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/MilestonesPutPostDelete'
+ MilestoneResponsePut:
+ title: Milestones PUT response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/MilestonesPutPostDelete'
+ MilestoneResponseDelete:
+ title: Milestones DELETE response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/MilestonesPutPostDelete'
+ ArtifactsResponseGet:
+ title: Artifacts GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ allOf:
+ - $ref: '#/components/schemas/ArtifactsIds'
+ - $ref: '#/components/schemas/ArtifactsRequiredFields'
+ - $ref: '#/components/schemas/ArtifactsReadOnlyFields'
+ - $ref: '#/components/schemas/ArtifactsOptionalFields'
+ ArtifactsResponseDel:
+ title: Artifacts DELETE response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ additionalProperties: false
+ properties:
+ filename:
+ type: string
+ description: '[Required] File name should match exactly one file within the
+ provided zip file. 1000 Characters.'
+ x-faker: system.commonFileName
+ example: AutorizationGuidance.pdf
+ success:
+ type: boolean
+ x-faker: random.boolean
+ example: true
+ systemId:
+ type: integer
+ format: int64
+ x-faker: random.number
+ example: 35
+ ArtifactsResponsePutPost:
+ title: Artifacts POST and PUT response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ type: object
+ additionalProperties: false
+ properties:
+ filename:
+ type: string
+ description: '[Required] File name should match exactly one file within the
+ provided zip file. 1000 Characters.'
+ x-faker: system.commonFileName
+ example: AutorizationGuidance.pdf
+ success:
+ type: boolean
+ x-faker: random.boolean
+ example: true
+ systemId:
+ type: integer
+ format: int64
+ x-faker: random.number
+ example: 35
+ errors:
+ $ref: '#/components/schemas/Errors'
+ CacResponseGet:
+ title: CAC GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/CacGet'
+ CacResponsePost:
+ title: CAC POST response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ type: object
+ additionalProperties: false
+ properties:
+ controlAcronym:
+ type: string
+ description: '[Required] System acronym name.'
+ x-faker:
+ random.arrayElement:
+ - - AC-1
+ - AC-2
+ - S-1
+ - S-23
+ - SI-16
+ - SI-56
+ - UA-16
+ - SI-4(11)
+ example: AC-3
+ success:
+ type: boolean
+ x-faker: random.boolean
+ example: true
+ systemId:
+ type: integer
+ format: int64
+ x-faker: random.number
+ example: 35
+ errors:
+ $ref: '#/components/schemas/Errors'
+ PacResponseGet:
+ title: PAC GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ nullable: true
+ items:
+ $ref: '#/components/schemas/PacGet'
+ PacResponsePost:
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/PacPost'
+ HwBaselineResponseGet:
+ title: Hardware Baseline GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ allOf:
+ - $ref: '#/components/schemas/HwBaselineIds'
+ - $ref: '#/components/schemas/HwBaselineReadOnlyFields'
+ - $ref: '#/components/schemas/HwBaselineRequiredFields'
+ - $ref: '#/components/schemas/HwBaselineOptionalFields'
+ - $ref: '#/components/schemas/HwBaselineConditionalFields'
+ pagination:
+ $ref: '#/components/schemas/Pagination'
+ HwBaselineResponsePostPut:
+ title: Hardware Baseline POST response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ type: object
+ additionalProperties: false
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ x-faker: random.number
+ example: 75
+ hardwareId:
+ type: string
+ x-faker: random.uuid
+ example: 0bcaba59-a4f4-4918-a267-aedee3ea750d
+ success:
+ type: boolean
+ x-faker: random.boolean
+ example: true
+ errors:
+ $ref: '#/components/schemas/Errors'
+ HwBaselineResponseDelete:
+ title: Hardware Baseline DELETE response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ additionalProperties: false
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ x-faker: random.number
+ example: 75
+ hardwareId:
+ type: string
+ example: '0da80542-daa0-4170-85ce-551bcaf4be15'
+ success:
+ type: boolean
+ x-faker: random.boolean
+ example: true
+ errors:
+ $ref: '#/components/schemas/Errors'
+ SwBaselineResponseGet:
+ title: Software Baseline GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ allOf:
+ - $ref: '#/components/schemas/SwBaselineIds'
+ - $ref: '#/components/schemas/SwBaselineReadOnlyFields'
+ - $ref: '#/components/schemas/SwBaselineRequiredFields'
+ - $ref: '#/components/schemas/SwBaselineOptionalFields'
+ pagination:
+ $ref: '#/components/schemas/Pagination'
+ SwBaselineResponsePostPut:
+ title: Software Baseline POST response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ type: object
+ additionalProperties: false
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ x-faker: random.number
+ example: 85
+ softwareId:
+ type: string
+ x-faker: random.uuid
+ example: 0bcaba59-a4f4-4918-a267-aedee3ea750d
+ success:
+ type: boolean
+ x-faker: random.boolean
+ example: true
+ errors:
+ $ref: '#/components/schemas/Errors'
+ SwBaselineResponseDelete:
+ title: Software Baseline DELETE response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ additionalProperties: false
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ x-faker: random.number
+ example: 85
+ softwareId:
+ type: string
+ example: '171fc7d0-6957-4f54-bd51-3b7cbc6c39d5'
+ success:
+ type: boolean
+ x-faker: random.boolean
+ example: true
+ errors:
+ $ref: '#/components/schemas/Errors'
+ DeviceScanResultsResponsePost:
+ title: Device Scan POST response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ type: object
+ additionalProperties: false
+ properties:
+ filename:
+ type: string
+ description: '[Required] single binary file. Specific file extensions
+ are expected depending upon the scanType parameter.'
+ x-faker: system.commonFileName
+ example: MySystemEntityScan.ckl
+ assetsImported:
+ type: integer
+ format: int64
+ description: 'Number of assets imported from the scan file.'
+ x-faker: random.number
+ example: 1
+ success:
+ type: boolean
+ x-faker: random.boolean
+ example: true
+ systemId:
+ type: integer
+ format: int64
+ x-faker: random.number
+ example: 35
+ errors:
+ $ref: '#/components/schemas/Errors'
+ StaticCodeResponsePost:
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/StaticCodePost'
+ CloudResourcesResponsePost:
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/CloudResourcesPostDelete'
+ CloudResourcesDelete:
+ title: Cloud Resource DELETE response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/CloudResourcesPostDelete'
+ ContainersResponsePost:
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/ContainersResourcesPostDelete'
+ ContainersResponseDelete:
+ title: Container Resource DELETE response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/ContainersResourcesPostDelete'
+ CmmcResponseGet:
+ title: CMMC GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/CmmcGet'
+ WorkflowDefinitionResponseGet:
+ title: Workflow Definition GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/WorkflowDefinitionGet'
+ WorkflowInstancesResponseGet:
+ title: Workflow Instances GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ $ref: '#/components/schemas/WorkflowInstanceGet'
+ pagination:
+ type: object
+ properties:
+ totalCount:
+ type: integer
+ x-faker: random.number
+ example: 12
+ totalPages:
+ type: integer
+ x-faker: random.number
+ example: 2
+ prevPageUrl:
+ type: string
+ x-faker:
+ random.arrayElement:
+ - - https://my.endpoint.url.org/previousPage
+ example: https://my.endpoint.url.org/previousPage
+ nextPageUrl:
+ type: string
+ x-faker:
+ random.arrayElement:
+ - - https://my.endpoint.url.org/nextPage
+ example: https://my.endpoint.url.org/nextPage
+ WorkflowInstanceResponseGet:
+ title: Workflow Instances GET response schema
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ $ref: '#/components/schemas/WorkflowInstanceGet'
+
+ #----------------------------------------------------------------------------
+ # Supporting 200 Responses - Endpoint responses, returned values
+ #----------------------------------------------------------------------------
+ Systems:
+ title: Systems - return query from the server for the GET call
+ type: object
+ additionalProperties: false
+ properties:
+ registrationCompletionDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Date the system was registered into eMASS.'
+ x-faker:
+ random.number: 1234567890
+ example: 1638741770
+ systemLifeCycleAcquisitionPhase:
+ type: string
+ nullable: true
+ description: '[Read-Only] Identifies the current System Acquisition Phase for
+ programs of record.'
+ x-faker: company.bsBuzz
+ example: Pre-Milestone A
+ specialType:
+ type: string
+ nullable: true
+ description: '[Read-Only] Lists applicable tracking indicator(s).'
+ x-faker: company.catchPhraseNoun
+ example: Special Type 1
+ specialTypeDescription:
+ type: string
+ nullable: true
+ description: '[Read-Only] Provides a brief reason for any tracking indicator(s)
+ selected.'
+ x-faker: company.catchPhraseDescriptor
+ example: Test Special Type Description
+ missionPortfolio:
+ type: string
+ nullable: true
+ description: '[Read-Only] Identifies the appropriate portfolio or capability
+ area. Navy only.'
+ x-faker: hacker.phrase
+ example: Not Applicable
+ isNNPI:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Indicates whether Naval Nuclear Propulsion Information
+ (NNPI) is stored, disseminated, or processed through this system.
+ Navy only.'
+ x-faker: random.boolean
+ example: false
+ isRBC:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Indicates whether the system is pursuing an RBC
+ authorization. Navy only.'
+ x-faker: random.boolean
+ example: false
+ isWaiver:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Indicates if the system has a waiver from OPNAV N2N6G
+ (DDCIO(N)) to proceed with a DIACAP accreditation. Navy and DIACAP
+ only.'
+ x-faker: random.boolean
+ example: true
+ programOffice:
+ type: string
+ nullable: true
+ description: '[Read-Only] The system record''s Program Office. Navy only.'
+ x-faker: name.jobTitle
+ example: Test Program Office
+ vramId:
+ type: string
+ nullable: true
+ description: '[Read-Only] Vulnerability Remediation Asset Manager (VRAM)
+ identification number. "N/A" indicates the system record is not
+ currently registered in VRAM. Navy only.'
+ x-faker: system.semver
+ example: '12345'
+ systemId:
+ type: integer
+ format: int64
+ description: '[Read-only] Unique system record identifier.'
+ x-faker: random.number
+ example: 33
+ policy:
+ type: string
+ nullable: true
+ description: '[Read-only] RMF/DIACAP Policy identifier for the system record.'
+ example: RMF
+ enum:
+ - RMF
+ - DIACAP
+ registrationType:
+ type: string
+ nullable: true
+ description: '[Read-Only] Registration type of the system record. Values include
+ (assessAndAuthorize, assessOnly, guest, regular, functional,
+ cloudServiceProvider.)'
+ enum:
+ - Assess and Authorize
+ - Assess Only
+ - Guest
+ - Regular
+ - Functional
+ - Cloud Service Provider
+ - Authorization To Use
+ example: Assess and Authorize
+ name:
+ type: string
+ nullable: true
+ description: '[Read-only] Name of the system record.'
+ x-faker: company.companyName
+ example: System XYZ
+ acronym:
+ type: string
+ nullable: true
+ description: '[Read-only] Acronym of the system record.'
+ x-faker:
+ random.arrayElement:
+ - - AC-1
+ - AC-2
+ - S-1
+ - S-23
+ - SI-16
+ - SI-56
+ - UA-16
+ - SI-4(11)
+ example: PM-6
+ description:
+ type: string
+ nullable: true
+ description: '[Read-only] Description of the system record.'
+ x-faker: random.words
+ example: This is a test system for the eMASS API documentation
+ instance:
+ type: string
+ nullable: true
+ description: '[Read-Only] Name of the top-level component that owns the system.'
+ x-faker: company.companySuffix
+ example: Navy
+ owningOrganization:
+ type: string
+ nullable: true
+ description: '[Read-Only] Owning organization of the system record. Values match
+ the eMASS instance Organizational Hierarchy.'
+ x-faker: company.companyName
+ example: Defense Information Systems Agency
+ secondaryOrganization:
+ type: string
+ nullable: true
+ description: '[Read-only] Secondary organization that owns the system record
+ (i.e. Sub-Organization-level.'
+ x-faker: company.companyName
+ example: ID31
+ versionReleaseNo:
+ type: string
+ nullable: true
+ description: '[Read-only] Version/Release Number of system record.'
+ x-faker: system.semver
+ example: V1
+ systemType:
+ type: string
+ nullable: true
+ description: '[Read-only] Type of the system record. RMF values include the
+ following options (IS Major Application, IS Enclave, Platform IT
+ System). DIACAP values include the following options (Platform IT
+ Interconnection, AIS Application, Outsourced IT-Based Process
+ (DoD-controlled), Enclave, Outsourced IT-Based Process (service
+ provider shared))'
+ enum:
+ - IS Major Application
+ - IS Enclave
+ - Platform IT
+ - Platform IT System
+ - Platform IT Interconnection
+ - AIS Application
+ - Outsourced IT-Based Process (DoD-controlled)
+ - Enclave
+ - Outsourced IT-Based Process (service provider shared)
+ example: IS Major Application
+ isNSS:
+ type: boolean
+ nullable: true
+ description: '[Read-only] Is the system record a National Security System?'
+ x-faker: random.boolean
+ example: true
+ isPublicFacing:
+ type: boolean
+ nullable: true
+ description: '[Read-only] Does the system record have a public facing
+ component/presence.'
+ x-faker: random.boolean
+ example: true
+ coamsId:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Read-only] Corresponding Cyber Operational Attributes Management
+ System (COAMS) identifier for the system record.'
+ example: 93054
+ isTypeAuthorization:
+ type: boolean
+ nullable: true
+ description: '[Read-only] Identifies if system is a Type Authorization.'
+ x-faker: random.boolean
+ example: true
+ ditprId:
+ type: string
+ description: '[Read-only] DITPR ID of the system record.'
+ x-faker: system.semver
+ example: '30498'
+ apmsId:
+ type: string
+ nullable: true
+ description: '[Read-Only] Same field as ditprId but displays as apmsId for Army
+ only.'
+ x-faker: random.alphaNumeric
+ example: '30498'
+ vasiId:
+ type: string
+ nullable: true
+ description: '[Read-Only] Same field as ditprId but displays as vasiId for VA
+ only.'
+ x-faker: random.alphaNumeric
+ example: '30498'
+ authorizationStatus:
+ type: string
+ nullable: true
+ description: '[Read-only] Authorization Status of the system record.'
+ x-faker:
+ random.arrayElement:
+ - - Authorization to Operate (ATO)
+ - Authorization to Operate with Conditions (ATO w/Conditions)
+ - Interim Authorization to Test (IATT)
+ - Denied Authorization to Operate (DATO)
+ - Not Yet Authorized
+ - Decommissioned
+ - Authorization to Operate (ATO)
+ - Interim Authorization to Operate (IATO)
+ - Interim Authorization to Test (IATT)
+ - Denied Authorization to Operate (DATO)
+ - Unaccredited
+ - Decommissioned
+ example: Not Yet Authorized
+ authorizationDate:
+ type: integer
+ nullable: true
+ description: '[Read-only] Authorization Date of the system record.'
+ x-faker:
+ random.number: 1234567890
+ example: 1638741660
+ authorizationTerminationDate:
+ type: integer
+ nullable: true
+ description: '[Read-only] Authorization Termination Date of the system record.'
+ x-faker:
+ random.number: 1234567890
+ example: 1638741660
+ authorizationLength:
+ type: integer
+ nullable: true
+ description: '[Read-only] Length of system''s Authorization. Calculated based
+ off of Authorization Date & Authorization Termination Date.'
+ minimum: 28
+ maximum: 1825
+ example: 365
+ securityControlsAssessorExecutiveSummary:
+ type: string
+ nullable: true
+ description: '[Read-Only] Document an assessment of overall cybersecurity
+ risk (Very Low, Low, Moderate, High, Very High) and identify the key
+ drivers for assessment.'
+ x-faker: company.catchPhrase
+ example: Executive Summary of the system's Security Controls Assessor
+ riskReviewExecutiveSummary:
+ type: string
+ nullable: true
+ description: '[Read-Only] Document an assessment of overall cybersecurity
+ risk (Very Low, Low, Moderate, High, Very High) and identify the key
+ drivers for assessment. VA only'
+ x-faker: company.catchPhrase
+ example: Executive Summary of the system's Risk Review
+ termsForAuth:
+ type: string
+ nullable: true
+ description: '[Read-only] Terms/Conditions for receiving and maintaining the
+ system''s Authorization. Assigned by the Authorizing Official.'
+ x-faker: company.bs
+ example: Terms/Conditions to maintain a valid ATO
+ securityPlanApprovalStatus:
+ type: string
+ nullable: true
+ description: '[Read-only] Status of the approval of the system''s RMF Security
+ Plan. Values include the following options (Approved, Denied, Not
+ Yet Approved).'
+ enum:
+ - Approved
+ - Not Yet Approved
+ - Denied
+ example: Approved
+ securityPlanApprovalDate:
+ type: integer
+ nullable: true
+ description: '[Read-only] Approval date of the system''s RMF Security Plan.'
+ x-faker:
+ random.number: 1234567890
+ example: 1638741660
+ missionCriticality:
+ type: string
+ nullable: true
+ description: '[Read-only] Mission Criticality of the system record.'
+ x-faker: random.words
+ example: Mission Support (MS)
+ geographicalAssociation:
+ type: string
+ nullable: true
+ description: '[Read-only] Geographical Association of the system record.'
+ x-faker: random.words
+ example: VA Operated IS
+ systemOwnershipControlled:
+ type: string
+ nullable: true
+ description: '[Read-only] Ownership of the system record.'
+ x-faker: commerce.productName
+ example: Region 1
+ governingMissionArea:
+ type: string
+ nullable: true
+ description: '[Read-only] Governing Mission Area of the system record.'
+ x-fakes: radom.words
+ example: DoD portion of the Intelligence MA (DIMA)
+ primaryFunctionalArea:
+ type: string
+ nullable: true
+ description: '[Read-only] Primary functional area of the system record.'
+ x-faker:
+ random.arrayElement:
+ - - Allies
+ - CBRNE
+ - Civilian Personnel & Readiness
+ - Command and Control
+ - Communications
+ - Communications Security (COMSEC)
+ - Economic
+ - Environmental Security
+ - Facilities
+ - Finance
+ - Health/Medical
+ - Human Resources
+ - Information Management
+ - Inspector General
+ - Intelligence
+ - Logistics
+ - Military Personnel and Readiness
+ - Nuclear
+ - Nuclear, Chemical, and Biological
+ - Operations
+ - Personnel and Readiness
+ - Procurement/Acquisition
+ - Reserve Components
+ - Scientific and Engineering
+ - Space and Weather
+ - Test and Evaluation
+ - Trainers
+ - Weapons
+ - Legal
+ - Transportation
+ - Not Applicable (N/A)
+ - Integration and Testing
+ example: Health/Medical
+ secondaryFunctionalArea:
+ type: string
+ nullable: true
+ description: '[Read-only] Secondary functional area of the system record.'
+ x-faker:
+ random.arrayElement:
+ - - Allies
+ - CBRNE
+ - Civilian Personnel & Readiness
+ - Command and Control
+ - Communications
+ - Communications Security (COMSEC)
+ - Economic
+ - Environmental Security
+ - Facilities
+ - Finance
+ - Health/Medical
+ - Human Resources
+ - Information Management
+ - Inspector General
+ - Intelligence
+ - Logistics
+ - Military Personnel and Readiness
+ - Nuclear
+ - Nuclear, Chemical, and Biological
+ - Operations
+ - Personnel and Readiness
+ - Procurement/Acquisition
+ - Reserve Components
+ - Scientific and Engineering
+ - Space and Weather
+ - Test and Evaluation
+ - Trainers
+ - Weapons
+ - Legal
+ - Transportation
+ - Not Applicable (N/A)
+ - Integration and Testing
+ example: Logistics
+ primaryControlSet:
+ type: string
+ nullable: true
+ description: '[Read-only] Primary Control Set of the system record. RMF values
+ include the following options (NIST SP 800-53 Revision 4), DIACAP
+ values include the following options (DoDI 8500.2)'
+ enum:
+ - NIST SP 800-53 Revision 4
+ - DoDI 8500.2
+ example: NIST SP 800-53 Revision 4
+ confidentiality:
+ type: string
+ nullable: true
+ description: '[Read-only] Confidentiality of the system record. RMF values
+ include the following options (High, Moderate, Low)'
+ enum:
+ - High
+ - Moderate
+ - Low
+ example: Low
+ integrity:
+ type: string
+ nullable: true
+ description: '[Read-only] Integrity of the system record. RMF values include the
+ following options (High, Moderate, Low)'
+ enum:
+ - High
+ - Moderate
+ - Low
+ example: Moderate
+ availability:
+ type: string
+ nullable: true
+ description: '[Read-only] Availability of the system record. RMF values include
+ the following options (High, Moderate, Low)'
+ enum:
+ - High
+ - Moderate
+ - Low
+ example: High
+ appliedOverlays:
+ type: string
+ nullable: true
+ description: '[Read-only] Overlays applied to the system record. Multiple values
+ are separated by semi-colon '';''.'
+ x-faker:
+ random.arrayElement:
+ - - Classified Information
+ - Privacy
+ - Public
+ - Unclassified Information
+ - Classified Information; Privacy
+ - Unclassified Information; Public
+ example: Classified Information; Privacy
+ appliedStigs:
+ type: string
+ nullable: true
+ description: '[Read-only] The STIG''s applied to the system record.'
+ x-faker:
+ random.arrayElement:
+ - - A10_Networks_ADC_ALG_STIG
+ - Active_Directory_Domain
+ example: Active_Directory_Domain
+ rmfActivity:
+ type: string
+ nullable: true
+ description: '[Read-only] RMF Activity of the system record.'
+ x-faker:
+ random.arrayElement:
+ - - Initiate and plan C&A
+ - Initiate and plan cybersecurity Assessment Authorization
+ - Implement and validate assigned security controls
+ - Make assessment determination and authorization decision
+ - Maintain ATO and conduct reviews
+ - Decommission
+ example: Maintain ATO and conduct reviews
+ crossDomainTicket:
+ type: string
+ nullable: true
+ description: '[Read-only] Cross Domain Tickets of the system record.'
+ x-faker: random.words
+ example: Cross Domain Ticket test
+ ditprDonId:
+ type: string
+ nullable: true
+ description: '[Read-Only] DITPR-DON identifier of the system record.'
+ x-faker: random.alphaNumeric
+ example: 5910, 1234, 8765
+ mac:
+ type: string
+ nullable: true
+ description: '[Read-Only] MAC level of the system record.'
+ enum:
+ - I
+ - II
+ - III
+ example: II
+ dodConfidentiality:
+ type: string
+ nullable: true
+ description: '[Read-Only] DoD Confidentiality level of the system record.'
+ enum:
+ - Public
+ - Sensitive
+ - Classified
+ example: Public
+ contingencyPlanRequired:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Is there a Contingency Plan in place for this system
+ that addresses disruptions in operations?'
+ x-faker: random.boolean
+ example: true
+ contingencyPlanArtifact:
+ type: string
+ nullable: true
+ description: '[Read-Only] Filename of the system''s Contingency Plan artifact.'
+ x-faker: system.commonFileName
+ example: ContingencyPlanTest.pdf
+ contingencyPlanTested:
+ type: boolean
+ nullable: true
+ description: '[Read-only] Has the system record''s Contingency Plan been tested?'
+ x-faker: random.boolean
+ example: true
+ contingencyPlanTestDate:
+ type: integer
+ nullable: true
+ description: '[Read-only] Date the system record''s Contingency Plan was tested.'
+ x-faker:
+ random.number: 1234567890
+ example: 1426957321
+ securityReviewRequired:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Is the system required to complete a Security Review?'
+ x-faker: random.boolean
+ example: true
+ securityReviewCompleted:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Has a Security Review been completed for this system?'
+ x-faker: random.boolean
+ example: true
+ securityReviewCompletionDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Date of the system''s latest security review or annual
+ assessment.'
+ x-faker:
+ random.number: 1234567890
+ example: 1531958400
+ nextSecurityReviewDueDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Date when the system''s next security review or annual
+ assessment is due by.'
+ x-faker:
+ random.number: 1234567890
+ example: 1526957321
+ hasOpenPoamItem:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Does the system record have an Ongoing or Risk
+ Accepted POA&M Item?'
+ x-faker: random.boolean
+ example: true
+ hasOpenPoamItem90to120PastScheduledCompletionDate:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Does the system record have an Ongoing or Risk
+ Accepted POA&M Item 90 to 120 days past its Scheduled Completion
+ Date?'
+ x-faker: random.boolean
+ example: false
+ hasOpenPoamItem120PlusPastScheudledCompletionDate:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Does the system record have an Ongoing or Risk
+ Accepted POA&M Item 120 days past its Scheduled Completion Date?'
+ x-faker: random.boolean
+ example: false
+ impact:
+ type: string
+ nullable: true
+ description: '[Optional] Values include the following options (Very Low, Low,
+ Moderate,High,Very High)'
+ enum:
+ - Low
+ - Moderate
+ - High
+ example: Low
+ hasCUI:
+ type: boolean
+ nullable: true
+ description: '[Read-only] Does the system record contain and/or process
+ Controlled Unclassified information?'
+ x-faker: random.boolean
+ example: false
+ hasPII:
+ type: boolean
+ nullable: true
+ description: '[Read-only] Does the system record contain and/or process
+ Personally Identifiable Information?'
+ x-faker: random.boolean
+ example: false
+ hasPHI:
+ type: boolean
+ nullable: true
+ description: '[Read-only] Does the system record contain and/or process Personal
+ Health Information?'
+ x-faker: random.boolean
+ example: false
+ ppsmRegistrationRequired:
+ type: string
+ nullable: true
+ description: '[Read-Only] Determine if a PPSM registration is required.'
+ x-faker: random.words
+ example: PPSM registration required
+ ppsmRegistryNumber:
+ type: string
+ nullable: true
+ description: '[Read-only] Unique identifier for the DoD''s Ports, Protocols, and
+ Services Management Registry system.'
+ x-faker: random.words
+ example: Test PPSM Registry Number
+ ppsmRegistrationExemptionJustification:
+ type: string
+ nullable: true
+ description: '[Read-Only] Clarify why a PPSM registraiton is not necessary.'
+ x-faker: random.words
+ example: Exemption justification
+ interconnectedInformationSystemAndIdentifiers:
+ type: string
+ nullable: true
+ description: '[Read-only] Identify the interconnected information systems and
+ corresponding identifiers within control CA-3.'
+ x-faker: random.word
+ example: Test
+ privacyImpactAssessmentRequired:
+ type: boolean
+ nullable: true
+ description: '[Read-only] Does the system require a Privacy Impact Assessment?'
+ x-faker: random.boolean
+ example: true
+ privacyImpactAssessmentStatus:
+ type: string
+ nullable: true
+ description: '[Read-only] Status of the PIA, availability values include the
+ following options (Not Started, In Progress, Completed)'
+ enum:
+ - Not Started
+ - In Progress
+ - Completed
+ example: Not Started
+ privacyImpactAssessmentDate:
+ type: integer
+ nullable: true
+ description: '[Read-only] Date in which the system''s PIA took place.'
+ x-faker:
+ random.number: 1234567890
+ example: 1622048629
+ privacyImpactAssessmentArtifact:
+ type: string
+ nullable: true
+ description: '[Read-Only] Filename of the system''s PIA artifact.'
+ x-faker: system.commonFileName
+ example: PIATest.pdf
+ userDefinedField1:
+ type: string
+ nullable: true
+ description: '[Read-only] User-defined field to augment Ad Hoc Reporting.'
+ x-faker:
+ random.arrayElement:
+ - - Test User-defined Field 1
+ - Test User-defined Field 2
+ - Test User-defined Field 3
+ - Test User-defined Field 4
+ - Test User-defined Field 4
+ example: Test User-defined Field 1
+ userDefinedField2:
+ type: string
+ nullable: true
+ description: '[Read-only] User-defined field to augment Ad Hoc Reporting.'
+ x-faker:
+ random.arrayElement:
+ - - Test User-defined Field 1
+ - Test User-defined Field 2
+ - Test User-defined Field 3
+ - Test User-defined Field 4
+ - Test User-defined Field 4
+ example: Test User-defined Field 2
+ userDefinedField3:
+ type: string
+ nullable: true
+ description: '[Read-only] User-defined field to augment Ad Hoc Reporting.'
+ x-faker:
+ random.arrayElement:
+ - - Test User-defined Field 1
+ - Test User-defined Field 2
+ - Test User-defined Field 3
+ - Test User-defined Field 4
+ - Test User-defined Field 4
+ example: Test User-defined Field 3
+ userDefinedField4:
+ type: string
+ nullable: true
+ description: '[Read-only] User-defined field to augment Ad Hoc Reporting.'
+ x-faker:
+ random.arrayElement:
+ - - Test User-defined Field 1
+ - Test User-defined Field 2
+ - Test User-defined Field 3
+ - Test User-defined Field 4
+ - Test User-defined Field 4
+ example: Test User-defined Field 4
+ userDefinedField5:
+ type: string
+ nullable: true
+ description: '[Read-only] User-defined field to augment Ad Hoc Reporting.'
+ x-faker:
+ random.arrayElement:
+ - - Test User-defined Field 1
+ - Test User-defined Field 2
+ - Test User-defined Field 3
+ - Test User-defined Field 4
+ - Test User-defined Field 4
+ example: Test User-defined Field 5
+ currentRmfLifecycleStep:
+ type: string
+ nullable: true
+ description: '[Read-only] Displays the system''s current step within the RMF
+ Lifecycle.'
+ enum:
+ - 1 - Categorize
+ - 2 - Select
+ - 3 - Implement
+ - 4 - Assess
+ - 5 - Authorize
+ - 6 - Monitor
+ example: 4 - Assess
+ otherInformation:
+ type: string
+ nullable: true
+ description: '[Read-only] Include any additional information required by the
+ organization.'
+ x-faker: random.words
+ example: Additional Comments
+ reportsForScorecard:
+ type: boolean
+ nullable: true
+ description: '[Read-only] Indicates if the system reports to the DoD Cyber
+ Hygiene Scorecard.'
+ x-faker: random.boolean
+ example: true
+ highestSystemDataClassification:
+ type: string
+ nullable: true
+ description: '[Read-Only] The overall classification level of information that
+ the System is approved to collect, process, store, and/or
+ distribute.'
+ x-faker:
+ random.arrayElement:
+ - - Public Trust
+ - For Official Use Only (FOUO)
+ - Controlled Unclassified Information (CUI)
+ - Unclassified
+ - Restricted Data/Formerly Restricted Data
+ - Sensitive Compartmented Information
+ - Special Access Program
+ - Secret
+ - Top Secret
+ - Confidential
+ example: Unclassified
+ overallClassification:
+ type: string
+ nullable: true
+ description: '[Read-Only] Same field as highestSystemDataClassification, but
+ displays as overallClassification for NISP only.'
+ x-faker:
+ random.arrayElement:
+ - - Public Trust
+ - For Official Use Only (FOUO)
+ - Controlled Unclassified Information (CUI)
+ - Unclassified
+ - Restricted Data/Formerly Restricted Data
+ - Sensitive Compartmented Information
+ - Special Access Program
+ - Secret
+ - Top Secret
+ - Confidential
+ example: Unclassified
+ isHVA:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Indicates if the system contains High Value Assets.
+ Does not display if value is null'
+ x-faker: random.boolean
+ example: true
+ isFinancialManagement:
+ type: boolean
+ nullable: true
+ description: |
+ [Read-Only] Per OMB Circular A-127, a financial management system includes the core financial systems and the financial portions
+ of mixed systems necessary to support financial management, including automated and manual processes, procedures, and
+ controls, data, hardware, software, and support personnel dedicated to the operation and maintenance of system functions.
+ The following are examples of financial management systems: core financial systems, procurement systems, loan systems, grants
+ systems, payroll systems, budget formulation systems, billing systems, and travel systems.
+ x-faker: random.boolean
+ example: true
+ isReciprocity:
+ type: boolean
+ nullable: true
+ description: |
+ [Read-Only] A reciprocity system is any information system that is part of a mutual agreement among participating
+ organizations to accept each other's security assessments in order to reuse information system resources and/or
+ to accept each other's assessed security posture in order to share information.
+ x-faker: random.boolean
+ example: true
+ reciprocityExemption:
+ type: string
+ nullable: true
+ description: |
+ [Read-Only] The following justifications are acceptable for exemption from reciprocity: (a) the existence of
+ the system is classified (not the data, but the existence of the system) or (b) the system's authorization to
+ operate is in the process of being pulled (e.g. DATO, Decommission).
+ x-faker: random.words
+ example: Decommission
+ cloudComputing:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Is this a cloud-based IS?'
+ x-faker: random.boolean
+ example: false
+ cloudType:
+ type: string
+ nullable: true
+ description: '[Read-Only] Values include the following: (Hybrid, Private, Public)'
+ enum:
+ - Hybrid
+ - Private
+ - Public
+ example: Public
+ authorizationToConnectStatus:
+ type: string
+ nullable: true
+ description: |
+ [Read-Only] The Authority to Connect decision. Values include the following:
+ (Authority to Connect (ATC), Denial of Authority to Connect (DATC), Not Yet Connected,
+ Decommissioned)
+ enum:
+ - Authority to Connect (ATC)
+ - Denial of Authority to Connect (DATC)
+ - Not Yet Connected
+ - Decommissioned
+ example: Decommissioned
+ isSaaS:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Software as a Service (SaaS) cloud service model.'
+ x-faker: random.boolean
+ example: true
+ isPaaS:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Platform as a Service (PaaS) cloud service model.'
+ x-faker: random.boolean
+ example: false
+ isIaaS:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Infrastructure as a Service (IaaS) cloud service model.'
+ x-faker: random.boolean
+ example: true
+ otherServiceModels:
+ type: string
+ nullable: true
+ description: '[Read-Only] Free text field to include other cloud service models.'
+ x-faker: random.words
+ example: Test Other Service
+ needDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Indicates the date by which the System needs to be
+ deployed to a production environment.'
+ x-faker:
+ random.number: 1234567890
+ example: 1638741660
+ overallRiskScore:
+ type: string
+ nullable: true
+ description: '[Read-Only] The overall risk score of the system'
+ x-faker: random.word
+ example: Moderate
+ isHRR:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Identifies whether a System has been designated as
+ High Risk Review. USCG and Navy only.'
+ x-faker: random.boolean
+ example: false
+ connectivityAuthorizationDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] The Connectivity Authorization Date.'
+ x-faker:
+ random.number: 1234567890
+ example: 1638741660
+ connectivityAuthorizationTerminationDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] The Connectivity Authorization Termination Date.'
+ x-faker:
+ random.number: 1234567890
+ example: 1638741660
+ systemDevelopmentLifeCycle:
+ type: string
+ nullable: true
+ description: '[Read-Only] Indicate the date by which the System needs to be
+ deployed to a production environment. VA only.'
+ x-faker: random.words
+ example: Test Other Service
+ isFISMAReportable:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Is this IS reportable per Federal Information Security
+ Management Act (FISMA) established requirements? VA only'
+ x-faker: random.boolean
+ example: false
+ groupTagging:
+ type: string
+ nullable: true
+ description: '[Read-Only] System Tags for enterprise level, to include CIO and
+ CISO, tracking efforts. VA only.'
+ x-faker:
+ random.arrayElement:
+ - - Group Tag 1
+ - Group Tag 2
+ - Group Tag 3
+ - Group Tag 4
+ - Group Tag 5
+ example: Group Tag 1
+ groupTagDescriptions:
+ type: string
+ nullable: true
+ description: '[Read-Only] System Tag explanation(s) for enterprise level, to
+ include CIO and CISO, tracking efforts. VA only.'
+ x-faker:
+ random.arrayElement:
+ - - Group Tag 1 explanation
+ - Group Tag 2 explanation
+ - Group Tag 3 explanation
+ - Group Tag 4 explanation
+ - Group Tag 5 explanation
+ example: Group Tag 1 explanation
+ dadmsId:
+ type: string
+ nullable: true
+ description: '[Read-Only] The system''s DADMS ID. USMC only.'
+ x-faker: system.semver
+ example: DADMS-1
+ dadmsExpirationDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Date the system expires in DADMS. USMC only.'
+ x-faker:
+ random.number: 1234567890
+ example: 1638751730
+ enclaveConnectivity:
+ type: string
+ nullable: true
+ description: '[Read-Only] Identify the type of connectivity for the
+ network/enclave, e.g., DISA circuit (NIPR, SIPR) or HPCMP circuit
+ (DREN, SDREN, Outreach). Navy only.'
+ x-faker:
+ random.arrayElement:
+ - - NIPR
+ - SIPR
+ - HPCMP
+ - DREN
+ - SDREN
+ example: NIPR
+ environmentType:
+ type: string
+ nullable: true
+ description: '[Read-Only] Identify the primary computing environment for where
+ the information system is deployed. Navy only.'
+ x-faker:
+ random.arrayElement:
+ - - Personal Computing
+ - Time Sharing Computing
+ - Client Server Computing
+ - Distributed Computing
+ - Cloud Computing
+ - Cluster Computing
+ example: Cloud Computing
+ navyCommonControlProvider:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Indicate whether the information system provides
+ inheritable controls. Navy only'
+ x-faker: random.boolean
+ example: false
+ navyCloudBroker:
+ type: string
+ nullable: true
+ description: '[Read-Only] Identify the broker responsible for the delivery of
+ commercial cloud services and capabilities. Refer to Navy Commercial
+ Cloud Brokerage Policy. Navy Only'
+ x-faker: company.companyName
+ example: AWS IL 5
+ cloudBrokerEmassId:
+ type: integer
+ nullable: true
+ description: '[Read-Only] The eMASS ID of the identified cloud broker. Navy only.'
+ x-faker:
+ random.number: 12345678
+ example: 2349
+ cloudBrokerProvisionalAuthorizationAtd:
+ type: integer
+ nullable: true
+ description: '[Read-Only] The provisional authorization termination date of the
+ identified cloud broker. Navy only'
+ x-faker:
+ random.number: 1234567890
+ example: 1638741660
+ navyJointAuthorization:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Indicate whether this is a joint authorization being
+ issued by two or more Authorizing Officials. Navy only'
+ x-faker: random.boolean
+ example: false
+ nmciNgenClins:
+ type: string
+ nullable: true
+ description: '[Read-Only] Provide all NMCI CLINs associated to the
+ system/services within the authorization boundary. Navy only'
+ x-faker: random.word
+ example: NMCI CLIN
+ enterpriseLocations:
+ type: string
+ nullable: true
+ description: '[Read-Only] Identify the Navy enterprise network where the
+ information system is deployed. Navy only'
+ x-faker: internet.domainName
+ example: All Navy Networks
+ whitelistId:
+ type: string
+ nullable: true
+ description: '[Read-Only] Systems that have public-facing components/presences
+ are typically required to be documented and registered as part of
+ Organzationally-approved whitelisting processes.'
+ x-faker: random.words
+ example: DoD DMZ Whitelist
+ whitelistInventory:
+ type: string
+ nullable: true
+ description: '[Read-Only] Provide/upload the documentation that identifies or
+ describes the components or aspects of the System that are
+ public-facing (whitelisted).'
+ x-faker: random.words
+ example: Whitelist document
+ acquisitionCategory:
+ type: string
+ nullable: true
+ description: '[Read-Only] Values include the following options (I,II,III)'
+ x-faker:
+ random.arrayElement:
+ - - I
+ - II
+ - III
+ example: I
+ softwareCategory:
+ type: string
+ nullable: true
+ description: '[Read-Only] Lists the software category.'
+ x-faker: random.words
+ example: Government Off-The-Shelf Software (GOTS)
+ cybersecurityServiceProvider:
+ type: string
+ nullable: true
+ description: '[Read-Only] Name of the system''s Cybersecurity Service Provider.'
+ x-faker:
+ random.arrayElement:
+ - - NIPR
+ - SIPR
+ - HPCMP
+ - DREN
+ - SDREN
+ example: NIPR
+ cybersecurityServiceProviderExceptionJustification:
+ type: string
+ nullable: true
+ description: '[Read-Only] If Not Applicable, provide the exception justification.'
+ x-faker: random.words
+ example: Exception justification
+ maximumTolerableDowntime:
+ type: string
+ nullable: true
+ description: '[Read-Only] MTD represents the total amount of time
+ leaders/managers are willing to accept for a process outage or
+ disruption.'
+ enum:
+ - Immediate
+ - Less than 2 hours
+ - Less than 4 hours
+ - Less than 6 hours
+ example: Immediate
+ recoveryTimeObjective:
+ type: string
+ nullable: true
+ description: '[Read-Only] RTO defines the maximum amount of time a system can
+ remain unavailable before there is an unacceptable impact on other
+ systems, supported business processes, and the MTD.'
+ x-faker: random.words
+ example: 'Mission Critical: 12 hours'
+ recoveryPointObjective:
+ type: string
+ nullable: true
+ description: '[Read-Only] RPO represents the point in time, prior to a
+ disruption or system outage, to which mission/business data can be
+ recovered (given the most recent backup copy of the data) after an
+ outage. The system data/information owner determines an acceptable
+ RPO in terms of amount of tolerable data loss before unacceptable
+ impact occurs.'
+ x-faker: random.words
+ example: 'Mission Critical: 12 hours'
+ businessImpactAnalysisRequired:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Is a Business Impact Analysis in place that identifies
+ critical business processes, MTD, RTO, and RPO?'
+ x-faker: random.boolean
+ example: true
+ businessImpactAnalysisArtifact:
+ type: string
+ nullable: true
+ description: '[Read-Only] Filename of the system''s Business Impact Analysis
+ artifact.'
+ x-faker: system.commonFileName
+ example: BIATest.pdf
+ incidentResponsePlanRequired:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Is there a Incident Response Plan in place for this
+ system that provides the roadmap for implementing the incident
+ response capability?'
+ x-faker: random.boolean
+ example: true
+ incidentResponsePlanArtifact:
+ type: string
+ nullable: true
+ description: '[Read-Only] Filename of the system''s Incident Response Plan
+ artifact.'
+ x-faker: system.commonFileName
+ example: IRPlanTest.pdf
+ disasterRecoveryPlanRequired:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Is there a Disaster Recovery Plan in place for this
+ system that addresses information system disruptions that require
+ relocation?'
+ x-faker: random.boolean
+ example: true
+ disasterRecoveryPlanArtifact:
+ type: string
+ nullable: true
+ description: '[Read-Only] Filename of the system''s Disaster Recovery Plan
+ artifact.'
+ x-faker: system.commonFileName
+ example: DRPlanTest.pdf
+ privacyThresholdAnalysisCompleted:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Indicate whether a Privacy Threshold Analysis (PTA)
+ has been performed for this IS.'
+ x-faker: random.boolean
+ example: true
+ privacyThresholdAnalysisDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Date in which this sytem''s Privacy Threshold Analysis
+ took place.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ privacyThresholdAnalysisArtifact:
+ type: string
+ nullable: true
+ description: '[Read-Only] Filename of the system''s Privacy Threshold Analysis
+ artifact.'
+ x-faker: system.commonFileName
+ example: PTATest.pdf
+ privacyActSystemOfRecordsNoticeRequired:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Does this system require a Privacy Act System of
+ Record Notice per DoD 5400.11-R?'
+ x-faker: random.boolean
+ example: true
+ eAuthenticationRiskAssessmentRequired:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Indicate whether an E-Authentication Risk Assessment
+ has been performed for the system in accordance with OMB M-04-04.'
+ x-faker: random.boolean
+ example: true
+ eAuthenticationRiskAssessmentDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Date this system''s EAuthentication Risk Assessment
+ took place.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ eAuthenticationRiskAssessmentArtifact:
+ type: string
+ nullable: true
+ description: '[Read-Only] Filename of the system''s Privacy Threshold Analysis
+ artifact.'
+ x-faker: system.commonFileName
+ example: EAuthRisk.pdf
+ ipv4OnlyAssets:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Identify the total number of assets associated with
+ this boundary that are only on IPv4.'
+ x-faker:
+ random.number:
+ min: 0
+ max: 150
+ example: 10
+ ipv6OnlyAssets:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Identify the total number of assets associated with
+ this boundary that are only on IPv6.'
+ x-faker:
+ random.number:
+ min: 0
+ max: 150
+ example: 5
+ ipv4Ipv6DualStackAssets:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Identify the total number of assets associated with
+ this boundary that are operating on IPv4/IPv6 dual-stack.'
+ x-faker:
+ random.number:
+ min: 0
+ max: 300
+ example: 15
+ totalIpAssets:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Total number of IPv4, IPv6, and dual-stack assets
+ identified. Value calculated upon Save action'
+ x-faker:
+ random.number:
+ min: 0
+ max: 500
+ example: 30
+ originatingOrganization:
+ type: string
+ nullable: true
+ description: '[Read-Only] Identify the organization that generated the existing
+ authorization package, including (where applicable) individual
+ points of contact.'
+ x-faker: company.companyName
+ example: Originating Organization
+ systemUseJustification:
+ type: string
+ nullable: true
+ description: '[Read-Only] Provide a detailed justification as to why this system
+ should be deployed and used within the requesting organization.'
+ x-faker: random.words
+ example: System EOL within 120 days
+ systemUseJustificationArtifact:
+ type: string
+ nullable: true
+ description: '[Read-Only] Filename of the System Use Justification Artifact,
+ including the file extension.'
+ x-faker: system.commonFileName
+ example: SystemUseJustification.pdf"
+ authorizationToUseStatus:
+ type: string
+ nullable: true
+ description: '[Read-Only] The system''s Authority to Use Status.'
+ x-faker: random.words
+ example: Authority to Use (ATU)
+ reciprocityAcceptanceStatus:
+ type: string
+ nullable: true
+ description: '[Read-Only] The system''s Reciprocity Acceptance Status. Army IC
+ only.'
+ x-faker: random.words
+ example: Acceptance status content
+ useAuthorizationDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] The system''s Use Authorization Date.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ reciprocityAcceptanceDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] The system''s Reciprocity Acceptance Date. Army IC
+ only.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ useAuthorizationTerminationDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] The system''s Use Authorization Termination Date.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ reciprocityAcceptanceTerminationDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] The system''s Reciprocity Acceptance Termination Date.
+ Army IC only.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ termsConditionsForUseSummary:
+ type: string
+ nullable: true
+ description: '[Read-Only] The system''s Terms / Conditions for Use Summary.'
+ x-faker: random.words
+ example: Test ATU Summary
+ termsConditionsForReciprocitySummary:
+ type: string
+ nullable: true
+ description: '[Read-Only] The system''s Terms / Conditions for Reciprocity
+ Summary. Army IC only.'
+ x-faker: random.words
+ example: Test ATU Summary
+ primaryMissionEssentialFunction:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Annotate ''Yes'' if your system performs a Primary Mission Essential Function. VA only'
+ x-faker: random.boolean
+ example: false
+ pmefDescription:
+ type: string
+ nullable: true
+ description: '[Read-Only] The FIPS category "Availability" of this system must be marked "High" if the system is
+ listed as a PMEF, and the RTO must be 12 hours or shorter. VA only'
+ x-faker: random.words
+ example: Test PMEF Description
+ missionEssentialFunction:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Annotate "Yes" if your system performs a Mission Essential Function. VA only.'
+ x-faker: random.boolean
+ example: false
+ mefDescription:
+ type: string
+ nullable: true
+ description: '[Read-Only] MEFs are listed in the OIT Continuity Plan.
+ VA Handbook 0322 will be updated with these MEFs. VA only.'
+ x-faker: random.words
+ example: Test MEF Description
+ administration:
+ type: string
+ nullable: true
+ description: '[Read-Only] Identify the administration that this information system supports. VA only.'
+ x-faker: random.words
+ example: Test Administration
+ administrationOtherJustification:
+ type: string
+ nullable: true
+ description: '[Read-Only] If the Administration field is set to "Other", this free-text field becomes required. VA only.'
+ x-faker: random.words
+ example: Test Administration Justification
+ atcIatcGrantedDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] The date the Authority to Connect (ATC) or Interim Authority to Connect (IATC) was granted.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ atcIatcExpirationDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] The date the Authority to Connect (ATC) or Interim Authority to Connect (IATC) expires.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ atcIatcPendingItems:
+ type: string
+ nullable: true
+ description: '[Read-Only] List of pending items required for the Authority to Connect (ATC) or Interim Authority to Connect (IATC).'
+ x-faker: random.words
+ example: Test ATC/IATC Pending Items
+ pendingItemsDueDate :
+ type: integer
+ nullable: true
+ description: '[Read-Only] The date the pending items are due.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ dodinnSystemId:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] A DoDIN-N system is all encompassing for the following: Navy networks,
+ systems, sites, corporate assets, centrally managed programs, programs of record, standalone,
+ excepted, enterprise, non-enterprise, cloud, NIPRNET, SIPRNET, GENSER Classified, Defense Research
+ Engineering Network (DREN), Secret DREN (SDREN), connected to the DoDIN or through commercial
+ lines that are owned, operated, leased, contracted, maintained, managed, administered, house Navy
+ data, house Navy personally identifiable information, house Navy protected health information,
+ or controlled unclassified information. The DoDIN-N also includes commercial information technology,
+ weapons systems/program manager/program of record/platform information technology, and operational
+ technology. Navy only.'
+ x-faker: random.boolean
+ example: false
+ authorizationToUseConnectStatus:
+ type: string
+ nullable: true
+ description: '[Read-Only] FCC CRMA/NAO approval for DoDIN-N operations. Navy only.'
+ x-faker: random.words
+ example: Authorization
+ useConnectAuthorizationDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] The Use/Connect Authorization Date. Navy only.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ useConnectAuthorizationTerminationDate:
+ type: integer
+ nullable: true
+ description: '[Read-Only] The Use/Connect Authorization Termination Date Navy only.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ termsConditionsForUseConnectSummary:
+ type: string
+ nullable: true
+ description: '[Read-Only] Provide a description (if applicable) of any specific limitations
+ or restrictions placed on the operation of the information system as part of the authorization
+ to use/connect decision. Navy only.'
+ x-faker: random.words
+ example: Test ATU Summary
+ workstations:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Identify the number of System Workstations. This data will be used
+ for the National Industrial Security System (NISS) facility categorization. If field is not
+ applicable enter "0". NISP only.'
+ x-faker:
+ random.number:
+ min: 0
+ max: 10000
+ example: 10
+ servers:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Identify the number of System Servers. This data will be used
+ for the National Industrial Security System (NISS) facility categorization. If field is not
+ applicable enter "0". NISP only.'
+ x-faker:
+ random.number:
+ min: 0
+ max: 10000
+ example: 5
+ connectivityCcsd:
+ type: array
+ nullable: true
+ items:
+ $ref: '#/components/schemas/ConnectivityCcsd'
+ ConnectivityCcsd:
+ title: System CCSD Connectivity
+ type: object
+ additionalProperties: false
+ properties:
+ ccsdNumber:
+ type: string
+ nullable: true
+ description: '[Read-Only] Identifier for specific connections to the system.'
+ x-faker:
+ random.arrayElement:
+ - - CCSD-123
+ - CCSD-456
+ - CCSD-789
+ - CCSD-246
+ example: CCSD-579
+ connectivity:
+ type: string
+ nullable: true
+ description: '[Read-Only] Choose connection type for the system.'
+ x-faker:
+ random.arrayElement:
+ - - Connected
+ - Disconnected
+ - Not Applicable
+ - Test Connectivity
+ example: Not Yet Authorized
+ RoleCategory:
+ title: System Roles Gategories
+ type: object
+ additionalProperties: false
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ description: '[Read-only] Unique system record identifier.'
+ x-faker: random.number
+ example: 35
+ systemName:
+ type: string
+ nullable: true
+ description: '[Read-only] Name of the system record.'
+ x-faker: company.companyName
+ example: eMASS API Example System
+ systemAcronym:
+ type: string
+ nullable: true
+ description: '[Read-only] Acronym of the system record.'
+ x-faker:
+ random.arrayElement:
+ - - AC-1
+ - AC-2
+ - S-1
+ - S-23
+ - SI-16
+ - SI-56
+ - UA-16
+ - SI-4(11)
+ example: S-XYZ
+ roles:
+ type: array
+ nullable: true
+ items:
+ $ref: '#/components/schemas/Roles'
+ Roles:
+ title: System Role
+ type: object
+ additionalProperties: false
+ properties:
+ roleCategory:
+ type: string
+ description: '[Required] System role categories'
+ x-faker:
+ random.arrayElement:
+ - - CAC
+ - PAC
+ - Other
+ example: PAC
+ role:
+ type: string
+ description: '[Required] System role description'
+ x-faker:
+ random.arrayElement:
+ - - PM/IAM
+ - SCA
+ - AO
+ - ISSO
+ - ISSM
+ - IAO
+ - Validator (IV&V)
+ - User Rep (View Only)
+ - Auditor
+ - Artifact Manager
+ - C&A Team
+ example: AO
+ users:
+ type: array
+ nullable: true
+ items:
+ $ref: '#/components/schemas/Users'
+ Users:
+ title: System role users
+ type: object
+ additionalProperties: false
+ properties:
+ firstName:
+ type: string
+ x-faker: name.firstName
+ example: John
+ lastName:
+ type: string
+ x-faker: name.lastName
+ example: Smith
+ email:
+ type: string
+ format: email
+ x-faker: internet.email
+ example: John.Smith@hb.com
+ ControlsPut:
+ title: Controls - return query from the server for the PUT call
+ type: object
+ additionalProperties: false
+ properties:
+ acronym:
+ type: string
+ description: Acronym of the system record.
+ example: AC-34
+ x-faker:
+ random.arrayElement:
+ - - AC-1
+ - AC-2
+ - S-1
+ - S-23
+ - SI-16
+ - SI-56
+ - UA-16
+ - SI-4(11)
+ success:
+ type: boolean
+ description: Indicates if operations result (success/fail)
+ x-faker: random.boolean
+ example: true
+ systemId:
+ type: integer
+ format: int64
+ description: The system identifier for the system being updated.
+ x-faker: random.number
+ example: 33
+ errors:
+ $ref: '#/components/schemas/Errors'
+ TestResultsGet:
+ title: Test Results - server returned data from the GET call
+ type: object
+ additionalProperties: false
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ description: '[Required] Unique eMASS identifier. Will need to provide correct
+ number'
+ x-faker: random.number
+ example: 35
+ control:
+ type: string
+ nullable: true
+ description: '[Read-Only] Control acronym associated with the test result. NIST
+ SP 800-53 Revision 4 defined.'
+ example: AC-3
+ x-faker:
+ random.arrayElement:
+ - - AC-1
+ - AC-2
+ - S-1
+ - S-23
+ - SI-16
+ - SI-56
+ - UA-16
+ - SI-4(11)
+ cci:
+ type: string
+ description: '[Required] CCI associated with test result.'
+ example: '000002'
+ x-faker:
+ random.arrayElement:
+ - - '000012'
+ - '000045'
+ - '000005'
+ - '000125'
+ - '000145'
+ - '000063'
+ - '000451'
+ - '000254'
+ - '000852'
+ - '001234'
+ - '002115'
+ - '000155'
+ assessmentProcedure:
+ type: string
+ description: '[Required] The Security Control Assessment Procedure being
+ assessed.'
+ example: AC-1.1
+ x-faker:
+ random.arrayElement:
+ - - AC-1
+ - AC-2
+ - AC-3
+ - AC-1.1
+ - AC-1.2
+ - AC-1.3
+ - AC-2.1
+ - AC-2.2
+ - AC-2.3
+ - AC-3.1
+ - AC-3.2
+ - AC-3.3
+ isInherited:
+ type: boolean
+ nullable: true
+ description: '[Read-only] Indicates whether a test result is inherited.'
+ x-faker: random.boolean
+ example: true
+ testedBy:
+ type: string
+ description: '[Required] Last Name, First Name. 100 Characters.'
+ x-faker: name.findName
+ example: Smith, Joe
+ testDate:
+ type: integer
+ format: int64
+ description: '[Required] Unix time format.'
+ x-faker:
+ random.number: 1234567890
+ example: 1638741770
+ description:
+ type: string
+ description: '[Required] Include description of test result. 4000 Characters.'
+ x-faker: random.words
+ example: Test result description
+ type:
+ type: string
+ nullable: true
+ description: '[Read-Only] Indicates the location in the Control Approval Chain
+ when the test result is submitted.'
+ example: Self-Assessment
+ x-faker:
+ random.arrayElement:
+ - - Self-Assessment
+ - Schedule-Assessment
+ - Deep Evaluation
+ complianceStatus:
+ type: string
+ description: '[Required] Test result compliance status'
+ example: Compliant
+ enum:
+ - Compliant
+ - Non-Compliant
+ - Not Applicable
+ TestResultsPost:
+ title: Test Results - return query from the server for the POST call
+ type: object
+ additionalProperties: false
+ properties:
+ cci:
+ type: string
+ description: CCI associated with test result.
+ example: 000001,000002
+ x-faker:
+ random.arrayElement:
+ - - '000012'
+ - '000045'
+ - '000005'
+ - '000125'
+ - '000145'
+ - '000063'
+ - '000451'
+ - '000254'
+ - '000852'
+ - '001234'
+ - '002115'
+ - '000155'
+ success:
+ type: boolean
+ description: Indicates if operations result (success/fail)
+ x-faker: random.boolean
+ example: true
+ systemId:
+ type: integer
+ format: int64
+ description: The system identifier for the system being updated.
+ x-faker: random.number
+ example: 35
+ errors:
+ $ref: '#/components/schemas/Errors'
+ PoamPostPutDel:
+ type: object
+ additionalProperties: false
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ description: The system identifier for the system being updated.
+ x-faker: random.number
+ example: 33
+ poamId:
+ type: integer
+ format: int64
+ description: The newly created POAM identifier
+ x-faker: random.number
+ example: 45
+ externalUid:
+ type: string
+ description: The unique identifier external to the eMASS application for use
+ with associating POA&Ms. 100 Characters.
+ x-faker: random.uuid
+ example: d6d98b88-c866-4496-9bd4-de7ba48d0f52
+ success:
+ type: boolean
+ description: Indicates if operations result (success/fail)
+ x-faker: random.boolean
+ example: true
+ errors:
+ $ref: '#/components/schemas/Errors'
+ MilestonesGet:
+ title: Milestones - return query from the server for the GET call
+ type: object
+ additionalProperties: false
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ description: '[Required] Unique eMASS system identifier.'
+ x-faker: random.number
+ example: 830
+ milestoneId:
+ type: integer
+ format: int64
+ description: '[Required] Unique item identifier.'
+ x-faker: random.number
+ example: 19
+ poamId:
+ type: integer
+ format: int64
+ description: '[Required] Unique item identifier.'
+ x-faker: random.number
+ example: 45
+ description:
+ type: string
+ description: '[Required] Include milestone description.'
+ x-faker: random.words
+ example: Description text
+ scheduledCompletionDate:
+ type: integer
+ format: int64
+ description: '[Required] Required for ongoing and completed POA&M items. Unix
+ time format.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ reviewStatus:
+ type: string
+ nullable: true
+ description: '[Read-Only] Values include the following options: (Not
+ Approved,Under Review,Approved).'
+ example: Under Review
+ enum:
+ - Not Approved
+ - Under Review
+ - Approved
+ createdBy:
+ type: string
+ nullable: true
+ description: '[Read-Only] Last, first name of the user that created the
+ milestone.'
+ x-faker: name.findName
+ example: Smith, John
+ createdDate:
+ type: integer
+ format: int64
+ description: '[Read-Only] Timestamp representing when the milestone was entered
+ into the database.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ MilestonesPutPostDelete:
+ type: object
+ additionalProperties: false
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ description: The system identifier that the POAM was added.
+ x-faker: random.number
+ example: 35
+ poamId:
+ type: integer
+ format: int64
+ description: The newly created POAM identifier
+ x-faker: random.number
+ example: 45
+ milestoneId:
+ type: integer
+ format: int64
+ description: The Milestone unique item identifier
+ x-faker: random.number
+ example: 77
+ externalUid:
+ type: string
+ description: The unique identifier external to the eMASS application for use
+ with associating POA&Ms. 100 Characters.
+ x-faker: random.uuid
+ example: d6d98b88-c866-4496-9bd4-de7ba48d0f52
+ success:
+ type: boolean
+ description: Indicates if operations result (success/fail)
+ x-faker: random.boolean
+ example: true
+ errors:
+ $ref: '#/components/schemas/Errors'
+ CacGet:
+ title: CAC - return query from the server for the GET call
+ type: object
+ additionalProperties: false
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ description: '[Required] Unique eMASS system identifier.'
+ x-faker: random.number
+ example: 35
+ controlAcronym:
+ type: string
+ description: '[Required] System acronym name.'
+ example: AC-3
+ x-faker:
+ random.arrayElement:
+ - - AC-1
+ - AC-2
+ - S-1
+ - S-23
+ - SI-16
+ - SI-56
+ - UA-16
+ - SI-4(11)
+ complianceStatus:
+ type: string
+ nullable: true
+ description: '[Read-only] Compliance status of the control.'
+ x-faker: random.word
+ example: Compliant
+ currentStageName:
+ type: string
+ nullable: true
+ description: '[Read-Only] Role in current stage.'
+ x-faker: random.word
+ example: SCA-V
+ currentStage:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Current step in the Control Approval Chain.'
+ example: 2
+ minimum: 1
+ maximum: 50
+ totalStages:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Total number of steps in Control Approval Chain.'
+ example: 2
+ minimum: 1
+ maximum: 50
+ comments:
+ type: string
+ nullable: true
+ description: '[Conditional] Control Approval Chain comments - 2000 Characters.'
+ x-faker: random.words
+ example: Control Approval Chain comments text.
+ PacGet:
+ title: PAC - return query from the server for the GET call
+ type: object
+ properties:
+ workflow:
+ type: string
+ description: '[Required] Values include the following:(Assess and Authorize,
+ Assess Only, Security Plan Approval)'
+ example: Assess and Authorize
+ enum:
+ - Assess and Authorize
+ - Assess Only
+ - Security Plan Approval
+ name:
+ type: string
+ description: '[Required] Package name. 100 Characters.'
+ x-faker: random.word
+ example: Package name text
+ currentStageName:
+ type: string
+ nullable: true
+ description: '[Read-Only] Name of the current stage in the active workflow.'
+ x-faker: random.word
+ example: SCA-R
+ currentStage:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Number of the current stage in the active workflow.'
+ x-faker:
+ random.number: 10
+ example: 4
+ totalStages:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Total number of stages in the active workflow.'
+ x-faker:
+ random.number: 10
+ example: 6
+ daysAtCurrentStage:
+ type: integer
+ nullable: true
+ description: '[Read-Only] Indicates the number of days at current workflow stage.'
+ x-faker:
+ random.number: 25
+ example: 2
+ comments:
+ type: string
+ nullable: true
+ description: '[Required]] Comments submitted upon initiation of the indicated workflow.
+ Character Limit = 4,000.'
+ x-faker: random.words
+ example: PAC initial submition comments
+ PacPost:
+ title: PAC - return query from the server for the POST call
+ type: object
+ properties:
+ workflow:
+ type: string
+ description: '[Required] Values include the following:(Assess and Authorize,
+ Assess Only, Security Plan Approval)'
+ example: Assess and Authorize
+ enum:
+ - Assess and Authorize
+ - Assess Only
+ - Security Plan Approval
+ success:
+ type: boolean
+ x-faker: random.boolean
+ example: true
+ systemId:
+ type: integer
+ format: int64
+ x-faker: random.number
+ example: 35
+ errors:
+ $ref: '#/components/schemas/Errors'
+ StaticCodePost:
+ title: Static Code - return query from the server for the POST call
+ type: object
+ properties:
+ applicationName:
+ type: string
+ description: '[Required] Name of the software application that was assessed.'
+ x-faker: company.companyName
+ example: Artemis
+ version:
+ type: string
+ description: '[Required] The version of the application.'
+ x-faker: system.semver
+ example: Version 5.0
+ success:
+ type: boolean
+ x-faker: random.boolean
+ example: true
+ systemId:
+ type: integer
+ format: int64
+ x-faker: random.number
+ example: 35
+ errors:
+ $ref: '#/components/schemas/Errors'
+ CloudResourcesPostDelete:
+ title: Cloud Resources - return query from the server for the POST/DELETE calls
+ type: object
+ additionalProperties: false
+ properties:
+ resourceId:
+ type: string
+ description: '[Required] Unique identifier/resource namespace for policy
+ compliance result'
+ example: /subscriptions/123456789/sample/resource/namespace/default
+ success:
+ type: boolean
+ x-faker: random.boolean
+ example: true
+ systemId:
+ type: integer
+ format: int64
+ x-faker: random.number
+ example: 35
+ errors:
+ $ref: '#/components/schemas/Errors'
+ ContainersResourcesPostDelete:
+ title: Containers - return query from the server for the POST/DELETE calls
+ type: object
+ additionalProperties: false
+ properties:
+ containerId:
+ type: string
+ description: '[Required] Unique identifier of the container'
+ example: command-control
+ success:
+ type: boolean
+ x-faker: random.boolean
+ example: true
+ systemId:
+ type: integer
+ format: int64
+ x-faker: random.number
+ example: 35
+ errors:
+ $ref: '#/components/schemas/Errors'
+ CmmcGet:
+ title: CMMC - return query from the server for the GET call
+ type: object
+ additionalProperties: false
+ properties:
+ operation:
+ type: string
+ nullable: true
+ description: '[Read-Only] Indicates the action that should be taken on the
+ assessment record since the provided sinceDate.'
+ enum:
+ - ADDED
+ - UPDATED
+ - DELETED
+ example: UPDATED
+ hqOrganizationName:
+ type: string
+ nullable: true
+ description: '[Read-Only] The name of the DIB Company.'
+ x-faker: company.companyName
+ example: Army
+ uei:
+ type: string
+ nullable: true
+ description: '[Read-Only] The Unique Entity Identifier assigned to the DIB
+ Company.'
+ x-faker: finance.account
+ example: '9809123'
+ oscName:
+ type: string
+ nullable: true
+ description: '[Read-Only] The name of the Organization Seeking Certification.'
+ x-faker: company.companyName
+ example: UC Labs
+ highestLevelOwnerCageCode:
+ type: string
+ nullable: true
+ description: '[Read-Only] Identifies the highest-level CAGE Code associated with
+ a given organization.'
+ x-faker:
+ random.alphaNumeric: 5
+ example: 99D8B
+ cageCodesInScope:
+ type: string
+ nullable: true
+ description: '[Read-Only] The five position code(s) associated with the
+ Organization Seeking Certification (OSC).'
+ x-faker: random.semver
+ example: 89ED9; 99D8B
+ numberOfEmployees:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Read-Only] The number of employees affiliated with the Organization Seeking Certification.'
+ x-faker:
+ random.number: 250
+ example: 100
+ scope:
+ type: string
+ nullable: true
+ description: '[Read-Only] The scope of the OSC assessment.'
+ x-faker:
+ random.arrayElement:
+ - - Enterprise
+ - Non-Enterprise
+ - Enclave
+ example: Enterprise
+ scopeDescription:
+ type: string
+ nullable: true
+ description: '[Read-Only] Brief description of the scope of the OSC assessment'
+ x-faker: random.words
+ example: Assessment of UC's Lab
+ assessmentStandard:
+ type: string
+ nullable: true
+ description: '[Read-Only] Version of the CMMC Model used as part of the
+ assessment.'
+ x-faker:
+ random.arrayElement:
+ - - NIST SP 800-171 Revision 2
+ - NIST SP 800-171 Revision 3
+ example: NIST SP 800-171 Revision 2
+ assessmentId:
+ type: string
+ nullable: true
+ description: '[Read-Only] Unique identifier for the assessment/certificate.'
+ x-faker: random.uuid
+ example: 41b89528-a7a8-470a-90f4-c3fd1267d6f7
+ cmmcUid:
+ type: string
+ nullable: true
+ description: '[Read-Only] Identifies the unique ID that is associated with a
+ given CMMC certification for an organization.'
+ x-faker:
+ random.alphaNumeric: 9
+ example: L20000003
+ overallScore:
+ type: integer
+ format: int64
+ description: '[Read-Only] Identifies the overall calculated score for the
+ assessment based on the assigned values to each applicable security
+ requirement.'
+ x-faker:
+ random.number: 150
+ example: 110
+ cmmcStatus:
+ type: string
+ nullable: true
+ description: '[Read-Only] The status of the CMMC certification.'
+ x-faker:
+ random.arrayElement:
+ - - Conditional Level 2 (C3PAO)
+ - Final Level 2 (C3PAO)
+ - Conditional Level 3 (DIBCAC)
+ - Final Level 3 (DIBCAC)
+ example: Conditional Level 2 (C3PAO)
+ cmmcStatusDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Read-Only] Date of the CMMC status.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ cmmcStatusExpirationDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Read-Only] Expiration date of the CMMC status.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ WorkflowDefinitionGet:
+ title: Workflow Definition - return query from the server for the GET call
+ type: object
+ properties:
+ workflowUid:
+ type: string
+ nullable: true
+ description: '[Read-Only] Unique workflow definition identifier.'
+ x-faker: random.uuid
+ example: 6f810301-5b3b-4f89-81e7-587fef9142a9
+ workflow:
+ type: string
+ nullable: true
+ description: '[Read-Only] The workflow type.'
+ example: 'RMF Step 1: Security Category'
+ x-faker:
+ random.arrayElement:
+ - - 'RMF Step 1: Security Category'
+ - 'RMF Step 2: Security Category'
+ - 'RMF Step 3: Security Category'
+ version:
+ type: string
+ nullable: true
+ description: '[Read-Only] Version of the workflow definition.'
+ x-faker: system.semver
+ example: '4'
+ description:
+ type: string
+ nullable: true
+ description: '[Read-Only] Description of the workflow or the stage transition.'
+ x-faker: lorem.sentence
+ example: The workflow description
+ isActive:
+ type: boolean
+ nullable: true
+ description: '[Read-Only] Returns true if the workflow is available to the site.'
+ x-faker: random.boolean
+ example: false
+ stages:
+ type: array
+ nullable: true
+ additionalProperties: false
+ items:
+ $ref: '#/components/schemas/Stage'
+ Stage:
+ title: Workflow Definition Stage
+ type: object
+ additionalProperties: false
+ properties:
+ name:
+ type: string
+ nullable: true
+ description: '[Read-Only] Name of the stage. For older workflows, this will
+ match the user assigned to the stage.'
+ example: Not Started
+ x-faker:
+ random.arrayElement:
+ - - Not Started
+ - Categorize System
+ - Submit Categorization
+ - Approval
+ - Complete
+ - Cancelled
+ - AO
+ - SCA
+ - PM/IAM
+ transitions:
+ type: array
+ nullable: true
+ additionalProperties: false
+ items:
+ $ref: '#/components/schemas/DefinitionTransitions'
+ DefinitionTransitions:
+ title: Workflow Definition Transition
+ type: object
+ additionalProperties: false
+ properties:
+ endStage:
+ type: string
+ nullable: true
+ description: '[Read-Only] The landing stage that is active after performing a
+ transition.'
+ x-faker: random.word
+ example: Submit Categorization
+ description:
+ type: string
+ nullable: true
+ description: '[Read-Only] Description that matches the action dropdown that
+ appears for PAC users.'
+ x-faker: random.words
+ example: Initiate Workflow
+ roles:
+ type: array
+ nullable: true
+ additionalProperties: false
+ items:
+ example: PM/ISO, System Admin, eMASS System Admin, ISSE, ISSM, IO
+ x-faker:
+ random.arrayElement:
+ - - PM/ISO
+ - System Admin
+ - eMASS System Admin
+ - ISSE
+ - ISSM
+ - IO
+ - Other
+ - Unknown
+ WorkflowInstanceGet:
+ title: Workflow Instances - return query for the GET workflow instances in a
+ site
+ type: object
+ properties:
+ workflowUid:
+ type: string
+ nullable: true
+ description: '[Read-Only] Unique workflow definition identifier.'
+ x-faker: random.uuid
+ example: 6f810301-5b3b-4f89-81e7-587fef9142a9
+ systemId:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Read-only] Unique system record identifier.'
+ x-faker: random.number
+ example: 35
+ systemName:
+ type: string
+ nullable: true
+ description: '[Read-Only] The system name.'
+ x-faker: company.companyName
+ example: Test system 1
+ workflowInstanceId:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Read-Only] Unique workflow instance identifier.'
+ x-faker: random.number
+ example: 35
+ packageName:
+ type: string
+ nullable: true
+ description: '[Read-Only] The package name.'
+ example: Test RMF Step 1 package
+ createdDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Read-Only] Date the workflow instance or the workflow transition
+ was created.'
+ example: 1636124623
+ lastEditedDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Read-Only] Date the workflow was last acted on.'
+ example: 1631130837
+ lastEditedBy:
+ type: string
+ nullable: true
+ description: '[Read-Only] User that last acted on the workflow.'
+ x-faker: internet.email
+ example: john.doe.ctr@mail.mil
+ workflow:
+ type: string
+ nullable: true
+ description: '[Read-Only] The workflow type.'
+ x-faker: random.words
+ example: 'RMF Step 1: Security Category'
+ version:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Read-Only] Version of the workflow definition.'
+ x-faker: random.number
+ example: 11
+ currentStage:
+ type: string
+ nullable: true
+ description: '[Read-Only] Name of the current stage.'
+ example: Echelon II
+ x-faker:
+ random.arrayElement:
+ - - Echelon I
+ - Echelon II
+ - Echelon III
+ - Echelon IV
+ - Echelon V
+ transitions:
+ type: array
+ items:
+ $ref: '#/components/schemas/InstanceTransitions'
+ InstanceTransitions:
+ title: Workflow Instances Transition
+ type: object
+ additionalProperties: false
+ properties:
+ comments:
+ type: string
+ nullable: true
+ description: '[Read-Only] Comments entered by the user when performing the
+ transition.'
+ x-faker: random.words
+ example: Approved the categorization
+ createdBy:
+ type: string
+ nullable: true
+ description: '[Read-Only] User that performed the workflow transition.'
+ x-faker: internet.email
+ example: john.doe.ctr@mail.mil
+ createdDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Read-Only] Date the workflow instance or the workflow transition
+ was created.'
+ example: 1636124623
+ description:
+ type: string
+ nullable: true
+ description: '[Read-Only] Description of the stage transition. This matches the
+ action dropdown that appears for PAC users.'
+ x-faker: random.words
+ example: Submit New Package
+ endStage:
+ type: string
+ nullable: true
+ description: '[Read-Only] The landing stage that is active after performing a
+ transition.'
+ x-faker: random.word
+ example: Submit Categorization
+ startStage:
+ type: string
+ nullable: true
+ description: '[Read-Only] The beginning stage that is active before performing a
+ transition.'
+ x-faker: random.word
+ example: Not Started
+
+ #----------------------------------------------------------------------------
+ # Common Fields
+ #----------------------------------------------------------------------------
+
+ #----------------------------------------------------------------------------
+ # Artifacts Fields
+ ArtifactsIds:
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ description: '[Required] Unique eMASS system identifier.'
+ x-faker: random.number
+ example: 35
+ ArtifactsRequiredFields:
+ properties:
+ filename:
+ type: string
+ description: |
+ [Required] File name should match exactly one file within the provided zip file. 1000 Characters.
+ or Application/zip file. Max 30MB per artifact.
+ x-faker: system.commonFileName
+ example: AutorizationGuidance.pdf
+ isTemplate:
+ type: boolean
+ nullable: true
+ description: '[Required] Indicates whether an artifact template.'
+ x-faker: random.boolean
+ example: false
+ type:
+ type: string
+ description: '[Required] Artifact type options'
+ x-faker:
+ random.arrayElement:
+ - - Procedure
+ - Diagram
+ - Policy
+ - Labor
+ - Document
+ - Image
+ - Other
+ - Scan Result
+ - Auditor Report
+ example: Policy
+ category:
+ type: string
+ description: '[Required] Artifact category options'
+ x-faker:
+ random.arrayElement:
+ - - mplementation Guidance
+ - Evidence
+ - Other
+ example: Change Request
+ ArtifactsOptionalFields:
+ properties:
+ name:
+ type: string
+ description: '[Optional] Artifact name. Character Limit = 100.'
+ nullable: true
+ x-faker: random.word
+ example: E-Authentication Assessment
+ description:
+ type: string
+ nullable: true
+ description: '[Optional] Artifact description. 10,000 Characters.'
+ x-faker: random.words
+ example: Artifact description text
+ referencePageNumber:
+ type: string
+ nullable: true
+ description: '[Optional] Artifact reference page number. 50 Characters.'
+ x-faker: random.words
+ example: Reference page number
+ assessmentProcedures:
+ type: string
+ description: '[Optional] The Security Control Assessment Procedure being
+ associated with the artifact.'
+ example: AC-1.1
+ controls:
+ type: string
+ nullable: true
+ description: '[Optional] Control acronym associated with the artifact. NIST SP
+ 800-53 Revision 4 defined.'
+ x-faker: company.companySuffix
+ example: AC-8,AC-2(4)
+ expirationDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] Date Artifact expires and requires review. In Unix Date
+ format.'
+ example: 18089586892
+ lastReviewedDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] Date Artifact was last reviewed. Unix time format.'
+ example: 1757409188
+ signedDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] Date artifact was signed. Unix time format.'
+ example: 1767409188
+ ArtifactsReadOnlyFields:
+ properties:
+ isInherited:
+ type: boolean
+ nullable: true
+ description: '[Read-only] Indicates whether an artifact is inherited.'
+ x-faker: random.boolean
+ example: true
+ ccis:
+ type: string
+ nullable: true
+ description: '[Read-Only] CCI mapping for Assessment Procedures associated with
+ the artifact.'
+ example: 000001,000002
+ x-faker:
+ random.arrayElement:
+ - - 000012,000045
+ - '000005'
+ - 000125,000145
+ - 000063,000451,000254
+ - '000852'
+ - 001234,002115
+ - '000155'
+ mimeContentType:
+ type: string
+ nullable: true
+ description: '[Read-Only] Standard MIME content type derived from file extension.'
+ x-faker: system.mimeType
+ example: application/zip
+ fileSize:
+ type: string
+ nullable: true
+ description: '[Read-Only] File size of attached artifact.'
+ x-faker:
+ random.arrayElement:
+ - - 369 KB
+ - 459 KB
+ - 134 KB
+ - 659 KB
+ - 555 KB
+ - 1 MB
+ - 1.3 MB
+ - 2 MB
+ - 2.7 MB
+ - 3.1 MB
+ - 4 MB
+ example: 4MB
+
+ #----------------------------------------------------------------------------
+ # Controls Fields
+ ControlsIds:
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ description: '[Required] Unique eMASS system identifier.'
+ x-faker: random.number
+ example: 83
+ ControlsRequiredFields:
+ properties:
+ acronym:
+ type: string
+ description: '[Required] Acronym of the system record.'
+ example: AC-3
+ x-faker:
+ random.arrayElement:
+ - - AC-1
+ - AC-2
+ - S-1
+ - S-23
+ - SI-16
+ - SI-56
+ - UA-16
+ - SI-4(11)
+ responsibleEntities:
+ type: string
+ description: '[Required] Include written description of Responsible Entities
+ that are responsible for the Security Control. Character Limit 2,000.'
+ x-faker: random.words
+ example: Unknown
+ controlDesignation:
+ type: string
+ description: '[Required] Control designations'
+ example: Common
+ enum:
+ - Common
+ - System-Specific
+ - Hybrid
+ estimatedCompletionDate:
+ type: integer
+ format: int64
+ description: '[Required] Field is required for Implementation Plan. Unix time format.'
+ x-faker:
+ random.number: 1234567890
+ example: 1799644800
+ implementationNarrative:
+ type: string
+ description: '[Required] Includes security control comments. Character Limit 2,000.'
+ x-faker: random.words
+ example: Test Imp. Narrative
+ ControlsConditionalFields:
+ properties:
+ commonControlProvider:
+ type: string
+ nullable: true
+ description: '[Conditional] Indicate the type of Common Control Provider for an
+ Inherited Security Control.'
+ example: DoD
+ enum:
+ - DoD
+ - Component
+ - Enclave
+ naJustification:
+ type: string
+ nullable: true
+ description: '[Conditional] Provide justification for Security Controls deemed
+ Not Applicable to the system.'
+ x-faker: random.words
+ example: System EOL within 120 days
+ slcmCriticality:
+ type: string
+ nullable: true
+ description: '[Conditional] Criticality of Security Control regarding SLCM.
+ Character Limit = 2,000.'
+ x-faker: random.word
+ example: Test Criticality
+ slcmFrequency:
+ type: string
+ nullable: true
+ description: '[Conditional] SLCM frequency'
+ example: Annually
+ enum:
+ - Constantly
+ - Daily
+ - Weekly
+ - Monthly
+ - Quarterly
+ - Semi-Annually
+ - Annually
+ - Every Two Years
+ - Every Three Years
+ - Undetermined
+ slcmMethod:
+ type: string
+ nullable: true
+ description: '[Conditional] SLCM method utilized'
+ example: Automated
+ enum:
+ - Automated
+ - Semi-Automated
+ - Manual
+ - Undetermined
+ slcmReporting:
+ type: string
+ nullable: true
+ description: '[Conditional] Method for reporting Security Control for SLCM.
+ Character Limit = 2,000.'
+ x-faker: random.word
+ example: Test Reporting
+ slcmTracking:
+ type: string
+ nullable: true
+ description: '[Conditional] How Non-Compliant Security Controls will be tracked
+ for SLCM. Character Limit = 2,000.'
+ x-faker: random.word
+ example: Test Tracking
+ slcmComments:
+ type: string
+ nullable: true
+ description: '[Conditional] Additional comments for Security Control regarding
+ SLCM. Character Limit = 4,000.'
+ x-faker: random.words
+ example: Test SLCM Comments
+ ControlsOptionalFields:
+ properties:
+ implementationStatus:
+ type: string
+ nullable: true
+ description: '[Optional] Implementation Status of the Security Control for the
+ information system.'
+ example: Planned
+ enum:
+ - Planned
+ - Implemented
+ - Inherited
+ - Not Applicable
+ - Manually Inherited
+ severity:
+ type: string
+ nullable: true
+ description: '[Optional] Values include the following options (Very Low, Low,
+ Moderate,High,Very High)'
+ example: Low
+ enum:
+ - Very Low
+ - Low
+ - Moderate
+ - High
+ - Very High
+ vulnerabiltySummary:
+ type: string
+ nullable: true
+ description: '[Optional] Include vulnerability summary. Character Limit = 2,000.'
+ x-faker: random.words
+ example: Test Vulnerability Summary
+ recommendations:
+ type: string
+ nullable: true
+ description: '[Optional] Include recommendations. Character Limit = 2,000.'
+ x-faker: random.words
+ example: Test Recommendations
+ relevanceOfThreat:
+ type: string
+ nullable: true
+ description: '[Optional] Values include the following options (Very Low, Low,
+ Moderate,High,Very High)'
+ example: Low
+ enum:
+ - Very Low
+ - Low
+ - Moderate
+ - High
+ - Very High
+ likelihood:
+ type: string
+ nullable: true
+ description: '[Optional] Values include the following options (Very Low, Low,
+ Moderate,High,Very High)'
+ example: Low
+ enum:
+ - Very Low
+ - Low
+ - Moderate
+ - High
+ - Very High
+ impact:
+ type: string
+ nullable: true
+ description: '[Optional] Values include the following options (Very Low, Low,
+ Moderate,High,Very High)'
+ example: Low
+ enum:
+ - Very Low
+ - Low
+ - Moderate
+ - High
+ - Very High
+ impactDescription:
+ type: string
+ nullable: true
+ description: '[Optional] Include description of Security Control''s impact.'
+ x-faker: random.words
+ example: Impact text
+ residualRiskLevel:
+ type: string
+ nullable: true
+ description: '[Optional] Values include the following options (Very Low, Low,
+ Moderate,High,Very High)'
+ example: Low
+ enum:
+ - Very Low
+ - Low
+ - Moderate
+ - High
+ - Very High
+ testMethod:
+ type: string
+ nullable: true
+ description: '[Optional] Identifies the assessment method / combination that
+ will determine if the security requirements are implemented
+ correctly.'
+ example: Test
+ enum:
+ - Test
+ - Interview
+ - Examine
+ - Test, Interview
+ - Test, Examine
+ - Interview, Examine
+ - Test, Interview, Examine
+ mitigations:
+ type: string
+ nullable: true
+ description: '[Optional] Identify any mitigations in place for the Non-Compliant
+ Security Control''s vulnerabilities. Character Limit = 2,000.'
+ x-faker: random.words
+ example: Test Mitigations
+ applicationLayer:
+ type: string
+ nullable: true
+ description: '[Optional] If the Financial Management (Navy) overlay is applied
+ to the system, this field appears and can be populated. Character
+ Limit = 2,000. Navy only.'
+ x-faker:
+ random.arrayElement:
+ - - Personal Computing
+ - Time Sharing Computing
+ - Client Server Computing
+ - Distributed Computing
+ - Cloud Computing
+ - Cluster Computing
+ example: Cloud Computing
+ databaseLayer:
+ type: string
+ nullable: true
+ description: '[Optional] If the Financial Management (Navy) overlay is
+ applied to the system, this field appears and can be populated. Navy only.'
+ x-faker:
+ random.arrayElement:
+ - - Personal Computing
+ - Time Sharing Computing
+ - Client Server Computing
+ - Distributed Computing
+ - Cloud Computing
+ - Cluster Computing
+ example: Time Sharing Computing
+ operatingSystemLayer:
+ type: string
+ nullable: true
+ description: '[Optional] If the Financial Management (Navy) overlay is
+ applied to the system, this field appears and can be populated. Navy only.'
+ x-faker:
+ random.arrayElement:
+ - - Personal Computing
+ - Time Sharing Computing
+ - Client Server Computing
+ - Distributed Computing
+ - Cloud Computing
+ - Cluster Computing
+ example: Client Server Computing
+ ControlsReadOnlyFields:
+ properties:
+ name:
+ type: string
+ nullable: true
+ description: '[Read-only] Name of the system record.'
+ x-faker: company.bs
+ example: System XYZ
+ ccis:
+ type: string
+ nullable: true
+ description: '[Read-only] Comma separated list of CCIs associated with the
+ control.'
+ example: 000001,000002
+ x-faker:
+ random.arrayElement:
+ - - 000012,000045
+ - '000005'
+ - 000125,000145
+ - 000063,000451,000254
+ - '000852'
+ - 001234,002115
+ - '000155'
+ isInherited:
+ type: boolean
+ nullable: true
+ description: '[Read-only] Indicates whether a control is inherited.'
+ x-faker: random.boolean
+ example: true
+ modifiedByOverlays:
+ type: string
+ nullable: true
+ description: '[Read-only] List of overlays that affect the control.'
+ example: Requirements
+ x-faker:
+ random.arrayElement:
+ - - Privacy
+ - Requirements
+ - Concurrency
+ includedStatus:
+ type: string
+ nullable: true
+ description: '[Read-only] Indicates the manner by which a control was included
+ in the system''s categorization.'
+ x-faker:
+ random.arrayElement:
+ - - Manually
+ - Planned
+ - Unplanned
+ - Baseline
+ example: Manually
+ complianceStatus:
+ type: string
+ nullable: true
+ description: '[Read-only] Compliance of the control.'
+ x-faker: random.word
+ example: Status
+
+ #----------------------------------------------------------------------------
+ # POAM Fields
+ PoamIds:
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ description: '[Required] Unique eMASS system identifier.'
+ x-faker: random.number
+ example: 830
+ poamId:
+ type: integer
+ format: int64
+ description: '[Required] Unique item identifier'
+ x-faker: random.number
+ example: 45
+ displayPoamId:
+ type: integer
+ format: int64
+ description: '[Required] Globally unique identifier for individual POA&M Items,
+ seen on the front-end as ID.'
+ x-faker: random.number
+ example: 100000010
+ PoamRequiredFields:
+ properties:
+ status:
+ type: string
+ description: '[Required] The POA&M status'
+ example: Completed
+ enum:
+ - Ongoing
+ - Risk Accepted
+ - Completed
+ - Not Applicable
+ - Archived
+ vulnerabilityDescription:
+ type: string
+ description: '[Required] Provide a description of the POA&M Item. 2000
+ Characters.'
+ x-faker: random.words
+ example: Description text
+ sourceIdentifyingVulnerability:
+ type: string
+ description: '[Required] Include Source Identifying Vulnerability text. 2000
+ Characters.'
+ x-faker: random.words
+ example: Source Indentifying Vulnerability text
+ pocOrganization:
+ type: string
+ description: '[Required] Organization/Office represented. 100 Characters.'
+ x-faker: company.companyName
+ example: Army
+ resources:
+ type: string
+ description: '[Required] List of resources used. 250 Characters.'
+ x-faker: random.words
+ example: Resource text
+ identifiedInCFOAuditOrOtherReview:
+ type: boolean
+ description: '[Required] If not specified, this field will be set to false
+ because it does not accept a null value. VA only'
+ x-faker: random.boolean
+ example: true
+ PoamConditionalFields:
+ properties:
+ pocFirstName:
+ type: string
+ description: '[Conditional] First name of POC. 100 Characters.'
+ x-faker: name.firstName
+ example: John
+ pocLastName:
+ type: string
+ description: '[Conditional] Last name of POC. 100 Characters.'
+ x-faker: name.lastName
+ example: Smith
+ pocEmail:
+ type: string
+ description: '[Conditional] Email address of POC. 100 Characters.'
+ x-faker: internet.email
+ example: smith@ah.com
+ pocPhoneNumber:
+ type: string
+ description: '[Conditional] Phone number of POC (area code) ***-**** format. 100
+ Characters.'
+ x-faker: phone.phoneNumber.email
+ example: 555-555-5555
+ severity:
+ type: string
+ description: '[Conditional] Required for approved items. Values include the
+ following options: (Very Low, Low, Moderate,High,Very High)'
+ example: Low
+ scheduledCompletionDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Conditional] Required for ongoing and completed POA&M items. Unix
+ time format.'
+ x-faker:
+ random.number: 1234567890
+ example: 1799644800
+ completionDate:
+ type: integer
+ format: int64
+ description: '[Conditional] Field is required for completed POA&M items. Unix
+ time format.'
+ x-faker:
+ random.number: 1234567890
+ example: 1745916276
+ comments:
+ type: string
+ description: '[Conditional] Field is required for completed and risk accepted
+ POA&M items. 2000 Characters'
+ x-faker: random.words
+ example: Comments text.
+ personnelResourcesFundedBaseHours:
+ type: number
+ format: float
+ nullable: true
+ description: |
+ [Conditional] At least one of the following is required and must be completed for each POA&M Item:
+ Personnel Resources-> Funded Base Hours
+ Personnel Resources-> Unfunded Base Hours
+ Non-Personnel Resources-> Funded Amount
+ Non-Personnel Resources-> Unfunded Amount
+ Displays numbers to the second decimal point (e.g., 100.00). VA only.
+ x-faker:
+ random.number:
+ min: 100
+ max: 300
+ precision: 0.01
+ decimals: 2
+ example: 100
+ personnelResourcesCostCode:
+ type: string
+ nullable: true
+ description: |
+ [Conditional] Required if Personnel Resources: Funded Base Hours is populated.
+ Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only.
+ x-faker: finance.transactionType
+ example: 123456
+ personnelResourcesUnfundedBaseHours:
+ type: number
+ format: float
+ nullable: true
+ description: |
+ [Conditional] At least one of the following is required and must be completed for each POA&M Item:
+ Personnel Resources-> Funded Base Hours
+ Personnel Resources-> Unfunded Base Hours
+ Non-Personnel Resources-> Funded Amount
+ Non-Personnel Resources-> Unfunded Amount
+ Displays numbers to the second decimal point (e.g., 100.00). VA only.
+ x-faker:
+ random.number:
+ min: 100
+ max: 300
+ precision: 0.01
+ decimals: 2
+ example: 100
+ personnelResourcesNonfundingObstacle:
+ type: string
+ nullable: true
+ description: |
+ [Conditional] Required if Personnel Resources: Unfunded Base Hours is populated.
+ Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only.
+ x-faker: random.words
+ example: Not an system of interest
+ personnelResourcesNonfundingObstacleOtherReason:
+ type: string
+ nullable: true
+ description: '[Conditional] Required if the value "Other" is populated for the
+ field Personnel Resources: Non-Funding Obstacle. VA only.'
+ x-faker: random.words
+ example: Not an system of interest
+ nonPersonnelResourcesFundedAmount:
+ type: number
+ format: float
+ nullable: true
+ description: |
+ [Conditional] At least one of the following is required and must be completed for each POA&M Item:
+ Personnel Resources-> Funded Base Hours
+ Personnel Resources-> Unfunded Base Hours
+ Non-Personnel Resources-> Funded Amount
+ Non-Personnel Resources-> Unfunded Amount
+ Displays numbers to the second decimal point (e.g., 100.00). VA only.
+ x-faker:
+ random.number:
+ min: 100
+ max: 300
+ precision: 0.01
+ decimals: 2
+ nonPersonnelResourcesCostCode:
+ type: string
+ nullable: true
+ description: |
+ [Conditional] Required if Non-Personnel Resources: Funded Amount is populated.
+ Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only.
+ x-faker: finance.transactionType
+ nonPersonnelResourcesUnfundedAmount:
+ type: number
+ format: float
+ nullable: true
+ description: |
+ [Conditional] At least one of the following is required and must be completed for each POA&M Item:
+ Personnel Resources-> Funded Base Hours
+ Personnel Resources-> Unfunded Base Hours
+ Non-Personnel Resources-> Funded Amount
+ Non-Personnel Resources-> Unfunded Amount
+ Displays numbers to the second decimal point (e.g., 100.00). VA only.
+ x-faker:
+ random.number:
+ min: 100
+ max: 300
+ precision: 0.01
+ decimals: 2
+ nonPersonnelResourcesNonfundingObstacle:
+ type: string
+ nullable: true
+ description: |
+ [Conditional] Required if Non-Personnel Resources: Unfunded Amount is populated.
+ Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only.
+ x-faker: random.words
+ example: Not an system of interest
+ nonPersonnelResourcesNonfundingObstacleOtherReason:
+ type: string
+ nullable: true
+ description: '[Conditional] Required if the value "Other" is populated for the
+ field Non-Personnel Resources: Non-Funding Obstacle. VA only.'
+ x-faker: random.words
+ example: Not an system of interest
+ PoamOptionalFields:
+ properties:
+ externalUid:
+ type: string
+ description: '[Optional] Unique identifier external to the eMASS application for
+ use with associating POA&Ms. 100 Characters.'
+ example: d6d98b88-c866-4496-9bd4-de7ba48d0f52
+ controlAcronym:
+ type: string
+ description: '[Optional] Control acronym associated with the POA&M Item. NIST SP
+ 800-53 Revision 4 defined.'
+ example: AC-3
+ assessmentProcedure:
+ type: string
+ description: '[Optional] The Security Control Assessment Procedure being
+ associated with the POA&M Item.'
+ example: AC-1.4
+ securityChecks:
+ type: string
+ description: '[Optional] Security Checks that are associated with the POA&M.'
+ x-faker: random.words
+ example: SV-25123r1_rule,2016-A-0279
+ rawSeverity:
+ type: string
+ description: '[Optional] Scan vulnerability ratting Values include the
+ following options: (Very Low, Low, Moderate,High,Very High)'
+ example: Moderate
+ relevanceOfThreat:
+ type: string
+ description: '[Optional] Values include the following options (Very Low, Low,
+ Moderate,High,Very High)'
+ example: Low
+ likelihood:
+ type: string
+ description: '[Optional] Values include the following options (Very Low, Low,
+ Moderate,High,Very High)'
+ example: Low
+ impact:
+ type: string
+ description: '[Optional] Values include the following options (Very Low, Low,
+ Moderate,High,Very High)'
+ example: Low
+ impactDescription:
+ type: string
+ description: '[Optional] Include description of Security Control''s impact.'
+ x-faker: random.words
+ example: Impact text
+ residualRiskLevel:
+ type: string
+ description: '[Optional] Values include the following options (Very Low, Low,
+ Moderate,High,Very High)'
+ example: Low
+ recommendations:
+ type: string
+ description: '[Optional] Include recommendations. Character Limit = 2,000.'
+ x-faker: random.words
+ example: Recommendations text
+ mitigations:
+ type: string
+ description: '[Optional] Include mitigation explanation. 2000 Characters.'
+ x-faker: random.words
+ example: Mitigation text
+ resultingResidualRiskLevelAfterProposedMitigations:
+ type: string
+ nullable: true
+ description: '[Optional] Indicate the risk level expected after any proposed
+ mitigations are implemented. Proposed mitigations should be
+ appropriately documented as POA&M milestones. Navy only.'
+ example: Low
+ enum:
+ - Very Low
+ - Low
+ - Moderate
+ - High
+ - Very High
+ predisposingConditions:
+ type: string
+ nullable: true
+ description: '[Optional] A predisposing condition is a condition existing within
+ an organization, a mission or business process, enterprise
+ architecture, information system/PIT, or environment of operation,
+ which affects (i.e., increases or decreases) the likelihood that
+ threat events, once initiated, result in adverse impacts. Navy
+ only.'
+ x-faker: random.words
+ example: The predisposing condition justification
+ threatDescription:
+ type: string
+ nullable: true
+ description: '[Optional] Describe the identified threat(s) and relevance to the
+ information system. Navy only.'
+ x-faker: random.words
+ example: The identified threat(s) description
+ devicesAffected:
+ type: string
+ nullable: true
+ description: '[Optional] List any affected devices by hostname. If all devices
+ in the information system are affected, state ''system'' or ''all''.
+ Navy only'
+ x-faker:
+ random.arrayElement:
+ - - hostname-1
+ - hostname-2
+ - hostname-3
+ - hostname-4
+ - hostnam-5
+ - system
+ - all
+ example: system
+ PoamReadOnlyFields:
+ properties:
+ conditionId:
+ type: string
+ nullable: true
+ description: '[Read-Only] Unique identifier of the authorization term/condition
+ linked to the POA&M Item.'
+ x-faker:
+ random.arrayElement:
+ - - TC-10100292
+ - TC-36510292
+ - TC-10145221
+ - TC-41314221
+ example: TC-10100292
+ isInherited:
+ type: boolean
+ nullable: true
+ description: '[Read-only] Indicates whether a test result is inherited.'
+ x-faker: random.boolean
+ example: true
+ cci:
+ type: string
+ nullable: true
+ description: '[Read-Only] CCI associated with POA&M Item.'
+ x-faker:
+ random.arrayElement:
+ - - '000012'
+ - '000045'
+ - '000005'
+ - '000125'
+ - '000145'
+ - '000063'
+ - '000451'
+ - '000254'
+ - '000852'
+ - '001234'
+ - '002115'
+ - '000155'
+ example: 000001,000002
+ reviewStatus:
+ type: string
+ nullable: true
+ description: '[Read-Only] Values include the following options: (Not
+ Approved,Under Review,Approved)'
+ enum:
+ - Not Approved
+ - Under Review
+ - Approved
+ example: Under Review
+ createdDate:
+ type: integer
+ format: int64
+ description: '[Read-Only] Timestamp representing when the POA&M Item was entered
+ into the database.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ extensionDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: |
+ [Read-Only] Value returned for a POA&M Item with review status "Approved" and has a milestone
+ with a scheduled completion date that extends beyond the POA&M Item's scheduled completion date.
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ pendingExtensionDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: |
+ [Read-Only] Value returned for a POA&M Item with a review status of "Approved" and an unapproved
+ milestone with a scheduled completion date that extends beyond the POA&M Item's scheduled completion date.
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ artifacts:
+ type: string
+ nullable: true
+ description: '[Read-Only] Lists the filenames of any artifact files attached to
+ the POA&M Item. Multiple values are separated by “; ”.'
+ x-faker:
+ random.arrayElement:
+ - - Test1.docx; Test2.xlsx
+ - Test3.docx; Test4.xlsx
+ - Test5.docx; Test6.xlsx
+ - Test7.docx; Test8.xlsx
+ example: Test1.docx; Test2.xlsx
+ #----------------------------------------------------------------------------
+ # Milestones Fields
+ MilestonesFields:
+ properties:
+ milestones:
+ type: array
+ items:
+ $ref: "#/components/schemas/MilestonesGet"
+ #----------------------------------------------------------------------------
+ # Hardware Baseline Fields
+ HwBaselineIds:
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ description: '[Required] Unique eMASS system identifier.'
+ x-faker: random.number
+ example: 75
+ HwBaselineRequiredFields:
+ properties:
+ assetName:
+ type: string
+ description: '[Required] Name of the hardware asset.'
+ x-faker: commerce.productName
+ example: Test Asset Name 11
+ HwBaselineConditionalFields:
+ properties:
+ publicFacingFqdn :
+ type: string
+ nullable: true
+ description: '[Conditional] Public facing FQDN. Only applicable if Public Facing is set to true.'
+ x-faker: internet.domainName
+ example: test.com
+ publicFacingIpAddress:
+ type: string
+ nullable: true
+ description: '[Conditional] Public facing IP address. Only applicable if Public Facing is set to true.'
+ x-faker: internet.ip
+ example: 12.68.239.44
+ publicFacingUrls :
+ type: string
+ nullable: true
+ description: '[Conditional] Public facing URLs. Only applicable if Public Facing is set to true.'
+ x-faker: internet.url
+ example: test.com
+ HwBaselineOptionalFields:
+ properties:
+ componentType:
+ type: string
+ nullable: true
+ description: '[Optional] Type of the hardware asset.'
+ x-faker:
+ random.arrayElement:
+ - - Firewall
+ - IDS/IPS
+ - KVM
+ - Router
+ - Server
+ - Switch
+ - Workstation
+ example: IDS/IPS
+ nickname:
+ type: string
+ nullable: true
+ description: '[Optional] Nickname of the hardware asset.'
+ x-faker: commerce.department
+ example: Hardware
+ assetIpAddress:
+ type: string
+ nullable: true
+ description: '[Optional] IP address of the hardware asset.'
+ x-faker: internet.ip
+ example: 79.102.116.145
+ publicFacing:
+ type: boolean
+ nullable: true
+ description: '[Optional] Public facing is defined as any asset that is
+ accessible from a commercial connection.'
+ x-faker: random.boolean
+ example: true
+ virtualAsset:
+ type: boolean
+ nullable: true
+ description: '[Optional] Determine if this is a virtual hardware asset.'
+ x-faker: random.boolean
+ example: false
+ manufacturer:
+ type: string
+ nullable: true
+ description: '[Optional] Manufacturer of the hardware asset. Populated with
+ "Virtual" by default if Virtual Asset is true, however this can be overridden.'
+ x-faker: company.companyName
+ example: Test Manufacturer
+ modelNumber:
+ type: string
+ nullable: true
+ description: '[Optional] Model number of the hardware asset. Populated with
+ "Virtual" by default if Virtual Asset is true, however this can be overridden'
+ x-faker: system.semver
+ example: 1.0
+ serialNumber:
+ type: string
+ nullable: true
+ description: '[Optional] Serial number of the hardware asset. Populated with
+ "Virtual" by default if Virtual Asset is true, however this can be overridden.'
+ x-faker: system.semver
+ example: 5.2.1.5
+ OsIosFwVersion :
+ type: string
+ nullable: true
+ description: '[Optional] Operating System, IOS, or Firmware version of the hardware asset.'
+ x-faker:
+ random.arrayElement:
+ - - Winndows 10
+ - Windows 11
+ - Win Server 2000
+ - iOS 18
+ - iOS 19
+ - Mac OS X 10.10
+ - OS X Yosemite
+ - FW Version 2.3
+ - FW Version 5.7
+ example: Win Server 2000
+ memorySizeType:
+ type: string
+ nullable: true
+ description: '[Optional] Memory size / type of the hardware asset.'
+ x-faker:
+ random.arrayElement:
+ - - 64 GB DIMM
+ - 128 MB DRAM
+ - 4 TB SRAM
+ - 32 GB SIM
+ example: 32 GB SIM
+ location:
+ type: string
+ nullable: true
+ description: '[Optional] Location of the hardware asset.'
+ x-faker: address.city
+ example: Test Location
+ approvalStatus:
+ type: string
+ nullable: true
+ description: '[Optional] Approval status of the hardware asset.'
+ x-faker:
+ random.arrayElement:
+ - - Approved - DISA UC APL
+ - Approved - FIPS 140-2
+ - Approved - NIAP CCVES
+ - Approved - NSA Crypto
+ - Approved - NSA CSfC
+ - In Progress
+ - Unapproved
+ example: In Progress
+ criticalAsset:
+ type: boolean
+ nullable: true
+ description: '[Optional] Indicates whether the asset is a critical information system asset.'
+ x-faker: random.boolean
+ example: false
+ HwBaselineReadOnlyFields:
+ properties:
+ hardwareId:
+ type: string
+ nullable: true
+ description: '[Read-Only] GUID identifying the specific hardware asset. Required for a PUT call.'
+ x-faker: random.uuid
+ example: 0bcaba59-a4f4-4918-a267-aedee3ea750d
+ #----------------------------------------------------------------------------
+ # Software Baseline Fields
+ SwBaselineIds:
+ properties:
+ systemId:
+ type: integer
+ format: int64
+ description: '[Required] Unique eMASS system identifier.'
+ x-faker: random.number
+ example: 85
+ SwBaselineRequiredFields:
+ properties:
+ softwareVendor:
+ type: string
+ description: '[Required] Vendor of the software asset.'
+ x-faker: company.companyName
+ example: Test Vendor
+ softwareName:
+ type: string
+ description: '[Required] Name of the software asset.'
+ x-faker: commerce.productName
+ example: Test Software Name 11
+ version:
+ type: string
+ description: '[Required] Version of the software asset.'
+ x-faker: system.semver
+ example: 1.0
+ SwBaselineConditionalFields:
+ properties:
+ approvalDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Conditional] Approval date of the software asset.
+ If Approval Status is set to "Unapproved" or "In Progress",
+ Approval Date will be set to null.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ SwBaselineOptionalFields:
+ properties:
+ softwareType:
+ type: string
+ nullable: true
+ description: '[Optional] Type of the software asset.'
+ x-faker:
+ random.arrayElement:
+ - - COTS Application
+ - GOTS Application
+ - Office Automation
+ - Security Application
+ - Server Application
+ - Web Application
+ example: COTS Application
+ parentSystem:
+ type: string
+ nullable: true
+ description: '[Optional] Parent system of the software asset.'
+ x-faker: commerce.productName
+ example: Test Parent System
+ subsystem:
+ type: string
+ nullable: true
+ description: '[Optional] Subsystem of the software asset.'
+ x-faker: commerce.productName
+ example: Test Subsystem
+ network:
+ type: string
+ nullable: true
+ description: '[Optional] Network of the software asset.'
+ x-faker: commerce.productName
+ example: Test Network
+ hostingEnvironment:
+ type: string
+ nullable: true
+ description: '[Optional] Hosting environment of the software asset.'
+ x-faker: commerce.productName
+ example: Test Hosting Environment
+ softwareDependencies:
+ type: string
+ nullable: true
+ description: '[Optional] Dependencies of the software asset.'
+ x-faker: commerce.productName
+ example: Test Dependencies
+ cryptographicHash:
+ type: string
+ nullable: true
+ description: '[Optional] Cryptographic hash of the software asset.'
+ x-faker:
+ datatype.hexadecimal: 25
+ example: Test Cryptographic Hash 32"
+ inServiceData:
+ type: string
+ nullable: true
+ description: '[Optional] In-service data of the software asset.'
+ x-faker:
+ random.words: 5
+ example: Test In-Service Data
+ itBudgetUii:
+ type: string
+ nullable: true
+ description: '[Optional] IT budget UII of the software asset.'
+ x-faker:
+ random.words: 5
+ example: Test IT Budget Uii
+ fiscalYear:
+ type: string
+ nullable: true
+ description: '[Optional] Fiscal year (FY) of the software asset.'
+ x-faker:
+ random.numeric: 4
+ example: 2021
+ popEndDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] Period of performance (POP) end date of the software asset.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ licenseOrContract:
+ type: string
+ nullable: true
+ description: '[Optional] License or contract number of the software asset.'
+ x-faker:
+ random.words: 5
+ example: Test License Or Contract 25
+ licenseTerm:
+ type: string
+ nullable: true
+ description: '[Optional] License term of the software asset.'
+ x-faker:
+ random.words: 5
+ example: Test License Term 25
+ costPerLicense:
+ type: number
+ format: double
+ nullable: true
+ description: '[Optional] Cost per license of the software asset.
+ Number will be converted to display 2 decimal points.'
+ x-faker:
+ random.number:
+ min: 100
+ max: 1000
+ precision: 0.01
+ decimals: 2
+ example: 250.25
+ totalLicenses:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] Total licenses of the software asset.'
+ x-faker:
+ random.number: 5000
+ example: 100
+ totalLicenseCost:
+ type: number
+ format: double
+ nullable: true
+ description: '[Optional] Total license cost of the software asset.
+ Number will be converted to display 2 decimal points.'
+ x-faker:
+ random.number:
+ min: 100
+ max: 1000
+ precision: 0.01
+ decimals: 2
+ example: 2250.25
+ licensesUsed:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] Number of licenses used for the software asset.'
+ x-faker:
+ random.number: 5000
+ example: 100
+ licensePoc:
+ type: string
+ nullable: true
+ description: '[Optional] Point of contact (POC) for the software asset.'
+ x-faker: name.findName
+ example: Smith, Joe
+ licenseRenewalDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] License renewal date for the software asset.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ licenseExpirationDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] License expiration date for the software asset.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ approvalStatus:
+ type: string
+ nullable: true
+ description: '[Optional] Approval status of the software asset.'
+ x-faker:
+ random.arrayElement:
+ - - Approved - DISA UC APL
+ - Approved - FIPS 140-2
+ - Approved - NIAP CCVES
+ - Approved - NSA Crypto
+ - Approved - NSA CSfC
+ - In Progress
+ - Unapproved
+ example: In Progress
+ releaseDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] Release date of the software asset.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ maintenanceDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] Maintenance date of the software asset.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ retirementDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] Retirement date of the software asset.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ endOfLifeSupportDate:
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] End of life support date of the software asset.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ extendedEndOfLifeSupportDate :
+ type: integer
+ format: int64
+ nullable: true
+ description: '[Optional] If set, the Extended End of Life/Support
+ Date cannot occur prior to the End of Life/Support Date.'
+ x-faker:
+ random.number: 1234567890
+ example: 1715312304
+ criticalAsset:
+ type: boolean
+ nullable: true
+ description: '[Optional] Indicates whether the asset is a critical information system asset.'
+ x-faker: random.boolean
+ example: false
+ location:
+ type: string
+ nullable: true
+ description: '[Optional] Location of the software asset.'
+ x-faker: address.city
+ example: Test Location
+ purpose:
+ type: string
+ nullable: true
+ description: '[Optional] Purpose of the software asset.'
+ x-faker: random.words
+ example: Test Purpose
+ unsupportedOperatingSystem:
+ type: boolean
+ nullable: true
+ description: '[Optional] Unsupported operating system. VA only.'
+ x-faker: random.boolean
+ example: false
+ unapprovedSoftwareFromTrm:
+ type: boolean
+ nullable: true
+ description: '[Optional] Unapproved software from TRM. VA only'
+ x-faker: random.boolean
+ example: false
+ approvedWaiver:
+ type: boolean
+ nullable: true
+ description: '[Optional] Approved waiver. VA only'
+ x-faker: random.boolean
+ example: false
+ SwBaselineReadOnlyFields:
+ properties:
+ softwareId:
+ type: string
+ nullable: true
+ description: '[Read-Only] GUID identifying the specific software asset.'
+ x-faker: random.uuid
+ example: 171fc7d0-6957-4f54-bd51-3b7cbc6c39d5
+
+ #----------------------------------------------------------------------------
+ # HTTP 200 common response code value
+ #----------------------------------------------------------------------------
+ Response200:
+ title: OK
+ type: object
+ additionalProperties: false
+ properties:
+ code:
+ type: integer
+ format: int32
+ minimum: 200
+ maximum: 200
+ default: 200
+
+ #----------------------------------------------------------------------------
+ # HTTP 200 pagination response
+ #----------------------------------------------------------------------------
+ Pagination:
+ title: Pagination
+ type: object
+ additionalProperties: false
+ properties:
+ pageIndex:
+ type: integer
+ x-faker:
+ random.numeric: 2
+ example: 1
+ pageSize:
+ type: integer
+ x-faker:
+ random.numeric: 5
+ example: 20000
+ totalCount:
+ type: integer
+ x-faker:
+ random.numeric: 2
+ example: 4
+ totalPages:
+ type: integer
+ x-faker:
+ random.numeric: 2
+ example: 1
+ prevPageUrl:
+ type: string
+ x-faker: internet.url
+ example: https://myfakeurl.reponse.page.com?PreviousPage
+ nextPageUrl:
+ type: string
+ x-faker: internet.url
+ example: https://myfakeurl.reponse.page.com?NextPage
+
+ #----------------------------------------------------------------------------
+ # Schema for error response body
+ #----------------------------------------------------------------------------
+ Errors:
+ type: array
+ nullable: true
+ minItems: 1
+ maxItems: 25
+ items:
+ example: key:value
+ x-faker:
+ random.arrayElement:
+ - - 'key: Error message 1'
+ - 'key: Error message 2'
+ - 'key: Error message 3'
+ - 'key: Error message 4'
+ - 'key: Error message 5'
+
+ #----------------------------------------------------------------------------
+ # HTTP response status codes - Description/Likely Causes
+ #----------------------------------------------------------------------------
+ responses:
+ #-------------
+ # 200: Dashboard OK
+ DashboarOK:
+ description: OK
+ content:
+ application/json:
+ schema:
+ type: object
+ #-------------
+ # 200: Dashboard Response
+ DashboardResponse:
+ description: Pagination response schema
+ content:
+ application/json:
+ schema:
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ $ref: '#/components/schemas/Response200'
+ data:
+ type: array
+ items:
+ type: object
+ pagination:
+ $ref: '#/components/schemas/Pagination'
+ #-------------
+ # 201: Created
+ Created:
+ description: Created
+ content:
+ application/json:
+ schema:
+ title: Created
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ type: object
+ properties:
+ code:
+ type: integer
+ format: int32
+ minimum: 201
+ maximum: 201
+ default: 201
+ message:
+ type: string
+ default: Request was fulfilled and resulted in on or more new resources being
+ successfully created on the server.
+ #-----------------
+ # 400: Bad Request
+ BadRequest:
+ description: Bad Request
+ content:
+ application/json:
+ schema:
+ title: Bad Request
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ type: object
+ properties:
+ code:
+ type: integer
+ format: int32
+ minimum: 400
+ maximum: 400
+ default: 400
+ errorMessage:
+ type: string
+ default: Request could not be understood by the server due to incorrect syntax
+ or an unexpected format
+ #------------------
+ # 401: Unauthorized
+ Unauthorized:
+ description: Unauthorized
+ content:
+ application/json:
+ schema:
+ title: Unauthorized
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ type: object
+ properties:
+ code:
+ type: integer
+ format: int32
+ minimum: 401
+ maximum: 401
+ default: 401
+ errorMessage:
+ type: string
+ default: Request has failed to provide suitable authentication from the client
+ #---------------
+ # 403: Forbidden
+ Forbidden:
+ description: Forbidden
+ content:
+ application/json:
+ schema:
+ title: Forbidden
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ type: object
+ properties:
+ code:
+ type: integer
+ format: int32
+ minimum: 403
+ maximum: 403
+ default: 403
+ errorMessage:
+ type: string
+ default: Request was blocked by the application due to a lack of client
+ permissions to the API or to a specific endpoint
+ #---------------
+ # 404: Not Found
+ NotFound:
+ description: Not Found
+ content:
+ application/json:
+ schema:
+ title: Not Found
+ type: object
+ additionalProperties: false
+ properties:
+ code:
+ type: integer
+ format: int32
+ minimum: 404
+ maximum: 404
+ default: 404
+ errorMessage:
+ type: string
+ default: Request has failed because the URL provided in the request did not
+ match any available endpoint locations
+ #------------------------
+ # 405: Method Not Allowed
+ MethodNotAllowed:
+ description: Method Not Allowed
+ content:
+ application/json:
+ schema:
+ title: Method Not Allowed
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ type: object
+ properties:
+ code:
+ type: integer
+ format: int32
+ minimum: 405
+ maximum: 405
+ default: 405
+ errorMessage:
+ type: string
+ default: Request was made with a verb (GET, POST, etc.) that is not permitted
+ for the endpoint
+ #---------------------
+ # 411: Length Required
+ LengthRequired:
+ description: Length Required
+ content:
+ application/json:
+ schema:
+ title: Length Required
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ type: object
+ properties:
+ code:
+ type: integer
+ format: int32
+ minimum: 411
+ maximum: 411
+ default: 411
+ errorMessage:
+ type: string
+ default: Request was of type POST and failed to provide the server information
+ about the data/content length being submitted
+ #---------------------
+ # 490: API Rule Failed
+ APIRuleFailed:
+ description: API Rule Failed
+ content:
+ application/json:
+ schema:
+ title: API Rule Failed
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ type: object
+ properties:
+ code:
+ type: integer
+ format: int32
+ minimum: 490
+ maximum: 490
+ default: 490
+ errorMessage:
+ type: string
+ default: Request has failed because too much data was requested in a single
+ batch. This error is specific to eMASS
+ #---------------------------
+ # 500: Internal Server Error
+ InternalServerError:
+ description: Internal Server Error
+ content:
+ application/json:
+ schema:
+ title: Internal Server Error
+ type: object
+ additionalProperties: false
+ properties:
+ meta:
+ type: object
+ properties:
+ code:
+ type: integer
+ format: int32
+ minimum: 500
+ maximum: 500
+ default: 500
+ errorMessage:
+ type: string
+ default: Server encountered an unexpected condition which prevented it from
+ fulfilling the request
+
+ #----------------------------------------------------------------------------
+ # Security schemes - Define the key name and location
+ #----------------------------------------------------------------------------
+ securitySchemes:
+ apiKey:
+ type: apiKey
+ in: header
+ name: api-key
+ description: |
+ The API key must be provided in the request header for all eMASS endpoint calls. **For connecting to a mock server, any value is acceptable, e.g., 123**
+ userId:
+ type: apiKey
+ in: header
+ name: user-uid
+ description: |
+ This User unique identifier key must be provided in the request header for all PUT, POST, and DELETE endpoint calls. Note: For DoD users this is the DoD ID Number (EIDIPI) on their DoD CAC. **For connecting to a mock server, any value is acceptable, e.g., 123**
+ mockType:
+ type: apiKey
+ in: header
+ name: Prefer
+ description: |
+ This header parameter is ony utilized when interacting with the mock server. Options are (enter in the **Value** textbox):
+ - For random response values `code=200, dynamic=true`
+ - For static response values `code=200`
+#-------------------------------------------------------------------------------
+# S E C U R I T Y - Apply the API key globally to all operations
+#-------------------------------------------------------------------------------
+security:
+ - apiKey: [] # use the same name as defined in securitySchemes
+ userId: [] # Multiple apikey are used with the apikey (apiKey AND userId)
+ - mockType: [] # use the same name as defined in securitySchemes
\ No newline at end of file
diff --git a/emass/entrypoint.sh b/emass/entrypoint.sh
new file mode 100644
index 0000000..0a4a653
--- /dev/null
+++ b/emass/entrypoint.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+set -e
+prism mock eMASSRestOpenApi.yaml --host 0.0.0.0 --port 4010
diff --git a/frontend/.streamlit/config.toml b/frontend/.streamlit/config.toml
new file mode 100644
index 0000000..87f5dbd
--- /dev/null
+++ b/frontend/.streamlit/config.toml
@@ -0,0 +1,9 @@
+[theme]
+base = "dark"
+primaryColor = "#f0c040"
+backgroundColor = "#0e0e0e"
+secondaryBackgroundColor = "#1a1a1a"
+textColor = "#ffffff"
+
+[client]
+toolbarMode = "viewer"
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
index f5efe19..581711b 100644
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -1,7 +1,12 @@
-FROM alpine:latest
+FROM alpine:3.23
LABEL image.authors="Victor Fernandez III, <@cyberphor>"
-WORKDIR /home/narwhal
-COPY main.py main.py
+WORKDIR /home/swordfish
+COPY .streamlit .streamlit
+COPY entrypoint.sh entrypoint.sh
+COPY swordfish/ swordfish/
+COPY requirements.txt requirements.txt
RUN apk add --no-cache --update python3 py3-pip &&\
- pip install --break-system-packages -r requirements.txt
-CMD [ "streamlit", "main.py" ]
+ pip install --break-system-packages -r requirements.txt &&\
+ chmod +x entrypoint.sh
+EXPOSE 8501
+ENTRYPOINT [ "./entrypoint.sh" ]
diff --git a/frontend/entrypoint.sh b/frontend/entrypoint.sh
new file mode 100644
index 0000000..aacf7e4
--- /dev/null
+++ b/frontend/entrypoint.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+set -e
+streamlit run swordfish/main.py
\ No newline at end of file
diff --git a/frontend/swordfish/__init__.py b/frontend/swordfish/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/frontend/main.py b/frontend/swordfish/main.py
similarity index 66%
rename from frontend/main.py
rename to frontend/swordfish/main.py
index 5670467..b234505 100644
--- a/frontend/main.py
+++ b/frontend/swordfish/main.py
@@ -1,9 +1,7 @@
-# streamlit_app.py
import streamlit as st
import requests
st.title("Swordfish")
-API = st.text_input("API base", "http://localhost:8001")
if "messages" not in st.session_state:
st.session_state.messages = []
@@ -14,13 +12,19 @@
if prompt := st.chat_input("Say something"):
st.session_state.messages.append({"role": "user", "content": prompt})
- with st.chat_message("user"):
+
+ with st.chat_message("user"):
st.markdown(prompt)
- response = requests.post(f"{API}/api", json={"message": prompt}, timeout=60)
+ response = requests.post(
+ "http://swordfish-agent:8181/api/v1/",
+ json={"message": prompt},
+ timeout=60,
+ )
response.raise_for_status()
- text = response.json()["choices"][0]["text"]
+ text = response.json()
st.session_state.messages.append({"role": "assistant", "content": text})
- with st.chat_message("assistant"):
+
+ with st.chat_message("assistant"):
st.markdown(text)
diff --git a/mcp-server/swordfish/main.py b/mcp-server/swordfish/main.py
deleted file mode 100644
index c1c98d3..0000000
--- a/mcp-server/swordfish/main.py
+++ /dev/null
@@ -1,16 +0,0 @@
-# Third-party imports.
-from mcp.server.fastmcp import FastMCP
-from strands_tools import calculator
-
-mcp = FastMCP(
- name="swordfish",
- host="0.0.0.0",
- port=8000,
- debug=True,
- log_level="DEBUG"
-)
-
-mcp.tool = [calculator]
-
-if __name__ == "__main__":
- mcp.run(transport="sse")
diff --git a/mcp-server/Dockerfile b/tools/Dockerfile
similarity index 80%
rename from mcp-server/Dockerfile
rename to tools/Dockerfile
index e8b531a..39900ed 100644
--- a/mcp-server/Dockerfile
+++ b/tools/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.22 AS stage_1
+FROM alpine:3.22
LABEL image.authors="Vic Fernandez III <@cyberphor>"
WORKDIR /home/swordfish/
COPY swordfish/ swordfish/
@@ -8,5 +8,5 @@ RUN apk add --no-cache --update python3 py3-pip &&\
adduser -D swordfish -h /home/swordfish &&\
chown -R swordfish:swordfish /home/swordfish
USER swordfish
-EXPOSE 8000
-CMD [ "python", "-m", "swordfish.main", "server" ]
+EXPOSE 8282
+CMD [ "python", "-m", "swordfish.main" ]
diff --git a/mcp-server/requirements.txt b/tools/requirements.txt
similarity index 100%
rename from mcp-server/requirements.txt
rename to tools/requirements.txt
diff --git a/tools/swordfish/__init__.py b/tools/swordfish/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/tools/swordfish/main.py b/tools/swordfish/main.py
new file mode 100644
index 0000000..ebc92d9
--- /dev/null
+++ b/tools/swordfish/main.py
@@ -0,0 +1,179 @@
+from os import environ
+from mcp.server.fastmcp import FastMCP
+import httpx
+
+mcp = FastMCP(name="swordfish", host="0.0.0.0", port=8282, debug=True, log_level="DEBUG")
+
+EMASS_BASE_URL = environ.get("EMASS_BASE_URL", "")
+EMASS_API_KEY = environ.get("EMASS_API_KEY", "")
+EMASS_USER_UID = environ.get("EMASS_USER_UID", "")
+SERPER_API_KEY = environ.get("SERPER_API_KEY", "")
+
+def _headers() -> dict:
+ return {
+ "api-key": EMASS_API_KEY,
+ "user-uid": EMASS_USER_UID,
+ "accept": "application/json",
+ "content-type": "application/json",
+ }
+
+
+def _get(path: str, params: dict = None) -> dict:
+ url = f"{EMASS_BASE_URL}{path}"
+ response = httpx.get(url, headers=_headers(), params=params, timeout=30)
+ response.raise_for_status()
+ return response.json()
+
+
+def _post(path: str, body: list) -> dict:
+ url = f"{EMASS_BASE_URL}{path}"
+ response = httpx.post(url, headers=_headers(), json=body, timeout=30)
+ response.raise_for_status()
+ return response.json()
+
+
+def _put(path: str, body: list) -> dict:
+ url = f"{EMASS_BASE_URL}{path}"
+ response = httpx.put(url, headers=_headers(), json=body, timeout=30)
+ response.raise_for_status()
+ return response.json()
+
+
+def _delete(path: str, body: list) -> dict:
+ url = f"{EMASS_BASE_URL}{path}"
+ response = httpx.request("DELETE", url, headers=_headers(), json=body, timeout=30)
+ response.raise_for_status()
+ return response.json()
+
+@mcp.tool(description="Test the connection to the eMASS API.")
+def test_connection() -> dict:
+ return _get("/api")
+
+# Systems
+
+@mcp.tool(description="Get a list of all systems the user has access to in eMASS.")
+def get_systems(
+ include_decommissioned: bool = False,
+ policy: str = None,
+) -> dict:
+ params = {"includeDecommissioned": include_decommissioned}
+ if policy:
+ params["policy"] = policy
+ return _get("/api/systems", params=params)
+
+
+@mcp.tool(description="Get details for a specific eMASS system by its system ID.")
+def get_system(system_id: int) -> dict:
+ return _get(f"/api/systems/{system_id}")
+
+# Controls
+
+@mcp.tool(description="Get security controls for a system. Optionally filter by control acronyms (comma-separated, e.g. 'AC-1,AC-2').")
+def get_controls(system_id: int, acronyms: str = None) -> dict:
+ params = {}
+ if acronyms:
+ params["acronyms"] = acronyms
+ return _get(f"/api/systems/{system_id}/controls", params=params)
+
+
+@mcp.tool(description=(
+ "Update one or more security controls for a system. "
+ "Each item requires: acronym, responsibleEntities, controlDesignation, "
+ "estimatedCompletionDate (epoch int), implementationNarrative. "
+ "Pass a list of control objects as `controls`."
+))
+def update_controls(system_id: int, controls: list[dict]) -> dict:
+ return _put(f"/api/systems/{system_id}/controls", controls)
+
+# Test Results
+
+@mcp.tool(description="Get test results for a system. Optionally filter by control acronyms or CCIs.")
+def get_test_results(
+ system_id: int,
+ control_acronyms: str = None,
+ ccis: str = None,
+ latest_only: bool = True,
+) -> dict:
+ params = {"latestOnly": latest_only}
+ if control_acronyms:
+ params["controlAcronyms"] = control_acronyms
+ if ccis:
+ params["ccis"] = ccis
+ return _get(f"/api/systems/{system_id}/test-results", params=params)
+
+
+@mcp.tool(description=(
+ "Add one or more test results to a system. "
+ "Each item requires: testedBy (str), testDate (epoch int), description (str), "
+ "complianceStatus (str), assessmentProcedure (str). "
+ "Pass a list of test result objects as `results`."
+))
+def add_test_results(system_id: int, results: list[dict]) -> dict:
+ return _post(f"/api/systems/{system_id}/test-results", results)
+
+# POA&Ms
+
+@mcp.tool(description="Get POA&M items for a system. Optionally filter by control acronyms or date range (epoch seconds).")
+def get_poams(
+ system_id: int,
+ control_acronyms: str = None,
+ scheduled_completion_date_start: int = None,
+ scheduled_completion_date_end: int = None,
+) -> dict:
+ params = {}
+ if control_acronyms:
+ params["controlAcronyms"] = control_acronyms
+ if scheduled_completion_date_start:
+ params["scheduledCompletionDateStart"] = scheduled_completion_date_start
+ if scheduled_completion_date_end:
+ params["scheduledCompletionDateEnd"] = scheduled_completion_date_end
+ return _get(f"/api/systems/{system_id}/poams", params=params)
+
+
+@mcp.tool(description=(
+ "Add one or more POA&M items to a system. "
+ "Each item requires: status, vulnerabilityDescription, sourceIdentifyingVulnerability, "
+ "pocOrganization, resources. "
+ "Conditional fields (include when applicable): scheduledCompletionDate (epoch int), "
+ "completionDate (epoch int), comments, severity, pocFirstName, pocLastName, "
+ "pocEmail, pocPhoneNumber. "
+ "Pass a list of POA&M objects as `poams`."
+))
+def add_poams(system_id: int, poams: list[dict]) -> dict:
+ return _post(f"/api/systems/{system_id}/poams", poams)
+
+
+@mcp.tool(description=(
+ "Update one or more existing POA&M items in a system. "
+ "Each item requires: poamId, displayPoamId, status, vulnerabilityDescription, "
+ "sourceIdentifyingVulnerability, pocOrganization, resources. "
+ "Pass a list of POA&M objects as `poams`."
+))
+def update_poams(system_id: int, poams: list[dict]) -> dict:
+ return _put(f"/api/systems/{system_id}/poams", poams)
+
+
+@mcp.tool(description=(
+ "Delete one or more POA&M items from a system. "
+ "Pass a list of objects each containing a single `poamId` (int) as `poam_ids`. "
+ "Example: [{'poamId': 45}, {'poamId': 46}]"
+))
+def delete_poams(system_id: int, poam_ids: list[dict]) -> dict:
+ return _delete(f"/api/systems/{system_id}/poams", poam_ids)
+
+def _serper_search(query: str, num_results: int = 10) -> dict:
+ response = httpx.post(
+ "https://google.serper.dev/search",
+ headers={"X-API-KEY": SERPER_API_KEY, "content-type": "application/json"},
+ json={"q": query, "num": num_results},
+ timeout=30,
+ )
+ response.raise_for_status()
+ return response.json()
+
+@mcp.tool(description="Search the web using Google (via Serper). Returns organic results, knowledge graph, and answer box when available.")
+def web_search(query: str, num_results: int = 10) -> dict:
+ return _serper_search(query, num_results)
+
+if __name__ == "__main__":
+ mcp.run(transport="sse")
\ No newline at end of file